Patents by Inventor Kari Nurmela
Kari Nurmela has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11818099Abstract: A method for filtering data packets at a firewall system is disclosed that includes receiving a data packet having a plurality of fields at a processor, and determining whether a precondition exists, where an action is associated the precondition. The action associated with the precondition is performed if it is determined that the precondition exists. The data packet is processed using a plurality of rules if it is determined that the precondition does not exist for the one or more of the plurality of fields. A user associated with the data packet is identified, and it is determined whether one or more rules are stored in a cache for one or more of a plurality of groups associated with the user. The data packet is processed using the one or more rules stored in the cache if present.Type: GrantFiled: September 20, 2021Date of Patent: November 14, 2023Assignee: FORCEPOINT LLCInventor: Kari Nurmela
-
Patent number: 11537409Abstract: A system, for managing application specific configuration data, that receives, from a local server, a standardized configuration object, at a configuration engine, for a configurable entity, generates at least one configuration object file for the configuration entity, wherein the standardized configuration object is generated based on the application specific configuration data according to a system wide metadata specification. The system can further write each configuration object file to a shared memory structure associated with a configuration file of a configurable entity. The system receives the configuration object, compares the configuration object with another standardized configuration object, and interfaces the configuration object with the configuration engine. The interfaced configuration object can be a piece of configuration. The system permits read access to the configuration engine to the configuration object, permits read and write access to the management server to the configuration object.Type: GrantFiled: March 1, 2021Date of Patent: December 27, 2022Assignee: FORCEPOINT LLCInventors: Tuomo Mickelsson, Kari Nurmela, Marko Niiranen
-
Publication number: 20220006782Abstract: A method for filtering data packets at a firewall system is disclosed that includes receiving a data packet having a plurality of fields at a processor, and determining whether a precondition exists, where an action is associated the precondition. The action associated with the precondition is performed if it is determined that the precondition exists. The data packet is processed using a plurality of rules if it is determined that the precondition does not exist for the one or more of the plurality of fields. A user associated with the data packet is identified, and it is determined whether one or more rules are stored in a cache for one or more of a plurality of groups associated with the user. The data packet is processed using the one or more rules stored in the cache if present.Type: ApplicationFiled: September 20, 2021Publication date: January 6, 2022Applicant: Forcepoint LLCInventor: Kari Nurmela
-
Patent number: 11128602Abstract: A method for filtering data packets at a firewall system is disclosed that includes receiving a data packet having a plurality of fields at a processor, and determining whether a precondition exists, where an action is associated the precondition. The action associated with the precondition is performed if it is determined that the precondition exists. The data packet is processed using a plurality of rules if it is determined that the precondition does not exist for the one or more of the plurality of fields. A user associated with the data packet is identified, and it is determined whether one or more rules are stored in a cache for one or more of a plurality of groups associated with the user. The data packet is processed using the one or more rules stored in the cache if present.Type: GrantFiled: November 7, 2018Date of Patent: September 21, 2021Assignee: FORCEPOINT LLCInventor: Kari Nurmela
-
Publication number: 20210182082Abstract: A system, for managing application specific configuration data, that receives, from a local server, a standardized configuration object, at a configuration engine, for a configurable entity, generates at least one configuration object file for the configuration entity, wherein the standardized configuration object is generated based on the application specific configuration data according to a system wide metadata specification. The system can further write each configuration object file to a shared memory structure associated with a configuration file of a configurable entity. The system receives the configuration object, compares the configuration object with another standardized configuration object, and interfaces the configuration object with the configuration engine. The interfaced configuration object can be a piece of configuration. The system permits read access to the configuration engine to the configuration object, permits read and write access to the management server to the configuration object.Type: ApplicationFiled: March 1, 2021Publication date: June 17, 2021Applicant: Forcepoint LLCInventors: Tuomo Mickelsson, Kari Nurmela, Marko Niiranen
-
Patent number: 10965647Abstract: A method for filtering data packets at a firewall system is disclosed that includes receiving a data packet having a plurality of fields at a processor. Determining with the processor whether a precondition exists for one or more of the plurality of fields, where an action is associated with the precondition. Performing the action associated with the precondition on the data packet with the processor if it is determined that the precondition exists for one or more of the plurality of fields. Processing the data packet using a plurality of rules with the processor if it is determined that the precondition does not exist for the one or more of the plurality of fields.Type: GrantFiled: November 7, 2018Date of Patent: March 30, 2021Assignee: FORCEPOINT LLCInventor: Kari Nurmela
-
Patent number: 10936333Abstract: A system, for managing application specific configuration data, that receives, from a local server, a standardized configuration object, at a configuration engine, for a configurable entity, generates at least one configuration object file for the configuration entity, wherein the standardized configuration object is generated based on the application specific configuration data according to a system wide metadata specification. The system can further write each configuration object file to a shared memory structure associated with a configuration file of a configurable entity. The system receives the configuration object, compares the configuration object with another standardized configuration object, and interfaces the configuration object with the configuration engine. The interfaced configuration object can be a piece of configuration. The system permits read access to the configuration engine to the configuration object, permits read and write access to the management server to the configuration object.Type: GrantFiled: February 28, 2018Date of Patent: March 2, 2021Assignee: FORCEPOINT LLCInventors: Tuomo Mickelsson, Kari Nurmela, Marko Niiranen
-
Patent number: 10819683Abstract: A method, system, and computer-usable medium are disclosed for performing deep packet inspection of network traffic, comprising: receiving a unit of one or more network packets, calculating a calculated fingerprint for data within the unit, determining a current inspection context, determining whether the calculated fingerprint and the current inspection context matches an entry stored in a cache, wherein the entry includes a stored fingerprint and a cached inspection context, and performing operations associated with deep packet inspection of the unit based on whether the calculated fingerprint and the current inspection context match the entry.Type: GrantFiled: November 20, 2017Date of Patent: October 27, 2020Assignee: Forcepoint LLCInventors: Valtteri Rahkonen, Kari Nurmela
-
Publication number: 20200145377Abstract: A method for filtering data packets at a firewall system is disclosed that includes receiving a data packet having a plurality of fields at a processor. Determining with the processor whether a precondition exists for one or more of the plurality of fields, where an action is associated the precondition. Performing the action associated with the precondition on the data packet with the processor if it is determined that the precondition exists for one or more of the plurality of fields. Processing the data packet using a plurality of rules with the processor if it is determined that the precondition does not exist for the one or more of the plurality of fields.Type: ApplicationFiled: November 7, 2018Publication date: May 7, 2020Applicant: Forcepoint LLCInventor: Kari Nurmela
-
Publication number: 20200145379Abstract: A method for filtering data packets at a firewall system is disclosed that includes receiving a data packet having a plurality of fields at a processor. Determining with the processor whether a precondition exists for one or more of the plurality of fields, where an action is associated the precondition. Performing the action associated with the precondition on the data packet with the processor if it is determined that the precondition exists for one or more of the plurality of fields. Processing the data packet using a plurality of rules with the processor if it is determined that the precondition does not exist for the one or more of the plurality of fields. Processing a second data packet by making an incremental change to the plurality of rules.Type: ApplicationFiled: November 7, 2018Publication date: May 7, 2020Applicant: Forcepoint LLCInventor: Kari Nurmela
-
Publication number: 20200145378Abstract: A method for filtering data packets at a firewall system is disclosed that includes receiving a data packet having a plurality of fields at a processor, and determining whether a precondition exists, where an action is associated the precondition. The action associated with the precondition is performed if it is determined that the precondition exists. The data packet is processed using a plurality of rules if it is determined that the precondition does not exist for the one or more of the plurality of fields. A user associated with the data packet is identified, and it is determined whether one or more rules are stored in a cache for one or more of a plurality of groups associated with the user. The data packet is processed using the one or more rules stored in the cache if present.Type: ApplicationFiled: November 7, 2018Publication date: May 7, 2020Applicant: Forcepoint LLCInventor: Kari Nurmela
-
Publication number: 20190265982Abstract: A system, for managing application specific configuration data, that receives, from a local server, a standardized configuration object, at a configuration engine, for a configurable entity, generates at least one configuration object file for the configuration entity, wherein the standardized configuration object is generated based on the application specific configuration data according to a system wide metadata specification. The system can further write each configuration object file to a shared memory structure associated with a configuration file of a configurable entity. The system receives the configuration object, compares the configuration object with another standardized configuration object, and interfaces the configuration object with the configuration engine. The interfaced configuration object can be a piece of configuration. The system permits read access to the configuration engine to the configuration object, permits read and write access to the management server to the configuration object.Type: ApplicationFiled: February 28, 2018Publication date: August 29, 2019Applicant: Forcepoint LLCInventors: Tuomo Mickelsson, Kari Nurmela, Marko Niiranen
-
Publication number: 20190158464Abstract: A method, system, and computer-usable medium are disclosed for performing deep packet inspection of network traffic, comprising: receiving a unit of one or more network packets, calculating a calculated fingerprint for data within the unit, determining a current inspection context, determining whether the calculated fingerprint and the current inspection context matches an entry stored in a cache, wherein the entry includes a stored fingerprint and a cached inspection context, and performing operations associated with deep packet inspection of the unit based on whether the calculated fingerprint and the current inspection context match the entry.Type: ApplicationFiled: November 20, 2017Publication date: May 23, 2019Applicant: Forcepoint LLCInventors: Valtteri RAHKONEN, Kari NURMELA
-
Patent number: 7386525Abstract: The invention relates to data packet filtering and finding a rule matching a data packet in a rule base. A data packet comprises parameter fields for identifying the data packet, the rule base comprises a plurality of rules, each rule comprises one or more parameter fields, and the matching rule is a rule, whose parameter field values correspond to the parameter field values of said data packet. The matching rule is found by determining rule sets for the data packet, one rule set comprising the rules to which one parameter field value of the data packet can match, and by finding the rule with the smallest label that is present in all said rule sets of the data packet, said rule with the smallest label indicating the rule matching the data packet. Additionally, the invention relates to finding an element with the smallest label that is present in a plurality of finite subsets containing finite number of elements, said subsets being subsets of a set containing finite number of sequentially labelled elements.Type: GrantFiled: September 21, 2001Date of Patent: June 10, 2008Assignee: Stonesoft CorporationInventors: Kari Nurmela, Mika Rautila
-
Patent number: 7234166Abstract: The invention relates to event sequence detection suitable for an intrusion detection system (IDS), for example. An event sequence including two or more stages in order, each of the stages including one or more events, is defined. Also defined is a filtering function for each of the stages, each filtering function providing a TRUE indication, when one of the events belonging to the respective event is received, and a FALSE indication otherwise. Still further at least one binding function for each of the stages is defined such that a pair of binding functions in two successive stages links the events in these two successive stages. Received event data is continuously evaluated with the filtering functions. When the evaluation results in a TRUE indication from one of the filter functions, at least one key value is derived from the received event data by the corresponding at least one binding function.Type: GrantFiled: November 7, 2002Date of Patent: June 19, 2007Assignee: Stonesoft CorporationInventor: Kari Nurmela
-
Publication number: 20040093510Abstract: The invention relates to event sequence detection suitable for an intrusion detection system (IDS), for example. An event sequence including two or more stages in order, each of the stages including one or more events, is defined. Also defined is a filtering function for each of the stages, each filtering function providing a TRUE indication, when one of the events belonging to the respective event is received, and a FALSE indication otherwise. Still further at least one binding function for each of the stages is defined such that a pair of binding functions in two successive stages links the events in these two successive stages. Received event data is continuously evaluated with the filtering functions. When the evaluation results in a TRUE indication from one of the filter functions, at least one key value is derived from the received event data by the corresponding at least one binding function.Type: ApplicationFiled: November 7, 2002Publication date: May 13, 2004Inventor: Kari Nurmela
-
Patent number: 6635271Abstract: The invention relates to a method for increasing the concentration of the cis-9, trans-11 isomer of octadecadienoic acid in the milk fat and/or the tissue fat of a ruminant. In the method the ruminant is fed the trans-11 isomer of octadecenoic acid either as such or mixed with other feed, separately or together with other fatty acids.Type: GrantFiled: June 5, 2000Date of Patent: October 21, 2003Assignee: Valio OyInventors: Kari Nurmela, Mikko Griinari
-
Publication number: 20030120622Abstract: The invention relates to data packet filtering and finding a rule matching a data packet in a rule base. A data packet comprises parameter fields for identifying the data packet, the rule base comprises a plurality of rules, each rule comprises one or more parameter fields, and the matching rule is a rule, whose parameter field values correspond to the parameter field values of said data packet. The matching rule is found by determining rule sets for the data packet, one rule set comprising the rules to which one parameter field value of the data packet can match, and by finding the rule with the smallest label that is present in all said rule sets of the data packet, said rule with the smallest label indicating the rule matching the data packet. Additionally, the invention relates to finding an element with the smallest label that is present in a plurality of finite subsets containing finite number of elements, said subsets being subsets of a set containing finite number of sequentially labelled elements.Type: ApplicationFiled: September 21, 2001Publication date: June 26, 2003Inventors: Kari Nurmela, Mika Rautila