Abstract: Methods and apparatuses for authenticating data communications are disclosed. In a method an intermediate node between a sender device and a receiver device obtains an authenticator associated with the sender device. The intermediate node authenticates the sender device such that the intermediate node acts as the receiver device towards the sender device. The intermediate node is then authenticated to the receiver device such that the intermediate node uses the authenticator associated with the sender device for the authentication to transparently intervene data communications from the sender device to the receiver device.
Type:
Grant
Filed:
December 23, 2014
Date of Patent:
January 3, 2017
Assignee:
SSH COMMUNICATIONS SECURITY OYJ
Inventors:
Sami Juhani Lehtinen, Tero Tapani Mononen, Toni Kaarlo Tapio Tammisalo
Abstract: A method and apparatus for control of a computer system are disclosed. The computer system includes a terminal for operator based monitoring of the computer system. A monitoring device is provided to determine information about the state of the operator based monitoring. The information is communicated to a controller of the data security system. The controller then controls the data security system based at least in part on the information.
Abstract: Certain embodiments provide means for managing automated access to computers, e.g., using SSH user keys and other kinds of trust relationships. Certain embodiments also provide for managing certificates, Kerberos credentials, and cryptographic keys. Certain embodiments provide for remediating legacy SSH key problems and for automating configuration of SSH keys, as well as for continuous monitoring.
Abstract: Processing of packets in a stream of packets where the packets are assigned with sequence numbers is disclosed. Packets are distributed into at least two analysis windows based on predetermined N lowest bits of the sequence numbers, wherein an analysis window includes M lowest bits of the sequence numbers, M being an integer greater than N. N+1 to M lowest bits of the sequence numbers are analyzed in at least one of the analysis windows while ignoring the N lowest bits to determine the ordering of the packets. A packet is determined as suspicious in response to the analysis indicating the packet being in an incorrect position.
Type:
Grant
Filed:
April 7, 2015
Date of Patent:
August 9, 2016
Assignee:
SSH Communications Security OYJ
Inventors:
Kimmo Parviainen-Jalanko, Petri Helenius
Abstract: Methods and apparatuses for a computerized system are disclosed. A data processing device receives information from at least one source of log information in the computerized system and detects, based at least in part on said received log information, at least one security protocol related event at a first host device, the at least one security protocol related event being initiated by a second host device. Information is then stored for determination of a trust relationship record based on the detected at least one security protocol related event and information of the second host device.
Type:
Grant
Filed:
July 7, 2014
Date of Patent:
April 19, 2016
Assignee:
SSH Communications Security OYJ
Inventors:
Tommi Linnakangas, Marko Teiste, Antti Huima, Tatu J. Ylonen
Abstract: Certain embodiments provide means for managing automated access to computers, e.g., using SSH user keys and other kinds of trust relationships. Certain embodiments also provide for managing certificates, Kerberos credentials, and cryptographic keys. Certain embodiments provide for remediating legacy SSH key problems and for automating configuration of SSH keys, as well as for continuous monitoring.
Abstract: A method, apparatus, and computer-readable media are presented that provide a configuration that sets up and maintains communication connections through the use of Network Address Translation. The configuration includes communicating, by a device, packets from and/or to another device, in which the communication involves a network address translation, and maintaining the network address translation by transmitting, by the device, packets using the network address translation frequently enough to prevent any intermediate device from deleting a mapping for the network address translation from a cache of the intermediate device.
Abstract: A method, apparatus, and computer-readable media are presented that provide a configuration for communications through network address translation. The configuration includes receiving, by a computer device, a packet comprising a predetermined value indicating support by a node for an extension of a communications protocol, wherein the communications protocol is used for communications across a network translator device and the extension is capable of traversing network address translation, and in response to said receiving, determining that the node sending the packet supports the extension of the communications protocol.
Abstract: A method, apparatus, and computer-readable media are presented that provide a configuration for communications through network address translation. The configuration includes receiving, by a computer device, a packet comprising a predetermined value indicating support by a node for an extension of a communications protocol, wherein the communications protocol is used for communications across a network translator device and the extension is capable of traversing network address translation, and in response to said receiving, determining that the node sending the packet supports the extension of the communications protocol.
Abstract: A method, apparatus, and computer-readable media are presented that provide a configuration for communications through network address translation. The configuration includes transmitting, by a first computer device, a packet that includes a predetermined value indicating that the first computer device supports an extension of a communications protocol, wherein the communications protocol is used for communications across a network translator device and the extension is capable of traversing network address translation.
Abstract: A method, apparatus, and computer-readable media are presented that provide a configuration for revealing occurrence of network address translation by receiving a packet that includes an encoding of a source port number and then determining whether a network address translation occurred on the packet by comparing the source port number against a predetermined port number.
Abstract: A method, apparatus, and computer-readable media are presented that provide a configuration for communicating by a computer device with another computer device wherein network address translation that translate address information in packet headers can occur between the computer devices, and revealing, by the computer device to the other computer device, address information as seen by the computer device on its side of the network address translation, by including in a payload of a packet transmitted to the other computer device, an encoding of the address information as seen by the computer device.