Patents by Inventor Markku Rossi

Markku Rossi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12101416
    Abstract: A security function is provided by an intermediate device located between hosts and devices requesting for access to the hosts in a computerized network. The intermediate device receives a request for access to a host, and obtains at least one authenticator for use in the requested access to the host. The intermediate device then monitors for communications that use the at least one authenticator.
    Type: Grant
    Filed: January 21, 2021
    Date of Patent: September 24, 2024
    Assignee: SSH Communications Security OYJ
    Inventor: Markku Rossi
  • Publication number: 20220103544
    Abstract: Methods and apparatuses for authentication in a computer network system based on security credentials issued for client hosts by a remote security authority are disclosed. In response to detection that a client host is prevented from obtaining security credentials from the remote security authority for use in accessing a target host, the client host can obtain an emergency security credential from a storage of emergency security credentials. The emergency security credential with an error state indication can be send from the client host to the target host for use in the authentication.
    Type: Application
    Filed: December 9, 2021
    Publication date: March 31, 2022
    Applicant: SSH Communications Security OYJ
    Inventor: Markku ROSSI
  • Patent number: 11233783
    Abstract: Methods and apparatuses for authentication in a computer network system based on security credentials issued for client hosts by a remote security authority are disclosed. In response to detection that a client host is prevented from obtaining security credentials from the remote security authority for use in accessing a target host, the client host can obtain an emergency security credential from a storage of emergency security credentials. The emergency security credential with an error state indication can be send from the client host to the target host for use in the authentication.
    Type: Grant
    Filed: March 25, 2019
    Date of Patent: January 25, 2022
    Assignee: SSH Communications Security OYJ
    Inventor: Markku Rossi
  • Patent number: 11095638
    Abstract: A virtual smart card entity enabling a data processing apparatus to request for access to at least one service provider host in the computer network is disclosed. A credential management server provides credential information associated with the virtual smart card entity to the data processing apparatus where after the virtual smart card entity is configured according to the credential information. The data processing apparatus can then send a request for access to at least one service provider host using the configured virtual smart card entity.
    Type: Grant
    Filed: December 11, 2017
    Date of Patent: August 17, 2021
    Assignee: SSH Communications Security OYJ
    Inventor: Markku Rossi
  • Publication number: 20210144015
    Abstract: A security function is provided by an intermediate device located between hosts and devices requesting for access to the hosts in a computerized network. The intermediate device receives a request for access to a host, and obtains at least one authenticator for use in the requested access to the host. The intermediate device then monitors for communications that use the at least one authenticator.
    Type: Application
    Filed: January 21, 2021
    Publication date: May 13, 2021
    Inventor: Markku Rossi
  • Patent number: 10951421
    Abstract: A security function is provided by an intermediate device located between hosts and devices requesting for access to the hosts in a computerized network. The intermediate device receives a request for access to a host, and obtains at least one authenticator for use in the requested access to the host. The intermediate device then monitors for communications that use the at least one authenticator.
    Type: Grant
    Filed: November 28, 2016
    Date of Patent: March 16, 2021
    Assignee: SSH Communications Security OYJ
    Inventor: Markku Rossi
  • Patent number: 10880295
    Abstract: The disclosure relates to apparatuses and methods for a computer network comprising hosts accessible by directory users whose user identity information is maintained in a user information directory. The apparatus comprises at least one processor, and at least one memory for storing instructions that, when executed, cause the apparatus to manage information of configurations for attribute based filtering of access requests by the directory users for a plurality of hosts and separately from the user information directory.
    Type: Grant
    Filed: March 6, 2017
    Date of Patent: December 29, 2020
    Assignee: SSH Communications Security OYJ
    Inventors: Marko Teiste, Tero Mononen, Tommi Linnakangas, Jussi Pakkanen, Tatu J. Ylönen, Kalle Jääskeläinen, Markku Rossi
  • Patent number: 10764263
    Abstract: Apparatuses and methods for authenticating a user to a host by an agent are disclosed. In the method the agent receives a connection request to the host from the user. In response to the received connection request, the agent determines an ephemeral authenticator, and acquires using the ephemeral authenticator a second authenticator. The second authenticator is based at least in part on use of the ephemeral authenticator. The agent then authenticates the user to the host using the second authenticator.
    Type: Grant
    Filed: November 28, 2016
    Date of Patent: September 1, 2020
    Assignee: SSH Communications Security OYJ
    Inventor: Markku Rossi
  • Patent number: 10574634
    Abstract: The disclosure relates to apparatuses and methods for managing authenticator information in a computerized system. An access request to a host comprising an authenticator is processed to cause searching in an authenticator management host for information corresponding to the authenticator and searching in a directory internal to the host for information corresponding to the authenticator. Modification of information corresponding to the authenticator can then be provided based on the searching.
    Type: Grant
    Filed: February 10, 2017
    Date of Patent: February 25, 2020
    Assignee: SSH Communications Security OYJ
    Inventors: Tero Mononen, Markku Rossi, Marko Teiste
  • Patent number: 10523445
    Abstract: A hybrid computer network environment can include a first type of hosts and a second type of hosts. An apparatus adapted to receive requests for access to hosts obtains authenticators for accessing the hosts. The apparatus can further determine the type of the hosts and process the requests for access using a first type of authenticator for access to the first type of hosts and a second type of authenticators for access to the second type of hosts.
    Type: Grant
    Filed: November 28, 2016
    Date of Patent: December 31, 2019
    Assignee: SSH Communications Security OYJ
    Inventor: Markku Rossi
  • Publication number: 20190297073
    Abstract: Methods and apparatuses for authentication in a computer network system based on security credentials issued for client hosts by a remote security authority are disclosed. In response to detection that a client host is prevented from obtaining security credentials from the remote security authority for use in accessing a target host, the client host can obtain an emergency security credential from a storage of emergency security credentials. The emergency security credential with an error state indication can be send from the client host to the target host for use in the authentication.
    Type: Application
    Filed: March 25, 2019
    Publication date: September 26, 2019
    Inventor: Markku ROSSI
  • Publication number: 20190182240
    Abstract: A virtual smart card entity enabling a data processing apparatus to request for access to at least one service provider host in the computer network is disclosed. A credential management server provides credential information associated with the virtual smart card entity to the data processing apparatus where after the virtual smart card entity is configured according to the credential information. The data processing apparatus can then send a request for access to at least one service provider host using the configured virtual smart card entity.
    Type: Application
    Filed: December 11, 2017
    Publication date: June 13, 2019
    Inventor: Markku Rossi
  • Publication number: 20180255043
    Abstract: The disclosure relates to apparatuses and methods for a computer network comprising hosts accessible by directory users whose user identity information is maintained in a user information directory. The apparatus comprises at least one processor, and at least one memory for storing instructions that, when executed, cause the apparatus to manage information of configurations for attribute based filtering of access requests by the directory users for a plurality of hosts and separately from the user information directory.
    Type: Application
    Filed: March 6, 2017
    Publication date: September 6, 2018
    Inventors: Marko Teiste, Tero Mononen, Tommi Linnakangas, Jussi Pakkanen, Tatu J. Ylönen, Kalle Jääskeläinen, Markku Rossi
  • Publication number: 20180234400
    Abstract: The disclosure relates to apparatuses and methods for managing authenticator information in a computerized system. An access request to a host comprising an authenticator is processed to cause searching in an authenticator management host for information corresponding to the authenticator and searching in a directory internal to the host for information corresponding to the authenticator. Modification of information corresponding to the authenticator can then be provided based on the searching.
    Type: Application
    Filed: February 10, 2017
    Publication date: August 16, 2018
    Inventors: Tero Mononen, Markku Rossi, Marko Teiste
  • Publication number: 20180152299
    Abstract: A security function is provided by an intermediate device located between hosts and devices requesting for access to the hosts in a computerized network. The intermediate device receives a request for access to a host, and obtains at least one authenticator for use in the requested access to the host. The intermediate device then monitors for communications that use the at least one authenticator.
    Type: Application
    Filed: November 28, 2016
    Publication date: May 31, 2018
    Inventor: Markku Rossi
  • Publication number: 20180152300
    Abstract: A hybrid computer network environment can comprise a first type of hosts and a second type of hosts. An apparatus adapted to receive requests for access to hosts obtains authenticators for accessing the hosts. The apparatus can further determine the type of the hosts and process the requests for access using a first type of authenticator for access to the first type of hosts and a second type of authenticators for access to the second type of hosts.
    Type: Application
    Filed: November 28, 2016
    Publication date: May 31, 2018
    Inventor: Markku Rossi
  • Publication number: 20180152426
    Abstract: Apparatuses and methods for authenticating a user to a host by an agent are disclosed. In the method the agent receives a connection request to the host from the user. In response to the received connection request, the agent determines an ephemeral authenticator, and acquires using the ephemeral authenticator a second authenticator. The second authenticator is based at least in part on use of the ephemeral authenticator. The agent then authenticates the user to the host using the second authenticator.
    Type: Application
    Filed: November 28, 2016
    Publication date: May 31, 2018
    Inventor: Markku Rossi
  • Publication number: 20070147616
    Abstract: The invention relates to a method for indicating enciphering of data transmission between a mobile communication network and a mobile station (MS) in the mobile communication network, wherein signals transferred between a mobile communication network and a mobile station are monitored, and on the basis of the signal monitored, the cipher mode is indicated to the user of the mobile station.
    Type: Application
    Filed: March 6, 2007
    Publication date: June 28, 2007
    Applicant: NOKIA CORPORATION
    Inventors: Jari Hamalainen, Reijo Paajanen, Marrku Rautiola, Markku Rossi
  • Publication number: 20070033643
    Abstract: A method, device, system, and computer program for authenticating a user in connection with a security protocol comprising a plurality of authentication methods are described. A packet data connection is established to a remote node. An authentication procedure of the security protocol is initiated with the remote node via the packet data connection. State information is provided for the authentication procedure, and cumulative state information is taken into account in selection of at least one appropriate authentication method when carrying out the authentication procedure.
    Type: Application
    Filed: July 18, 2006
    Publication date: February 8, 2007
    Applicant: SSH COMMUNICATIONS SECURITY CORP.
    Inventors: Markku Rossi, Timo Rinne, Sami Lehtinen, Tero Harjula
  • Publication number: 20070022475
    Abstract: A method, device, system and computer program for providing a transport distribution scheme for a security protocol are disclosed. A first packet data connection is established to a remote node for transmitting packet data over a network with a security protocol. An authentication procedure is performed with the remote node via the first packet data connection for establishing a security protocol session with the remote node. At least one security parameter is negotiated with the remote node for transmitting packets through the first packet data connection. A second packet data connection is established to the remote node, and at least one security parameter is negotiated with the remote node for use with the second packet data connection. The first and second packet data connections are handled as packet data subconnections associated with the security protocol session.
    Type: Application
    Filed: July 18, 2006
    Publication date: January 25, 2007
    Applicant: SSH COMMUNICATIONS SECURITY CORP.
    Inventors: Markku Rossi, Timo Rinne