Patents by Inventor Jarno Niemela
Jarno Niemela has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240160753Abstract: A threat detection network, an endpoint of a threat detection network, a server of a threat detection network and a method for protecting sensitive data in a threat detection network, which threat detection network includes at least one end point, at least one server and an encryption key storage, such as a key server. In the method the endpoint generates a data encryption key to be used for encrypting sensitive data and the endpoint sends the encryption key to the encryption key storage. When the endpoint records an event, it checks the event related information for identifying sensitive data. The endpoint uses the encryption key to encrypt the event related information identified as sensitive data. The endpoint sends at least part of the event related information with encrypted sensitive data to the at least one server.Type: ApplicationFiled: November 7, 2023Publication date: May 16, 2024Inventors: Jarno NIEMELÄ, Neeraj SINGH, Antti PIETARINEN
-
Patent number: 11824831Abstract: It is provided a method, comprising monitoring if a firewall receives a first packet and a second packet, wherein the first packet is directed to a IP address and a first port number; the second packet is directed to the IP address and a second port number; a hole through a firewall is punched for the IP address a hole port number different from the first port number and the second port number; the first packet has a first payload; the second packet has a second payload; and the method comprises checking if the first payload is substantially the same as the second payload; causing the firewall to block the first packet and the second packet if the firewall receives the first packet and the second packet and the first payload is substantially the same as the second payload.Type: GrantFiled: April 16, 2020Date of Patent: November 21, 2023Assignee: F-Secure CorporationInventor: Jarno Niemelä
-
Publication number: 20230269261Abstract: An arrangement and a method of privilege escalation detection in a computer or computer network.Type: ApplicationFiled: February 22, 2023Publication date: August 24, 2023Inventor: Jarno NIEMELÄ
-
Patent number: 11436326Abstract: A method of scanning files for malware on a computer system. The method comprises detecting a file to be scanned for malware in the computer system, determining the file being a partial file that comprises only a part of the file content, searching for an original clean file associated with the partial file, wherein the original clean file is a full copy of the partial file, based on finding a candidate original clean file associated with the partial file, calculating a partial hash of the same length as the partial file for the candidate original clean file, and based on determining that partial hashes of the candidate original clean file and the partial file match, signalling a false alarm.Type: GrantFiled: June 11, 2020Date of Patent: September 6, 2022Assignee: WithSecure CorporationInventor: Jarno Niemelä
-
Patent number: 11265335Abstract: A method comprising: monitoring events collected from a plurality of network nodes; detecting a first suspicious event among the monitored events by a detection mechanism; monitoring the behaviour of the first suspicious event and any related events; in case the monitored first suspicious event and/or a related event is detected to perform an activity triggering an IOC (indicator of compromise, generating a new IOC; monitoring new events when the activity ends; comparing the behaviour of the new events with the behaviour of the generated IOC; in case a matching behaviour is found, merging the new event with the first suspicious event and/or related events related to the generated IOC; and generating a security related decision on the basis of the IOC.Type: GrantFiled: June 26, 2019Date of Patent: March 1, 2022Assignee: F-Secure CorporationInventor: Jarno Niemela
-
Patent number: 11070567Abstract: Method of detecting an attack against a function on a client computer including generating a first hash value having a weak collision resistance; sending the first hash value to a server computer for storing to a database of known hash value pairs, a hash value pair including the first hash value and a second hash value calculated for the entity, the second hash value having a strong collision resistance, receiving a request for the entity with an object including a first hash value and a second hash value; accepting the received object and transmitting data relating to the received object to the server computer for a validity check when the first hash value of the received object is identical with the first hash value stored in the local database, and detecting a hash collision attempt when the hash value pairs do not match.Type: GrantFiled: April 16, 2018Date of Patent: July 20, 2021Assignee: F-Secure CorporationInventor: Jarno Niemelä
-
Patent number: 11032313Abstract: There are provided measures for enabling dynamic remote malware scanning. Such measures could exemplarily include identification of an electronic file to be scanned for malware, generation of at least one scanning object of the identified electronic file on the basis of a dynamic configuration by a remote entity, said at least one scanning object being generated by using malware-susceptible data of the identified electronic file and neglecting malware-insusceptible data of the identified electronic file, transfer of the at least one scanning object of the identified electronic file for remote malware scanning to the remote entity, and execution of a malware scan of the at least one scanning object of the electronic file at the remote entity by a malware scanning engine or application.Type: GrantFiled: February 18, 2016Date of Patent: June 8, 2021Assignee: F-Secure CorporationInventors: Juha Ylipekkala, Jammu Kekkonen, Andrew Patel, Jarno Niemela, Jari Savander, Jani Jappinen, Juho Heikkinen, Zimry Ong
-
Patent number: 11030309Abstract: There is provided a method of detecting a threat against a computer system. The method comprises: creating a modular representation of behavior of known applications on the basis of sub-components of a set of known applications; entering the modular representation to an evolutionary analysis system for generating previously unknown combinations of the procedures; storing the generated previously unknown combinations as candidate descendants of known applications to a future threat candidate database; monitoring the behavior of the computer system to detect one or more procedures matching the behavior of a stored candidate descendant in the future threat candidate database; and upon detection of one or more procedures matching the behavior of the stored candidate descendant and if the stored candidate descendant is determined to be malicious or suspicious, identifying the running application as malicious or suspicious.Type: GrantFiled: December 18, 2018Date of Patent: June 8, 2021Assignee: F-Secure CorporationInventor: Jarno Niemelä
-
Publication number: 20200394298Abstract: A method of scanning files for malware on a computer system. The method comprises detecting a file to be scanned for malware in the computer system, determining the file being a partial file that comprises only a part of the file content, searching for an original clean file associated with the partial file, wherein the original clean file is a full copy of the partial file, based on finding a candidate original clean file associated with the partial file, calculating a partial hash of the same length as the partial file for the candidate original clean file, and based on determining that partial hashes of the candidate original clean file and the partial file match, signalling a false alarm.Type: ApplicationFiled: June 11, 2020Publication date: December 17, 2020Inventor: Jarno NIEMELÄ
-
Publication number: 20200336460Abstract: It is provided a method, comprising monitoring if a firewall receives a first packet and a second packet, wherein the first packet is directed to a IP address and a first port number; the second packet is directed to the IP address and a second port number; a hole through a firewall is punched for the IP address a hole port number different from the first port number and the second port number; the first packet has a first payload; the second packet has a second payload; and the method comprises checking if the first payload is substantially the same as the second payload; causing the firewall to block the first packet and the second packet if the firewall receives the first packet and the second packet and the first payload is substantially the same as the second payload.Type: ApplicationFiled: April 16, 2020Publication date: October 22, 2020Inventor: Jarno NIEMELÄ
-
Patent number: 10565375Abstract: There is provided a method for improving security of computer resources, including obtaining raw memory snapshots of a computer memory of one or more computing systems during runtime of identical processes relating to a predetermined application or a service; forming a map of expected memory behaviour relating to the application or the service based on the obtained raw memory snapshots; monitoring the memory behaviour of a computing system during the execution of the same application or the service; comparing the monitored memory behaviour of the computing system with the formed map of expected memory behaviour; and in the event that a deviation from the expected memory behaviour is detected based on the comparison, triggering an alert.Type: GrantFiled: January 23, 2017Date of Patent: February 18, 2020Assignee: F-Secure CorporationInventors: Jarno Niemelä, Matteo Cafasso
-
Publication number: 20200007560Abstract: A method including: monitoring events collected from a plurality of network nodes; detecting a first suspicious event among the monitored events by a detection mechanism; monitoring the behaviour of the first suspicious event and any related events; in case the monitored first suspicious event and/or a related event is detected to perform an activity triggering an incident of compromise (IOC), generating a new IOC; monitoring new events when the activity ends; comparing the behaviour of the new events with the behaviour of the generated IOC; in case a matching behaviour is found, merging the new event with the first suspicious event and/or related events related to the generated IOC; and generating a security related decision on the basis of the IOC.Type: ApplicationFiled: June 26, 2019Publication date: January 2, 2020Inventor: Jarno Niemela
-
Patent number: 10412078Abstract: There are provided measures for enabling advanced local-network threat response. Such measures could exemplarily comprise receiving, at a local-network honeypot entity, a username/password related authentication data in relation to a login attempt to the honeypot entity, triggering a threat response operation at a local-network backend entity upon detection of the username/password related authentication data, the threat response operation comprising testing validity of the username/password related authentication data in one or more local accounts of the local-network, and in case the username/password related authentication data is detected to be valid for any account in the local-network, determining that said account is compromised and locking the compromised account.Type: GrantFiled: October 6, 2017Date of Patent: September 10, 2019Assignee: F-SECURE CORPORATIONInventors: Jarno Niemelä, Janne Pirttilahti, Marko Finnig
-
Publication number: 20190188377Abstract: There is provided a method of detecting a threat against a computer system. The method includes creating a modular representation of behavior of known applications on the basis of sub-components of a set of known applications; entering the modular representation to an evolutionary analysis system for generating previously unknown combinations of the procedures; storing the generated previously unknown combinations as candidate descendants of known applications to a future threat candidate database; monitoring the behavior of the computer system to detect one or more procedures matching the behavior of a stored candidate descendant in the future threat candidate database; and upon detection of one or more procedures matching the behavior of the stored candidate descendant and if the stored candidate descendant is determined to be malicious or suspicious, identifying the running application as malicious or suspicious.Type: ApplicationFiled: December 18, 2018Publication date: June 20, 2019Inventor: Jarno NIEMELÄ
-
Patent number: 10282545Abstract: There are provided measures for enabling the detection of a malware-usable clean file or, stated differently, the detection of malware using a clean file. Such measures could exemplarily include identifying a vulnerable clean file in a computer system, which does not constitute malware but is vulnerable for usage by malware, checking the vulnerable clean file for its threat of usage by malware, and detecting the vulnerable clean file as malware-usable clean file on the basis of a result of said checking of its threat of usage by malware.Type: GrantFiled: February 1, 2017Date of Patent: May 7, 2019Assignee: F-Secure CorporationInventor: Jarno Niemelä
-
Patent number: 10270804Abstract: A method of detecting unauthorized use of a webcam or a microphone on a computer system, the method including, at the computer, identifying a process that is using the webcam or the microphone, determining whether information is visibly displayed by the computer system to indicate to a user the use of the webcam or the microphone by the process; and using a result of the step of determining to identify said process as malware or potential malware.Type: GrantFiled: August 10, 2015Date of Patent: April 23, 2019Assignee: F-Secure CorporationInventor: Jarno Niemela
-
Patent number: 10148643Abstract: A method of authenticating or controlling a software application on an end user device. The method includes selecting a code signing certificate related to an application developer; selecting one or more clean files from a database of known clean files signed with the selected code signing certificate; generating an application developer identification for the application developer on the basis of data extracted from the selected one or more clean files; adding the generated application developer identification to a database of trusted application developer certificates; comparing a signature related to a software application to be installed on an end user device with the application developer identification for authenticating said signature; and in the event that authentication is successful, performing authentication of the software application code and/or controlling installation and/or operation of the software application.Type: GrantFiled: March 2, 2017Date of Patent: December 4, 2018Assignee: F-Secure CorporationInventors: Jarno Niemelä, Mikko Hyykoski
-
Patent number: 10127382Abstract: A method of detecting malware on a client computer, the method including generating a hash of an entity at the client computer, whereby the entity is suspected to be malware, sending the hash to a network server, considering the reputation of the hash at the network server by comparing the hash to a database of hashes of known reputation, returning the results of said considering to the client computer, and, if the reputation is not known at the server, sending instructions to the client computer for obtaining further information about the entity at the client computer, wherein said further information is obtained by executing code at the client computer sent by the server to the client computer after said considering the reputation if said code is not stored at the client computer before said generating a hash.Type: GrantFiled: October 19, 2015Date of Patent: November 13, 2018Assignee: F-Secure CorporationInventors: Paolo Palumbo, Dmitry Komashinskiy, Juha Ylipekkala, Jarno Niemela
-
Publication number: 20180302419Abstract: Method of detecting an attack against a function on a client computer including generating a first hash value having a weak collision resistance; sending the first hash value to a server computer for storing to a database of known hash value pairs, a hash value pair including the first hash value and a second hash value calculated for the entity, the second hash value having a strong collision resistance, receiving a request for the entity with an object including a first hash value and a second hash value; accepting the received object and transmitting data relating to the received object to the server computer for a validity check when the first hash value of the received object is identical with the first hash value stored in the local database, and detecting a hash collision attempt when the hash value pairs do not match.Type: ApplicationFiled: April 16, 2018Publication date: October 18, 2018Inventor: Jarno Niemela
-
Patent number: 10050977Abstract: A method of authenticating or controlling a software application on an end user device. The method includes, at the end user device, downloading software application data from a remote server, the data including application code, a cryptographically derived signature obtained using said application code, and an identity of an application developer. The identity is then used as a look-up key to obtain or authenticate a public key of the application data, and to obtain one or more associated installation and/or operation conditions. The cryptographically derived signature is authenticated using said application code and said public key, and, in the event that authentication is successful, authentication of the application code is performed and/or installation and/or operation of the application controlled using said conditions.Type: GrantFiled: January 19, 2016Date of Patent: August 14, 2018Assignee: F-Secure CorporationInventor: Jarno Niemela