Patents by Inventor Kimmo Kasslin
Kimmo Kasslin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11838262Abstract: A first data communication of a first connected device related to a first target website is intercepted. The first data communication identifies the first target website by a first fully qualified domain name (FQDN), and the first FQDN is mapped to a first Internet protocol (IP) address. A pair of the first FQDN and the first IP address is determined. A second data communication of a second connected device related to a second target website is intercepted. The second data communication comprises a second encrypted FQDN and a second IP address of the second target website. The second IP address is determined to be equal to the first IP address. A cybersecurity reputation of the second target website is retrieved based on the first FQDN. In response to determining that the reputation matches a predetermined alarm condition, a cybersecurity operation is enforced for the second data communication.Type: GrantFiled: November 30, 2022Date of Patent: December 5, 2023Assignee: Cujo LLCInventors: Santeri Kangas, Kimmo Kasslin, Leonardas Marozas, Filip Savin
-
Publication number: 20230328102Abstract: A computing device receives an IP address and a port number related to a transport protocol and an application protocol version and other attributes related to an application protocol extracted from an encrypted client hello (ECH) enabled transport layer security (TLS) connection request from a client computing device and extracts, from the database, a set of all known hostnames matching the IP address. The device generates a reduced list of the set of all hostnames matching the IP address, and assigns a confidence score to each hostname of the reduced list based on an alias count and/or a popularity ranking of the hostname. Finally, a prioritized list of one or more hostnames is generated based on the confidence score, the prioritized list indicating the one or more hostnames in the order of descending probability of being requested in the ECH enabled TLS connection request.Type: ApplicationFiled: April 12, 2022Publication date: October 12, 2023Inventors: Filip Savin, Leonardas Marozas, Kimmo Kasslin
-
Patent number: 11677647Abstract: A device identification method where a device application usage profile is generated and maintained for each one or more known computing devices of a local network based on network traffic data. In response to detecting an unknown computing device in the local network, network traffic data related to the unknown computing device is collected, and a device application usage profile for the unknown computing device is generated based on the network traffic data related to the unknown computing device. The device application usage profile of the unknown computing device is compared with the device application usage profile of the one or more known computing devices of the local network.Type: GrantFiled: November 10, 2021Date of Patent: June 13, 2023Assignee: Cujo LLCInventors: Zoltan Balazs, Kimmo Kasslin
-
Publication number: 20230143232Abstract: A device identification method where a device application usage profile is generated and maintained for each one or more known computing devices of a local network based on network traffic data. In response to detecting an unknown computing device in the local network, network traffic data related to the unknown computing device is collected, and a device application usage profile for the unknown computing device is generated based on the network traffic data related to the unknown computing device. The device application usage profile of the unknown computing device is compared with the device application usage profile of the one or more known computing devices of the local network.Type: ApplicationFiled: November 10, 2021Publication date: May 11, 2023Inventors: Zoltan Balazs, Kimmo Kasslin
-
Patent number: 9342694Abstract: In accordance with an example embodiment of the present invention, there is provided an apparatus, comprising: at least one processor; and at least one memory including executable instructions. The at least one memory and the executable instructions are configured to, in cooperation with the at least one processor, cause the apparatus to perform at least the following: during the loading of an operating system, loading a boot time driver installed by an anti-virus application; reading a master boot record data by the boot time driver as soon as the operating system is ready to handle the request for reading the master boot record data; analyzing the collected master boot record data to identify any malicious entities; and in the event that malicious entities are identified, controlling the behavior of the processing system in order to disable the malicious entity.Type: GrantFiled: July 6, 2011Date of Patent: May 17, 2016Assignee: F-Secure CorporationInventors: Kimmo Kasslin, Pavel Turbin
-
Patent number: 9055101Abstract: In accordance with an example embodiment of the present invention, there is provided a computing device, including at least one processor; and at least one memory including computer program code the at least one memory and the computer program code configured to, with the at least one processor, cause the device to perform at least the following: receive near field communication device data related to a specific NFC device; generate a reputation query on the basis of the received NFC device data; send the generated reputation query to a service provider; receive reputation data, retrieved from a reputation database of NFC device reputation information, related to the specific NFC device from the service provider; and take further action on the basis of the received reputation relating to the specific NFC device.Type: GrantFiled: October 12, 2011Date of Patent: June 9, 2015Assignee: F-Secure CorporationInventors: Kimmo Kasslin, Jarno Niemelä
-
Patent number: 9021136Abstract: The present invention relates to a method for synchronizing files between devices between two devices. The method includes creating a rule to control the synchronization of the file. The rule includes at least one condition for synchronization which is dependent upon a property of a device.Type: GrantFiled: April 2, 2012Date of Patent: April 28, 2015Assignee: F-Secure CorporationInventors: Mika Ståhlberg, Mikko Hyppönen, Kimmo Kasslin, Antti Tikkanen, Jarno Niemelä, Jarkko Konola
-
Patent number: 8931100Abstract: A method for determining appropriate actions to remedy potential security lapses following infection of a device by malware. Following detection of infection of the device the device undergoes a cleaning operation. As part of the cleaning operation infected electronic files and any other associated files or objects are removed from the device. From timestamps associated with the infected files and associated files and objects, either directly or from another source such as an anti-virus trace program, the time of infection can be estimated. This allows the system to reference timestamps on the device to determine the source of the infection. Additionally, if the type of infection is identified timestamps on the device can be used to determine where there are particular areas of vulnerability due to user actions on the device.Type: GrantFiled: December 14, 2011Date of Patent: January 6, 2015Assignee: F-Secure CorporationInventors: Mika Ståhlberg, Mikko Hyppönen, Kimmo Kasslin, Veli-Jussi Kesti, Kai Nyman, Timo Harmonen
-
Patent number: 8844039Abstract: According to a first aspect of the present invention there is provided a method of detecting malware or other potentially unwanted programs. The method includes, at each of a plurality of client terminals, when it is determined that a program may be malware or a potentially unwanted program, generating image recognition data from displayed image data that includes image elements generated by the program, and sending the image recognition data to a central server. At the central server, storing the received image recognition data, and using the stored image recognition data to detect the presence of a malware or potentially unwanted program at the client terminals.Type: GrantFiled: June 30, 2010Date of Patent: September 23, 2014Assignee: F-Secure CorporationInventors: Jarno Niemelä, Kimmo Kasslin
-
Publication number: 20140137253Abstract: In accordance with an example embodiment of the present invention, there is provided an apparatus, comprising: at least one processor; and at least one memory including executable instructions. The at least one memory and the executable instructions are configured to, in cooperation with the at least one processor, cause the apparatus to perform at least the following: during the loading of an operating system, loading a boot time driver installed by an anti-virus application; reading a master boot record data by the boot time driver as soon as the operating system is ready to handle the request for reading the master boot record data; analyzing the collected master boot record data to identify any malicious entities; and in the event that malicious entities are identified, controlling the behavior of the processing system in order to disable the malicious entity.Type: ApplicationFiled: July 6, 2011Publication date: May 15, 2014Applicant: F-Secure CorporationInventors: Kimmo Kasslin, Pavel Turbin
-
Patent number: 8726387Abstract: A method and apparatus for detecting a Trojan horse in a suspicious version of a software application in the form of at least one electronic file. A computer device determines a source from which the suspicious version of the software application was obtained. A comparison is then made between the source from which the suspicious version of the software application was obtained and a source from which an original, clean version of the software application was obtained. If the sources differ, then it is determined that the suspicious version of the software application is more likely to contain a Trojan horse than if the sources were the same.Type: GrantFiled: February 11, 2011Date of Patent: May 13, 2014Assignee: F-Secure CorporationInventors: Mika Ståhlberg, Jarno Niemelä, Kimmo Kasslin
-
Publication number: 20130262706Abstract: The present invention relates to a method for synchronising files between devices between two devices. The method includes creating a rule to control the synchronisation of the file. The rule includes at least one condition for synchronisation which is dependent upon a property of a device.Type: ApplicationFiled: April 2, 2012Publication date: October 3, 2013Inventors: Mika STAHLBERG, Mikko Hyppönen, Kimmo Kasslin, Antti Tikkanen, Jarno Niemelä, Jarkko Konola
-
Publication number: 20130160124Abstract: A method for determining appropriate actions to remedy potential security lapses following infection of a device by malware. Following detection of infection of the device the device undergoes a cleaning operation. As part of the cleaning operation infected electronic files and any other associated files or objects are removed from the device. From timestamps associated with the infected files and associated files and objects, either directly or from another source such as an anti-virus trace program, the time of infection can be estimated. This allows the system to reference timestamps on the device to determine the source of the infection. Additionally, if the type of infection is identified timestamps on the device can be used to determine where there are particular areas of vulnerability due to user actions on the device.Type: ApplicationFiled: December 14, 2011Publication date: June 20, 2013Inventors: Mika STÅHLBERG, Mikko Hyppönen, Kimmo Kasslin, Veli-Jussi Kesti, Kai Nyman, Timo Harmonen
-
Publication number: 20130095751Abstract: In accordance with an example embodiment of the present invention, there is provided a computing device, including at least one processor; and at least one memory including computer program code the at least one memory and the computer program code configured to, with the at least one processor, cause the device to perform at least the following: receive near field communication device data related to a specific NFC device; generate a reputation query on the basis of the received NFC device data; send the generated reputation query to a service provider; receive reputation data, retrieved from a reputation database of NFC device reputation information, related to the specific NFC device from the service provider; and take further action on the basis of the received reputation relating to the specific NFC device.Type: ApplicationFiled: October 12, 2011Publication date: April 18, 2013Inventors: Kimmo Kasslin, Jarno Niemelä
-
Publication number: 20120210431Abstract: A method and apparatus for detected a Trojan in a suspicious software application in the form of at least one electronic file. A computer device determines the source from which the suspicious software application was obtained. A comparison is then made between the source from which the suspicious software application was obtained and a source from which an original, clean version of the software application was obtained. If the sources differ, then it is determined that the suspicious application is more likely to contain a Trojan horse than if the sources were the same.Type: ApplicationFiled: February 11, 2011Publication date: August 16, 2012Inventors: Mika Ståhlberg, Jarno Niemelä, Kimmo Kasslin
-
Publication number: 20120002839Abstract: According to a first aspect of the present invention there is provided a method of detecting malware or other potentially unwanted programs. The method includes, at each of a plurality of client terminals, when it is determined that a program may be malware or a potentially unwanted program, generating image recognition data from displayed image data that includes image elements generated by the program, and sending the image recognition data to a central server. At the central server, storing the received image recognition data, and using the stored image recognition data to detect the presence of a malware or potentially unwanted program at the client terminals.Type: ApplicationFiled: June 30, 2010Publication date: January 5, 2012Inventors: Jarno Niemela, Kimmo Kasslin