Patents by Inventor Tatu Ylonen
Tatu Ylonen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11556662Abstract: Method and apparatus for virtualized environment where virtual computing instances interface a service platform operated on a physical computing apparatus are disclosed. A new virtual computing instance interfacing the service platform can be created, the created new virtual computing instance belonging to a class of virtual computing instances. At least one security credential is obtained from a storage of security credentials associated with the class of the new virtual computing instance. Data communicated with at least one further computing instance is secured based on the obtained at least one security credential.Type: GrantFiled: September 1, 2021Date of Patent: January 17, 2023Assignee: SSH Communications Security OYJInventor: Tatu Ylönen
-
Patent number: 11552951Abstract: Various mechanisms can be used for authorizing access between entities in a computing environment. Configuring such access may involve configuration data stored on one or more of the computing devices or stored externally to the computing devices. Various aspect are disclosed herein for collecting, analyzing, correlating, organizing, storing, using and/or displaying such information, for example in the form of pre-analyzed access relationships between entities in the computing environment. In accordance with an aspect access-related configuration information is collected from a plurality of entities and an access relationship between two or more entities is determined based on the configuration information. Information about the determined access relationship is stored in a non-volatile storage.Type: GrantFiled: November 26, 2019Date of Patent: January 10, 2023Assignee: SSH Communications Security OYJInventor: Tatu Ylönen
-
Publication number: 20210397725Abstract: Method and apparatus for virtualized environment where virtual computing instances interface a service platform operated on a physical computing apparatus are disclosed. A new virtual computing instance interfacing the service platform can be created, the created new virtual computing instance belonging to a class of virtual computing instances. At least one security credential is obtained from a storage of security credentials associated with the class of the new virtual computing instance. Data communicated with at least one further computing instance is secured based on the obtained at least one security credential.Type: ApplicationFiled: September 1, 2021Publication date: December 23, 2021Inventor: Tatu Ylönen
-
Patent number: 11138324Abstract: Method and apparatus for virtualized environment where virtual computing instances interface a service platform operated on a physical computing apparatus are disclosed. A new virtual computing instance interfacing the service platform can be created, the created new virtual computing instance belonging to a class of virtual computing instances. At least one security credential is obtained from a storage of security credentials associated with the class of the new virtual computing instance. Data communicated with at least one further computing instance is secured based on the obtained at least one security credential.Type: GrantFiled: December 15, 2017Date of Patent: October 5, 2021Assignee: SSH Communications Security OYJInventor: Tatu Ylönen
-
Publication number: 20200099689Abstract: Various mechanisms can be used for authorizing access between entities in a computing environment. Configuring such access may involve configuration data stored on one or more of the computing devices or stored externally to the computing devices. Various aspect are disclosed herein for collecting, analyzing, correlating, organizing, storing, using and/or displaying such information, for example in the form of pre-analyzed access relationships between entities in the computing environment. In accordance with an aspect access-related configuration information is collected from a plurality of entities and an access relationship between two or more entities is determined based on the configuration information. Information about the determined access relationship is stored in a non-volatile storage.Type: ApplicationFiled: November 26, 2019Publication date: March 26, 2020Inventor: Tatu Ylönen
-
Patent number: 10523674Abstract: Various mechanisms can be used for authorizing access between entities in a computing environment. Configuring such access may involve configuration data stored on one or more of the computing devices or stored externally to the computing devices. Various aspect are disclosed herein for collecting, analyzing, correlating, organizing, storing, using and/or displaying such information, for example in the form of pre-analyzed access relationships between entities in the computing environment. In accordance with an aspect access-related configuration information is collected from a plurality of entities and an access relationship between two or more entities is determined based on the configuration information. Information about the determined access relationship is stored in a non-volatile storage.Type: GrantFiled: June 23, 2017Date of Patent: December 31, 2019Assignee: SSH COMMUNICATIONS SECURITY OYJInventor: Tatu Ylönen
-
Publication number: 20180173885Abstract: Method and apparatus for virtualized environment where virtual computing instances interface a service platform operated on a physical computing apparatus are disclosed. A new virtual computing instance interfacing the service platform can be created, the created new virtual computing instance belonging to a class of virtual computing instances. At least one security credential is obtained from a storage of security credentials associated with the class of the new virtual computing instance. Data communicated with at least one further computing instance is secured based on the obtained at least one security credential.Type: ApplicationFiled: December 15, 2017Publication date: June 21, 2018Inventor: Tatu Ylönen
-
Publication number: 20170289164Abstract: Various mechanisms can be used for authorizing access between entities in a computing environment. Configuring such access may involve configuration data stored on one or more of the computing devices or stored externally to the computing devices. Various aspect are disclosed herein for collecting, analyzing, correlating, organizing, storing, using and/or displaying such information, for example in the form of pre-analyzed access relationships between entities in the computing environment. In accordance with an aspect access-related configuration information is collected from a plurality of entities and an access relationship between two or more entities is determined based on the configuration information. Information about the determined access relationship is stored in a non-volatile storage.Type: ApplicationFiled: June 23, 2017Publication date: October 5, 2017Inventor: Tatu YLONEN
-
Patent number: 9722987Abstract: Various mechanisms can be used for authorizing access between entities in a computing environment. Configuring such access may involve configuration data stored on one or more of the computing devices or stored externally to the computing devices. Various aspect are disclosed herein for collecting, analyzing, correlating, organizing, storing, using and/or displaying such information, for example in the form of pre-analyzed access relationships between entities in the computing environment. In accordance with an aspect access-related configuration information is collected from a plurality of entities and an access relationship between two or more entities is determined based on the configuration information. Information about the determined access relationship is stored in a non-volatile storage.Type: GrantFiled: March 13, 2015Date of Patent: August 1, 2017Assignee: SSH COMMUNICATIONS SECURITY OYJInventor: Tatu Ylönen
-
Patent number: 9667594Abstract: This invention provides a method, apparatus, and computer-readable media for providing a configuration that sets up and maintains communication connections through the use of network address translation (NAT). The configuration includes communicating, by a device, packets from and/or to another device, in which the communication involves a network address translation, and maintaining the network address translation by transmitting, by the device, packets using the network address translation frequently enough to prevent any intermediate device from deleting a mapping for the network address translation from a cache of the intermediate device.Type: GrantFiled: September 2, 2016Date of Patent: May 30, 2017Assignee: SSH Communications Security OYJInventors: Tero Kivinen, Tatu Ylonen
-
Publication number: 20160373406Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.Type: ApplicationFiled: September 2, 2016Publication date: December 22, 2016Inventors: Tero Kivinen, Tatu Ylonen
-
Publication number: 20160269377Abstract: Various mechanisms can be used for authorizing access between entities in a computing environment. Configuring such access may involve configuration data stored on one or more of the computing devices or stored externally to the computing devices. Various aspect are disclosed herein for collecting, analyzing, correlating, organizing, storing, using and/or displaying such information, for example in the form of pre-analyzed access relationships between entities in the computing environment. In accordance with an aspect access-related configuration information is collected from a plurality of entities and an access relationship between two or more entities is determined based on the configuration information. Information about the determined access relationship is stored in a non-volatile storage.Type: ApplicationFiled: March 13, 2015Publication date: September 15, 2016Inventor: Tatu Ylönen
-
Publication number: 20150271140Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.Type: ApplicationFiled: May 21, 2015Publication date: September 24, 2015Inventors: Tero KIVINEN, Tatu YLONEN
-
Patent number: 9071578Abstract: A method, apparatus, and computer-readable media are presented that provide a configuration that sets up and maintains communication connections through the use of Network Address Translation. The configuration includes communicating, by a device, packets from and/or to another device, in which the communication involves a network address translation, and maintaining the network address translation by transmitting, by the device, packets using the network address translation frequently enough to prevent any intermediate device from deleting a mapping for the network address translation from a cache of the intermediate device.Type: GrantFiled: August 28, 2013Date of Patent: June 30, 2015Assignee: SSH COMMUNICATIONS SECURITY OYJInventors: Tero Kivinen, Tatu Ylonen
-
Patent number: 8973126Abstract: A method, apparatus, and computer-readable media are presented that provide a configuration for communications through network address translation. The configuration includes receiving, by a computer device, a packet comprising a predetermined value indicating support by a node for an extension of a communications protocol, wherein the communications protocol is used for communications across a network translator device and the extension is capable of traversing network address translation, and in response to said receiving, determining that the node sending the packet supports the extension of the communications protocol.Type: GrantFiled: August 26, 2013Date of Patent: March 3, 2015Assignee: SSH Communications Security OYJInventors: Tero Kivinen, Tatu Ylonen
-
Patent number: 8973127Abstract: A method, apparatus, and computer-readable media are presented that provide a configuration for communications through network address translation. The configuration includes receiving, by a computer device, a packet comprising a predetermined value indicating support by a node for an extension of a communications protocol, wherein the communications protocol is used for communications across a network translator device and the extension is capable of traversing network address translation, and in response to said receiving, determining that the node sending the packet supports the extension of the communications protocol.Type: GrantFiled: August 26, 2013Date of Patent: March 3, 2015Assignee: SSH Communications Security OyjInventors: Tero Kivinen, Tatu Ylonen
-
Patent number: 8918858Abstract: A method, apparatus, and computer-readable media are presented that provide a configuration for communications through network address translation. The configuration includes transmitting, by a first computer device, a packet that includes a predetermined value indicating that the first computer device supports an extension of a communications protocol, wherein the communications protocol is used for communications across a network translator device and the extension is capable of traversing network address translation.Type: GrantFiled: August 28, 2013Date of Patent: December 23, 2014Assignee: SSH Communications Security OYJInventors: Tero Kivinen, Tatu Ylonen
-
Patent number: 8914872Abstract: A method, apparatus, and computer-readable media are presented that provide a configuration for revealing occurrence of network address translation by receiving a packet that includes an encoding of a source port number and then determining whether a network address translation occurred on the packet by comparing the source port number against a predetermined port number.Type: GrantFiled: August 26, 2013Date of Patent: December 16, 2014Assignee: SSH Communications Security OyjInventors: Tero Kivinen, Tatu Ylonen
-
Patent number: 8914873Abstract: A method, apparatus, and computer-readable media are presented that provide a configuration for communicating by a computer device with another computer device wherein network address translation that translate address information in packet headers can occur between the computer devices, and revealing, by the computer device to the other computer device, address information as seen by the computer device on its side of the network address translation, by including in a payload of a packet transmitted to the other computer device, an encoding of the address information as seen by the computer device.Type: GrantFiled: August 28, 2013Date of Patent: December 16, 2014Assignee: SSH Communications Security OYJInventors: Tero Kivinen, Tatu Ylonen
-
Publication number: 20140033296Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.Type: ApplicationFiled: August 28, 2013Publication date: January 30, 2014Applicant: TECTIA OYJInventors: Tero Kivinen, Tatu Ylonen