Patents by Inventor Tatu Ylonen

Tatu Ylonen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20210397725
    Abstract: Method and apparatus for virtualized environment where virtual computing instances interface a service platform operated on a physical computing apparatus are disclosed. A new virtual computing instance interfacing the service platform can be created, the created new virtual computing instance belonging to a class of virtual computing instances. At least one security credential is obtained from a storage of security credentials associated with the class of the new virtual computing instance. Data communicated with at least one further computing instance is secured based on the obtained at least one security credential.
    Type: Application
    Filed: September 1, 2021
    Publication date: December 23, 2021
    Inventor: Tatu Ylönen
  • Patent number: 11138324
    Abstract: Method and apparatus for virtualized environment where virtual computing instances interface a service platform operated on a physical computing apparatus are disclosed. A new virtual computing instance interfacing the service platform can be created, the created new virtual computing instance belonging to a class of virtual computing instances. At least one security credential is obtained from a storage of security credentials associated with the class of the new virtual computing instance. Data communicated with at least one further computing instance is secured based on the obtained at least one security credential.
    Type: Grant
    Filed: December 15, 2017
    Date of Patent: October 5, 2021
    Assignee: SSH Communications Security OYJ
    Inventor: Tatu Ylönen
  • Publication number: 20200099689
    Abstract: Various mechanisms can be used for authorizing access between entities in a computing environment. Configuring such access may involve configuration data stored on one or more of the computing devices or stored externally to the computing devices. Various aspect are disclosed herein for collecting, analyzing, correlating, organizing, storing, using and/or displaying such information, for example in the form of pre-analyzed access relationships between entities in the computing environment. In accordance with an aspect access-related configuration information is collected from a plurality of entities and an access relationship between two or more entities is determined based on the configuration information. Information about the determined access relationship is stored in a non-volatile storage.
    Type: Application
    Filed: November 26, 2019
    Publication date: March 26, 2020
    Inventor: Tatu Ylönen
  • Patent number: 10523674
    Abstract: Various mechanisms can be used for authorizing access between entities in a computing environment. Configuring such access may involve configuration data stored on one or more of the computing devices or stored externally to the computing devices. Various aspect are disclosed herein for collecting, analyzing, correlating, organizing, storing, using and/or displaying such information, for example in the form of pre-analyzed access relationships between entities in the computing environment. In accordance with an aspect access-related configuration information is collected from a plurality of entities and an access relationship between two or more entities is determined based on the configuration information. Information about the determined access relationship is stored in a non-volatile storage.
    Type: Grant
    Filed: June 23, 2017
    Date of Patent: December 31, 2019
    Assignee: SSH COMMUNICATIONS SECURITY OYJ
    Inventor: Tatu Ylönen
  • Publication number: 20180173885
    Abstract: Method and apparatus for virtualized environment where virtual computing instances interface a service platform operated on a physical computing apparatus are disclosed. A new virtual computing instance interfacing the service platform can be created, the created new virtual computing instance belonging to a class of virtual computing instances. At least one security credential is obtained from a storage of security credentials associated with the class of the new virtual computing instance. Data communicated with at least one further computing instance is secured based on the obtained at least one security credential.
    Type: Application
    Filed: December 15, 2017
    Publication date: June 21, 2018
    Inventor: Tatu Ylönen
  • Publication number: 20170289164
    Abstract: Various mechanisms can be used for authorizing access between entities in a computing environment. Configuring such access may involve configuration data stored on one or more of the computing devices or stored externally to the computing devices. Various aspect are disclosed herein for collecting, analyzing, correlating, organizing, storing, using and/or displaying such information, for example in the form of pre-analyzed access relationships between entities in the computing environment. In accordance with an aspect access-related configuration information is collected from a plurality of entities and an access relationship between two or more entities is determined based on the configuration information. Information about the determined access relationship is stored in a non-volatile storage.
    Type: Application
    Filed: June 23, 2017
    Publication date: October 5, 2017
    Inventor: Tatu YLONEN
  • Patent number: 9722987
    Abstract: Various mechanisms can be used for authorizing access between entities in a computing environment. Configuring such access may involve configuration data stored on one or more of the computing devices or stored externally to the computing devices. Various aspect are disclosed herein for collecting, analyzing, correlating, organizing, storing, using and/or displaying such information, for example in the form of pre-analyzed access relationships between entities in the computing environment. In accordance with an aspect access-related configuration information is collected from a plurality of entities and an access relationship between two or more entities is determined based on the configuration information. Information about the determined access relationship is stored in a non-volatile storage.
    Type: Grant
    Filed: March 13, 2015
    Date of Patent: August 1, 2017
    Assignee: SSH COMMUNICATIONS SECURITY OYJ
    Inventor: Tatu Ylönen
  • Patent number: 9667594
    Abstract: This invention provides a method, apparatus, and computer-readable media for providing a configuration that sets up and maintains communication connections through the use of network address translation (NAT). The configuration includes communicating, by a device, packets from and/or to another device, in which the communication involves a network address translation, and maintaining the network address translation by transmitting, by the device, packets using the network address translation frequently enough to prevent any intermediate device from deleting a mapping for the network address translation from a cache of the intermediate device.
    Type: Grant
    Filed: September 2, 2016
    Date of Patent: May 30, 2017
    Assignee: SSH Communications Security OYJ
    Inventors: Tero Kivinen, Tatu Ylonen
  • Publication number: 20160373406
    Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.
    Type: Application
    Filed: September 2, 2016
    Publication date: December 22, 2016
    Inventors: Tero Kivinen, Tatu Ylonen
  • Publication number: 20160269377
    Abstract: Various mechanisms can be used for authorizing access between entities in a computing environment. Configuring such access may involve configuration data stored on one or more of the computing devices or stored externally to the computing devices. Various aspect are disclosed herein for collecting, analyzing, correlating, organizing, storing, using and/or displaying such information, for example in the form of pre-analyzed access relationships between entities in the computing environment. In accordance with an aspect access-related configuration information is collected from a plurality of entities and an access relationship between two or more entities is determined based on the configuration information. Information about the determined access relationship is stored in a non-volatile storage.
    Type: Application
    Filed: March 13, 2015
    Publication date: September 15, 2016
    Inventor: Tatu Ylönen
  • Publication number: 20150271140
    Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.
    Type: Application
    Filed: May 21, 2015
    Publication date: September 24, 2015
    Inventors: Tero KIVINEN, Tatu YLONEN
  • Patent number: 9071578
    Abstract: A method, apparatus, and computer-readable media are presented that provide a configuration that sets up and maintains communication connections through the use of Network Address Translation. The configuration includes communicating, by a device, packets from and/or to another device, in which the communication involves a network address translation, and maintaining the network address translation by transmitting, by the device, packets using the network address translation frequently enough to prevent any intermediate device from deleting a mapping for the network address translation from a cache of the intermediate device.
    Type: Grant
    Filed: August 28, 2013
    Date of Patent: June 30, 2015
    Assignee: SSH COMMUNICATIONS SECURITY OYJ
    Inventors: Tero Kivinen, Tatu Ylonen
  • Patent number: 8973127
    Abstract: A method, apparatus, and computer-readable media are presented that provide a configuration for communications through network address translation. The configuration includes receiving, by a computer device, a packet comprising a predetermined value indicating support by a node for an extension of a communications protocol, wherein the communications protocol is used for communications across a network translator device and the extension is capable of traversing network address translation, and in response to said receiving, determining that the node sending the packet supports the extension of the communications protocol.
    Type: Grant
    Filed: August 26, 2013
    Date of Patent: March 3, 2015
    Assignee: SSH Communications Security Oyj
    Inventors: Tero Kivinen, Tatu Ylonen
  • Patent number: 8973126
    Abstract: A method, apparatus, and computer-readable media are presented that provide a configuration for communications through network address translation. The configuration includes receiving, by a computer device, a packet comprising a predetermined value indicating support by a node for an extension of a communications protocol, wherein the communications protocol is used for communications across a network translator device and the extension is capable of traversing network address translation, and in response to said receiving, determining that the node sending the packet supports the extension of the communications protocol.
    Type: Grant
    Filed: August 26, 2013
    Date of Patent: March 3, 2015
    Assignee: SSH Communications Security OYJ
    Inventors: Tero Kivinen, Tatu Ylonen
  • Patent number: 8918858
    Abstract: A method, apparatus, and computer-readable media are presented that provide a configuration for communications through network address translation. The configuration includes transmitting, by a first computer device, a packet that includes a predetermined value indicating that the first computer device supports an extension of a communications protocol, wherein the communications protocol is used for communications across a network translator device and the extension is capable of traversing network address translation.
    Type: Grant
    Filed: August 28, 2013
    Date of Patent: December 23, 2014
    Assignee: SSH Communications Security OYJ
    Inventors: Tero Kivinen, Tatu Ylonen
  • Patent number: 8914873
    Abstract: A method, apparatus, and computer-readable media are presented that provide a configuration for communicating by a computer device with another computer device wherein network address translation that translate address information in packet headers can occur between the computer devices, and revealing, by the computer device to the other computer device, address information as seen by the computer device on its side of the network address translation, by including in a payload of a packet transmitted to the other computer device, an encoding of the address information as seen by the computer device.
    Type: Grant
    Filed: August 28, 2013
    Date of Patent: December 16, 2014
    Assignee: SSH Communications Security OYJ
    Inventors: Tero Kivinen, Tatu Ylonen
  • Patent number: 8914872
    Abstract: A method, apparatus, and computer-readable media are presented that provide a configuration for revealing occurrence of network address translation by receiving a packet that includes an encoding of a source port number and then determining whether a network address translation occurred on the packet by comparing the source port number against a predetermined port number.
    Type: Grant
    Filed: August 26, 2013
    Date of Patent: December 16, 2014
    Assignee: SSH Communications Security Oyj
    Inventors: Tero Kivinen, Tatu Ylonen
  • Publication number: 20140033296
    Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.
    Type: Application
    Filed: August 28, 2013
    Publication date: January 30, 2014
    Applicant: TECTIA OYJ
    Inventors: Tero Kivinen, Tatu Ylonen
  • Publication number: 20140007219
    Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.
    Type: Application
    Filed: August 26, 2013
    Publication date: January 2, 2014
    Applicant: TECTIA OYJ
    Inventors: Tero Kivinen, Tatu Ylonen
  • Publication number: 20130346556
    Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.
    Type: Application
    Filed: August 28, 2013
    Publication date: December 26, 2013
    Applicant: TECTIA OYJ
    Inventors: Tero Kivinen, Tatu Ylonen