Patent 12301627

Prior art

Earlier patents, publications, and products that may anticipate or render the claims unpatentable.

Active provider: Google · gemini-2.5-pro

Prior art

Earlier patents, publications, and products that may anticipate or render the claims unpatentable.

✓ Generated

An analysis of the prior art cited in U.S. Patent No. 12,301,627 reveals a landscape of technologies that contribute to the foundation of cybersecurity and network analysis. While the full list of cited references was not available in the provided patent details, a thorough review of the patent's own description of related applications provides insight into the building blocks of the claimed invention. The '627 patent is a continuation of a long line of applications, indicating a development process that has integrated and built upon a wide range of technologies.

The core of the invention in U.S. Patent No. 12,301,627 lies in its comprehensive approach, which combines several key elements:

  • Cyber-Physical Graph (CPG): A detailed and dynamic map of an organization's entire infrastructure, including not only network devices but also physical assets, users, and their interrelationships.
  • Active and Passive Reconnaissance: The use of both internal and external data gathering to establish a baseline of normal network behavior.
  • Behavioral Analytics: The identification of anomalies by comparing real-time activity against the established baseline.
  • Correlation and Root Cause Analysis: The ability to connect disparate anomalous events and trace them back to their origin.

Given this, the most relevant prior art would be those patents and applications that disclose one or more of these core concepts, even if they do not combine them in the same novel way as the '627 patent. The patent's own lineage, as detailed in the "Cross-Reference to Related Applications" section, provides the most direct insight into the foundational technologies.

Analysis of Key Prior Art (Based on Patent Family):

The '627 patent is a continuation of a series of applications, making its own predecessors the most relevant prior art. These earlier patents, also assigned to Qomplx, progressively build upon the concepts that culminate in the '627 invention. While they may not invalidate the patent (as they are from the same inventors and assignee), they are crucial for understanding the development of the technology and for any potential validity challenges based on obviousness.

  • U.S. Patent No. 10,210,255: "Distributed System for Large Volume Deep Web Data Extraction"

    • Full Citation: US Patent 10,210,255 B2, "Distributed system for large volume deep web data extraction," filed December 31, 2015.
    • Description: This patent focuses on the data collection aspect of the system. It describes a method for using a distributed system to extract large volumes of data from the "deep web" – parts of the internet not indexed by standard search engines. This is a foundational element for the reconnaissance engine described in the '627 patent, which relies on gathering comprehensive external data.
    • Potential Anticipation: This patent likely discloses elements related to the reconnaissance engine in claim 1 and the "performing a reconnaissance search" step in claim 2 of the '627 patent. It provides the technological underpinning for how the system gathers the raw data needed to build its models. However, it does not, on its own, describe the full process of creating a cyber-physical graph or correlating anomalies to identify attack origins.

  • U.S. Patent No. 10,204,147: "System for Capture, Analysis and Storage of Time Series Data from Sensors with Heterogeneous Report Interval Profiles"

    • Full Citation: US Patent 10,204,147 B2, "System for capture, analysis and storage of time series data from sensors with heterogeneous report interval profiles," filed April 5, 2016.
    • Description: This patent addresses the challenge of handling and analyzing data that arrives at different times and in different formats, a common issue in network security monitoring. It describes a system for ingesting and processing time-series data from a variety of sources. This is directly relevant to the '627 patent's ability to create a "normal behavior model" from ongoing network events.
    • Potential Anticipation: This patent likely covers the creation of the normal behavior model as described in both independent claims of the '627 patent. The ability to analyze time-series data is fundamental to understanding what constitutes "normal" in a dynamic network environment.

  • U.S. Patent No. 10,860,962: "System for Fully Integrated Capture, and Analysis of Business Information Resulting in Predictive Decision Making and Simulation"

    • Full Citation: US Patent 10,860,962 B2, "System for fully integrated capture, and analysis of business information resulting in predictive decision making and simulation," filed April 28, 2016.
    • Description: This patent broadens the scope of data analysis to include business information, aiming to provide predictive insights. It introduces the concept of a more holistic view of an organization, which is a precursor to the cyber-physical graph. The patent also discusses simulation, which is a key component of understanding potential attack paths.
    • Potential Anticipation: This patent contributes to the concept of the cyber-physical graph by expanding the data model beyond purely technical network information. It also touches upon the analytical and predictive capabilities that are central to the '627 patent's directed computational graph engine.

  • U.S. Patent No. 10,735,456: "Advanced Cybersecurity Threat Mitigation Using Behavioral and Deep Analytics"

    • Full Citation: US Patent 10,735,456 B2, "Advanced cybersecurity threat mitigation using behavioral and deep analytics," filed July 20, 2017.
    • Description: This patent moves closer to the core of the '627 invention by focusing specifically on using behavioral analytics to mitigate cyber threats. It describes methods for detecting anomalies in user and device behavior, which is a key step in the '627 patent's process.
    • Potential Anticipation: This patent is highly relevant to the anomaly detection and correlation aspects of the '627 patent. It likely describes the foundational algorithms and processes for identifying suspicious activities, which the '627 patent then integrates into the broader framework of the cyber-physical graph and root cause analysis.

  • U.S. Patent No. 10,609,079 and U.S. Patent No. 10,560,483: These patents, which are also part of the same family, further refine the concepts of threat mitigation and cybersecurity rating. They likely contribute to the overall system's ability to not only identify attacks but also to assess their potential impact and prioritize responses.

  • U.S. Patent No. 11,025,674: "Cybersecurity Profiling and Rating Using Active and Passive External Reconnaissance"

    • Full Citation: US Patent 11,025,674 B2, "Cybersecurity profiling and rating using active and passive external reconnaissance," filed January 30, 2020.
    • Description: This patent, a direct predecessor to the '627 patent, explicitly details the use of both active and passive reconnaissance to create a cybersecurity profile. This is a critical component of the '627 patent's claims, which rely on this reconnaissance to build the normal behavior model.
    • Potential Anticipation: This patent very likely discloses the core concepts of the reconnaissance engine and the creation of a cybersecurity profile, which are then used by the '627 patent's directed computational graph engine. The '627 patent builds upon this by adding the specific steps of generating a behavior graph and traversing it to find the attack's origin.

Conclusion

While an exhaustive search of all prior art would be necessary for a definitive legal opinion, the most significant and relevant prior art for U.S. Patent No. 12,301,627 is its own extensive family of preceding patents. These documents, taken together, disclose the majority of the individual components of the '627 system: data gathering, time-series analysis, behavioral analytics, and the creation of a comprehensive organizational model.

The inventive step of the '627 patent appears to be the synthesis of these components into a specific, structured method for not just detecting threats, but for actively tracing them back to their source. The generation of a "behavior graph" and the subsequent "backward traversal" to identify the initial conditions of an attack are likely the key novel elements that distinguish the '627 patent from its predecessors. Any challenge to the validity of this patent would likely need to demonstrate that this final step of root cause analysis was either obvious or already disclosed in the prior art, which, based on the evolution of Qomplx's own patent portfolio, appears to be the novel contribution of this particular invention.

Generated 4/30/2026, 9:32:45 PM