Patents by Inventor Olli-Pekka NIEMI
Olli-Pekka NIEMI has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11695736Abstract: A system for processing data is disclosed that includes a first processor configured to operate one or more algorithms to identify a user identity as a function of user metadata and to provide access to a predetermined network resource using a cloud-based explicit proxy as a function of the user identity and one or more service requests, the first processor configured to operate one or more algorithms to detect a change in the one or more service requests and wherein access to the predetermined network resources using the cloud-based explicit proxy is modified as a function of the detected change in the one or more service requests.Type: GrantFiled: March 12, 2021Date of Patent: July 4, 2023Assignee: FORCEPOINT LLCInventors: Olli-Pekka Niemi, Ville Mattila
-
Patent number: 11418542Abstract: A system for providing network data processing, comprising a processor operating one of more algorithms that are configured to interface with one or more clients to receive a client hello data message. A transport layer security extension extraction system operating on the processor and configured to extract an extension from the client hello data message. A transport layer security extension identification system operating on the processor and configured to process the extension from the client hello data message and to identify a data networking session using the extension.Type: GrantFiled: January 23, 2020Date of Patent: August 16, 2022Assignee: FORCEPOINT LLCInventors: Jenny Anniina Heino, Tuomo Syvanne, Welf Christian Jalio, Olli-Pekka Niemi
-
Publication number: 20220103527Abstract: A system for processing data is disclosed that includes a first processor configured to operate one or more algorithms to identify a user identity as a function of user metadata and to provide access to a predetermined network resource using a cloud-based explicit proxy as a function of the user identity and one or more service requests, the first processor configured to operate one or more algorithms to detect a change in the one or more service requests and wherein access to the predetermined network resources using the cloud-based explicit proxy is modified as a function of the detected change in the one or more service requests.Type: ApplicationFiled: March 12, 2021Publication date: March 31, 2022Applicant: Forcepoint LLCInventors: Olli-Pekka Niemi, Ville Mattila
-
Publication number: 20220103526Abstract: A system for processing data that includes a first processor configured to operate one or more algorithms to provide a proxy for each of a plurality of external network communications segments and internal network communications segments associated with a specific use, the first processor configured to operate one or more algorithms to provide a firewall agent that performs firewall processing for each of the plurality of external network communications segments and the internal network communications segments and wherein the explicit proxy is installed using a proxy auto configuration file that is associated with the firewall agent.Type: ApplicationFiled: March 3, 2021Publication date: March 31, 2022Applicant: Forcepoint LLCInventors: Olli-Pekka Niemi, Ville K. Mattila
-
Publication number: 20210234895Abstract: A system for providing network data processing, comprising a processor operating one of more algorithms that are configured to interface with one or more clients to receive a client hello data message. A transport layer security extension extraction system operating on the processor and configured to extract an extension from the client hello data message. A transport layer security extension identification system operating on the processor and configured to process the extension from the client hello data message and to identify a data networking session using the extension.Type: ApplicationFiled: January 23, 2020Publication date: July 29, 2021Applicant: Forcepoint LLCInventors: Jenny Anniina Heino, Tuomo Syvanne, Welf Christian Jalio, Olli-Pekka Niemi
-
Patent number: 11070533Abstract: A method, system, and computer-usable medium are disclosed for: (i) determining if a server response from a server received at a security device and intended for a client includes original encryption key information for encrypting identifying information associated with the server; (ii) if the server response includes original encryption key information for encrypting identifying information associated with the server, determining if a network policy provides for decryption of identifying information associated with the server; and (iii) if the network policy provides for decryption of identifying information associated with the server, replacing the original encryption key information with modified encryption key information associated with the security device and communicating the server response to the client with the modified encryption key information associated with the security device.Type: GrantFiled: October 10, 2019Date of Patent: July 20, 2021Assignee: Forcepoint LLCInventors: Olli-Pekka Niemi, Andrew Mortensen, Valtteri Rahkonen
-
Publication number: 20210112040Abstract: A method, system, and computer-usable medium are disclosed for: (i) determining if a server response from a server received at a security device and intended for a client includes original encryption key information for encrypting identifying information associated with the server; (ii) if the server response includes original encryption key information for encrypting identifying information associated with the server, determining if a network policy provides for decryption of identifying information associated with the server; and (iii) if the network policy provides for decryption of identifying information associated with the server, replacing the original encryption key information with modified encryption key information associated with the security device and communicating the server response to the client with the modified encryption key information associated with the security device.Type: ApplicationFiled: October 10, 2019Publication date: April 15, 2021Applicant: Forcepoint LLCInventors: Olli-Pekka NIEMI, Andrew MORTENSEN, Valtteri RAHKONEN
-
Publication number: 20210051132Abstract: A system for controlling a network, comprising a plurality of host computers configured to communicate over the network. A plurality of server computers configured to provide services to the plurality of host computers. An address allocator operating on one or more processors and configured to implement one or more algorithms that cause a range of addresses to be assigned to each of the server computers, wherein each of the host computers receives one of the addresses for use as part of a service request from the host computer to the server computer.Type: ApplicationFiled: August 16, 2019Publication date: February 18, 2021Applicant: Forcepoint LLCInventors: Lawrence B. Huston, III, David James Usher, Olli-Pekka Niemi
-
Patent number: 10834131Abstract: A method, system, and computer-usable medium are disclosed for (a) responsive to communication of a client handshake from a client to a server for establishing encrypted communications between the client and the server: (i) holding open, by an intermediate verification system interfaced between the server and the client, the client handshake; and (ii) opening a connection between the intermediate verification system and the server via which the intermediate verification system issues a server verification handshake to the server; (b) responsive to issuance of the server verification handshake to the server, receiving a server certificate associated with the server by the intermediate verification system; (c) responsive to receipt of the server certificate, processing, by the intermediate verification system, the server certificate to determine an identity of the server; and (d) rendering, by the intermediate verification system, a security policy decision regarding traffic between the server and client basedType: GrantFiled: November 28, 2017Date of Patent: November 10, 2020Assignee: Forcepoint LLCInventors: Tuomo Syvänne, Olli-Pekka Niemi, Valtteri Rahkonen
-
Patent number: 10805420Abstract: A method, system, and computer-usable medium are disclosed for network acceleration, comprising: responsive to receiving at an acceleration device a stream of one or more datagrams from a sending endpoint device within a first local area network of the acceleration device, the stream for transmission to a receiving endpoint device within a second local area network coupled to the first local area network by a wide area network: communicating by the acceleration device to the sending endpoint device a respective acknowledgement to each of the one or more datagrams; and transmitting by the acceleration device the one or more datagrams via multiple communication links of the wide area network to a second acceleration device within the second local area network and coupled to the receiving endpoint device.Type: GrantFiled: November 29, 2017Date of Patent: October 13, 2020Assignee: Forcepoint LLCInventors: Tuomo Syvänne, Olli-Pekka Niemi, Valtteri Rahkonen, Ville Mattila
-
Publication number: 20200092264Abstract: A method, system, and computer-usable medium are disclosed for, responsive to receipt at a security device of a connection request from a client to a server receiving a message from the client to the server, extracting from a memory associated with the client a secret for performing decryption of application messages communicated from the server to the client, and using the secret to decrypt the application messages to perform at least one of monitoring and inspection of the application messages as decrypted in accordance with a security policy, while allowing the client and the server to maintain an end-to-end connection without intermediate termination at the security device.Type: ApplicationFiled: September 17, 2018Publication date: March 19, 2020Applicant: Forcepoint LLCInventors: Valtteri RAHKONEN, Kurt NATVIG, Olli-Pekka NIEMI, Mike GREEN
-
Publication number: 20190166160Abstract: A method, system, and computer-usable medium are disclosed for (a) responsive to communication of a client handshake from a client to a server for establishing encrypted communications between the client and the server: (i) holding open, by an intermediate verification system interfaced between the server and the client, the client handshake; and (ii) opening a connection between the intermediate verification system and the server via which the intermediate verification system issues a server verification handshake to the server; (b) responsive to issuance of the server verification handshake to the server, receiving a server certificate associated with the server by the intermediate verification system; (c) responsive to receipt of the server certificate, processing, by the intermediate verification system, the server certificate to determine an identity of the server; and (d) rendering, by the intermediate verification system, a security policy decision regarding traffic between the server and client basedType: ApplicationFiled: November 28, 2017Publication date: May 30, 2019Applicant: Forcepoint LLCInventors: Tuomo SYVÄNNE, Olli-Pekka NIEMI, Valtteri RAHKONEN
-
Publication number: 20190166220Abstract: A method, system, and computer-usable medium are disclosed for network acceleration, comprising: responsive to receiving at an acceleration device a stream of one or more datagrams from a sending endpoint device within a first local area network of the acceleration device, the stream for transmission to a receiving endpoint device within a second local area network coupled to the first local area network by a wide area network: communicating by the acceleration device to the sending endpoint device a respective acknowledgement to each of the one or more datagrams; and transmitting by the acceleration device the one or more datagrams via multiple communication links of the wide area network to a second acceleration device within the second local area network and coupled to the receiving endpoint device.Type: ApplicationFiled: November 29, 2017Publication date: May 30, 2019Applicant: Forcepoint LLCInventors: Tuomo SYVÄNNE, Olli-Pekka NIEMI, Valtteri RAHKONEN, Ville MATTILA