&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12273357.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,273,357 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>System and method for detecting lateral movement using SSH private keys</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Avi Tal Lichtenstein,  Tel Aviv (IL);  Ami Luttwak,  Binyamina (IL); and  Yinon Costica,  Tel Aviv (IL)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Wiz, Inc.,  New York, NY (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Wiz, Inc.,  New York, NY (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Sep.  18, 2024, as Appl. No. 18/888,947.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 18/888,947 is a continuation of application No. 18/887,706, filed on Sep.  17, 2024.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 18/887,706 is a continuation of application No. 18/798,397, filed on Aug.  8, 2024.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 18/798,397 is a continuation of application No. 18/588,981, filed on Feb.  27, 2024, granted, now 12,095,777, issued on Sep.  17, 2024.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 18/588,981 is a continuation of application No. 18/457,752, filed on Aug.  29, 2023, granted, now 11,949,690, issued on Apr.  2, 2024.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 18/457,752 is a continuation of application No. 17/657,495, filed on Mar.  31, 2022, granted, now 11,799,874, issued on Oct.  24, 2023.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Claims priority of provisional application 63/170,123, filed on Apr.  2, 2021.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2025/0016175 A1, Jan.  9, 2025</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>This patent is subject to a terminal disclaimer.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/40</b></i> (2022.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/14</b></i> (2013.01)</td>
            <td class="table_data" align="right"><b>25 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12273357-20250408-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method for detecting lateral movement based on an exposed cryptographic network protocol (CNP) key in a cloud computing environment, comprising:<div class="claim_text">inspecting a first workload for a private CNP key, the private CNP key associated with a hash of a public CNP key;</div>
                <div class="claim_text">detecting a user identifier associated with the private CNP key;</div>
                <div class="claim_text">detecting in a security database a representation of the public CNP key;</div>
                <div class="claim_text">detecting in the security database a representation of a second workload connected to the representation of a second private CNP key; and</div>
                <div class="claim_text">generating a lateral movement path, the lateral movement path including an identifier of the second workload, in response to detecting that the representation of the second private CNP key is connected to the representation of the public CNP key; and</div>
                <div class="claim_text">generating a visual graph based on the generated lateral movement path and the detected user identifier.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>