&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12273359.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,273,359 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Lateral movement analysis using certificate private keys</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Avi Tal Lichtenstein,  Tel Aviv (IL);  Ami Luttwak,  Binyamina (IL); and  Yinon Costica,  Tel Aviv (IL)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Wiz, Inc.,  New York, NY (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Wiz, Inc.,  New York, NY (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Sep.  18, 2024, as Appl. No. 18/888,973.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 18/888,973 is a continuation of application No. 18/887,697, filed on Sep.  17, 2024.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 18/887,697 is a continuation of application No. 18/798,377, filed on Aug.  8, 2024.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 18/798,377 is a continuation of application No. 18/394,608, filed on Dec.  22, 2023, granted, now 12,095,776, issued on Sep.  17, 2024.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 18/394,608 is a continuation of application No. 18/478,472, filed on Sep.  29, 2023, granted, now 11,916,926, issued on Feb.  27, 2024.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 18/478,472 is a continuation of application No. 17/657,492, filed on Mar.  31, 2022, granted, now 11,811,786, issued on Nov.  7, 2023.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Claims priority of provisional application 63/170,225, filed on Apr.  2, 2021.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2025/0016177 A1, Jan.  9, 2025</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>This patent is subject to a terminal disclaimer.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/40</b></i> (2022.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/14</b></i> (2013.01)</td>
            <td class="table_data" align="right"><b>25 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12273359-20250408-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method for detecting potential lateral movement in a cloud computing environment, comprising:<div class="claim_text">detecting a private encryption key including a first hash value of a first public key;</div>
                <div class="claim_text">detecting a certificate including a second hash value of a second public key, the detected certificate associated with a workload in the cloud computing environment;</div>
                <div class="claim_text">associating the certificate with a cloud identity;</div>
                <div class="claim_text">generating in a security database: a representation of the private encryption key, a representation of the certificate, a representation of the workload, and a representation of the cloud identity, wherein the representation of the workload is associated with the representation of the certificate;</div>
                <div class="claim_text">associating the representation of the private key and the representation of the certificate, in response to determining a match between the first hash value and the second hash value;</div>
                <div class="claim_text">determining that the workload is potentially compromised, in response to receiving an indication that an element of: the first public key, the second public key, or a combination thereof, is compromised; and</div>
                <div class="claim_text">generating a graph visualization based at least on the representation of the cloud identity and the potentially compromised workload.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>