&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12301591.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,301,591 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>System and method for connected vehicle cybersecurity</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Yonatan Appel,  Ramat Hasharon (IL); and  Yoav Levy,  Kfar-Vitkin (IL)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Upstream Security, Ltd.,  Herzliya (IL)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Upstream Security, Ltd.,  Herzliya (IL)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Mar.  30, 2022, as Appl. No. 17/657,187.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 17/657,187 is a continuation of application No. 16/047,444, filed on Jul.  27, 2018, granted, now 11,477,212.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Claims priority of provisional application 62/537,608, filed on Jul.  27, 2017.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2022/0224700 A1, Jul.  14, 2022</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>This patent is subject to a terminal disclaimer.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/40</b></i> (2022.01); <i><b>G06N 20/00</b></i> (2019.01); <i><b>H04W 4/44</b></i> (2018.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/1416</b></i> (2013.01)&#xa0;[<i><b>G06N 20/00</b></i> (2019.01); <i><b>H04L 63/1441</b></i> (2013.01); <i><b>H04L 63/20</b></i> (2013.01); <i>H04W 4/44</i> (2018.02)]</td>
            <td class="table_data" align="right"><b>21 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12301591-20250513-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method for connected vehicle cybersecurity, comprising:<div class="claim_text">creating, by a remote system, a normal behavior model based on a first set of data, the first set of data including at least one first event with respect to at least one connected vehicle, wherein the first set of data is collected from a plurality of data sources, wherein the at least one connected vehicle is a plurality of connected vehicles, wherein the plurality of connected vehicles is a fleet of connected vehicles organized in a hierarchy, and wherein the remote system is remote from the fleet of connected vehicles;</div>
                <div class="claim_text">clustering the first set of data based on the hierarchy wherein the hierarchy includes at least one sub-fleet of the plurality of connected vehicles;</div>
                <div class="claim_text">creating a sub-fleet normal behavior model for each sub-fleet;</div>
                <div class="claim_text">detecting, by the remote system, an anomaly based on the normal behavior model and a second set of data, the second set of data including at least one second event with respect to the at least one connected vehicle, wherein each of the first set of data and the second set of data includes vehicle data related to operation of the at least one connected vehicle, wherein each event represents a communication with the at least one connected vehicle and wherein the anomaly is detected based further on the sub-fleet normal behavior models;</div>
                <div class="claim_text">determining, based on the detected anomaly, at least one mitigation action; and</div>
                <div class="claim_text">causing implementation of the at least one mitigation action.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>