Abstract: Methods and systems are disclosed for an internet isolation system implemented using a browser application. The host computer system may be configured to receive a request to communicate with a first network destination. The host computer system may determine whether the first network destination is trusted or untrusted. The host computer system may instantiate a browser application. The browser application may be configured to, on a condition that the first network destination is determined to be trusted, enable communication with the first network destination via a first browser process executed in a workspace of the host computer system. The browser application may be configured to, on a condition that the first network destination is determined to be untrusted, implement an isolated computing environment using an internal isolation firewall and enable communication with the first destination via a second browser process executed in the isolated computing environment.

Abstract: Various display systems may benefit from the combination of synthetic imagery from a plurality of sources. For example, display systems for vehicular operations may benefit from combining synthetic imagery with real imagery. A method can include obtaining, by a processor, an interior video image based on a position of a user. The method can also include obtaining, by the processor, an exterior video image based on the position of the user. The method can further include combining the interior video image and the exterior video image to form a combined single view for the user. The method can additionally include providing the combined single view to a display of the user.

Abstract: A host computer system may be configured to connect to a network. The host computer system may be configured to implement a workspace and an isolated computing environment. The host computer system may be configured to isolate the isolated computing environment from the workspace using an internal isolation firewall. The internal isolation firewall may be configured to prevent data from being communicated between the isolated computing environment and the workspace, for example, without an explicit user input. When malware is received by the isolated computing environment, the internal isolation firewall may be configured to prevent the malware from accessing data on the workspace of the host computer system. The host computer system may be configured to implement one or more mechanisms that prevent malware received by the host computer system from exfiltrating, to a network destination, data from the host computer system and data from other devices on the network.

Abstract: Various communication systems may benefit from the appropriate suppression of unnecessary transmissions. For example, certain position reporting systems may benefit from suppressing transmission of data from position reporting beacons using geographic location. A method can include determining a current position of a vehicle. The method can also include comparing the current position of the vehicle to a position-reporting mask. The method can further include reporting the position of the vehicle conditionally based on the comparison to the mask.

Abstract: Methods and systems are disclosed for implementing one or more isolated computing environment via one or more memory spaces. The isolated computing environment may be configured to execute one or more sandboxed applications and/or processes associated with the isolated computing environment. One or more firewalls may be associated with the one or more sandboxed containers. One or more firewalls may be configured to apply a set of criteria (e.g., policies) to each of the applications and/or processes. In examples, the one or more sandbox firewalls may exist for each of the applications and/or processes and may prevent unauthorized communications between the applications and/or processes. In examples, a sandbox firewall may be configured to apply a set of criteria to one or more applications and/or processes associated with the one or more isolated computing environments. The sandbox firewall may be configured to allow authorized communications between the applications and/or processes.

Abstract: Methods and systems are disclosed for document isolation. A host computer system may be configured to implement document isolation via one or more of a host-based firewall, an internet isolation firewall, and/or a segregation of a trusted memory space and an untrusted memory space. The host computer system may be configured to access one or more files using a first set of one or more applications and/or processes operating within the trusted memory space and/or a second set of one or more applications and/or processes operating within an untrusted memory space. The host computer system may be configured to open (e.g., always open) the one or more accessed files in the trusted memory space of the host computer system.

Abstract: A host computer system may be configured to connect to a network. The host computer system may be configured to implement a workspace, an isolated computing environment, and a host-based firewall. The host computer system may be configured to isolate the isolated computing environment from the workspace using an internal isolation firewall. The internal isolation firewall may be configured to prevent data from being communicated between the isolated computing environment and the workspace, for example, without an explicit user input. The host computer system may be configured to determine, using one or more environmental indicators, a relative location of the host computer system. The processor may be configured to select a firewall policy based on the relative location of the host computer system. The firewall policy may include a configuration to apply to one or more of the internal isolation firewall or the host-based firewall.

Abstract: Systems and methods are disclosed for a sandbox based network isolation system configured to protect cloud based assets. A host computer system may include a processor and a memory. The host computer system may include a workspace. One or more applications may run in the workspace via a first memory space (e.g., a trusted memory space). The host computer system may include an isolated computing environment. One or more isolated applications may run in the isolated computing environment via a second memory space (e.g., an untrusted memory space). The isolated computing environment may be isolated from the workspace by an internal isolation firewall. The internal isolation firewall may prevent communication between the isolated computing environment and the workspace.

Abstract: Methods and systems are disclosed for isolation of collaboration software on a host computer system. A networked computer system may include a network, a first host computer system, a border firewall and/or a web proxy. The host computer system may be configured to run a collaboration software application or process that enables interaction with one or more other host computer systems. The collaboration software application or process may be run within an untrusted memory space. The collaboration software application or process may enable interaction between a second host computer system and the untrusted memory space such that the second host computer system may access meeting data within a sandboxed computing environment operating within the untrusted memory space.

Abstract: A host computer system may be configured to connect to a network. The host computer system may be configured to implement a workspace and an isolated computing environment. The host computer system may be configured to isolate the isolated computing environment from the workspace using an internal isolation firewall. The internal isolation firewall may be configured to prevent data from being communicated between the isolated computing environment and the workspace, for example, without an explicit user input. The host computer system may be configured to implement one or more mechanisms that prevent malware received by the host computer system from receiving external communications from an external source. The one or more mechanisms may be configured to prevent control of the malware by the external source. The one or more mechanisms may be configured to prevent the malware from establishing a command channel with the external source.

Abstract: A host computer system may be configured to connect to a network. The host computer system may be configured to implement a workspace and an isolated computing environment. The host computer system may be configured to isolate the isolated computing environment from the workspace using an internal isolation firewall. The host computer system may be configured to receive a request to communicate with a first network destination. On a condition that the first network destination is determined to be trusted, the processor may be configured to communicate with the first network destination via a first browser process executed in the workspace. On a condition that the first network destination is determined to be untrusted, the processor may be configured to communicate with the first network destination via a second browser process executed in the isolated computing environment.

Abstract: Methods and systems are disclosed for endpoint protection and authentication schemes for a host computer system having an internet isolation system. A first host computer system may include a first memory space and a second memory space. The first memory space may be configured to enable storage and operation of a workspace configured to execute a first set of one or more applications and processes running on an operating system of the first host computer system. The second memory space may be configured to enable storage and operation of a second set of one or more applications and processes associated with an isolated computing environment (e.g., a sandboxed computing environment) configured to run on the operating system. When the first host computer system is connected to a network that is known or associated with a predetermined security policy, the first host computer system may instantiate a predetermined security policy configuration.

Abstract: Spatially combining signals may include receiving a number of RF input signals at a number of RF input connectors. At least one of the RF input signals is a variable envelope signal. A variable envelope signal is converted into two or more outphased constant envelope signals. The two or more outphased constant envelope signals are amplified. The amplified outphased constant envelope signals are radiated. At a spatial combiner aperture, the radiated amplified outphased constant envelope signals are combined to create a combined signal. The combined signal is output onto an output RF connector.

Abstract: Various systems may benefit from appropriate triggers to action. For example, various deployable safety devices, such as emergency locator transmitters and flight recorders, may benefit from a multiple input release mechanism. A method can include identifying the presence of at least one crash indicator. The method can also include performing an analysis of aircraft distress based on aircraft parameters other than the at least one crash indicator to provide an analysis result of aircraft distress. The method can further include triggering the release of a safety device contingent upon the presence of the at least one crash indicator being accompanied by a positive result of aircraft distress.

Abstract: Methods and systems are disclosed for service provider based advanced threat protection. A service provider network may include one or more network devices. The service provider network may be configured to determine network isolation configuration information for a client device, on a local area network (LAN), associated with a client account. The network isolation configuration information may include an identification of trusted network destination and/or untrusted network destinations for the client device. The service provider network may send the network isolation configuration information to the client device. The service provider network may be configured to authenticate a segregated memory space operating on the client device.

Abstract: A method and apparatus for controlling mobile/remote recording devices in a decentralized manner and auto-triggering such devices in the event that one of them is operating in a recording mode. In this way, other such devices can be made to support and augment the recording in an automated way, without requiring an operator to manually turn on his or her devices and without requiring a central controller to control far-flung devices.

Abstract: Methods and systems are disclosed for isolation of communications between a host computer system and one or more untrusted network destinations. An Internet isolation system may include a network, one or more host computer systems, a border firewall, an authorization device, and/or a proxy device. The Internet isolation system may be configured to implement network isolation between one or more untrusted network destinations, the one or more host computer systems, and/or the network. The network isolation may be implemented via one or more of a host-based firewall on each of the one or more host computer systems, the border firewall, the authorization device, the proxy device, an internal isolation firewall on each of the one or more host computer systems, and/or a segregation of a trusted memory space and an untrusted memory space on each of the one or more host computer systems.

Abstract: An electronic apparatus comprising: 1) a first circuit board; 2) a second circuit board substantially parallel to the first circuit board; and 3) an electrical assembly coupled between the first and second boards. The electrical assembly comprises: i) a housing; ii) a plurality of pogo pin connectors disposed within and projecting from the housing and configured to make electrical contact with the first and second circuit boards; and iii) a plurality of capacitors disposed within the housing and configured to form electrical connections with selected ones of the plurality of pogo pin connectors.

Abstract: Embodiments are directed to systems and methods for communicating between nodes in a mobile ad hoc network. In one scenario, a node in a mobile ad hoc network communicates with another node in the network using both code division multiple access (CDMA) and frequency division duplexing. The communication is coded prior to transmission to the other node, and includes applying direct sequence spread spectrum (DSSS) modulation to a transmission signal at a specified bit rate over a specified spectrum. The DSSS coding is applied in accordance with a processing gain which spreads the spectrum relative to the bit rate of the transmission. The coded communication is then transmitted over a specified frequency band allocated to the node over which the node transmits data and over which the other node receives the data.

Abstract: Methods and systems are disclosed for sandbox based internet isolation system in a trusted network. A networked computer system may include a trusted local area network (LAN) and at least one host computer system connected to the trusted LAN. The host computer system may include a host-based firewall, an operating system, a first memory space, and a second memory space. The host-based firewall may be configured to prevent unauthorized communication between the host computer system and one or more other devices on the trusted LAN. The second memory space may be configured to enable storage and/or operation of one or more applications and/or processes associated with a sandboxed computing environment. The host computer system may include a sandbox firewall that enforces a separation of the first and second memory spaces.