Invalidity dossier

US 12301628

Added 4/30/2026, 3:10:58 PM

⚖️ Active PTAB challenge: 1 pending proceeding against this patent

1 activeInter Partes Review, Post-Grant Review, or Covered Business Method proceedings at the USPTO Patent Trial and Appeal Board.

See proceedings →

Got a demand letter citing US 12301628?

Paste the full letter into the analyzer. We extract every asserted patent (this one and any others), characterize the asserter, flag validity vulnerabilities, and draft a sample response letter your attorney can adapt.

Analyze a letter →

Generic sample response letter (PDF)

Generates a draft reply letter to a generic infringement claim citing this patent, using the analysis below. For a response tailored to a specific letter you received, use the demand letter analyzer instead. Sample only — not legal advice. Do not send without review by a licensed patent attorney.

Download sample PDF →

Watchlist

Get alerted when this patent moves.

Email-only, free, anonymous. We'll notify you when US 12301628 gets a new lawsuit, a new PTAB proceeding, or a new dossier section. One-click unsubscribe from any alert.

Active provider: Google · gemini-2.5-pro

Patent summary

Title, assignee, inventors, filing/issue dates, abstract, and a plain-language overview of the claims.

✓ Generated

Patent Analysis: US 12,301,628 B2

Date of Analysis: April 26, 2026

Patent Number: US 12,301,628 B2

Title: Correlating network event anomalies using active and passive external reconnaissance to identify attack information

Assignee: Qomplx Inc.

Inventors: Jason Crabtree, Andrew Sellers, Richard Kelley

Filing Date: September 20, 2024

Issue Date: May 13, 2025

Abstract:

The invention provides a system and method for correlating network event anomalies to identify attack information. This involves creating a cyber-physical graph of an organization, which maps entities and their relationships. A reconnaissance engine performs searches using this graph and applies the results to create a normal behavior model for various nodes. A directed computational graph engine then uses this model to identify anomalous events, analyze correlations between affected nodes, generate a behavior graph, and ultimately trace back to the origin of an attack by creating and analyzing a dependency tree.

Independent Claims Overview:

Independent Claim 1: A method for identifying attack information by:

  • Creating a "cyber-physical graph" that maps an organization's entities (like users, devices, and data) and their relationships.
  • Using this graph to perform reconnaissance and build a model of what constitutes "normal" behavior for the network.
  • Detecting an anomalous event by comparing current activity to the normal behavior model.
  • Analyzing the cyber-physical graph to find correlations between the nodes affected by the anomaly.
  • Generating a "behavior graph" based on these correlations to show causative relationships between events.
  • Tracing this behavior graph backward in time to pinpoint the origin of the anomalous event.

Independent Claim 9: A system designed to perform the method outlined in Claim 1. This system comprises:

  • A cyber-physical graph module to create and manage the graph of the organization's assets and relationships.
  • A reconnaissance engine to gather data and establish a baseline of normal behavior for the elements in the graph.
  • A directed computational graph engine that actively analyzes the cyber-physical graph and the normal behavior model to detect anomalies, find correlations, create a behavior graph, and trace events back to their source.

Litigation Search:

A search of the CAFC (Court of Appeals for the Federal Circuit) dockets for 2026 for "US Patent 12,301,628" reveals that this patent family is involved in litigation, with the first worldwide family litigation filed in 2015. Specific details of the 2026 dockets were not available in the provided information.

Generated 4/30/2026, 7:07:22 PM