&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12143411.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,143,411 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>On-demand and proactive detection of application misconfiguration security threats</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Omer Tsarfati,  Petach-Tikva (IL); and  Asaf Hecht,  Tel Aviv (IL)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  CyberArk Software Ltd.,  Petach-Tikva (IL)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  CyberArk Software Ltd.,  Petach-Tikva (IL)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Apr.  7, 2020, as Appl. No. 16/841,840.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2021/0314339 A1, Oct.  7, 2021</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>G06F 21/00</b></i> (2013.01); <i><b>G06F 21/57</b></i> (2013.01); <i><b>H04L 9/40</b></i> (2022.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/1433</b></i> (2013.01)&#xa0;[<i><b>G06F 21/577</b></i> (2013.01); <i><b>H04L 63/10</b></i> (2013.01); <i><b>H04L 63/1416</b></i> (2013.01); <i><b>H04L 63/20</b></i> (2013.01)]</td>
            <td class="table_data" align="right"><b>15 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12143411-20241112-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for detecting application misconfiguration security threats, the operations comprising:<div class="claim_text">scanning a computing environment to identify an application on an authorization server, wherein the application is configured to maintain a trusted list of network resources and the authorization server is configured to generate an access token for a network device for accessing a target network resource based on whether the target network resource is included in the trusted list, wherein the target network resource is accessible by the network device conditional on the network device asserting the access token;</div>
                <div class="claim_text">accessing the trusted list to identify a target network address included in the trusted list, wherein the target network address has been compromised by an attacker;</div>
                <div class="claim_text">comparing the target network address to a whitelist of trusted target network addresses;</div>
                <div class="claim_text">determining, based on the comparing, that the target network address has been compromised by the attacker;</div>
                <div class="claim_text">determining, based on a comparison between at least one privilege associated with the identity and at least one credential accessible through the target network resource, that holding the at least one credential by the identity would potentially result in an illegitimate privilege elevation by the identity; and</div>
                <div class="claim_text">performing, based on at least one of the determination that the target network address has been compromised by the attacker or the determination that holding the at least one credential by the identity would potentially result in an illegitimate privilege elevation, a control action associated with the target network address, wherein the control action includes at least one of: disabling the network device from accessing the target network resource or generating an alert.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>