Patents by Inventor Matti Niemenmaa
Matti Niemenmaa has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11799910Abstract: A network apparatus receives a first message relating to a transport layer security (TLS) handshake process for an initialization phase of a Quic user datagram protocol (UDP) Internet Connection (QUIC) connection from a client computing device toward a target computing device, wherein the first message of the TLS handshake process comprises at least a connection identifier. The network apparatus generates a second message relating to the TLS handshake process in response to the first message, wherein a cipher suite value of the second message is set to an invalid cipher suite value for the client computing device and wherein the invalid cipher suite value is unsupported by the client computing device, and sends the second message to the client computing device to cause the client computer device to close the QUIC connection.Type: GrantFiled: July 9, 2021Date of Patent: October 24, 2023Assignee: Cujo LLCInventors: Evgeny Kornev, Matti Niemenmaa
-
Patent number: 11683167Abstract: A network gateway apparatus monitors Quic user datagram protocol (UDP) Internet Connection (QUIC) packets between a first device and a second device, extracts a version of the QUIC protocol and a connection identification from an unprotected portion of the protected header in response to detecting a QUIC packet having a protected header in use, determines a salt used in encryption of the protected header based on the version of the QUIC protocol, calculates a client initial secret based on the salt and the connection identification, determines an unprotected payload of the QUIC packet based on the client initial secret, a protected payload of the QUIC packet and the unprotected portion of the protected header, and extracts a server name indication (SNI) from the unprotected payload.Type: GrantFiled: July 13, 2021Date of Patent: June 20, 2023Assignee: Cujo LLCInventors: Evgeny Kornev, Matti Niemenmaa
-
Patent number: 11671437Abstract: A network apparatus is configured to detect a network connection request on a platform having a hardware accelerator to process network traffic, wherein the hardware accelerator implements computing tasks related to data packets of at least part of the network traffic. The network apparatus is further configured to intercept the network traffic related to the network connection request before the start of the hardware accelerator process, to extract network connection data required by a network traffic analysis function from the network traffic, to allow the hardware accelerator to start acceleration process after the network connection data extraction has finished, and to analyse the network connection based on the extracted network connection data.Type: GrantFiled: October 13, 2020Date of Patent: June 6, 2023Assignee: Cujo LLCInventors: Matti Niemenmaa, James Mathews
-
Patent number: 11611556Abstract: A network apparatus receives a connection request from a client computing device toward a target computing device. Next a target identifier that identifies the target computing device is extracted from the connection request. The connection request is sent to the target computing device and a reputation request with the target identifier is sent to a web resource analyser engine. In response to detecting that a response from the target computing device is received before a response from the web resource analyser engine, the response to the connection request from the target computing device is held by performing a rewrite in a target section of a user-space utility program rule and by using operating system kernel module in user-space memory area of the network apparatus. In response to a receipt of the response from the web resource analyser engine, the response to the connection request is released.Type: GrantFiled: September 21, 2020Date of Patent: March 21, 2023Assignee: Cujo LLCInventors: Marius Gaubas, Matti Niemenmaa
-
Publication number: 20230012504Abstract: A network gateway apparatus monitors Quic user datagram protocol (UDP) Internet Connection (QUIC) packets between a first device and a second device, extracts a version of the QUIC protocol and a connection identification from an unprotected portion of the protected header in response to detecting a QUIC packet having a protected header in use, determines a salt used in encryption of the protected header based on the version of the QUIC protocol, calculates a client initial secret based on the salt and the connection identification, determines an unprotected payload of the QUIC packet based on the client initial secret, a protected payload of the QUIC packet and the unprotected portion of the protected header, and extracts a server name indication (SNI) from the unprotected payload.Type: ApplicationFiled: July 13, 2021Publication date: January 19, 2023Inventors: Evgeny Kornev, Matti Niemenmaa
-
Publication number: 20230008762Abstract: A network apparatus receives a first message relating to a transport layer security (TLS) handshake process for an initialization phase of a Quic user datagram protocol (UDP) Internet Connection (QUIC) connection from a client computing device toward a target computing device, wherein the first message of the TLS handshake process comprises at least a connection identifier. The network apparatus generates a second message relating to the TLS handshake process in response to the first message, wherein a cipher suite value of the second message is set to an invalid cipher suite value for the client computing device and wherein the invalid cipher suite value is unsupported by the client computing device, and sends the second message to the client computing device to cause the client computer device to close the QUIC connection.Type: ApplicationFiled: July 9, 2021Publication date: January 12, 2023Inventors: Evgeny Kornev, Matti Niemenmaa
-
Publication number: 20220116409Abstract: A network apparatus is configured to detect a network connection request on a platform having a hardware accelerator to process network traffic, wherein the hardware accelerator implements computing tasks related to data packets of at least part of the network traffic. The network apparatus is further configured to intercept the network traffic related to the network connection request before the start of the hardware accelerator process, to extract network connection data required by a network traffic analysis function from the network traffic, to allow the hardware accelerator to start acceleration process after the network connection data extraction has finished, and to analyse the network connection based on the extracted network connection data.Type: ApplicationFiled: October 13, 2020Publication date: April 14, 2022Inventors: Matti Niemenmaa, James Mathews
-
Publication number: 20220094682Abstract: A network apparatus receives a connection request from a client computing device toward a target computing device. Next a target identifier that identifies the target computing device is extracted from the connection request. The connection request is sent to the target computing device and a reputation request with the target identifier is sent to a web resource analyser engine. In response to detecting that a response from the target computing device is received before a response from the web resource analyser engine, the response to the connection request from the target computing device is held by performing a rewrite in a target section of a user-space utility program rule and by using operating system kernel module in user-space memory area of the network apparatus. In response to a receipt of the response from the web resource analyser engine, the response to the connection request is released.Type: ApplicationFiled: September 21, 2020Publication date: March 24, 2022Inventors: Marius Gaubas, Matti Niemenmaa