&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
			function printpage()
			{
			window.print()
			}
			</script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=11750631.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 11,750,631 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>System and method for comprehensive data loss prevention and compliance management</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Jason Crabtree,  Vienna, VA (US); and  Andrew Sellers,  Monument, CO (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  QOMPLX, INC.,  Tysons, VA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  QOMPLX, Inc.,  Tysons, VA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Jan.  31, 2022, as Appl. No. 17/589,811.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 17/589,811 is a continuation of application No. 16/896,764, filed on Jun.  9, 2020, granted, now 11,297,088.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 16/896,764 is a continuation of application No. 16/191,054, filed on Nov.  14, 2018, granted, now 10,681,074, issued on Jun.  9, 2020.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 16/191,054 is a continuation in part of application No. 15/655,113, filed on Jul.  20, 2017, granted, now 10,735,456, issued on Aug.  4, 2020.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 15/655,113 is a continuation in part of application No. 15/616,427, filed on Jun.  7, 2017, abandoned.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 15/616,427 is a continuation in part of application No. 14/925,974, filed on Oct.  28, 2015, abandoned.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 15/655,113 is a continuation in part of application No. 15/237,625, filed on Aug.  15, 2016, granted, now 10,248,910, issued on Apr.  2, 2019.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 15/237,625 is a continuation in part of application No. 15/206,195, filed on Jul.  8, 2016, abandoned.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 15/206,195 is a continuation in part of application No. 15/186,453, filed on Jun.  18, 2016, abandoned.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 15/186,453 is a continuation in part of application No. 15/166,158, filed on May   26, 2016, abandoned.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 15/166,158 is a continuation in part of application No. 15/141,752, filed on Apr.  28, 2016, granted, now 10,860,962, issued on Dec.  8, 2020.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 15/141,752 is a continuation in part of application No. 15/091,563, filed on Apr.  5, 2016, granted, now 10,204,147, issued on Feb.  12, 2019.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 15/091,563 is a continuation in part of application No. 14/986,536, filed on Dec.  31, 2015, granted, now 10,210,255, issued on Feb.  19, 2019.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 14/986,536 is a continuation in part of application No. 14/925,974, filed on Oct.  28, 2015, abandoned.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2022/0263845 A1, Aug.  18, 2022</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>This patent is subject to a terminal disclaimer.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/40</b></i> (2022.01); <i><b>H04L 43/08</b></i> (2022.01); <i><b>H04L 43/045</b></i> (2022.01); <i><b>G06F 21/57</b></i> (2013.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/1425</b></i> (2013.01)&#xa0;[<i><b>H04L 43/045</b></i> (2013.01); <i><b>H04L 43/08</b></i> (2013.01); <i><b>H04L 63/1433</b></i> (2013.01); <i>G06F 21/577</i> (2013.01)]</td>
            <td class="table_data" align="right"><b>13 Claims</b></td>
          </tr>
        </table>
        <center><img src="US11750631-20230905-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A system for comprehensive data loss prevention and compliance management, comprising:<div class="claim_text">a computing device comprising a processor and a memory;</div>
                <div class="claim_text">an observation and state estimation module comprising a first plurality of programming instructions stored in the memory and operating on the processor, wherein the first plurality of programming instructions, when operating on the processor, cause the computing device to:<div class="claim_text">monitor a plurality of connected resources on a network; and</div>
                  <div class="claim_text">produce a cyber-physical graph representing the plurality of connected resources, wherein:<div class="claim_text">the connected resources comprise one or more of people, devices, systems, and organizations within the network;</div>
                    <div class="claim_text">the cyber-physical graph comprises nodes representing the connected resources, which each node having one or more properties containing descriptive information for the connected resource represented by that node; and</div>
                    <div class="claim_text">the cyber-physical graph comprises edges representing the logical relationships between the plurality of connected resources and the physical relationships between any connected resources comprising a hardware device;</div>
                  </div>
                </div>
                <div class="claim_text">an activity monitoring engine comprising a second plurality of programming instructions stored in the memory and operating on the processor, wherein the second plurality of programming instructions, when operating on the processor, cause the computing device to:<div class="claim_text">generate expected behavior data of the connected resources within the network by applying a behavioral model to each node of the cyber-physical graph;</div>
                  <div class="claim_text">generate actual behavior data of the connected resources within the network from time-series data comprising a record of network events and the respective times at which each network event occurred;</div>
                  <div class="claim_text">detect deviations of the actual behavior data from the expected behavior data by comparing the expected behavior data properties of each node with the actual behavior properties of that node; and</div>
                  <div class="claim_text">when deviations are detected, send information about the deviation to a risk analysis and scoring engine; and</div>
                </div>
                <div class="claim_text">the risk analysis and scoring engine comprising a third plurality of programming instructions stored in the memory and operating on the processor, wherein the third plurality of programming instructions, when operating on the processor, cause the computing device to:<div class="claim_text">receive deviation information from the activity monitoring engine;</div>
                  <div class="claim_text">analyze the severity of a threat posed by the deviation using at least one analysis algorithm; and</div>
                  <div class="claim_text">generate a risk score based on a plurality of factors which indicate the severity of the threat.</div>
                </div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>