Systems and methods that provide external network access from a protected network
First Claim
Patent Images
1. A communications isolation system comprising:
- a browser module that provides communications access to an unprotected network from a protected network;
a browser client module that communicates with the browser module; and
a browser isolator module that analyzes communications between the browser module and the browser client module, wherein the communication between the browser module and the browser client module are limited to those communications necessary for remote operation of the browser module.
1 Assignment
0 Petitions
Accused Products
Abstract
A user who is connected to an unprotected network via a protected network is able to browse the Internet without concern that unauthorized code will execute within their local workstation as the result of a vulnerability within the browser executing on a special virtual machine or a browser module. Any unauthorized code will only affect one of a special virtual machine or a browser module.
49 Citations
20 Claims
-
1. A communications isolation system comprising:
-
a browser module that provides communications access to an unprotected network from a protected network;
a browser client module that communicates with the browser module; and
a browser isolator module that analyzes communications between the browser module and the browser client module, wherein the communication between the browser module and the browser client module are limited to those communications necessary for remote operation of the browser module. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A communications isolation system comprising:
-
a browser running on a virtual machine within a protected network;
a border module that tunnels communications from an unprotected network to the browser via a communications tunnel, wherein only authorized communications are allowed between the browser and the unprotected network. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method of communicating with an unprotected network comprising:
-
establishing communications between a browser and a browser client;
inspecting the communications between the browser and the browser client;
determining if the communications are authorized; and
allowing the authorized communications between the browser and the browser client. - View Dependent Claims (12, 13, 15, 16)
-
-
14. A method of establishing a restricted communications tunnel comprising:
-
enabling a browser on a virtual machine that is isolated from a protected network;
establishing communications with a border module;
tunneling communications from the border module to the browser; and
preventing unauthorized communications from reaching the protected network.
-
-
17. An information storage media comprising information for communicating with an unprotected network comprising:
-
information that establishes communications between a browser and a browser client;
information that inspects the communications between the browser and the browser client;
information that determines if the communications are authorized; and
information that allows the authorized communications between the browser and the browser client.
-
-
18. An information storage media comprising information for establishing a restricted communications tunnel comprising:
-
information that enables a browser on a virtual machine that is isolated from a protected network;
information that establishes communications with a border module;
information that tunnels communications from the border module to the browser; and
information that prevents unauthorized communications from reaching the protected network.
-
-
19. A communications isolation system comprising:
-
means for providing communications access to an unprotected network from a protected network;
means for communicating with a browser module; and
means for analyzing communications between the browser module and the a browser client module, wherein the communication between the browser module and the browser client module are limited to those communications necessary for remote operation of the browser module.
-
-
20. A communications isolation system comprising:
-
means for running a virtual machine within a protected network; and
means for tunnelling communications from an unprotected network to a browser running on the virtual machine via a communications tunnel, wherein only authorized communications are allowed between the browser and the unprotected network.
-
Specification