US 11,991,154 B2
System and method for fingerprint-based network mapping of cyber-physical assets
Jason Crabtree, Vienna, VA (US); and Andrew Sellers, Monument, CO (US)
Assigned to QOMPLX LLC, Reston, VA (US)
Filed by QOMPLX LLC, Reston, VA (US)
Filed on Jan. 1, 2021, as Appl. No. 17/140,028.
Application 17/140,028 is a continuation in part of application No. 16/910,623, filed on Jun. 24, 2020, granted, now 11,595,361.
Application 16/910,623 is a continuation in part of application No. 15/930,063, filed on May 12, 2020, granted, now 11,588,793.
Application 15/930,063 is a continuation of application No. 15/904,006, filed on Feb. 23, 2018, granted, now 10,652,219, issued on May 12, 2020.
Application 15/904,006 is a continuation in part of application No. 15/725,274, filed on Oct. 4, 2017, granted, now 10,609,079, issued on Mar. 31, 2020.
Application 15/725,274 is a continuation in part of application No. 15/655,113, filed on Jul. 20, 2017, granted, now 10,735,456, issued on Aug. 4, 2020.
Application 15/655,113 is a continuation in part of application No. 15/616,427, filed on Jun. 7, 2017, abandoned.
Application 15/725,274 is a continuation in part of application No. 15/237,625, filed on Aug. 15, 2016, granted, now 10,248,910, issued on Apr. 2, 2019.
Application 15/237,625 is a continuation in part of application No. 15/206,195, filed on Jul. 8, 2016, abandoned.
Application 15/206,195 is a continuation in part of application No. 15/186,453, filed on Jun. 18, 2016, abandoned.
Application 15/186,453 is a continuation in part of application No. 15/166,158, filed on May 26, 2016, abandoned.
Application 15/166,158 is a continuation in part of application No. 15/141,752, filed on Apr. 28, 2016, granted, now 10,860,962, issued on Dec. 8, 2020.
Application 15/141,752 is a continuation in part of application No. 15/091,563, filed on Apr. 5, 2016, granted, now 10,204,147, issued on Feb. 12, 2019.
Application 15/091,563 is a continuation in part of application No. 14/986,536, filed on Dec. 31, 2015, granted, now 10,210,255, issued on Feb. 19, 2019.
Application 14/986,536 is a continuation in part of application No. 14/925,974, filed on Oct. 28, 2015, abandoned.
Application 15/616,427 is a continuation in part of application No. 14/925,974, filed on Oct. 28, 2015, abandoned.
Prior Publication US 2021/0226927 A1, Jul. 22, 2021
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 16/951 (2019.01); G06N 7/01 (2023.01); H04L 9/14 (2006.01); H04L 9/32 (2006.01); G06N 5/01 (2023.01); G06N 5/045 (2023.01); G06N 5/046 (2023.01); G06N 20/00 (2019.01); H04L 9/00 (2022.01)
CPC H04L 63/0428 (2013.01) [G06F 16/951 (2019.01); G06N 7/01 (2023.01); H04L 9/14 (2013.01); H04L 9/3236 (2013.01); H04L 9/3297 (2013.01); H04L 63/061 (2013.01); H04L 63/12 (2013.01); H04L 63/1408 (2013.01); H04L 63/1433 (2013.01); G06N 5/01 (2023.01); G06N 5/045 (2013.01); G06N 5/046 (2013.01); G06N 20/00 (2019.01); H04L 9/50 (2022.05); H04L 63/0442 (2013.01); H04L 63/123 (2013.01)] 7 Claims
OG exemplary drawing
 
1. A system for fingerprint-based network mapping of cyber-physical assets, comprising:
a first computing device coupled to a physical asset and comprising a first processor, a first memory, a geolocation device, and a first plurality of programming instructions that, when operating on the first processor, cause the first computing device to:
periodically determine a geographical location of the physical asset using the geolocation device;
generate an encrypted asset status update message, the status update message comprising a device identifier of the first computing device and the geographical location of the physical asset; and
transmit the encrypted asset status update message via a network to a second computing device; and
a port scanner comprising at least a second processor, a second memory, and a second plurality of programming instructions that, wherein the second programmable instructions, when operating on the second processor, cause the port scanner to:
receive the encrypted asset status update message from the first computing device;
retrieve a plurality of stored fingerprint records from the second memory or a database, at least one of the plurality of fingerprint records corresponding to the first computing device;
perform a scan of one or more ports of the first computing device, the scan being based on the corresponding fingerprint record;
analyze the results of the scan;
if the analysis indicates that the results do not match the corresponding fingerprint record, transmit an encrypted failure notification to the second computing device; and
if the analysis indicates that the results match the corresponding fingerprint record, transmit an encrypted success notification to the second computing device;
wherein the second computing device verifies the authenticity of the received encrypted success and failure notifications and, for each verified encrypted success notification, modifies a cyber-physical graph based upon the encrypted asset status update message.