Patents by Inventor Santeri Kangas
Santeri Kangas has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11979374Abstract: There is provided a method comprising receiving a domain name system (DNS) query from a client computing device, decrypting the DNS query by a DNS resolver device, and requesting reputation information related to the FQDN from an agent device of the router apparatus. If a matching FQDN is not found in a local database, the DNS query is allowed to proceed from the DNS resolver device to a cloud DNS resolver, the IP and MAC address of the client computing device are logged and mapped to the local database, the reputation information related to the FQDN is requested from a cloud FQDN server, and if the reputation information indicates that the FQDN should be blocked, the local database is updated with the reputation information and further queries to the FQDN are blocked.Type: GrantFiled: April 17, 2023Date of Patent: May 7, 2024Assignee: Cujo LLCInventors: Syed Alam, Chris Griffiths, Santeri Kangas
-
Publication number: 20240114038Abstract: A method, apparatus, and a computer-readable medium for a web object reputation processing, especially in Web3. The method includes: intercepting data transmitted in a data connection related to a current decentralized application running in a user apparatus, wherein the current decentralized application comprises a frontend implementing a web user interface for a user of the user apparatus, and a backend implemented as a smart contract; determining a reputation of a web object related to the frontend of the current decentralized application; and in response to determining that the reputation of the web object is malicious, blocking the data connection.Type: ApplicationFiled: October 3, 2022Publication date: April 4, 2024Inventors: Zoltan Balazs, Andras Tevesz, Christian Kiss-Toth, Santeri Kangas
-
Patent number: 11838262Abstract: A first data communication of a first connected device related to a first target website is intercepted. The first data communication identifies the first target website by a first fully qualified domain name (FQDN), and the first FQDN is mapped to a first Internet protocol (IP) address. A pair of the first FQDN and the first IP address is determined. A second data communication of a second connected device related to a second target website is intercepted. The second data communication comprises a second encrypted FQDN and a second IP address of the second target website. The second IP address is determined to be equal to the first IP address. A cybersecurity reputation of the second target website is retrieved based on the first FQDN. In response to determining that the reputation matches a predetermined alarm condition, a cybersecurity operation is enforced for the second data communication.Type: GrantFiled: November 30, 2022Date of Patent: December 5, 2023Assignee: Cujo LLCInventors: Santeri Kangas, Kimmo Kasslin, Leonardas Marozas, Filip Savin
-
Patent number: 11824891Abstract: A network apparatus maintains a data repository comprising network traffic data related to a plurality of user devices, the network traffic data being collected from a plurality of Network Service Providers (NSPs). A subset of the plurality of user devices are detected to be communicating with one or more same endpoint devices based on analysing the network traffic data. A number of historical connections between each user device of the subset of the plurality of user devices and the one or more endpoint devices is determined based on analysing historical connection data maintained in the data repository, and in response to detecting that the number of historical connections between the subset of the plurality of user devices and the one or more endpoint devices exceeds a predetermined threshold, the one or more endpoint devices are identified as a suspected botnet.Type: GrantFiled: February 15, 2021Date of Patent: November 21, 2023Assignee: Cujo LLCInventors: Leonardas Marozas, Filip Savin, Matteo Cafasso, Santeri Kangas, Sean Tiernan
-
Publication number: 20230254281Abstract: There is provided a method comprising receiving a domain name system (DNS) query from a client computing device, decrypting the DNS query by a DNS resolver device, and requesting reputation information related to the FQDN from an agent device of the router apparatus. If a matching FQDN is not found in a local database, the DNS query is allowed to proceed from the DNS resolver device to a cloud DNS resolver, the IP and MAC address of the client computing device are logged and mapped to the local database, the reputation information related to the FQDN is requested from a cloud FQDN server, and if the reputation information indicates that the FQDN should be blocked, the local database is updated with the reputation information and further queries to the FQDN are blocked.Type: ApplicationFiled: April 17, 2023Publication date: August 10, 2023Inventors: Syed Alam, Chris Griffiths, Santeri Kangas
-
Patent number: 11700235Abstract: There is provided a method comprising receiving a domain name system (DNS) query from a client computing device, decrypting the DNS query by a DNS resolver device, and requesting reputation information related to the FQDN from an agent device of the router apparatus. If a matching FQDN is not found in a local database, the DNS query is allowed to proceed from the DNS resolver device to a cloud DNS resolver, the IP and MAC address of the client computing device are logged and mapped to the local database, the reputation information related to the FQDN is requested from a cloud FQDN server, and if the reputation information indicates that the FQDN should be blocked, the local database is updated with the reputation information and further queries to the FQDN are blocked.Type: GrantFiled: October 13, 2021Date of Patent: July 11, 2023Assignee: Cujo LLCInventors: Syed Alam, Chris Griffiths, Santeri Kangas
-
Publication number: 20230130418Abstract: There is provided a method comprising receiving a domain name system (DNS) query from a client computing device, decrypting the DNS query by a DNS resolver device, and requesting reputation information related to the FQDN from an agent device of the router apparatus. If a matching FQDN is not found in a local database, the DNS query is allowed to proceed from the DNS resolver device to a cloud DNS resolver, the IP and MAC address of the client computing device are logged and mapped to the local database, the reputation information related to the FQDN is requested from a cloud FQDN server, and if the reputation information indicates that the FQDN should be blocked, the local database is updated with the reputation information and further queries to the FQDN are blocked..Type: ApplicationFiled: October 13, 2021Publication date: April 27, 2023Inventors: Syd Alam, Chris Griffiths, Santeri Kangas
-
Publication number: 20220263861Abstract: A network apparatus maintains a data repository comprising network traffic data related to a plurality of user devices, the network traffic data being collected from a plurality of Network Service Providers (NSPs). A subset of the plurality of user devices are detected to be communicating with one or more same endpoint devices based on analysing the network traffic data. A number of historical connections between each user device of the subset of the plurality of user devices and the one or more endpoint devices is determined based on analysing historical connection data maintained in the data repository, and in response to detecting that the number of historical connections between the subset of the plurality of user devices and the one or more endpoint devices exceeds a predetermined threshold, the one or more endpoint devices are identified as a suspected botnet.Type: ApplicationFiled: February 15, 2021Publication date: August 18, 2022Inventors: Leonardas Marozas, Filip Savin, Matteo Cafasso, Santeri Kangas, Sean Tiernan
-
Patent number: 11394687Abstract: Fully qualified domain name determination is disclosed. A queue of fully qualified domain names (FQDN) is created using a predetermined amount of network domains. Each FQDN is crawled from a plurality of collection agents of a computer network. For each FQDN, data comprising an Internet Protocol (IP) address of the FQDN, IP addresses for resources loaded for the FQDN and load times of the resources loaded for the FQDN are extracted. A correlation model is generated based on the data. An FQDN being accessed by one or more computer devices of the computer network is determined by using the correlation model.Type: GrantFiled: September 2, 2020Date of Patent: July 19, 2022Assignee: Cujo LLCInventors: Leonid Kuperman, Santeri Kangas
-
Patent number: 11146617Abstract: An application detection method includes receiving, from one or more user devices on a plurality of local networks, first network traffic metadata being related to a client application running on the one or more user devices, receiving, from a plurality of network traffic hubs of the plurality of local networks, second network traffic metadata corresponding to the first network traffic metadata but excluding user device specific data, generating a plurality of combined network traffic metadata datasets for each received first network traffic metadata and the corresponding second network traffic metadata by matching metadata attributes of the first and second network traffic metadata, generating an application detection model by using the plurality of combined network traffic metadata datasets, and using the application detection model for detecting further client applications running on one or more user devices on one or more local networks.Type: GrantFiled: October 5, 2020Date of Patent: October 12, 2021Assignee: Cujo LLCInventors: Santeri Kangas, Toni Ala-Piirto
-
Publication number: 20210084008Abstract: Fully qualified domain name determination is disclosed. A queue of fully qualified domain names (FQDN) is created using a predetermined amount of network domains. Each FQDN is crawled from a plurality of collection agents of a computer network. For each FQDN, data comprising an Internet Protocol (IP) address of the FQDN, IP addresses for resources loaded for the FQDN and load times of the resources loaded for the FQDN are extracted. A correlation model is generated based on the data. An FQDN being accessed by one or more computer devices of the computer network is determined by using the correlation model.Type: ApplicationFiled: September 2, 2020Publication date: March 18, 2021Inventors: Leonid Kuperman, Santeri Kangas
-
Patent number: 9858416Abstract: According to a first aspect of the present invention there is provided a method of protecting a computer system from malware, which malware attempts to prevent detection or analysis when executed in an emulated computer system. The method comprises determining if an executable file should be identified as being legitimate and, if not, executing the executable file while providing indications to the executable file that it is being executed within an emulated computer system.Type: GrantFiled: September 13, 2016Date of Patent: January 2, 2018Assignee: F-Secure OyjInventors: Jarno Niemelä, Mikko Hyppönen, Santeri Kangas
-
Publication number: 20160378985Abstract: According to a first aspect of the present invention there is provided a method of protecting a computer system from malware, which malware attempts to prevent detection or analysis when executed in an emulated computer system. The method comprises determining if an executable file should be identified as being legitimate and, if not, executing the executable file whilst providing indications to the executable file that it is being executed within an emulated computer system.Type: ApplicationFiled: September 13, 2016Publication date: December 29, 2016Inventors: Jarno Niemelä, Mikko Hyppönen, Santeri Kangas
-
Patent number: 9501644Abstract: According to a first aspect of the present invention there is provided a method of protecting a computer system from malware, which malware attempts to prevent detection or analysis when executed in an emulated computer system. The method comprises determining if an executable file should be identified as being legitimate and, if not, executing the executable file while providing indications to the executable file that it is being executed within an emulated computer system.Type: GrantFiled: March 15, 2010Date of Patent: November 22, 2016Assignee: F-Secure OyjInventors: Jarno Niemelä, Mikko Hyppönen, Santeri Kangas
-
Publication number: 20150006637Abstract: A method of sharing media between end users. The method includes defining an event for which media is to be shared, registering event data at end user devices, said event data including one or more event definitions, and capturing media at the end user devices and, at each device, identifying captured media that matches the event definition(s). The identified captured media is then uploaded to a shared multimedia storage and the media made available to end users.Type: ApplicationFiled: June 27, 2014Publication date: January 1, 2015Inventors: Santeri KANGAS, Jyrki Tulokas
-
Publication number: 20110225655Abstract: According to a first aspect of the present invention there is provided a method of protecting a computer system from malware, which malware attempts to prevent detection or analysis when executed in an emulated computer system. The method comprises determining if an executable file should be identified as being legitimate and, if not, executing the executable file whilst providing indications to the executable file that it is being executed within an emulated computer system.Type: ApplicationFiled: March 15, 2010Publication date: September 15, 2011Inventors: Jarno Niemelä, Mikko Hyppönen, Santeri Kangas
-
Publication number: 20110211682Abstract: A method for guarding against telephony-based fraud that includes, at a telephony device, identifying a caller ID of an incoming call or a dialled number of an outgoing call attempt or a number to be dialled. The identified caller ID or dialled number or number to be dialled is then compared against a blacklist of telephone numbers. In the event that a match is found, a warning is presented to a user of the device and/or the call or call attempt is terminated.Type: ApplicationFiled: July 20, 2009Publication date: September 1, 2011Applicant: F-SECURE OYJInventors: Devinder Singh, Santeri Kangas, Christopher Elisan