公开(公告)号：US20200285735A1

公开(公告)日：2020-09-10

申请号：US16879401

申请日：2020-05-20

申请人： Hysolate Ltd.

发明人： Boris FIGOVSKY ,  Tal ZAMIR ,  Oleg ZLOTNIK ,  Nir ADLER

IPC分类号： G06F21/53 ,  H04L29/06 ,  G06F9/455 ,  G06F21/60 ,  H04W12/08 ,  H04L29/12

摘要： A method and system for controlling access to external networks by an air-gapped endpoint is provided. The method includes providing, on the air-gapped endpoint, a plurality of isolated security zones by instantiating a plurality of corresponding virtual machines using a hypervisor; selecting one security zone of the plurality of isolated security zones; and tunneling a traffic from the selected security zone to a designated network location, wherein the tunneling is through a virtual private network (VPN).

公开(公告)号：US11150936B2

公开(公告)日：2021-10-19

申请号：US16580623

申请日：2019-09-24

申请人： Hysolate Ltd.

发明人： Tomer Trabelsi ,  Oleg Zlotnik ,  Nir Adler ,  Tai Zamir

IPC分类号： G06F9/455 ,  G06F21/40 ,  G06F21/41

摘要： A method for binding a user account operable on an air-gapped computer to an appropriate virtual machine (VM), comprising: monitoring a plurality of VMs to determine an associated user account for each of the plurality of VMs, wherein the plurality of VMs are executed over the air-gapped computer, and wherein each of the plurality of VMs is a distinct security zone in the air-gapped computer; determining a current VM from the plurality of VMs to bind an associated user account thereto; and displaying user specific indications on desktop items associated with each user account.

公开(公告)号：US20200019430A1

公开(公告)日：2020-01-16

申请号：US16580623

申请日：2019-09-24

申请人： Hysolate Ltd.

发明人： Tomer TRABELSI ,  Oleg ZLOTNIK ,  Nir ADLER ,  Tal ZAMIR

IPC分类号： G06F9/455 ,  G06F21/40 ,  G06F21/41

摘要： A method for binding a user account operable on an air-gapped computer to an appropriate virtual machine (VM), comprising: monitoring a plurality of VMs to determine an associated user account for each of the plurality of VMs, wherein the plurality of VMs are executed over the air-gapped computer, and wherein each of the plurality of VMs is a distinct security zone in the air-gapped computer; determining a current VM from the plurality of VMs to bind an associated user account thereto; and displaying user specific indications on desktop items associated with each user account.

公开(公告)号：US20180213001A1

公开(公告)日：2018-07-26

申请号：US15808306

申请日：2017-11-09

申请人： Hysolate Ltd.

发明人： Tal ZAMIR ,  Oleg ZLOTNIK ,  Boris FIGOVSKY

IPC分类号： H04L29/06 ,  G06F9/455

CPC分类号： G06F21/53 ,  G06F9/45537 ,  G06F9/45545 ,  G06F9/45558 ,  G06F21/606 ,  G06F2009/45562 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  H04L61/2015 ,  H04L63/02 ,  H04L63/0209 ,  H04L63/0263 ,  H04L63/0272 ,  H04L63/0815 ,  H04L63/10 ,  H04L63/1416 ,  H04L63/1491 ,  H04L63/20 ,  H04W12/0806

摘要： An air-gapped computing system includes at least network card interface; a processing circuitry; and a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to: initialize a hypervisor for execution over a primitive OS; create a plurality of isolated security zones by instantiating a plurality of corresponding virtual machines using the hypervisor, wherein each of the plurality of security zones includes a plurality of applications executed over a guest OS; instantiate a networking virtual machine using the hypervisor; control, by the networking virtual machine, access of each application in each of the plurality of security zones to an external network resource; and monitor execution of the guest OS and each application in at least one activated security zone of the plurality of security zones, wherein the monitoring is performed to maintain compliance with a security policy corresponding to each activated security zone being monitored.

公开(公告)号：US11010352B2

公开(公告)日：2021-05-18

申请号：US16443057

申请日：2019-06-17

申请人： Hysolate Ltd.

发明人： Tal Zamir ,  Tomer Trabelsi ,  Oleg Zlotnik ,  Nir Adler

IPC分类号： G06F16/182 ,  G06F16/16 ,  G06F9/455 ,  G06F16/11

摘要： A system and method for providing a unified file system on an air-gapped endpoint are provided. The method included monitoring a plurality of security zones, instantiated on the air-gapped endpoint, to intercept at least one file system operation to access files on a first security zone; determining if the detected file system operation triggers a display of the file system dialog window effecting a second security zone; and when the file system dialog window effecting the second security zone, blocking the display of the file system dialog window in the first security zone; and displaying the file system dialog window in the second security zone.

公开(公告)号：US10699005B2

公开(公告)日：2020-06-30

申请号：US15876675

申请日：2018-01-22

申请人： Hysolate Ltd.

发明人： Boris Figovsky ,  Tal Zamir

IPC分类号： G06F21/53 ,  H04L29/06 ,  G06F9/455 ,  G06F21/60 ,  H04W12/08 ,  H04L29/12

摘要： A method and system for controlling access to external networks by an air-gapped endpoint are provided. The method includes identifying a type of an external network being connected, upon detection of a new network connection to the air-gapped endpoint; determining for each security zone of a plurality of isolated security zones at least one access rule to access the network, wherein the plurality of isolated security zones is operable in a virtual environment instantiated on the air-gapped endpoint; allowing a connection between a security zone and the external network based on the at least one access rule; and monitoring all traffic between the security zone and the external network to at least maintain compliance with a security policy set for the respective security zone.

公开(公告)号：US20180211036A1

公开(公告)日：2018-07-26

申请号：US15876654

申请日：2018-01-22

申请人： Hysolate Ltd.

发明人： Oleg ZLOTNIK ,  Nir ADLER ,  Tal ZAMIR

IPC分类号： G06F21/53 ,  H04L29/06 ,  G06F9/455

CPC分类号： G06F21/53 ,  G06F9/45537 ,  G06F9/45545 ,  G06F9/45558 ,  G06F21/606 ,  G06F2009/45562 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  H04L61/2015 ,  H04L63/02 ,  H04L63/0209 ,  H04L63/0263 ,  H04L63/0272 ,  H04L63/0815 ,  H04L63/10 ,  H04L63/1416 ,  H04L63/1491 ,  H04L63/20 ,  H04W12/0806

摘要： A method for performing user experience (UX) functions on an air-gapped endpoint is provided. The method includes monitoring a plurality of security zones, instantiated on the air-gapped endpoint, to detect at least one UX command executed in a first security zone; determining if the detected UX command triggers a UX function effecting a second security zone; determining if the UX function to be triggered maintains compliance with a security policy of the first and second security zones; and executing the UX function across the first and second security zones.

公开(公告)号：US11531749B2

公开(公告)日：2022-12-20

申请号：US16879401

申请日：2020-05-20

申请人： Hysolate Ltd.

发明人： Boris Figovsky ,  Tal Zamir ,  Oleg Zlotnik ,  Nir Adler

IPC分类号： H04L9/40 ,  G06F21/53 ,  G06F9/455 ,  G06F21/60 ,  H04W12/086 ,  H04L61/5014

摘要： A method and system for controlling access to external networks by an air-gapped endpoint is provided. The method includes providing, on the air-gapped endpoint, a plurality of isolated security zones by instantiating a plurality of corresponding virtual machines using a hypervisor; selecting one security zone of the plurality of isolated security zones; and tunneling a traffic from the selected security zone to a designated network location, wherein the tunneling is through a virtual private network (VPN).

公开(公告)号：US20200279042A1

公开(公告)日：2020-09-03

申请号：US16879380

申请日：2020-05-20

申请人： Hysolate Ltd.

发明人： Oleg ZLOTNIK ,  Nir ADLER ,  Tal ZAMIR

IPC分类号： G06F21/53 ,  H04L29/06 ,  G06F9/455 ,  G06F21/60 ,  H04W12/08 ,  H04L29/12

摘要： A method for rendering virtual desktops on an air-gapped endpoint is provided. The method includes rendering a first window presenting a first virtual desktop of a first security zone; rendering a second window presenting a second virtual desktop display of a second security zone, wherein the first security zone and the second security zone are of a plurality of security zones instantiated on the air-gapped endpoint; and controlling, by a hypervisor, display of the first window and the second window on a desktop of the air-gapped endpoint, wherein any application in the first security zone cannot access any application in the second security zone when displayed on the same desktop.

公开(公告)号：US10699004B2

公开(公告)日：2020-06-30

申请号：US15876654

申请日：2018-01-22

申请人： Hysolate Ltd.

发明人： Oleg Zlotnik ,  Nir Adler ,  Tal Zamir

IPC分类号： G06F21/53 ,  H04L29/06 ,  G06F9/455 ,  G06F21/60 ,  H04W12/08 ,  H04L29/12

摘要： A method for performing user experience (UX) functions on an air-gapped endpoint is provided. The method includes monitoring a plurality of security zones, instantiated on the air-gapped endpoint, to detect at least one UX command executed in a first security zone; determining if the detected UX command triggers a UX function effecting a second security zone; determining if the UX function to be triggered maintains compliance with a security policy of the first and second security zones; and executing the UX function across the first and second security zones.