| CPC G06F 21/57 (2013.01) [G06F 16/955 (2019.01); G06F 21/44 (2013.01); G06F 21/53 (2013.01); H04L 41/16 (2013.01); H04L 63/0428 (2013.01); H04L 63/08 (2013.01); H04L 63/083 (2013.01); H04L 63/10 (2013.01); H04L 63/102 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); H04L 63/20 (2013.01); H04L 67/125 (2013.01); H04L 67/55 (2022.05); H04W 12/08 (2013.01)] | 18 Claims |
|
1. A communications system for providing secure access to a group of digital resources accessible via the internet, the system comprising:
a data processing hub accessible via an IP (internet protocol) address;
a plurality of user equipment (UEs) useable to communicate with websites via the internet, each of the plurality of UEs configured to have a cyber isolated secure environment (CISE) isolated from ambient software in the UE, and the CISE of each UE comprising a secure web browser (SWB) that the corresponding UE is required to use to access one or more of the group of digital resources; and
a security policy implemented to protect the group of digital resources, wherein the security policy is a function of characterizing features that characterize communications between websites and users who communicate with the websites using the UEs;
wherein the hub and each CISE are configured so that any one or more of the group of digital resources in motion and at rest in each CISE are visible to the hub and each CISE and each SWB monitors communications between its corresponding UE and a given website and vets the communications responsive to the security policy, wherein the SWB vets communications responsive to the security policy comprises the SWB processing at least one of the characterizing features using a neural network to estimate a risk of cyber damage to one or more of the group of digital resources associated with the communications and wherein if the estimated risk is greater than a predetermined threshold the hub and/or the SWB undertakes an action to mitigate the risk.
|