Patents Assigned to Ivanti, Inc.
  • Publication number: 20250248077
    Abstract: A method of automated software management includes importing update metadata consumed from an update list describing cybersecurity vulnerabilities and product updates. Based on the update metadata, the method includes generating an initial update list including outstanding product updates for endpoints included in a managed network. The method includes discovering products of an endpoint of the managed network. Based on discovered products, the method includes generating an endpoint-specific inventory including product metadata of the products loaded on the endpoint. The method includes identifying an unnecessary product update of the outstanding product updates not related to the discovered products. The method includes filtering the unnecessary product update from the initial update list to generate a modified update list including a subset of outstanding product updates and omitting the unnecessary product update.
    Type: Application
    Filed: April 21, 2025
    Publication date: July 31, 2025
    Applicant: Ivanti, Inc.
    Inventors: Sean McDonald, Johnathan Gohde, Jaremie Romer
  • Patent number: 12367199
    Abstract: A method of profiling an endpoint includes generating a structured request including a set of inquiries, each of which being directed to an endpoint parameter and including a parameter name. The method includes generating a scan message including the set of inquiries and an additional inquiry directed to an additional endpoint parameter. The method includes receiving a single response from the endpoint including raw parameter data responsive to the set of inquiries and the additional inquiry. The method includes storing the raw parameter data in a data lake organized according to extracted metadata. The method includes labeling each data portion using the parameter name and the extracted metadata. The method may include accessing, from the data lake, portions of the raw parameter data responsive to the set of inquiries based on labels associated therewith. The method includes generating a profile report derived from the accessed data.
    Type: Grant
    Filed: March 10, 2023
    Date of Patent: July 22, 2025
    Assignee: Ivanti, Inc.
    Inventors: Paul Keith Branton, Jens Miltner
  • Publication number: 20250231832
    Abstract: A diagnostic tool configured to locally implement two or more diagnostic tests related to an on-premises patch management product operating on a defective endpoint device. The diagnostic tool includes one or more non-transitory computer-readable storage media configured to perform a console diagnostic test, an endpoint diagnostic test, and an agent diagnostic test to validate a functionality and an application configuration relating to the defective endpoint device responsive to the launch of the diagnostic tool and without further action by a user of the defective endpoint device. The diagnostic tool is configured to identify diagnostic failures and diagnostic successes resulting from the diagnostic tests, to determine suggested solutions to the diagnostic failures, generate a display that depicts the results of the diagnostic tests, and cause removal of the diagnostic tool from the defective endpoint device after the display of the graphical user interface is caused.
    Type: Application
    Filed: January 15, 2025
    Publication date: July 17, 2025
    Applicant: Ivanti, Inc.
    Inventor: Steven Young
  • Publication number: 20250225403
    Abstract: An embodiment includes a method of augmenting performance and compliance of language model-based copilots. The method includes receiving application-specific guidance providing instructions that restrict responses output by an application-specific copilot based on a large language model (LLM). The method includes communicating to the LLM the application-specific guidance and setting an initial set of model parameters for the LLM. The method includes sequentially optimizing model parameters related to multiple model output characteristics of the LLM to generate a final set of model parameters. The method includes communicating the final set of model parameters to the LLM such that the final set of model parameters is implemented in the LLM during operations implemented by the copilot. The method includes deploying the copilot in an environment such that the copilot receives an actual query and replies with an actual response based on the LLM implementing the final set of model parameters.
    Type: Application
    Filed: January 6, 2025
    Publication date: July 10, 2025
    Applicant: Ivanti, Inc.
    Inventor: Mantinder Jit Singh
  • Publication number: 20250220002
    Abstract: A method of securely storing a device password. The method includes receiving from a relying party, via a communication interface, a first public encryption key associated with a first device associated with a user identity. The method includes generating, at a second device associated with the same user identity and registering with the relying party, a public encryption key pair that includes a second public encryption key. The method includes performing a first level of encryption with respect to a password encryption key associated with encrypting a device password of the second device to produce a singly encrypted password encryption key using the second public encryption key. The method includes performing a second level of encryption with respect to the singly encrypted password encryption key to produce a doubly encrypted password encryption key using the first public encryption key and storing the it on the second device.
    Type: Application
    Filed: February 25, 2025
    Publication date: July 3, 2025
    Applicant: Ivanti, Inc.
    Inventors: Venkata Nambula, Mohamad Raja Gani, Mohammad Aamir
  • Publication number: 20250184209
    Abstract: A method of device management system migration includes scraping device and group structure data from a first system implemented to manage a network of devices. The group structure data is indicative of an arrangement of the devices. The method includes identifying device groups. The method includes building a network model representative of the arrangement. The network model substantially replicates the device groups. The method includes populating the second system with the device groups. The method includes generating an exportable data file based on the device data. The method includes communicating the exportable data file such that the second system organizes the managed devices into the migrated device groups of the second system. The method includes causing a provisioning of the devices into the second system such that the devices establish communication with the second system and receive management configurations consistent with the migrated device groups.
    Type: Application
    Filed: November 30, 2024
    Publication date: June 5, 2025
    Applicant: Ivanti, Inc.
    Inventors: Brett Smith, Greg Pola, Michael Nielson, Christopher Achilli, Thom Allen
  • Publication number: 20250184250
    Abstract: An embodiment includes a method of health and functionality evaluation of an agent on a managed endpoint. The method includes receiving an agent event message that includes data representing platform health indicators and capacity health indicators. The platform health indicators include quantifications of functionality of communication channels and components that implement the agent. The capacity health indicators include quantifications of functionality of engines that are configured to implement a management operation. The method includes examining the agent event message for a change in status of the health of the agent. Responsive to the agent event message indicating the change, the method includes emitting an updated agent event. The method includes triggering generation a health score for the agent based on the updated agent event and historical agent health data. The method includes communicating to a webhost the health score where it is caused to be displayed.
    Type: Application
    Filed: November 30, 2024
    Publication date: June 5, 2025
    Applicant: Ivanti, Inc.
    Inventor: Mark Tempel
  • Patent number: 12282765
    Abstract: A method of automated software management includes generating an initial update list including outstanding product updates for an endpoint. The method includes receiving from a third-party agent, product metadata related to products loaded on the endpoint. Based on discovered products, the method includes generating an endpoint-specific inventory including product metadata of the products loaded on the endpoint. The method includes identifying an unnecessary product update of the outstanding product updates not related to the discovered products. The method includes filtering the unnecessary product update from the initial update list to generate a modified update list including a subset of outstanding product updates and omitting the unnecessary product update. The method includes distributing only the subset of outstanding product updates of the modified update list to the managed endpoint.
    Type: Grant
    Filed: October 11, 2022
    Date of Patent: April 22, 2025
    Assignee: Ivanti, Inc.
    Inventors: Sean McDonald, Johnathan Gohde, Jaremie Romer, Garland Michael Krueger Port
  • Publication number: 20250104716
    Abstract: An embodiment includes a method of vocal profile generation and implementation that includes causing display of a prompt for a user that represents an input value of a processing engine. The method includes obtaining a first spoken pronunciation from the user that corresponds to the prompt. The method includes generating a vocal profile based on the first spoken pronunciation that provides a basis for interpretation of vocal input received on distributed devices. The method includes storing the vocal profile at a data storage with other vocal profiles generated for users. The method includes obtaining identifier information that indicates that the user is operating a distributed device. Responsive to the identifier information, the method includes retrieving the vocal profile and loading it onto the distributed device such that obtained vocal input is interpreted according to the vocal profile prior its communication as an input value to the processing engine.
    Type: Application
    Filed: September 20, 2024
    Publication date: March 27, 2025
    Applicant: Ivanti, Inc.
    Inventors: Ian Hughes, Thomas Eaton, Matthew Pritchard, Taylor Sorensen, James Brian
  • Patent number: 12261948
    Abstract: A method of credential sharing between users in a system includes creating a credential for a first user that is configured such that entry of secure details of the credential enables execution of an operation. The method includes receiving data indicative of a first selection of the credential and a second selection of a second user. The method includes encrypting the secure details such that the second user is capable of decrypting the secure details and other users are incapable of decrypting the secure details. The method includes appending a profile of the second user with encrypted secure details. The method includes receiving an execution request to perform the first operation from the second user and decrypting the secure details. After entry of the decrypted secure details, the method includes authenticating the second user using the secure details and enabling execution of the first operation by the second user.
    Type: Grant
    Filed: August 26, 2022
    Date of Patent: March 25, 2025
    Assignee: Ivanti, Inc.
    Inventors: Matthew Hazzard, Alex Ivanoff
  • Patent number: 12261760
    Abstract: An embodiment includes a method of self-election of a node in a subnet. The method includes receiving a first ping message. The first ping message is unicast from a second node, includes direct information related to the second node, and includes indirect information related to a third node. The method includes updating a first status of the second node in a status list stored at the first node consistent with the direct information. The method includes determining whether statuses of a threshold number of nodes have been received. Responsive to the threshold number of nodes being received, the method includes performing a local election operation. The method includes propagating a second ping message to a randomly identified additional node. The second ping message includes direct information regarding the first node and indirect information regarding at least one other node.
    Type: Grant
    Filed: January 5, 2024
    Date of Patent: March 25, 2025
    Assignee: Ivanti, Inc.
    Inventors: Gregory Paul Olsen, Rex Michael McMillan, Blake Thompson, Scot Emery Swan
  • Publication number: 20250088481
    Abstract: A method may include obtaining Domain Name System (DNS) configuration policies, that indicate how to direct a DNS query based on various Internet Protocol (IP) addresses or Fully Qualified Domain Names (FQDNs). The method may include obtaining a DNS query request on a first interface adapter in which the DNS query request is obtained from a DNS client and directed toward a particular FQDN. The method may include determining whether the particular FQDN included with the DNS query request is included in the DNS configuration policies and directing the DNS query request to an alternative DNS destination responsive to determining that the particular FQDN is not included in the DNS configuration policies. The method may include generating, at the alternative DNS destination, a DNS response that includes an error code, injecting the DNS response into a Transport Control Protocol (TCP)/IP stack, and sending the DNS response to the DNS client.
    Type: Application
    Filed: September 9, 2024
    Publication date: March 13, 2025
    Applicant: Ivanti, Inc.
    Inventors: Vagish Kalligudd, Saravana Pandiyan Andiyappan
  • Publication number: 20250077208
    Abstract: A method of executable storage in a peer-to-peer based software package distribution system. The method includes receiving an instruction to install a software package. An executable configured to execute installation of the software package may be available at a uniform resource location (URL). The method includes detecting a designation parameter. The method includes generating a subfolder name based on the designation parameter. The method includes searching a local cache folder and a peer cache folder for the executable based on the subfolder name. Responsive to the executable being unavailable at the local and peer cache folders, the method includes downloading the first executable from the URL. The method includes generating a subfolder for the executable in the local cache folder. The subfolder has the generated subfolder name. The method includes storing the executable in the generated subfolder.
    Type: Application
    Filed: August 30, 2024
    Publication date: March 6, 2025
    Applicant: Ivanti, Inc.
    Inventors: Collin Anderson, Lester Memmott
  • Patent number: 12238074
    Abstract: A method of establishing communication with a second device via wireless communication channel that is not natively secure. The method includes performing mutual authentication between the first and second devices by receiving via the communication interface from the second device a FIDO public certificate of the second device and using a FIDO public key of the second device. The FIDO public key of the second device having been registered by the second device with a FIDO relying party in connection with a user identity associated with both the first device and the second device. The FIDO public key of the second device having been fetched by the first device from the FIDO relying party in connection with FIDO registration of the first device with the FIDO relying party in connection with the user identity. The method may include negotiating a shared secret used to engage in ongoing communication.
    Type: Grant
    Filed: March 30, 2023
    Date of Patent: February 25, 2025
    Assignee: Ivanti, Inc.
    Inventors: Venkata Nambula, Mohamad Raja Gani, Mohammad Aamir
  • Publication number: 20250061210
    Abstract: A method of dynamic structured data communication includes registering a structure configured for data communication between applications. The structure includes a structure name and a mapping between data elements and attributes related to the data elements. The structure is registered such that it is accessible to a second application. The method includes receiving encoded data from a first application. The encoded data includes values for the data elements encoded according to the structure and an indication of the structure name. The method includes resolving the encoded data to identify the structure name. Based on the structure name, the method includes accessing the structure and decoding the encoded data according to the accessed structure. The decoding includes generation of a first value that corresponds to a first data element of the encoded data and generated to conform to a first attribute mapped to the first data element in the accessed structure.
    Type: Application
    Filed: August 13, 2024
    Publication date: February 20, 2025
    Applicant: Ivanti, Inc.
    Inventors: Paul Keith Branton, Jens Miltner
  • Publication number: 20250055874
    Abstract: An embodiment includes a method of application vulnerability assessment and prioritization. The method includes ingesting modelling data from data sources for application vulnerabilities. The method includes transforming at least a portion of the modelling data to covariate vectors. The method includes extracting keywords and phrases from the modelling data and statistically measuring relevance of files of the modelling data based on the extracted keywords and phrases. The method includes generating threat levels of the application vulnerabilities based on the covariate vectors and the measured relevance. The method includes outputting the threat levels to a network management system. The method includes implementing, at a first endpoint device of the network, a first patch to address one of the application vulnerabilities.
    Type: Application
    Filed: October 28, 2024
    Publication date: February 13, 2025
    Applicant: Ivanti Inc.
    Inventors: Srinivas Mukkamala, Taylor Wong
  • Patent number: 12223037
    Abstract: An apparatus includes a processor operatively coupled to a memory. The processor receives a first set of risk assessment rules including first user privilege criteria and first device criteria. The first device criteria include a computing device patch level, a network type, and/or a password policy. The processor identifies a user-specific security risk based on the first set of risk assessment rules and applies a privilege mitigation measure based on the user-specific security risk without being in communication with a management server. The processor later receives a second, updated set of risk assessment rules at the computing device. Upon detecting another login of the user, the processor identifies an updated user-specific security risk based on the updated set of risk assessment rules, and applies a modified privilege mitigation measure based on the updated user-specific security risk, again without being in communication with the management server.
    Type: Grant
    Filed: October 13, 2020
    Date of Patent: February 11, 2025
    Assignee: Ivanti, Inc.
    Inventors: Robert M. Juncker, Christopher J. Goettl
  • Patent number: 12216567
    Abstract: A method of evaluating a computer-implemented product that is deployed on one or more endpoints. The method includes identifying a first program and a second program of a product deployed on a first endpoint of multiple endpoints. The method includes implementing a diagnostic process at the first endpoint. The diagnostic process includes a first subroutine directed to the first program and a second subroutine directed to a second program. The subroutines each execute installation and functional parameter tests of the programs. Responsive to the first subroutine indicating that the first program is operational, the method includes outputting data that the first subroutine passed. Responsive to the second subroutine returning an unexpected result, the method includes outputting data indicating details of the unexpected result and implementing a remediation that modifies the second program or a condition at the first endpoint to mitigate the unexpected result.
    Type: Grant
    Filed: July 28, 2023
    Date of Patent: February 4, 2025
    Assignee: Ivanti, Inc.
    Inventors: Paul Keith Branton, Jens Miltner
  • Patent number: 12219060
    Abstract: A method may include accessing a key from a secure storage. A payload may be encrypted using the key. A policy token may be generated. The policy token may include a publicly-readable header including a header identifier of the key and the payload encrypted using the key. The policy token may be sent. The policy token may be received. The publicly-readable header may be read. The key may be identified using the header identifier of the key from the publicly-readable header. The key may be accessed from the secure storage. The payload may be decrypted using the key.
    Type: Grant
    Filed: April 27, 2022
    Date of Patent: February 4, 2025
    Assignee: Ivanti, Inc.
    Inventor: Anthony K. Dyer
  • Patent number: 12218965
    Abstract: An embodiment includes a method of vulnerability detection and mitigation in a managed network. The method includes receiving a defined state of a product on a managed endpoint of a managed network. The method includes detecting a trigger event in the managed network. The trigger event is indicative of a change to the managed device or to the product that is inconsistent with the defined state. Responsive to detection of the trigger event, the method includes automatically implementing a product modification process. The product modification process includes distribution of at least one product update to a product installed at the managed endpoint.
    Type: Grant
    Filed: February 17, 2022
    Date of Patent: February 4, 2025
    Assignee: Ivanti, Inc.
    Inventors: Brent Miller, Mitch Berg, Brian Secrist