Mark M Fenkner

US Patent:

20130318594, Nov 28, 2013

Filed:

Jan 27, 2012

Appl. No.:

13/981896

Inventors:

Robert B. Hoy - Sewell NJ, US
Mark Fenkner - Marlton NJ, US
Sean W. Farren - Newburyport MA, US

Assignee:

L-3 COMMUNICATIONS CORPORATION - New York NY

International Classification:

H04L 29/06

US Classification:

726 15

Abstract:

A host computer supports a virtual guest system running thereon. The host system has a firewall that prevents it from communicating directly with the Internet, except with predetermined trusted sites. The virtual guest runs on a hypervisor, and the virtual guest comprises primarily a browser program that is allowed to contact the Internet freely via an Internet access connection that is completely separate from the host computer connection, such as a dedicated network termination point with its specific Internet IP address, or by tunneling through the host machine architecture to reach the Internet without exposing the host system. The virtual guest system is separated and completely isolated by an internal firewall from the host, and the guest cannot access any of the resources of the host computer, except that the guest can initiate cut, copy and paste operations that reach the host, and the guest can also request print of documents. The host can transfer files to and from a virtual data storage area accessible by the guest by manual operator action. No other transfer of data except these user initiated actions is permitted.

US Patent:

20190005227, Jan 3, 2019

Filed:

Jun 29, 2017

Appl. No.:

15/637878

Inventors:

- New York NY, US
Mark Fenkner - Marlton NJ, US
Charles King - Plano TX, US
Ismael Lopez - Bronx NY, US
Peter Martz - Blenheim NJ, US

Assignee:

L3 Technologies, Inc. - New York NY

International Classification:

G06F 21/53
H04L 9/32
H04L 29/06
H04L 29/12

Abstract:

Methods and systems are disclosed for sandbox based internet isolation system in a trusted network. A networked computer system may include a trusted local area network (LAN) and at least one host computer system connected to the trusted LAN. The host computer system may include a host-based firewall, an operating system, a first memory space, and a second memory space. The host-based firewall may be configured to prevent unauthorized communication between the host computer system and one or more other devices on the trusted LAN. The second memory space may be configured to enable storage and/or operation of one or more applications and/or processes associated with a sandboxed computing environment. The host computer system may include a sandbox firewall that enforces a separation of the first and second memory spaces.

US Patent:

20190007257, Jan 3, 2019

Filed:

Jun 29, 2017

Appl. No.:

15/637951

Inventors:

- New York NY, US
Mark Fenkner - Marlton NJ, US
Charles King - Plano TX, US
Ismael Lopez - Bronx NY, US
Peter Martz - Blenheim NJ, US

Assignee:

L3 Technologies, Inc. - New York NY

International Classification:

H04L 29/06
G06F 21/53
G06F 21/56

Abstract:

Methods and systems are disclosed for a sandbox based internet isolation in an untrusted network. A host computer system may include a host-based firewall, an operating system, a first memory space, and a second memory space. The host-based firewall may be configured to prevent unauthorized communication between the trusted host computer system and one or more other devices on an untrusted LAN and/or the Internet. The second memory space may be configured to enable storage and/or operation of one or more applications and/or processes associated with a sandboxed computing environment. The host computer system may include a sandbox firewall that enforces separation of the first and second memory spaces.

US Patent:

20180191684, Jul 5, 2018

Filed:

Mar 2, 2018

Appl. No.:

15/910734

Inventors:

- New York NY, US
Mark Fenkner - Marlton NJ, US
Sean W. Farren - Newburyport MA, US

Assignee:

L3 Technologies, Inc. - New York NY

International Classification:

H04L 29/06
G06F 9/455
G06F 21/53

Abstract:

A host computer supports a virtual guest system running thereon. The host system has a firewall that prevents it from communicating directly with the Internet, except with predetermined trusted sites. The virtual guest runs on a hypervisor, and the virtual guest comprises primarily a browser program that is allowed to contact the Internet freely via an Internet access connection that is completely separate from the host computer connection, such as a dedicated network termination point with its specific Internet IP address, or by tunneling through the host machine architecture to reach the Internet without exposing the host system. The virtual guest system is separated and completely isolated by an internal firewall from the host, and the guest cannot access any of the resources of the host computer, except that the guest can initiate cut, copy and paste operations that reach the host, and the guest can also request print of documents. The host can transfer files to and from a virtual data storage area accessible by the guest by manual operator action. No other transfer of data except these user initiated actions is permitted.