Abstract: Systems and methods include, responsive to a request from a user for one or more Business-to-Business (B2B) applications, redirecting the request, by a cloud-based system, to an identity provider to authorize the user; displaying the one or more B2B applications that the user is authorized to access; responsive to a selection of a B2B application of the one or more B2B applications, creating a first tunnel from the B2B application to the cloud-based system; and stitching the first tunnel between the B2B application and the cloud-based system with a second tunnel between the user and the cloud-based system. The systems and methods further include, responsive to the user being unauthorized for any of the one or more B2B applications, omitting the one or more B2B applications from the displaying, such that the one or more B2B applications are invisible to the user.

Abstract: Techniques for mobile equipment identity and/or IoT equipment identity and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for mobile equipment identity and/or IoT equipment identity and application identity based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a device identifier for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the device identifier and the application identifier.

Abstract: Certain example embodiments relate to systems and techniques for a client device outside of a cloud infrastructure to securely access services in the cloud infrastructure by relying on one or more keys that are validated by the cloud infrastructure based on a heartbeat message received from the client device. The heartbeat message may be secured by a certificate generated for the client device.

Abstract: A system for monitoring intrusion anomalies in an automotive environment, the system comprising: a telematic control unit; a plurality of engine control units, each of the plurality of engine control units associated with a local security monitor and a diagnostic communications manager arranged to receive information regarding intrusion anomalies detected by the local security monitor; and an anomaly analyzer in communication with each of the diagnostic communication managers and the telematics control unit, the communication utilizing a diagnostic over Internet protocol, the anomaly analyzer arranged to aggregate the information regarding intrusion anomalies detected by the respective local security monitors.

Abstract: An in-vehicle relay device for a vehicle is provided. The in-vehicle relay device includes a first communication circuit that transmits and receives first data to and from a first in-vehicle equipment in the vehicle. A second communication circuit transmits and receives second data to and from a second in-vehicle equipment in the vehicle. A control circuit controls relay of third data among the first communication circuit and the second communication circuit. In a case where reception data received by the control circuit from the first communication circuit or the second communication circuit is unauthorized, the control circuit stops relaying the third data in accordance with a traveling state of the vehicle.

Abstract: Provided is a system capable of appropriately performing period management of a license provided by an information processing apparatus. The information processing apparatus includes a data generation unit that generates first license communication information using first device information, the first device information being information including a first reference date and time and a device unique key, the first reference date and time being a date and time set using a hardware clock of an electronic device and being a date and time used for period management of a license, the device unique key being a key unique to the electronic device, and the first license communication information being information including at least one of an effective term or an expiration time of the license and the first reference date and time and used for installing the license in the electronic device.

Abstract: This application discloses a method used to remove a target blockchain node group of a first tenant from a channel. In the method, an execution node of a second tenant receives configuration information of the target blockchain node group of the first tenant which is sent by a management node, obtains channel configuration information of the channel from a consensus organization, and generates channel adjustment information based on the channel configuration information and the configuration information of the target blockchain node group. The execution node of the second tenant sends the channel adjustment information to the consensus organization, and the consensus organization generates a block including the channel adjustment information. A blockchain node group of the second tenant obtains the block from the consensus organization, and adds the block to a blockchain stored in the second tenant.

Abstract: A system and a method for analyzing files using visual cues in the presentation of the file is provided. These visual aids may be extracted using a convolutional neural network, classified, and used in conjunction with file metadata to determine if a provided document is likely to be malicious. This methodology may be extended to detect a variety of social engineering-related attacks including phishing sites or malicious emails. A method for analyzing a received file to determine if the received file comprises malicious code begins with generating an image that would be displayed if the received file is opened by the native software program. Then the image is analyzed, and output is generated. Metadata is also extracted from the received file. Then, a maliciousness score is generated based on the output, the metadata, and a reference dataset.

Abstract: A key generation device for a vehicle-internal communication system and a method for the vehicle-internal management of cryptographic keys comprises providing at least one secret for a vehicle-internal key generation device and generation of at least one new cryptographic key by the vehicle-internal key generation device on the basis of the at least one secret. The generation and providing of the at least one new cryptographic key takes place autonomously and is triggered by a key-exchange event, or a combination of key-exchange events. The key-exchange event may be one of a vehicle-internal change, an environmental change and a security key.

Abstract: A technique allows a smart meter to receive a mask. The smart meter may receive the mask from a utility company or an escrow service. The smart meter may apply the mask to original metered data on a continuous schedule, on a periodic schedule, or on a determined schedule, or on a randomized schedule to conceal the original metered data. The smart meter may apply different masks at different times. The smart meter transmits the concealed metered data as augmented metered data remotely to an electric utility via a communication network.

Abstract: A vehicle communication network is monitored to detect a plurality of electronic control units (ECUs). Upon identifying a new ECU in the plurality of ECUs, a highest ECU trip counter is determined from the plurality of ECUs. A global trip counter stored in the memory is updated based on the highest ECU trip counter. The updated trip global trip counter is greater than the highest ECU trip counter. Then a replacement synchronization message is provided to the plurality of ECUs on the vehicle communication network. The replacement synchronization message includes the updated global trip counter.

Abstract: Enhancing security achieved via encryption that is performed within an encryption device by combining entropy that is generated within the encryption device with additional entropy, that is generated external to the encryption device, into the generation of an encryption key. Prior to an encryption device utilizing a deterministic algorithm to generate the encryption key, multiple random numbers may be obtained from different entropy sources—at least one of which is internal to the encryption device and at least one of which is external to the encryption device. The encryption device combines the multiple random numbers into a combined entropy input that cannot be determined from either one of the random numbers alone. This combined entropy input is then utilized to generate the encryption key that is ultimately used to perform the device-internal encryption.

Abstract: A method for reducing a level of secure data exposure within the dark web may be provided. The secure data may be associated with a third party data custodian that may be associated with a pre-determined entity. The method may include searching the communications to identify one or more single locations that may include numerous communications that may include text identifying the selected third party data custodian. Each communication may be assigned a time-stamp in order to calculate a speed of how many communications within a pre-determined time period may be identified to include text identifying the third party data custodian. Simultaneous to the searching, the method may include running a time clock. When a rate per unit of time of identification of each identifying text is equal to or greater than a pre-determined rate per unit of time, increasing a monitoring at the one or more single locations.

Abstract: Technologies for a distributed Internet of Things (IoT) system including a plurality of IoT devices are disclosed. An example first Internet of Things (IoT) device includes at least one processor to execute instructions to access a first message transmitted by a second IoT device, the first IoT device and second IoT device communicatively coupled via a direct communication, identify that the first message is indicative of an administrative event, the administrative event associated with a function of one or more of the first IoT device or the second IoT device, update a status of a system of IoT devices based on the administrative event, the system of IoT devices including the first IoT device and the second IoT device, and send a second message indicative of the administrative event to a universal bus.

Abstract: A system and method for network cybersecurity analysis that uses user and entity behavioral analysis combined with network topology information to provide improved cybersecurity. The system and method involve gathering network entity information, establishing baseline behaviors for each entity, and monitoring each entity for behavioral anomalies that might indicate cybersecurity concerns. Further, the system and method involve incorporating network topology information into the analysis by generating a model of the network, annotating the model with risk and criticality information for each entity in the model and with a vulnerability level between entities, and using the model to evaluate cybersecurity risks to the network. Risks and vulnerabilities associated with user entities may be represented, in part or in whole, by the behavioral analyses and monitoring of those user entities.

Abstract: A system and method to identify and prevent cybersecurity attacks on modern, highly-interconnected networks, to identify attacks before data loss occurs, using a combination of human level, device level, system level, and organizational level monitoring.

Abstract: A method for creating a smart contract detailing an ordered set of events is disclosed. A smart contract can include information about multiple events and responses for each event. The events and response can be arranged in a predefined order. The responses can include adding new records to a blockchain.

Abstract: The presence of a wireless device and/or accessory that cannot maintain an independent network connection can be detected by network connected wireless devices and the location of the detected device and/or accessory can be reported to a device location service. As the wireless devices and/or accessories do not have independent network connections, periodic maintenance is performed on those devices by nearby owner devices to which the wireless devices and/or accessories are paired or associated. Described herein are systems, methods, and associated devices to maintain a locatable wireless device by a set of multiple owner devices for that wireless device.

Abstract: The present invention relates to cryptographic protection of information by using keys derived from quantum keys from an associated quantum key distribution (QKD) system. The system includes a transmitting node and a receiving node of a single-pass QKD system, and two encryptors connected by a classical communication channel. The one encryptor is further connected to the transmitting node of the QKD system by a first local communication link, and the other encryptor is connected to the receiving node of the QKD system by a second local communication link. A method of implementing the system includes generating encryption keys and authentication keys based on quantum keys of a size not less than the one specified in operation of the system, exchanging service data in course of execution of the quantum protocol using the encryption keys and authentication keys, and providing identity of the encryption keys and the authentication keys.

Abstract: Techniques for providing security for Cellular Internet of Things (CIoT) in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for enhanced security for CIoT in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a subscriber identity for a new session, in which the session is associated with a CIoT device; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the subscriber identity and the application identifier.