Patents by Inventor Tuomo Syvanne
Tuomo Syvanne has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11888818Abstract: A method may include providing a multi-access interface for network traffic, comprising: receiving information regarding topology of a virtual private network and storing the topology in the form of a routing table. A method may include providing an interface for network traffic, comprising: in a virtual private network comprising a plurality of tunnels delivering only information associated with OSI Level 3, receiving a network communication and performing multicast forwarding among the plurality of tunnels using multicast forwarding from OSI Level 2. A method may include providing an interface for network traffic, comprising, in a virtual private network: establishing a connection between a first node of the virtual private network and a second node serving as a virtual private network broker and fetching, by the first node from the virtual private network broker, information regarding one or more other nodes of the virtual private network.Type: GrantFiled: May 17, 2021Date of Patent: January 30, 2024Assignee: Forcepoint LLCInventors: Tuomo Syvänne, Juha Luoma, Ville Mattila
-
Patent number: 11483394Abstract: A method, system, and computer-usable medium are disclosed for, responsive to communication of a client handshake to a server for establishing communications between the client and server, managing handshake messages between the client and server until an application layer message is communicated from the client, such that a connection between the client and the server appears to be established, and responsive to communication of the application layer message from the client, rendering a policy decision with respect to a connection between the client and the server based on a payload of the application layer message, the policy decision defining a selected path between the client and the server and including a chosen target device from a plurality of potential target devices, wherein the chosen target device is within the selected path and establishing the selected path for communication between the client and the server in accordance with the policy decision.Type: GrantFiled: February 8, 2018Date of Patent: October 25, 2022Assignee: Forcepoint LLCInventors: Valtteri Rahkonen, Tuomo Syvänne
-
Patent number: 11418542Abstract: A system for providing network data processing, comprising a processor operating one of more algorithms that are configured to interface with one or more clients to receive a client hello data message. A transport layer security extension extraction system operating on the processor and configured to extract an extension from the client hello data message. A transport layer security extension identification system operating on the processor and configured to process the extension from the client hello data message and to identify a data networking session using the extension.Type: GrantFiled: January 23, 2020Date of Patent: August 16, 2022Assignee: FORCEPOINT LLCInventors: Jenny Anniina Heino, Tuomo Syvanne, Welf Christian Jalio, Olli-Pekka Niemi
-
Publication number: 20210273915Abstract: A method may include providing a multi-access interface for network traffic, comprising: receiving information regarding topology of a virtual private network and storing the topology in the form of a routing table. A method may include providing an interface for network traffic, comprising: in a virtual private network comprising a plurality of tunnels delivering only information associated with OSI Level 3, receiving a network communication and performing multicast forwarding among the plurality of tunnels using multicast forwarding from OSI Level 2. A method may include providing an interface for network traffic, comprising, in a virtual private network: establishing a connection between a first node of the virtual private network and a second node serving as a virtual private network broker and fetching, by the first node from the virtual private network broker, information regarding one or more other nodes of the virtual private network.Type: ApplicationFiled: May 17, 2021Publication date: September 2, 2021Applicant: Forcepoint LLCInventors: Tuomo SYVÄNNE, Juha LUOMA, Ville MATTILA
-
Publication number: 20210234895Abstract: A system for providing network data processing, comprising a processor operating one of more algorithms that are configured to interface with one or more clients to receive a client hello data message. A transport layer security extension extraction system operating on the processor and configured to extract an extension from the client hello data message. A transport layer security extension identification system operating on the processor and configured to process the extension from the client hello data message and to identify a data networking session using the extension.Type: ApplicationFiled: January 23, 2020Publication date: July 29, 2021Applicant: Forcepoint LLCInventors: Jenny Anniina Heino, Tuomo Syvanne, Welf Christian Jalio, Olli-Pekka Niemi
-
Patent number: 11012418Abstract: A method, system, and computer-usable medium are disclosed for providing a multi-access interface for network traffic, comprising: receiving information regarding topology of a virtual private network and storing the topology in the form of a routing table. A method, system, and computer-usable medium are disclosed for providing an interface for network traffic, comprising: in a virtual private network comprising a plurality of tunnels delivering only information associated with Open Systems Interconnect stack Level 3, receiving a network communication and performing multicast forwarding among the plurality of tunnels using multicast forwarding from Open Systems Interconnect stack Level 2.Type: GrantFiled: February 15, 2018Date of Patent: May 18, 2021Assignee: Forcepoint LLCInventors: Tuomo Syvänne, Juha Luoma, Ville Mattila
-
Patent number: 11005659Abstract: A method, system, and computer-usable medium are disclosed for, responsive to an attempted connection from a client to a server for establishing communications between the client and the server, redirecting the connection to a proxy and injecting protocol-independent header information into a datagram of the traffic between the client and the server, the protocol-independent header information including information based upon which the proxy enforces a security policy.Type: GrantFiled: January 23, 2018Date of Patent: May 11, 2021Assignee: Forcepoint LLCInventors: Otto Airamo, Tuomo Syvänne, Ville Mattila
-
Patent number: 10938778Abstract: A method, system, and computer-usable medium are disclosed for responsive to a connection from a client to a server for establishing communications between the client and the server, store information regarding state of the connection and responsive to receiving a reply from the server to the client, route the reply to the client based on the information regarding the state of the connection.Type: GrantFiled: May 2, 2018Date of Patent: March 2, 2021Assignee: Forcepoint LLCInventors: Otto Airamo, Ville Mattila, Tuomo Syvänne
-
Patent number: 10834131Abstract: A method, system, and computer-usable medium are disclosed for (a) responsive to communication of a client handshake from a client to a server for establishing encrypted communications between the client and the server: (i) holding open, by an intermediate verification system interfaced between the server and the client, the client handshake; and (ii) opening a connection between the intermediate verification system and the server via which the intermediate verification system issues a server verification handshake to the server; (b) responsive to issuance of the server verification handshake to the server, receiving a server certificate associated with the server by the intermediate verification system; (c) responsive to receipt of the server certificate, processing, by the intermediate verification system, the server certificate to determine an identity of the server; and (d) rendering, by the intermediate verification system, a security policy decision regarding traffic between the server and client basedType: GrantFiled: November 28, 2017Date of Patent: November 10, 2020Assignee: Forcepoint LLCInventors: Tuomo Syvänne, Olli-Pekka Niemi, Valtteri Rahkonen
-
Patent number: 10805420Abstract: A method, system, and computer-usable medium are disclosed for network acceleration, comprising: responsive to receiving at an acceleration device a stream of one or more datagrams from a sending endpoint device within a first local area network of the acceleration device, the stream for transmission to a receiving endpoint device within a second local area network coupled to the first local area network by a wide area network: communicating by the acceleration device to the sending endpoint device a respective acknowledgement to each of the one or more datagrams; and transmitting by the acceleration device the one or more datagrams via multiple communication links of the wide area network to a second acceleration device within the second local area network and coupled to the receiving endpoint device.Type: GrantFiled: November 29, 2017Date of Patent: October 13, 2020Assignee: Forcepoint LLCInventors: Tuomo Syvänne, Olli-Pekka Niemi, Valtteri Rahkonen, Ville Mattila
-
Patent number: 10791135Abstract: A method, system, and computer-usable medium are disclosed for, responsive to establishment of a connection between a first endpoint device and a second endpoint device: maintaining, by a security device interfaced between the first endpoint device and the second endpoint device for inspecting traffic transmitted over the connection, a first communication state to be identical to a communication state of the first endpoint device; and maintaining, by the security device, a second communication state to be identical to a communication state of the second endpoint device; and responsive to transmission of traffic from the first endpoint and intended for the second endpoint: inspecting individual objects of the traffic; modifying stream identifiers of the individual objects prior to retransmission of the traffic to the second endpoint to maintain ordering of stream identifiers as seen by the second endpoint; and maintaining a mapping of the modified stream identifiers such that the mapping is used by the securitType: GrantFiled: October 17, 2018Date of Patent: September 29, 2020Assignee: Forcepoint LLCInventors: Mirja Halme, Otto Airamo, Valtteri Rahkonen, Tuomo Syvänne
-
Publication number: 20200128032Abstract: A method, system, and computer-usable medium are disclosed for, responsive to establishment of a connection between a first endpoint device and a second endpoint device: maintaining, by a security device interfaced between the first endpoint device and the second endpoint device for inspecting traffic transmitted over the connection, a first communication state to be identical to a communication state of the first endpoint device; and maintaining, by the security device, a second communication state to be identical to a communication state of the second endpoint device; and responsive to transmission of traffic from the first endpoint and intended for the second endpoint: inspecting individual objects of the traffic; modifying stream identifiers of the individual objects prior to retransmission of the traffic to the second endpoint to maintain ordering of stream identifiers as seen by the second endpoint; and maintaining a mapping of the modified stream identifiers such that the mapping is used by the securitType: ApplicationFiled: October 17, 2018Publication date: April 23, 2020Applicant: Forcepoint LLCInventors: Mirja Halme, Otto Airamo, Valtteri Rahkonen, Tuomo Syvänne
-
Publication number: 20190342263Abstract: A method, system, and computer-usable medium are disclosed for responsive to a connection from a client to a server for establishing communications between the client and the server, store information regarding state of the connection and responsive to receiving a reply from the server to the client, route the reply to the client based on the information regarding the state of the connection.Type: ApplicationFiled: May 2, 2018Publication date: November 7, 2019Applicant: Forcepoint LLCInventors: Otto AIRAMO, Ville MATTILA, Tuomo SYVÄNNE
-
Publication number: 20190253393Abstract: A method, system, and computer-usable medium are disclosed for providing a multi-access interface for network traffic, comprising: receiving information regarding topology of a virtual private network and storing the topology in the form of a routing table. A method, system, and computer-usable medium are disclosed for providing an interface for network traffic, comprising: in a virtual private network comprising a plurality of tunnels delivering only information associated with Open Systems Interconnect stack Level 3, receiving a network communication and performing multicast forwarding among the plurality of tunnels using multicast forwarding from Open Systems Interconnect stack Level 2.Type: ApplicationFiled: February 15, 2018Publication date: August 15, 2019Applicant: Forcepoint LLCInventors: Tuomo SYVÄNNE, Juha LUOMA, Ville MATTILA
-
Publication number: 20190245930Abstract: A method, system, and computer-usable medium are disclosed for, responsive to communication of a client handshake to a server for establishing communications between the client and server, managing handshake messages between the client and server until an application layer message is communicated from the client, such that a connection between the client and the server appears to be established, and responsive to communication of the application layer message from the client, rendering a policy decision with respect to a connection between the client and the server based on a payload of the application layer message, the policy decision defining a selected path between the client and the server and including a chosen target device from a plurality of potential target devices, wherein the chosen target device is within the selected path and establishing the selected path for communication between the client and the server in accordance with the policy decision.Type: ApplicationFiled: February 8, 2018Publication date: August 8, 2019Applicant: Forcepoint LLCInventors: Valtteri RAHKONEN, Tuomo SYVÄNNE
-
Publication number: 20190229923Abstract: A method, system, and computer-usable medium are disclosed for, responsive to an attempted connection from a client to a server for establishing communications between the client and the server, redirecting the connection to a proxy and injecting protocol-independent header information into a datagram of the traffic between the client and the server, the protocol-independent header information including information based upon which the proxy enforces a security policy.Type: ApplicationFiled: January 23, 2018Publication date: July 25, 2019Applicant: Forcepoint LLCInventors: Otto AIRAMO, Tuomo SYVÄNNE, Ville MATTILA
-
Patent number: 10320839Abstract: A method, system and computer-usable medium are disclosed for performing an automated anti-spoofing configuration operation, comprising: determining whether a source address of an internet protocol (IP) packet is allowed by a receiving interface of a firewall; determining whether the IP packet comprises a multicast packet when the IP packet is allowed by the receiving interface of the firewall; replacing the source address with a rendezvous point address; using the rendezvous point address to determine whether routing path information associated with the multicast packet matches information stored within a multicast routing information base for the receiving interface of the firewall; and, identifying the multicast packet as spoofed when the routing path information associated with multicast packet does not have corresponding information stored within the multicast routing information base.Type: GrantFiled: September 19, 2017Date of Patent: June 11, 2019Assignee: Forcepoint, LLCInventors: Ville Mattila, Tomi Salminen, Tuomo Syvänne
-
Publication number: 20190166160Abstract: A method, system, and computer-usable medium are disclosed for (a) responsive to communication of a client handshake from a client to a server for establishing encrypted communications between the client and the server: (i) holding open, by an intermediate verification system interfaced between the server and the client, the client handshake; and (ii) opening a connection between the intermediate verification system and the server via which the intermediate verification system issues a server verification handshake to the server; (b) responsive to issuance of the server verification handshake to the server, receiving a server certificate associated with the server by the intermediate verification system; (c) responsive to receipt of the server certificate, processing, by the intermediate verification system, the server certificate to determine an identity of the server; and (d) rendering, by the intermediate verification system, a security policy decision regarding traffic between the server and client basedType: ApplicationFiled: November 28, 2017Publication date: May 30, 2019Applicant: Forcepoint LLCInventors: Tuomo SYVÄNNE, Olli-Pekka NIEMI, Valtteri RAHKONEN
-
Publication number: 20190166220Abstract: A method, system, and computer-usable medium are disclosed for network acceleration, comprising: responsive to receiving at an acceleration device a stream of one or more datagrams from a sending endpoint device within a first local area network of the acceleration device, the stream for transmission to a receiving endpoint device within a second local area network coupled to the first local area network by a wide area network: communicating by the acceleration device to the sending endpoint device a respective acknowledgement to each of the one or more datagrams; and transmitting by the acceleration device the one or more datagrams via multiple communication links of the wide area network to a second acceleration device within the second local area network and coupled to the receiving endpoint device.Type: ApplicationFiled: November 29, 2017Publication date: May 30, 2019Applicant: Forcepoint LLCInventors: Tuomo SYVÄNNE, Olli-Pekka NIEMI, Valtteri RAHKONEN, Ville MATTILA
-
Publication number: 20190089735Abstract: A method, system and computer-usable medium are disclosed for performing an automated anti-spoofing configuration operation, comprising: determining whether a source address of an internet protocol (IP) packet is allowed by a receiving interface of a firewall; determining whether the IP packet comprises a multicast packet when the IP packet is allowed by the receiving interface of the firewall; replacing the source address with a rendezvous point address; using the rendezvous point address to determine whether routing path information associated with the multicast packet matches information stored within a multicast routing information base for the receiving interface of the firewall; and, identifying the multicast packet as spoofed when the routing path information associated with multicast packet does not have corresponding information stored within the multicast routing information base.Type: ApplicationFiled: September 19, 2017Publication date: March 21, 2019Inventors: Ville Mattila, Tomi Salminen, Tuomo Syvänne