Patents Assigned to SSH Communication Security OYJ
-
Patent number: 10574634Abstract: The disclosure relates to apparatuses and methods for managing authenticator information in a computerized system. An access request to a host comprising an authenticator is processed to cause searching in an authenticator management host for information corresponding to the authenticator and searching in a directory internal to the host for information corresponding to the authenticator. Modification of information corresponding to the authenticator can then be provided based on the searching.Type: GrantFiled: February 10, 2017Date of Patent: February 25, 2020Assignee: SSH Communications Security OYJInventors: Tero Mononen, Markku Rossi, Marko Teiste
-
Patent number: 10530814Abstract: Certain embodiments provide means for managing automated access to computers, e.g., using SSH user keys and other kinds of trust relationships. Certain embodiments also provide for managing certificates, Kerberos credentials, and cryptographic keys. Certain embodiments provide for remediating legacy SSH key problems and for automating configuration of SSH keys, as well as for continuous monitoring.Type: GrantFiled: March 15, 2017Date of Patent: January 7, 2020Assignee: SSH Communications Security OYJInventor: Tatu J. Ylonen
-
Patent number: 10523674Abstract: Various mechanisms can be used for authorizing access between entities in a computing environment. Configuring such access may involve configuration data stored on one or more of the computing devices or stored externally to the computing devices. Various aspect are disclosed herein for collecting, analyzing, correlating, organizing, storing, using and/or displaying such information, for example in the form of pre-analyzed access relationships between entities in the computing environment. In accordance with an aspect access-related configuration information is collected from a plurality of entities and an access relationship between two or more entities is determined based on the configuration information. Information about the determined access relationship is stored in a non-volatile storage.Type: GrantFiled: June 23, 2017Date of Patent: December 31, 2019Assignee: SSH COMMUNICATIONS SECURITY OYJInventor: Tatu Ylönen
-
Patent number: 10523445Abstract: A hybrid computer network environment can include a first type of hosts and a second type of hosts. An apparatus adapted to receive requests for access to hosts obtains authenticators for accessing the hosts. The apparatus can further determine the type of the hosts and process the requests for access using a first type of authenticator for access to the first type of hosts and a second type of authenticators for access to the second type of hosts.Type: GrantFiled: November 28, 2016Date of Patent: December 31, 2019Assignee: SSH Communications Security OYJInventor: Markku Rossi
-
Patent number: 10469533Abstract: Encrypted SFTP file transfers and other encrypted file transfers may be audited and what files can be transferred may be controlled at a firewall or other gateway. Transferred files may be subjected to data loss prevention analysis and/or virus checks.Type: GrantFiled: January 24, 2013Date of Patent: November 5, 2019Assignee: SSH COMMUNICATIONS SECURITY OYJInventors: Tatu J. Ylonen, Samuel Douglas Lavitt
-
Patent number: 10389722Abstract: The disclosure relates to access relationships, more particularly to controlling access relationships between entities in a computerized system. In the disclose arrangement a first access relationship between a first entity and a second entity is determined. At least one intermediate entity is selected for routing of a second access relationship between the first entity and the second entity via the at least one intermediate entity. The second access relationship is created, the second access relationship comprising a chain of access relationships via the first entity, the at least one intermediate entity and the second entity.Type: GrantFiled: December 30, 2016Date of Patent: August 20, 2019Assignee: SSH Communications Security OYJInventor: Vesa Luukkala
-
Patent number: 10347286Abstract: Methods and apparatus for generation of session audit log displays are disclosed. Audit log data is captured in association with at least one session in a computerized system. A video presentation is generated based on the captured audio log data. A video presentation of at least a part of the at least one session can then be displayed based on the generated data.Type: GrantFiled: July 24, 2014Date of Patent: July 9, 2019Assignee: SSH Communications Security OYJInventors: Toni Tammisalo, Tatu J Ylonen
-
Patent number: 10277632Abstract: Certain embodiments provide means for managing automated access to computers, e.g., using SSH user keys and other kinds of trust relationships. Certain embodiments also provide for managing certificates, Kerberos credentials, and cryptographic keys. Certain embodiments provide for remediating legacy SSH key problems and for automating configuration of SSH keys, as well as for continuous monitoring.Type: GrantFiled: August 29, 2016Date of Patent: April 30, 2019Assignee: SSH Communications Security OYJInventor: Tatu J. Ylonen
-
Patent number: 10257176Abstract: A first private key used by a device is replaced by a second private key, the first private key having an associated public key. The second private key is secured based on the associated public key and communicated to replace the first private key at the device. The device receives the second private key. The first private key is secured by a secret, and the device uses the secret to decrypt the first private key. The second private key is then encrypted using the decrypt first private key.Type: GrantFiled: March 4, 2015Date of Patent: April 9, 2019Assignee: SSH COMMUNICATIONS SECURITY OYJInventors: Kimmo Parviainen-Jalanko, Marko Teiste
-
Patent number: 10187426Abstract: Certain embodiments provide means for managing automated access to computers, e.g., using SSH user keys and other kinds of trust relationships. Certain embodiments also provide for managing certificates, Kerberos credentials, and cryptographic keys. Certain embodiments provide for remediating legacy SSH key problems and for automating configuration of SSH keys, as well as for continuous monitoring.Type: GrantFiled: September 28, 2016Date of Patent: January 22, 2019Assignee: SSH Communications Security OYJInventor: Tatu J. Ylonen
-
Patent number: 10171508Abstract: Certain embodiments provide means for managing automated access to computers, e.g., using SSH user keys and other kinds of trust relationships. Certain embodiments also provide for managing certificates, Kerberos credentials, and cryptographic keys. Certain embodiments provide for remediating legacy SSH key problems and for automating configuration of SSH keys, as well as for continuous monitoring.Type: GrantFiled: September 27, 2016Date of Patent: January 1, 2019Assignee: SSH Communications Security OYJInventor: Tatu J. Ylonen
-
Patent number: 10116700Abstract: Certain embodiments provide means for managing automated access to computers, e.g., using SSH user keys and other kinds of trust relationships. Certain embodiments also provide for managing certificates, Kerberos credentials, and cryptographic keys. Certain embodiments provide for remediating legacy SSH key problems and for automating configuration of SSH keys, as well as for continuous monitoring.Type: GrantFiled: October 18, 2016Date of Patent: October 30, 2018Assignee: SSH Communications Security OYJInventor: Tatu J. Ylonen
-
Patent number: 10102232Abstract: Methods and apparatuses for storing structured information are disclosed. A hash value computed over structured information determined for a host is compared to a hash value computed over a corresponding structured information stored in a remote database for the host where after an update of at least a part of the stored structured information can take place in response to determining a difference in the hash values and the stored structured information is kept in the database as it is in response to determining that the hash values are equal.Type: GrantFiled: May 14, 2015Date of Patent: October 16, 2018Assignee: SSH COMMUNICATIONS SECURITY OYJInventors: Tatu J. Ylönen, Herb Goldman
-
Patent number: 10091239Abstract: SSH sessions and other protocol sessions (e.g., RDP) may be audited using an interceptor embedded within an SSH server or other protocol server. Operations performed over an SSH connection may be controlled, including controlling what files are transferred.Type: GrantFiled: January 24, 2013Date of Patent: October 2, 2018Assignee: SSH COMMUNICATIONS SECURITY OYJInventors: Tatu J. Ylonen, Samuel Douglas Lavitt
-
Patent number: 10009354Abstract: Methods and apparatuses for a computerized system are disclosed. A data processing device receives information from at least one source of log information in the computerized system and detects, based at least in part on said received log information, at least one security protocol related event at a first host device, the at least one security protocol related event being initiated by a second host device. Information is then stored for determination of a trust relationship record based on the detected at least one security protocol related event and information of the second host device.Type: GrantFiled: February 3, 2017Date of Patent: June 26, 2018Assignee: SSH Communications Security OYJInventors: Tommi Linnakangas, Marko Teiste, Antti Huima, Tatu J. Ylonen
-
Patent number: 9998497Abstract: Certain embodiments provide means for managing automated access to computers, e.g., using SSH user keys and other kinds of trust relationships. Certain embodiments also provide for managing certificates, Kerberos credentials, and cryptographic keys. Certain embodiments provide for remediating legacy SSH key problems and for automating configuration of SSH keys, as well as for continuous monitoring.Type: GrantFiled: February 24, 2017Date of Patent: June 12, 2018Assignee: SSH Communications Security OYJInventor: Tatu J. Ylonen
-
Patent number: 9832177Abstract: Certain embodiments provide means for managing automated access to computers, e.g., using SSH user keys and other kinds of trust relationships. Certain embodiments also provide for managing certificates, Kerberos credentials, and cryptographic keys. Certain embodiments provide for remediating legacy SSH key problems and for automating configuration of SSH keys, as well as for continuous monitoring.Type: GrantFiled: February 24, 2017Date of Patent: November 28, 2017Assignee: SSH Communication Security OYJInventor: Tatu J. Ylonen
-
Patent number: 9722987Abstract: Various mechanisms can be used for authorizing access between entities in a computing environment. Configuring such access may involve configuration data stored on one or more of the computing devices or stored externally to the computing devices. Various aspect are disclosed herein for collecting, analyzing, correlating, organizing, storing, using and/or displaying such information, for example in the form of pre-analyzed access relationships between entities in the computing environment. In accordance with an aspect access-related configuration information is collected from a plurality of entities and an access relationship between two or more entities is determined based on the configuration information. Information about the determined access relationship is stored in a non-volatile storage.Type: GrantFiled: March 13, 2015Date of Patent: August 1, 2017Assignee: SSH COMMUNICATIONS SECURITY OYJInventor: Tatu Ylönen
-
Patent number: 9667594Abstract: This invention provides a method, apparatus, and computer-readable media for providing a configuration that sets up and maintains communication connections through the use of network address translation (NAT). The configuration includes communicating, by a device, packets from and/or to another device, in which the communication involves a network address translation, and maintaining the network address translation by transmitting, by the device, packets using the network address translation frequently enough to prevent any intermediate device from deleting a mapping for the network address translation from a cache of the intermediate device.Type: GrantFiled: September 2, 2016Date of Patent: May 30, 2017Assignee: SSH Communications Security OYJInventors: Tero Kivinen, Tatu Ylonen
-
Patent number: 9602478Abstract: Methods and apparatuses for a computerized system are disclosed. A data processing device receives information from at least one source of log information in the computerized system and detects, based at least in part on said received log information, at least one security protocol related event at a first host device, the at least one security protocol related event being initiated by a second host device. Information is then stored for determination of a trust relationship record based on the detected at least one security protocol related event and information of the second host device.Type: GrantFiled: March 17, 2016Date of Patent: March 21, 2017Assignee: SSH Communications Security OYJInventors: Tommi Linnakangas, Marko Teiste, Antti Huima, Tatu J. Ylonen