Patents by Inventor Paulius Duplys

Paulius Duplys has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12095928
    Abstract: A method for updating a software component. The method includes providing a first electronic device and a second electronic device that are connected in a first network, receiving update information for the second electronic device via the first electronic device, the update information being provided with a signature that is generated with the aid of a post-quantum algorithm (PQA) signature, checking the update information by validating the signature by the first electronic device, relaying the update information to the second electronic device if the update information is deemed to be valid, and updating a software component of the second electronic device using the update information.
    Type: Grant
    Filed: February 14, 2022
    Date of Patent: September 17, 2024
    Assignee: ROBERT BOSCH GMBH
    Inventors: Jan Zibuschka, Paulius Duplys, Robert Szerwinski
  • Publication number: 20240273002
    Abstract: A method for providing information about a security-critical software state of an embedded device, wherein the embedded device has a network connection to a central monitoring unit for the central monitoring of the embedded device and of further embedded devices. The method includes: ascertaining execution traces of at least one software executed on the embedded device; determining an identifier for the executed software on the basis of the ascertained execution traces, wherein the identifier is specific to an identity and/or to enabled functions of the executed software; determining the information about the security-critical software state on the basis of the identifier; providing the information about the security-critical software state for the central monitoring unit via the network connection.
    Type: Application
    Filed: December 14, 2023
    Publication date: August 15, 2024
    Inventor: Paulius Duplys
  • Publication number: 20240232384
    Abstract: A method for ascertaining a relevance of security-relevant vulnerabilities of a product. The method includes the following steps which are carried out automatically: providing a terms specification which includes terms for specifying the vulnerabilities; providing a product profile of the product, which specifies the product on the basis of the terms in the terms specification; providing at least one vulnerability profile for the particular vulnerability, which specifies the vulnerability on the basis of the terms in the terms specification; ascertaining the relevance of the particular vulnerability for the product on the basis of a processing of the product profile and of the vulnerability profile.
    Type: Application
    Filed: December 18, 2023
    Publication date: July 11, 2024
    Inventor: Paulius Duplys
  • Publication number: 20240195837
    Abstract: A computer-implemented method for intrusion detection. The method includes detecting, at a first decoy instance hosted by an embedded device connected to a communications network, an intrusion event generated by an intruding instance that is not hosted by the embedded device, generating an intrusion event trace based on the detected intrusion event, and transmitting the intrusion event trace from the first decoy instance to a first intrusion detection instance that is communicably coupled to the embedded device.
    Type: Application
    Filed: August 24, 2023
    Publication date: June 13, 2024
    Inventors: Paulius Duplys, Simon Greiner
  • Patent number: 11979269
    Abstract: A computer-implemented method for detecting anomalous communications in a service oriented communication system. The method includes providing at least one decoy service, hosted by a decoy server communicably coupled to the service oriented communication system, wherein the at least one decoy service is addressable using a corresponding decoy service identifier; detecting, at the decoy server, a request to consume at least one instance of the at least one decoy service, wherein the request originates from a client communicably coupled to the decoy server via the service oriented communication system; and performing, at the decoy server, a response to the request to consume the at least one instance of the at least one decoy service.
    Type: Grant
    Filed: August 24, 2022
    Date of Patent: May 7, 2024
    Assignee: ROBERT BOSCH GMBH
    Inventor: Paulius Duplys
  • Publication number: 20240114082
    Abstract: A method for location attestation for a device connected to a network. The method includes: ascertaining at least one initial fingerprint, wherein the at least one initial fingerprint is specific to an initial network environment of the device in the network; storing the at least one ascertained initial fingerprint as a reference; ascertaining at least one current fingerprint, wherein the at least one current fingerprint is specific to a current network environment of the device on the network; comparing the at least one ascertained current fingerprint with the reference; verifying a geographic location of the device at least partially based on the comparison.
    Type: Application
    Filed: September 18, 2023
    Publication date: April 4, 2024
    Inventors: Niclas Ilg, Paulius Duplys
  • Publication number: 20240104191
    Abstract: A method for identifying potential data exfiltration attacks in at least one software package. The method includes: tracking at least one change to the software package; and detecting a manipulation suitable for data exfiltration on the changed software package.
    Type: Application
    Filed: September 19, 2023
    Publication date: March 28, 2024
    Inventor: Paulius Duplys
  • Publication number: 20240045728
    Abstract: A method for processing sensor data representing one or more objects. The method includes semantically segmenting the sensor data so that the sensor data are divided into sensor data portions so that, for each of the one or more objects, a respective sensor data portion contains that part of the sensor data that represents the object; ascertaining, for a processing task through which the sensor data are to be processed, a division of the processing task into subtasks comprising at least one subtask to be outsourced, wherein it is ensured that each subtask to be outsourced processes respective sub-data of the sensor data, which sub-data contain, for each sensor data portion, at most a part of the sensor data portion; and outsourcing the at least one subtask to be outsourced.
    Type: Application
    Filed: May 15, 2023
    Publication date: February 8, 2024
    Inventors: Andreas Heyl, Dennis Grewe, Naresh Ganesh Nayak, Paulius Duplys
  • Publication number: 20230401322
    Abstract: A method for remediating vulnerabilities of a data processing system. The method includes: storing a vulnerability response rule set which specifies responses of the data processing system in the data processing system, wherein each response is associated with one or more conditions and one or more functions of the data processing system, for each condition, it depends on the data processing system and a vulnerability or both, whether the condition is met; receiving a notification about a vulnerability of the data processing system; ascertaining one or more responses from the vulnerability response rule set, such that, for each ascertained response, the one or more conditions with which the ascertained response is associated are met for the vulnerability and the data processing system and the ascertained response is associated with at least one function to which the vulnerability relates and carrying out the one or more ascertained responses.
    Type: Application
    Filed: May 31, 2023
    Publication date: December 14, 2023
    Inventor: Paulius Duplys
  • Publication number: 20230384784
    Abstract: A method for location-dependent verification of a teleoperator for remote control of a vehicle. At its current location, the vehicle repeatedly and automatedly performs the following: receiving, from the teleoperator, during remote control by the teleoperator, a response message requested via a network, ascertaining a current value of at least one network-dependent property of the received response message, determining a target value of the at least one network-dependent property, verifying the teleoperator by means of a verification of the current value of the at least one network-dependent property and of the determined target value based on a test condition, wherein in the case of a positive test result of the check, the teleoperator is authorized to perform the remote control of the vehicle, and in the case of a negative test result of the check, the vehicle terminates the remote control and/or sends a safety warning.
    Type: Application
    Filed: April 4, 2023
    Publication date: November 30, 2023
    Inventors: Andreas Heyl, Paulius Duplys
  • Publication number: 20230367870
    Abstract: A computer implemented method for intrusion detection performed at a first computing node. The method includes: obtaining, at the first computing node, at least one monitored characteristic of the first computing node during an operation of the first computing node associated with a state iteration of the first computing node, wherein the first monitored characteristic is indicative of an intrusion; and communicating, from the first computing node to a second computing node, the at least one monitored characteristic of the first computing node.
    Type: Application
    Filed: February 1, 2023
    Publication date: November 16, 2023
    Inventor: Paulius Duplys
  • Patent number: 11736590
    Abstract: A method for communicating data requests to one or more data sources. The method includes receiving a data request, with which data of one or more data types are requested, from an application, and checking the availability of one or more data sources that are able to provide the one or more requested data types. The method further comprises: if at least one of the one or more data sources is available, sending a request to the available data source for the requested associated data type that the data source can provide; and, if no data source is available for at least one of the requested data types, sending a request for this data type to a placeholder module.
    Type: Grant
    Filed: August 22, 2022
    Date of Patent: August 22, 2023
    Assignee: ROBERT BOSCH GMBH
    Inventors: Arne Nordmann, Christian Zimmermann, Christopher Huth, Fredrik Kamphuis, Martin Ring, Max Camillo Eisele, Paulius Duplys, Tobias Gehrmann
  • Patent number: 11706235
    Abstract: A method, in particular a computer-implemented method, for processing data of a technical system. The method includes the following steps: ascertaining first pieces of information which are associated with a data traffic of the system, and ascertaining metadata associated with the data traffic of the system based on the first pieces of information.
    Type: Grant
    Filed: May 25, 2021
    Date of Patent: July 18, 2023
    Assignee: ROBERT BOSCH GMBH
    Inventors: Paulius Duplys, Philipp Jung
  • Publication number: 20230221999
    Abstract: A computer-implemented method for planning an allocation of at least one computational task from a computational resource comprised in at least one vehicle to one or more of a plurality of external computational resources in a vehicular communications network. The method comprises obtaining a spatial representation of a region characterising at least one route of a vehicle from a first location to a second location, and data characterising an availability of external computational resources at a plurality of locations in the region, providing at least one computational requirement indication of at least one atomic computational task required by the vehicle during a prospective movement of the vehicle from the first location to the second location, comparing the at least one computational requirement indication to the data characterising the availability of external computational resources at the plurality of locations in the region.
    Type: Application
    Filed: December 7, 2022
    Publication date: July 13, 2023
    Inventors: Andreas Heyl, Dennis Grewe, Naresh Ganesh Nayak, Paulius Duplys
  • Publication number: 20230129174
    Abstract: A method for providing a function by a group of computing units in which computation instances are executed, each computation instance implementing the function using at least one algorithm and being set up to determine at least one result in response to a call of the function. The method includes: determining an integrity level for each of the computation instances; receiving a function request from a subscriber, the function request including a quality requirement that includes an integrity requirement; selecting a plurality of the computation instances corresponding to the quality requirement, so that the integrity level of the selected computation instances corresponds to the integrity requirement; calling the function in the selected computation instances corresponding to the function request in order to determine a plurality of results; determining a response based on the results, taking into account the quality requirement; and sending the response to the subscriber.
    Type: Application
    Filed: October 14, 2022
    Publication date: April 27, 2023
    Inventors: Andreas Heyl, Christian Zimmermann, Markus Schweizer, Paulius Duplys
  • Publication number: 20230127778
    Abstract: A method for providing a function via a network of processing units using multiple computing instances. Each computing instance implements the function and is configured, when it is executed, to determine at least one result in response to a call-up of the function. The method includes validating the computing instances, each being checked as to whether the computing instance corresponds to a respective predetermined state; determining a respective level of reliability for each of the processing units; starting execution of successfully validated computing instances in the processing units, which have a level of reliability that is equal/greater than a predetermined minimum level of reliability; receiving a function request from a user; calling up the function in at least a portion of the executed computing instances corresponding to the function request, in order to determine multiple results; determining a response based on the results; and sending the response to the user.
    Type: Application
    Filed: October 18, 2022
    Publication date: April 27, 2023
    Inventors: Andreas Heyl, Christian Zimmermann, Markus Schweizer, Paulius Duplys
  • Publication number: 20230091293
    Abstract: A computer-implemented method for continuously monitoring configurations of software for a system. The method includes providing input data to a plurality of digital twins for the system, wherein the digital twins have different configurations of the software for the system; monitoring at least one digital twin, of the plurality of digital twins, which is executed at least on the basis of the input data, wherein the monitoring is designed to recognize an abnormal state of the at least one digital twin; and evaluating the configuration of the software of the at least one digital twin as ineligible for provisioning if at least one abnormal state was recognized during the monitoring of the at least one digital twin. A computer-implemented method for continuously provisioning software for a system is also provided.
    Type: Application
    Filed: September 7, 2022
    Publication date: March 23, 2023
    Inventor: Paulius Duplys
  • Publication number: 20230090242
    Abstract: A computer-implemented method for detecting anomalous communications in a service oriented communication system. The method includes providing at least one decoy service, hosted by a decoy server communicably coupled to the service oriented communication system, wherein the at least one decoy service is addressable using a corresponding decoy service identifier; detecting, at the decoy server, a request to consume at least one instance of the at least one decoy service, wherein the request originates from a client communicably coupled to the decoy server via the service oriented communication system; and performing, at the decoy server, a response to the request to consume the at least one instance of the at least one decoy service.
    Type: Application
    Filed: August 24, 2022
    Publication date: March 23, 2023
    Inventor: Paulius Duplys
  • Publication number: 20230070247
    Abstract: A computer-implemented method for verifying messages in a service-oriented communication system of a vehicle, including receiving a message and a signature in a first entity of the service-oriented communication system, the message and the signature being received via the service-oriented communication system; checking if the message corresponds to a dedicated message and the signature corresponds to a signature belonging to the dedicated message; and verifying the message, if the checking turns out positive. A computer-implemented method for generating predetermined messages in a first entity of a service-oriented communication system of a vehicle, and a service-oriented communication system in a vehicle, which is configured, are also described.
    Type: Application
    Filed: September 7, 2022
    Publication date: March 9, 2023
    Inventors: Paulius Duplys, Tobias Gehrmann
  • Publication number: 20230060741
    Abstract: A computer-implemented method for recognizing and/or preventing an intrusion into a service-oriented communication system of a vehicle, including registering a process originating from an instance in the service-oriented communication system, and checking, at least based on a predetermined negative list, whether the process in the service-oriented communication system is impermissible. A service-oriented communication system in a vehicle, which is designed to apply the method for recognizing and/or preventing an intrusion into the service-oriented communication system, optionally the communication system being safeguarded via the method for recognizing and/or preventing an intrusion into the service-oriented communication system.
    Type: Application
    Filed: August 19, 2022
    Publication date: March 2, 2023
    Inventors: Paulius Duplys, Tobias Gehrmann