US Patent No. 9,942,198

INTERNET ISOLATION FOR AVOIDING INTERNET SECURITY THREATS


Patent No. 9,942,198
Issue Date April 10, 2018
Title Internet Isolation For Avoiding Internet Security Threats
Inventorship Robert B. Hoy, Sewell, NJ (US)
Mark Fenkner, Marlton, NJ (US)
Sean W. Farren, Newburyport, MA (US)
Assignee L3 TECHNOLOGIES, INC., New York, NY (US)

Claim of US Patent No. 9,942,198

1. A networked system comprising:a local area network; and
a connection on the local area network communicating with an Internet; and
a plurality of computer systems coupled to the local area network;
each computer system of the plurality of computer systems operating as a host system according to stored data corresponding to an operating system and one or more program applications;
each computer system supporting operation of a respective virtual computer system that is separated and isolated from the host system by an internal firewall, wherein a local host-based firewall is configured to implement a first policy when the computer system is connected to the local area network and a second policy when the computer system is not connected to the local area network, wherein the first policy permits at least one or more communications between the host system of the computer system and one or more resources on the local area network using a second browser program running on the host system outside of the virtual computer system, and the second policy blocks at least communications egressing from the second browser program running on the host system of the computer system but allows communications egressing from a first browser program of the virtual computer system;
the local area network having a respective virtual conduit connection between each of said virtual computer systems and a virtual private network termination point on the local area network, and each virtual conduit connection is associated with a respective Internet Protocol (IP) address;
each virtual computer system comprising the first browser program that communicates via the respective virtual conduit connection over the local area network with the connection to the Internet such that said virtual computer system is enabled to access sites on the Internet through said virtual conduit connection without exposing the host system;
wherein each virtual computer system is isolated against any other communication with or over the local area network except for the communication through the respective virtual conduit connection; and
wherein each virtual computer system is isolated so as to prevent any communication of data to the respective host system from the virtual computer system operating thereon, except for a predetermined set of types of permitted data transfers therebetween; and
wherein the predetermined set of types of permitted data transfers from the virtual computer system to the host computer system is limited to transfers of data that are initiated by receiving an input from a user.