Patents by Inventor Valtteri RAHKONEN
Valtteri RAHKONEN has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11483394Abstract: A method, system, and computer-usable medium are disclosed for, responsive to communication of a client handshake to a server for establishing communications between the client and server, managing handshake messages between the client and server until an application layer message is communicated from the client, such that a connection between the client and the server appears to be established, and responsive to communication of the application layer message from the client, rendering a policy decision with respect to a connection between the client and the server based on a payload of the application layer message, the policy decision defining a selected path between the client and the server and including a chosen target device from a plurality of potential target devices, wherein the chosen target device is within the selected path and establishing the selected path for communication between the client and the server in accordance with the policy decision.Type: GrantFiled: February 8, 2018Date of Patent: October 25, 2022Assignee: Forcepoint LLCInventors: Valtteri Rahkonen, Tuomo Syvänne
-
Patent number: 11374977Abstract: A method, system, and computer-usable medium are disclosed for managing network communication by, responsive to an attempted connection from a client to a server, receiving information regarding the connection from the client, determining if the information regarding the connection matches an entry of a reputation cache, and responsive to determining that the information regarding the connection matches an entry of the reputation cache, undertaking a remedial action in accordance with a security policy.Type: GrantFiled: September 20, 2018Date of Patent: June 28, 2022Assignee: Forcepoint LLCInventors: Valtteri Rahkonen, Jaakko Moller
-
Patent number: 11212259Abstract: A method, system, and computer-usable medium are disclosed for performing packet processing of network traffic on a master security device of a plurality of security devices, such packet processing including connection tracking for the network traffic, and offloading packet inspection of the network traffic to one or more slave security devices of the plurality of security devices.Type: GrantFiled: February 9, 2018Date of Patent: December 28, 2021Assignee: Forcepoint LLCInventors: Mika Lansirinne, Valtteri Rahkonen, Pekka Riikonen
-
Patent number: 11070533Abstract: A method, system, and computer-usable medium are disclosed for: (i) determining if a server response from a server received at a security device and intended for a client includes original encryption key information for encrypting identifying information associated with the server; (ii) if the server response includes original encryption key information for encrypting identifying information associated with the server, determining if a network policy provides for decryption of identifying information associated with the server; and (iii) if the network policy provides for decryption of identifying information associated with the server, replacing the original encryption key information with modified encryption key information associated with the security device and communicating the server response to the client with the modified encryption key information associated with the security device.Type: GrantFiled: October 10, 2019Date of Patent: July 20, 2021Assignee: Forcepoint LLCInventors: Olli-Pekka Niemi, Andrew Mortensen, Valtteri Rahkonen
-
Publication number: 20210112040Abstract: A method, system, and computer-usable medium are disclosed for: (i) determining if a server response from a server received at a security device and intended for a client includes original encryption key information for encrypting identifying information associated with the server; (ii) if the server response includes original encryption key information for encrypting identifying information associated with the server, determining if a network policy provides for decryption of identifying information associated with the server; and (iii) if the network policy provides for decryption of identifying information associated with the server, replacing the original encryption key information with modified encryption key information associated with the security device and communicating the server response to the client with the modified encryption key information associated with the security device.Type: ApplicationFiled: October 10, 2019Publication date: April 15, 2021Applicant: Forcepoint LLCInventors: Olli-Pekka NIEMI, Andrew MORTENSEN, Valtteri RAHKONEN
-
Patent number: 10834131Abstract: A method, system, and computer-usable medium are disclosed for (a) responsive to communication of a client handshake from a client to a server for establishing encrypted communications between the client and the server: (i) holding open, by an intermediate verification system interfaced between the server and the client, the client handshake; and (ii) opening a connection between the intermediate verification system and the server via which the intermediate verification system issues a server verification handshake to the server; (b) responsive to issuance of the server verification handshake to the server, receiving a server certificate associated with the server by the intermediate verification system; (c) responsive to receipt of the server certificate, processing, by the intermediate verification system, the server certificate to determine an identity of the server; and (d) rendering, by the intermediate verification system, a security policy decision regarding traffic between the server and client basedType: GrantFiled: November 28, 2017Date of Patent: November 10, 2020Assignee: Forcepoint LLCInventors: Tuomo Syvänne, Olli-Pekka Niemi, Valtteri Rahkonen
-
Patent number: 10819683Abstract: A method, system, and computer-usable medium are disclosed for performing deep packet inspection of network traffic, comprising: receiving a unit of one or more network packets, calculating a calculated fingerprint for data within the unit, determining a current inspection context, determining whether the calculated fingerprint and the current inspection context matches an entry stored in a cache, wherein the entry includes a stored fingerprint and a cached inspection context, and performing operations associated with deep packet inspection of the unit based on whether the calculated fingerprint and the current inspection context match the entry.Type: GrantFiled: November 20, 2017Date of Patent: October 27, 2020Assignee: Forcepoint LLCInventors: Valtteri Rahkonen, Kari Nurmela
-
Patent number: 10805420Abstract: A method, system, and computer-usable medium are disclosed for network acceleration, comprising: responsive to receiving at an acceleration device a stream of one or more datagrams from a sending endpoint device within a first local area network of the acceleration device, the stream for transmission to a receiving endpoint device within a second local area network coupled to the first local area network by a wide area network: communicating by the acceleration device to the sending endpoint device a respective acknowledgement to each of the one or more datagrams; and transmitting by the acceleration device the one or more datagrams via multiple communication links of the wide area network to a second acceleration device within the second local area network and coupled to the receiving endpoint device.Type: GrantFiled: November 29, 2017Date of Patent: October 13, 2020Assignee: Forcepoint LLCInventors: Tuomo Syvänne, Olli-Pekka Niemi, Valtteri Rahkonen, Ville Mattila
-
Patent number: 10791135Abstract: A method, system, and computer-usable medium are disclosed for, responsive to establishment of a connection between a first endpoint device and a second endpoint device: maintaining, by a security device interfaced between the first endpoint device and the second endpoint device for inspecting traffic transmitted over the connection, a first communication state to be identical to a communication state of the first endpoint device; and maintaining, by the security device, a second communication state to be identical to a communication state of the second endpoint device; and responsive to transmission of traffic from the first endpoint and intended for the second endpoint: inspecting individual objects of the traffic; modifying stream identifiers of the individual objects prior to retransmission of the traffic to the second endpoint to maintain ordering of stream identifiers as seen by the second endpoint; and maintaining a mapping of the modified stream identifiers such that the mapping is used by the securitType: GrantFiled: October 17, 2018Date of Patent: September 29, 2020Assignee: Forcepoint LLCInventors: Mirja Halme, Otto Airamo, Valtteri Rahkonen, Tuomo Syvänne
-
Patent number: 10664342Abstract: A method, system, and computer-usable medium are disclosed for, responsive to receipt at an information handling system of a command to transmit an executable file to a second information handling system, scanning the executable file to determine if the executable file includes debug information, and responsive to determining that the executable file includes debug information, taking remedial action with respect to the executable file.Type: GrantFiled: August 21, 2018Date of Patent: May 26, 2020Assignee: Forcepoint LLCInventors: Ville Mattila, Valtteri Rahkonen, Otto Airamo
-
Publication number: 20200128032Abstract: A method, system, and computer-usable medium are disclosed for, responsive to establishment of a connection between a first endpoint device and a second endpoint device: maintaining, by a security device interfaced between the first endpoint device and the second endpoint device for inspecting traffic transmitted over the connection, a first communication state to be identical to a communication state of the first endpoint device; and maintaining, by the security device, a second communication state to be identical to a communication state of the second endpoint device; and responsive to transmission of traffic from the first endpoint and intended for the second endpoint: inspecting individual objects of the traffic; modifying stream identifiers of the individual objects prior to retransmission of the traffic to the second endpoint to maintain ordering of stream identifiers as seen by the second endpoint; and maintaining a mapping of the modified stream identifiers such that the mapping is used by the securitType: ApplicationFiled: October 17, 2018Publication date: April 23, 2020Applicant: Forcepoint LLCInventors: Mirja Halme, Otto Airamo, Valtteri Rahkonen, Tuomo Syvänne
-
Publication number: 20200099719Abstract: A method, system, and computer-usable medium are disclosed for managing network communication by, responsive to an attempted connection from a client to a server, receiving information regarding the connection from the client, determining if the information regarding the connection matches an entry of a reputation cache, and responsive to determining that the information regarding the connection matches an entry of the reputation cache, undertaking a remedial action in accordance with a security policy.Type: ApplicationFiled: September 20, 2018Publication date: March 26, 2020Applicant: Forcepoint LLCInventors: Valtteri RAHKONEN, Jaakko MOLLER
-
Publication number: 20200092264Abstract: A method, system, and computer-usable medium are disclosed for, responsive to receipt at a security device of a connection request from a client to a server receiving a message from the client to the server, extracting from a memory associated with the client a secret for performing decryption of application messages communicated from the server to the client, and using the secret to decrypt the application messages to perform at least one of monitoring and inspection of the application messages as decrypted in accordance with a security policy, while allowing the client and the server to maintain an end-to-end connection without intermediate termination at the security device.Type: ApplicationFiled: September 17, 2018Publication date: March 19, 2020Applicant: Forcepoint LLCInventors: Valtteri RAHKONEN, Kurt NATVIG, Olli-Pekka NIEMI, Mike GREEN
-
Publication number: 20200065182Abstract: A method, system, and computer-usable medium are disclosed for, responsive to receipt at an information handling system of a command to transmit an executable file to a second information handling system, scanning the executable file to determine if the executable file includes debug information, and responsive to determining that the executable file includes debug information, taking remedial action with respect to the executable file.Type: ApplicationFiled: August 21, 2018Publication date: February 27, 2020Applicant: Forcepoint LLCInventors: Ville MATTILA, Valtteri RAHKONEN, Otto AIRAMO
-
Publication number: 20190327263Abstract: A method, system, and computer-usable medium are disclosed for, responsive to receipt of traffic from a server to a client, parsing content of the traffic, and injecting additional content into original content of the server response to override an action of the original content, such that when the client executes the content of the traffic the client determines whether the content includes additional content that overrides the action of the original content, and in response to determining that the content includes additional content that overrides the action of the original content, communicates parameters associated with execution of the action to an inspection service to determine if the action is malicious.Type: ApplicationFiled: April 18, 2018Publication date: October 24, 2019Applicant: Forcepoint LLCInventors: Christian JALIO, Valtteri RAHKONEN, Antti LEVOMÄKI
-
Publication number: 20190253391Abstract: A method, system, and computer-usable medium are disclosed for performing packet processing of network traffic on a master security device of a plurality of security devices, such packet processing including connection tracking for the network traffic, and offloading packet inspection of the network traffic to one or more slave security devices of the plurality of security devices.Type: ApplicationFiled: February 9, 2018Publication date: August 15, 2019Applicant: Forcepoint LLCInventors: Mika LANSIRINNE, Valtteri RAHKONEN, Pekka RIIKONEN
-
Publication number: 20190245930Abstract: A method, system, and computer-usable medium are disclosed for, responsive to communication of a client handshake to a server for establishing communications between the client and server, managing handshake messages between the client and server until an application layer message is communicated from the client, such that a connection between the client and the server appears to be established, and responsive to communication of the application layer message from the client, rendering a policy decision with respect to a connection between the client and the server based on a payload of the application layer message, the policy decision defining a selected path between the client and the server and including a chosen target device from a plurality of potential target devices, wherein the chosen target device is within the selected path and establishing the selected path for communication between the client and the server in accordance with the policy decision.Type: ApplicationFiled: February 8, 2018Publication date: August 8, 2019Applicant: Forcepoint LLCInventors: Valtteri RAHKONEN, Tuomo SYVÄNNE
-
Publication number: 20190166220Abstract: A method, system, and computer-usable medium are disclosed for network acceleration, comprising: responsive to receiving at an acceleration device a stream of one or more datagrams from a sending endpoint device within a first local area network of the acceleration device, the stream for transmission to a receiving endpoint device within a second local area network coupled to the first local area network by a wide area network: communicating by the acceleration device to the sending endpoint device a respective acknowledgement to each of the one or more datagrams; and transmitting by the acceleration device the one or more datagrams via multiple communication links of the wide area network to a second acceleration device within the second local area network and coupled to the receiving endpoint device.Type: ApplicationFiled: November 29, 2017Publication date: May 30, 2019Applicant: Forcepoint LLCInventors: Tuomo SYVÄNNE, Olli-Pekka NIEMI, Valtteri RAHKONEN, Ville MATTILA
-
Publication number: 20190166160Abstract: A method, system, and computer-usable medium are disclosed for (a) responsive to communication of a client handshake from a client to a server for establishing encrypted communications between the client and the server: (i) holding open, by an intermediate verification system interfaced between the server and the client, the client handshake; and (ii) opening a connection between the intermediate verification system and the server via which the intermediate verification system issues a server verification handshake to the server; (b) responsive to issuance of the server verification handshake to the server, receiving a server certificate associated with the server by the intermediate verification system; (c) responsive to receipt of the server certificate, processing, by the intermediate verification system, the server certificate to determine an identity of the server; and (d) rendering, by the intermediate verification system, a security policy decision regarding traffic between the server and client basedType: ApplicationFiled: November 28, 2017Publication date: May 30, 2019Applicant: Forcepoint LLCInventors: Tuomo SYVÄNNE, Olli-Pekka NIEMI, Valtteri RAHKONEN
-
Publication number: 20190158464Abstract: A method, system, and computer-usable medium are disclosed for performing deep packet inspection of network traffic, comprising: receiving a unit of one or more network packets, calculating a calculated fingerprint for data within the unit, determining a current inspection context, determining whether the calculated fingerprint and the current inspection context matches an entry stored in a cache, wherein the entry includes a stored fingerprint and a cached inspection context, and performing operations associated with deep packet inspection of the unit based on whether the calculated fingerprint and the current inspection context match the entry.Type: ApplicationFiled: November 20, 2017Publication date: May 23, 2019Applicant: Forcepoint LLCInventors: Valtteri RAHKONEN, Kari NURMELA