-
公开(公告)号:US11601467B2
公开(公告)日:2023-03-07
申请号:US16109275
申请日:2018-08-22
发明人: Glenn Coleman , Peter Martz , Kenneth Moritz
摘要: Methods and systems are disclosed for service provider based advanced threat protection. A service provider network may include one or more network devices. The service provider network may be configured to determine network isolation configuration information for a client device, on a local area network (LAN), associated with a client account. The network isolation configuration information may include an identification of trusted network destination and/or untrusted network destinations for the client device. The service provider network may send the network isolation configuration information to the client device. The service provider network may be configured to authenticate a segregated memory space operating on the client device. The service provider network may be configured to allow, based on the network isolation configuration information and on the authentication of the segregated memory space, an application or process operating in the authenticated segregated memory space to communicate with an untrusted network destination.
-
公开(公告)号:US11552987B2
公开(公告)日:2023-01-10
申请号:US16146490
申请日:2018-09-28
发明人: Peter Martz , Kenneth Moritz , Glenn Coleman
IPC分类号: H04L9/40
摘要: A host computer system may be configured to connect to a network. The host computer system may be configured to implement a workspace and an isolated computing environment. The host computer system may be configured to isolate the isolated computing environment from the workspace using an internal isolation firewall. The internal isolation firewall may be configured to prevent data from being communicated between the isolated computing environment and the workspace, for example, without an explicit user input. The host computer system may be configured to implement one or more mechanisms that prevent malware received by the host computer system from receiving external communications from an external source. The one or more mechanisms may be configured to prevent control of the malware by the external source. The one or more mechanisms may be configured to prevent the malware from establishing a command channel with the external source.
-
公开(公告)号:US11374906B2
公开(公告)日:2022-06-28
申请号:US16144609
申请日:2018-09-27
发明人: Peter Martz , Kenneth Moritz , Glenn Coleman
摘要: A host computer system may be configured to connect to a network. The host computer system may be configured to implement a workspace and an isolated computing environment. The host computer system may be configured to isolate the isolated computing environment from the workspace using an internal isolation firewall. The internal isolation firewall may be configured to prevent data from being communicated between the isolated computing environment and the workspace, for example, without an explicit user input. When malware is received by the isolated computing environment, the internal isolation firewall may be configured to prevent the malware from accessing data on the workspace of the host computer system. The host computer system may be configured to implement one or more mechanisms that prevent malware received by the host computer system from exfiltrating, to a network destination, data from the host computer system and data from other devices on the network.
-
公开(公告)号:US11336619B2
公开(公告)日:2022-05-17
申请号:US16144761
申请日:2018-09-27
发明人: Peter Martz , Kenneth Moritz , Glenn Coleman
IPC分类号: H04L29/06 , G06F21/53 , G01S5/02 , H04W4/02 , H04L41/0803 , H04W12/63 , H04W12/088 , H04L43/0817 , G01S19/38
摘要: A host computer system may be configured to connect to a network. The host computer system may be configured to implement a workspace, an isolated computing environment, and a host-based firewall. The host computer system may be configured to isolate the isolated computing environment from the workspace using an internal isolation firewall. The internal isolation firewall may be configured to prevent data from being communicated between the isolated computing environment and the workspace, for example, without an explicit user input. The host computer system may be configured to determine, using one or more environmental indicators, a relative location of the host computer system. The processor may be configured to select a firewall policy based on the relative location of the host computer system. The firewall policy may include a configuration to apply to one or more of the internal isolation firewall or the host-based firewall.
-
公开(公告)号:US11240207B2
公开(公告)日:2022-02-01
申请号:US16059381
申请日:2018-08-09
发明人: Glenn Coleman , Peter Martz , Kenneth Moritz
摘要: Methods and systems are disclosed for isolation of communications between a host computer system and one or more untrusted network destinations. An Internet isolation system may include a network, one or more host computer systems, a border firewall, an authorization device, and/or a proxy device. The Internet isolation system may be configured to implement network isolation between one or more untrusted network destinations, the one or more host computer systems, and/or the network. The network isolation may be implemented via one or more of a host-based firewall on each of the one or more host computer systems, the border firewall, the authorization device, the proxy device, an internal isolation firewall on each of the one or more host computer systems, and/or a segregation of a trusted memory space and an untrusted memory space on each of the one or more host computer systems.
-
公开(公告)号:US11044233B2
公开(公告)日:2021-06-22
申请号:US16146149
申请日:2018-09-28
发明人: Peter Martz , Kenneth Moritz , Glenn Coleman
IPC分类号: H04L29/06 , G06F21/53 , H04W12/63 , H04W12/088
摘要: A host computer system may be configured to connect to a network. The host computer system may be configured to implement a workspace and an isolated computing environment. The host computer system may be configured to isolate the isolated computing environment from the workspace using an internal isolation firewall. The host computer system may be configured to receive a request to communicate with a first network destination. On a condition that the first network destination is determined to be trusted, the processor may be configured to communicate with the first network destination via a first browser process executed in the workspace. On a condition that the first network destination is determined to be untrusted, the processor may be configured to communicate with the first network destination via a second browser process executed in the isolated computing environment.
-
公开(公告)号:US10992642B2
公开(公告)日:2021-04-27
申请号:US16138696
申请日:2018-09-21
发明人: Glenn Coleman , Peter Martz , Kenneth Moritz
摘要: Methods and systems are disclosed for document isolation. A host computer system may be configured to implement document isolation via one or more of a host-based firewall, an internet isolation firewall, and/or a segregation of a trusted memory space and an untrusted memory space. The host computer system may be configured to access one or more files using a first set of one or more applications and/or processes operating within the trusted memory space and/or a second set of one or more applications and/or processes operating within an untrusted memory space. The host computer system may be configured to open (e.g., always open) the one or more accessed files in the trusted memory space of the host computer system.
-
公开(公告)号:US20210100115A1
公开(公告)日:2021-04-01
申请号:US17118206
申请日:2020-12-10
发明人: William N. Waggener
摘要: Various systems may benefit from appropriate thermal protection. For example, various flight recorder systems may benefit from thermal isolation of a flight recorder memory core. A system can include a memory core of a flight recorder. The system can also include an inner chamber housing the memory core. The system can further include an outer chamber housing the inner chamber with a vacuum between the inner chamber and the outer chamber. The system can additionally include a signal path from avionics equipment to the memory core through the outer chamber and the inner chamber. The system can also include a power path for the memory core through the outer chamber and the inner chamber.
-
公开(公告)号:US10931669B2
公开(公告)日:2021-02-23
申请号:US16142810
申请日:2018-09-26
发明人: Glenn Coleman , Peter Martz , Kenneth Moritz
摘要: Methods and systems are disclosed for endpoint protection and authentication schemes for a host computer system having an internet isolation system. A first host computer system may include a first memory space and a second memory space. The first memory space may be configured to enable storage and operation of a workspace configured to execute a first set of one or more applications and processes running on an operating system of the first host computer system. The second memory space may be configured to enable storage and operation of a second set of one or more applications and processes associated with an isolated computing environment (e.g., a sandboxed computing environment) configured to run on the operating system. When the first host computer system is connected to a network that is known or associated with a predetermined security policy, the first host computer system may instantiate a predetermined security policy configuration.
-
公开(公告)号:US20200310988A1
公开(公告)日:2020-10-01
申请号:US16369250
申请日:2019-03-29
发明人: Ryan Stewart Keepers
IPC分类号: G06F12/14 , G06F12/0813 , G06F12/084 , G06F12/0842 , G06F21/71 , G06F21/60
摘要: A computing device with a multicore processing unit and a memory management unit (MMU) may provide multi-order failure resistant data isolation and segregation with a cross domain filtration system. The multicore processing unit may include a first processor, a second processor, and a third processor. A first processor may process data via an egress filter task(s). The MMU may allow the egress filter task(s) to write the data to a first segregated physical memory location. A second processor may perform filtering of the data via a cross domain filter task(s). The MMU may allow the cross domain filter task(s) to read from the first segregated physical memory location and write to a second segregated physical memory location. A third processor may process the data via an ingress filter task(s). The MMU may allow the ingress filter task(s) to read the data from the second segregated physical memory location.
-
-
-
-
-
-
-
-
-
搜索结果
111 条记录 (耗时 0.025 秒)
