Patents by Inventor Peter Martz
Peter Martz has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20190098020Abstract: A host computer system may be configured to connect to a network. The host computer system may be configured to implement a workspace and an isolated computing environment. The host computer system may be configured to isolate the isolated computing environment from the workspace using an internal isolation firewall. The internal isolation firewall may be configured to prevent data from being communicated between the isolated computing environment and the workspace, for example, without an explicit user input. The host computer system may be configured to implement one or more mechanisms that prevent malware received by the host computer system from receiving external communications from an external source. The one or more mechanisms may be configured to prevent control of the malware by the external source. The one or more mechanisms may be configured to prevent the malware from establishing a command channel with the external source.Type: ApplicationFiled: September 28, 2018Publication date: March 28, 2019Applicant: L3 Technologies, Inc.Inventors: Peter Martz, Kenneth Moritz, Glenn Coleman
-
Publication number: 20190097974Abstract: A host computer system may be configured to connect to a network. The host computer system may be configured to implement a workspace and an isolated computing environment. The host computer system may be configured to isolate the isolated computing environment from the workspace using an internal isolation firewall. The internal isolation firewall may be configured to prevent data from being communicated between the isolated computing environment and the workspace, for example, without an explicit user input. When malware is received by the isolated computing environment, the internal isolation firewall may be configured to prevent the malware from accessing data on the workspace of the host computer system. The host computer system may be configured to implement one or more mechanisms that prevent malware received by the host computer system from exfiltrating, to a network destination, data from the host computer system and data from other devices on the network.Type: ApplicationFiled: September 27, 2018Publication date: March 28, 2019Applicant: L3 Technologies, Inc.Inventors: Peter Martz, Kenneth Moritz, Glenn Coleman
-
Publication number: 20190097977Abstract: A host computer system may be configured to connect to a network. The host computer system may be configured to implement a workspace and an isolated computing environment. The host computer system may be configured to isolate the isolated computing environment from the workspace using an internal isolation firewall. The host computer system may be configured to receive a request to communicate with a first network destination. On a condition that the first network destination is determined to be trusted, the processor may be configured to communicate with the first network destination via a first browser process executed in the workspace. On a condition that the first network destination is determined to be untrusted, the processor may be configured to communicate with the first network destination via a second browser process executed in the isolated computing environment.Type: ApplicationFiled: September 28, 2018Publication date: March 28, 2019Applicant: L3 Technologies, Inc.Inventors: Peter Martz, Kenneth Moritz, Glenn Coleman
-
Publication number: 20190097972Abstract: Methods and systems are disclosed for document isolation. A host computer system may be configured to implement document isolation via one or more of a host-based firewall, an internet isolation firewall, and/or a segregation of a trusted memory space and an untrusted memory space. The host computer system may be configured to access one or more files using a first set of one or more applications and/or processes operating within the trusted memory space and/or a second set of one or more applications and/or processes operating within an untrusted memory space. The host computer system may be configured to open (e.g., always open) the one or more accessed files in the trusted memory space of the host computer system.Type: ApplicationFiled: September 21, 2018Publication date: March 28, 2019Applicant: L3 Technologies, Inc.Inventors: Glenn Coleman, Peter Martz, Kenneth Moritz
-
Publication number: 20190097971Abstract: Methods and systems are disclosed for isolation of collaboration software on a host computer system. A networked computer system may include a network, a first host computer system, a border firewall and/or a web proxy. The host computer system may be configured to run a collaboration software application or process that enables interaction with one or more other host computer systems. The collaboration software application or process may be run within an untrusted memory space. The collaboration software application or process may enable interaction between a second host computer system and the untrusted memory space such that the second host computer system may access meeting data within a sandboxed computing environment operating within the untrusted memory space.Type: ApplicationFiled: September 25, 2018Publication date: March 28, 2019Applicant: L3 Technologies, Inc.Inventors: Glenn Coleman, Peter Martz, Kenneth Moritz
-
Publication number: 20190098019Abstract: Methods and systems are disclosed for implementing one or more isolated computing environment via one or more memory spaces. The isolated computing environment may be configured to execute one or more sandboxed applications and/or processes associated with the isolated computing environment. One or more firewalls may be associated with the one or more sandboxed containers. One or more firewalls may be configured to apply a set of criteria (e.g., policies) to each of the applications and/or processes. In examples, the one or more sandbox firewalls may exist for each of the applications and/or processes and may prevent unauthorized communications between the applications and/or processes. In examples, a sandbox firewall may be configured to apply a set of criteria to one or more applications and/or processes associated with the one or more isolated computing environments. The sandbox firewall may be configured to allow authorized communications between the applications and/or processes.Type: ApplicationFiled: September 26, 2018Publication date: March 28, 2019Applicant: L3 Technologies, Inc.Inventors: Glenn Coleman, Peter Martz, Kenneth Moritz
-
Publication number: 20190097970Abstract: Systems and methods are disclosed for a sandbox based network isolation system configured to protect cloud based assets. A host computer system may include a processor and a memory. The host computer system may include a workspace. One or more applications may run in the workspace via a first memory space (e.g., a trusted memory space). The host computer system may include an isolated computing environment. One or more isolated applications may run in the isolated computing environment via a second memory space (e.g., an untrusted memory space). The isolated computing environment may be isolated from the workspace by an internal isolation firewall. The internal isolation firewall may prevent communication between the isolated computing environment and the workspace.Type: ApplicationFiled: September 25, 2018Publication date: March 28, 2019Applicant: L3 Technologies, Inc.Inventors: Glenn Coleman, Peter Martz, Kenneth Moritz
-
Publication number: 20190097975Abstract: A host computer system may be configured to connect to a network. The host computer system may be configured to implement a workspace, an isolated computing environment, and a host-based firewall. The host computer system may be configured to isolate the isolated computing environment from the workspace using an internal isolation firewall. The internal isolation firewall may be configured to prevent data from being communicated between the isolated computing environment and the workspace, for example, without an explicit user input. The host computer system may be configured to determine, using one or more environmental indicators, a relative location of the host computer system. The processor may be configured to select a firewall policy based on the relative location of the host computer system. The firewall policy may include a configuration to apply to one or more of the internal isolation firewall or the host-based firewall.Type: ApplicationFiled: September 27, 2018Publication date: March 28, 2019Applicant: L3 Technologies, Inc.Inventors: Peter Martz, Kenneth Moritz, Glenn Coleman
-
Publication number: 20190068617Abstract: Methods and systems are disclosed for service provider based advanced threat protection. A service provider network may include one or more network devices. The service provider network may be configured to determine network isolation configuration information for a client device, on a local area network (LAN), associated with a client account. The network isolation configuration information may include an identification of trusted network destination and/or untrusted network destinations for the client device. The service provider network may send the network isolation configuration information to the client device. The service provider network may be configured to authenticate a segregated memory space operating on the client device.Type: ApplicationFiled: August 22, 2018Publication date: February 28, 2019Applicant: L3 Technologies, Inc.Inventors: Glenn Coleman, Peter Martz, Kenneth Moritz
-
Publication number: 20190052604Abstract: Methods and systems are disclosed for isolation of communications between a host computer system and one or more untrusted network destinations. An Internet isolation system may include a network, one or more host computer systems, a border firewall, an authorization device, and/or a proxy device. The Internet isolation system may be configured to implement network isolation between one or more untrusted network destinations, the one or more host computer systems, and/or the network. The network isolation may be implemented via one or more of a host-based firewall on each of the one or more host computer systems, the border firewall, the authorization device, the proxy device, an internal isolation firewall on each of the one or more host computer systems, and/or a segregation of a trusted memory space and an untrusted memory space on each of the one or more host computer systems.Type: ApplicationFiled: August 9, 2018Publication date: February 14, 2019Applicant: L3 Technologies, Inc.Inventors: Glenn Coleman, Peter Martz, Kenneth Moritz
-
Publication number: 20190005227Abstract: Methods and systems are disclosed for sandbox based internet isolation system in a trusted network. A networked computer system may include a trusted local area network (LAN) and at least one host computer system connected to the trusted LAN. The host computer system may include a host-based firewall, an operating system, a first memory space, and a second memory space. The host-based firewall may be configured to prevent unauthorized communication between the host computer system and one or more other devices on the trusted LAN. The second memory space may be configured to enable storage and/or operation of one or more applications and/or processes associated with a sandboxed computing environment. The host computer system may include a sandbox firewall that enforces a separation of the first and second memory spaces.Type: ApplicationFiled: June 29, 2017Publication date: January 3, 2019Applicant: L3 Technologies, Inc.Inventors: Jay Weinstein, Mark Fenkner, Charles King, Ismael Lopez, Peter Martz
-
Publication number: 20190007257Abstract: Methods and systems are disclosed for a sandbox based internet isolation in an untrusted network. A host computer system may include a host-based firewall, an operating system, a first memory space, and a second memory space. The host-based firewall may be configured to prevent unauthorized communication between the trusted host computer system and one or more other devices on an untrusted LAN and/or the Internet. The second memory space may be configured to enable storage and/or operation of one or more applications and/or processes associated with a sandboxed computing environment. The host computer system may include a sandbox firewall that enforces separation of the first and second memory spaces.Type: ApplicationFiled: June 29, 2017Publication date: January 3, 2019Applicant: L3 Technologies, Inc.Inventors: Jay Weinstein, Mark Fenkner, Charles King, Ismael Lopez, Peter Martz