&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=11843628.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 11,843,628 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Cyber security appliance for an operational technology network</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Simon Fellows,  Cambridge (GB); and  Jack Stockdale,  Cambridge (GB)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Darktrace Holdings Limited,  Cambridge (GB)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Darktrace Limited,  Cambridge (GB)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Feb.  19, 2019, as Appl. No. 16/278,953.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Claims priority of provisional application 62/632,623, filed on Feb.  20, 2018.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2019/0260781 A1, Aug.  22, 2019</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/40</b></i> (2022.01); <i><b>G06F 21/55</b></i> (2013.01); <i><b>G06N 20/00</b></i> (2019.01); <i><b>G06N 20/10</b></i> (2019.01); <i><b>G06F 21/36</b></i> (2013.01); <i><b>H04L 43/045</b></i> (2022.01); <i><b>G06F 16/2455</b></i> (2019.01); <i><b>G06F 3/04842</b></i> (2022.01); <i><b>G06F 3/0486</b></i> (2013.01); <i><b>H04L 41/22</b></i> (2022.01); <i><b>G06F 40/40</b></i> (2020.01); <i><b>H04L 51/42</b></i> (2022.01); <i><b>H04L 51/212</b></i> (2022.01); <i><b>G06F 18/23</b></i> (2023.01); <i><b>G06F 18/232</b></i> (2023.01); <i><b>G06V 30/10</b></i> (2022.01); <i><b>H04L 51/224</b></i> (2022.01); <i><b>G06N 20/20</b></i> (2019.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/1441</b></i> (2013.01)&#xa0;[<i><b>G06F 3/0486</b></i> (2013.01); <i><b>G06F 3/04842</b></i> (2013.01); <i><b>G06F 16/2455</b></i> (2019.01); <i><b>G06F 18/23</b></i> (2023.01); <i><b>G06F 18/232</b></i> (2023.01); <i><b>G06F 21/36</b></i> (2013.01); <i><b>G06F 21/554</b></i> (2013.01); <i><b>G06F 21/556</b></i> (2013.01); <i><b>G06F 40/40</b></i> (2020.01); <i><b>G06N 20/00</b></i> (2019.01); <i><b>G06N 20/10</b></i> (2019.01); <i><b>G06V 30/10</b></i> (2022.01); <i><b>H04L 41/22</b></i> (2013.01); <i><b>H04L 43/045</b></i> (2013.01); <i><b>H04L 51/212</b></i> (2022.05); <i><b>H04L 51/224</b></i> (2022.05); <i><b>H04L 51/42</b></i> (2022.05); <i><b>H04L 63/0209</b></i> (2013.01); <i><b>H04L 63/0428</b></i> (2013.01); <i><b>H04L 63/101</b></i> (2013.01); <i><b>H04L 63/14</b></i> (2013.01); <i><b>H04L 63/1416</b></i> (2013.01); <i><b>H04L 63/1425</b></i> (2013.01); <i><b>H04L 63/1433</b></i> (2013.01); <i><b>H04L 63/1483</b></i> (2013.01); <i><b>H04L 63/20</b></i> (2013.01); <i>G06N 20/20</i> (2019.01)]</td>
            <td class="table_data" align="right"><b>20 Claims</b></td>
          </tr>
        </table>
        <center><img src="US11843628-20231212-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A cyber security appliance, comprising:<div class="claim_text">a processor and a memory, which further comprise:</div>
                <div class="claim_text">an operational technology module configured to receive data on an operational technology network from i) a set of probes, ii) by passive traffic ingestion through a location within the network, and iii) any combination of both, where the operational technology module is also configured to reference</div>
                <div class="claim_text">i) one or more machine-learning models, using machine-learning and artificial intelligence (AI) algorithms, that are trained on a normal pattern of life of users of the operational technology network,</div>
                <div class="claim_text">ii) one or more machine-learning models, using machine-learning and AI algorithms, that are trained on a normal pattern of life of devices in the operational technology network, and</div>
                <div class="claim_text">iii) one or more machine-learning models, using machine-learning and AI algorithms, that are trained on a normal pattern of life of controllers in the operational technology network; and</div>
                <div class="claim_text">a comparator module configured to cooperate with the operational technology module to compare the received data on the operational technology network to the normal pattern of life of any of the users, devices, and controllers to detect anomalies in the normal pattern of life for these entities in order to detect a cyber threat; and</div>
                <div class="claim_text">an autonomous response module configured to respond to counter the cyber threat, and a user interface to program the autonomous response module.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>