Systems and methods that provide external network access from a protected network

US 20020129281A1
Filed: 03/01/2002
Published: 09/12/2002
Est. Priority Date: 03/01/2001
Status: Active Grant

First Claim

Patent Images

1. A communications isolation system comprising:

a browser module that provides communications access to an unprotected network from a protected network;

a browser client module that communicates with the browser module; and

a browser isolator module that analyzes communications between the browser module and the browser client module, wherein the communication between the browser module and the browser client module are limited to those communications necessary for remote operation of the browser module.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user who is connected to an unprotected network via a protected network is able to browse the Internet without concern that unauthorized code will execute within their local workstation as the result of a vulnerability within the browser executing on a special virtual machine or a browser module. Any unauthorized code will only affect one of a special virtual machine or a browser module.

49 Citations

View as Search Results

20 Claims

1. A communications isolation system comprising:
- a browser module that provides communications access to an unprotected network from a protected network;
  
  a browser client module that communicates with the browser module; and
  
  a browser isolator module that analyzes communications between the browser module and the browser client module, wherein the communication between the browser module and the browser client module are limited to those communications necessary for remote operation of the browser module.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, further comprising a browser isolator module that is capable of preventing unauthorized communications between the browser module and the browser client module.
  - 3. The system of claim 2, wherein the browser isolator module screens at least one of the following types of information to determine of the communication is authorized:
    - source and destination ports, user information, origination information, host information, destination information, character information, IP address information, display identification, session information, display class, display number, TCP information, and date and/or time information.
  - 4. The system of claim 1, wherein the browser module comprises a distributed network browser.
  - 5. The system of claim 1, wherein the protected network is isolated from unauthorized communications received from the unprotected network.

6. A communications isolation system comprising:
- a browser running on a virtual machine within a protected network;
  
  a border module that tunnels communications from an unprotected network to the browser via a communications tunnel, wherein only authorized communications are allowed between the browser and the unprotected network.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6, further comprising a tunnel restrictor module that limits communications from the border module to the virtual machine to those communications authorized for browser operability.
  - 8. The system of claim 6, wherein the virtual machine is isolated from the protected network.
  - 9. The system of claim 6, wherein communications from the unprotected network are encapsulated and forwarded to the virtual machine.
  - 10. The system of claim 6, wherein protected information on the protected network is prevented from reaching the unprotected network.

11. A method of communicating with an unprotected network comprising:
- establishing communications between a browser and a browser client;
  
  inspecting the communications between the browser and the browser client;
  
  determining if the communications are authorized; and
  
  allowing the authorized communications between the browser and the browser client.
- View Dependent Claims (12, 13, 15, 16)
- - 12. The method of claim 11, wherein the communication between the browser module and the browser client module are limited to those communications necessary for remote operation of the browser module.
  - 13. The method of claim 11, further comprising screening at least one of the following types of information to determine of the communications are authorized:
    - source and destination ports, user information, origination information, host information, destination information, character information, IP address information, display identification, session information, display class, display number, TCP information, and date and/or time information.
  - 15. The method of claim 14, further comprising limiting communications from the border module to the virtual machine to those communications authorized for browser operability.
  - 16. The method of claim 14, wherein communications from the unprotected network are encapsulated and forwarded to the virtual machine.

14. A method of establishing a restricted communications tunnel comprising:
- enabling a browser on a virtual machine that is isolated from a protected network;
  
  establishing communications with a border module;
  
  tunneling communications from the border module to the browser; and
  
  preventing unauthorized communications from reaching the protected network.

17. An information storage media comprising information for communicating with an unprotected network comprising:
- information that establishes communications between a browser and a browser client;
  
  information that inspects the communications between the browser and the browser client;
  
  information that determines if the communications are authorized; and
  
  information that allows the authorized communications between the browser and the browser client.

18. An information storage media comprising information for establishing a restricted communications tunnel comprising:
- information that enables a browser on a virtual machine that is isolated from a protected network;
  
  information that establishes communications with a border module;
  
  information that tunnels communications from the border module to the browser; and
  
  information that prevents unauthorized communications from reaching the protected network.

19. A communications isolation system comprising:
- means for providing communications access to an unprotected network from a protected network;
  
  means for communicating with a browser module; and
  
  means for analyzing communications between the browser module and the a browser client module, wherein the communication between the browser module and the browser client module are limited to those communications necessary for remote operation of the browser module.

20. A communications isolation system comprising:
- means for running a virtual machine within a protected network; and
  
  means for tunnelling communications from an unprotected network to a browser running on the virtual machine via a communications tunnel, wherein only authorized communications are allowed between the browser and the unprotected network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Invicta Networks, Inc.
Original Assignee
Invicta Networks, Inc.
Inventors
Noble, James G., Hatfalvi, Emil J.

Granted Patent

US 7,240,193 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04L 63/145   the attack involving the pr...

Systems and methods that provide external network access from a protected network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

49 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods that provide external network access from a protected network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links