The Solution:
Separating Users from the Internet
To physically separate users from the internet, the execution environment for browser and email applications is moved to an isolated appliance located in a DMZ outside the intranet. Any attacks originating from the public internet take effect exclusively on this isolated appliance. Malicious code cannot penetrate the intranet and therefore cannot access company data.
Remote Control of Browser and Email
An app on the user's device (PC, laptop, tablet, smartphone) transmits all input — from keyboard, mouse, touchpad, camera, and microphone — to the isolation computer, effectively functioning like a remote control. Users continue to operate browser and email applications as they normally would, using keyboard, mouse, or touchpad.
A critical factor for intranet security is the integration of all user devices. Even a single unprotected endpoint is enough to infect the intranet with malicious code.
Data Transfer to Users
Executable content is run within the isolation appliance. Only static, non-executable content is transmitted to the intranet. Multiple safeguards ensure that no malicious code is transferred during this process:
1. Media Discontinuity
Executable content (JavaScript, WASM, Word macros, PostScript, etc.) renders to the screen buffer — but only pixel data is read and transmitted, and only the pixels that have changed compared to the previous frame. This transformation from executable content into static pixel data is comparable to a media discontinuity. From a technical perspective, pixels are simply sequences of numerical values that define color, brightness, contrast, transparency, and screen position. They cannot contain any executable code.
In addition, the client software on user devices ensures that incoming data streams from the isolation appliance are interpreted only as pixels.
2. Protocol Filter (in development)
The protocol filter inspects the pixel stream scheduled for transmission to the intranet for valid pixel-level syntax. This ensures that any manipulated or malformed pixel stream is detected — and transmission is blocked if necessary.
3. Overlay with Random Micro-Noise (patented method, in development)
The human eye cannot perceive minimal variations in pixel color, brightness, contrast, or transparency. Therefore, before transmission to the intranet, pixel values can be randomly and slightly altered in these attributes — without the user noticing any visual difference. The same principle applies to audio signals, where slight random changes in pitch or volume can be introduced. Overlaying the transfer data with minimal random noise ensures that any malicious code embedded in the data stream is effectively destroyed.