Abstract: An in-vehicle network system includes a plurality of first controllers; a plurality of first communication lines, the first communication lines being respectively connected to the first controllers; a connector that connects an external device or a wireless communication device; a connection communication line that is connected to the connector; and a first relay device that relays between the first communication lines and the connection communication line. The first relay device is configured to determine whether a security level in data communication between the first controllers is increased according to a type of the external device or a communication state of the wireless communication device in a state in which the external device or the wireless communication device is connected to the connector, and the first relay device is configured to increase the security level when the first relay device determines that the security level is increased.

Abstract: One embodiment provides a method, including: receiving, from a client device, a request by a user to access an aggregate service device; authenticating, at the aggregate service device, the user to provide access to at least one remote device; providing, by the aggregate service device, data analogous to data of the at least one remote device; receiving, by the aggregate service device, a selection of data accessible by the user from the at least one remote device; and facilitating data transfer associated with the selection of data. Other aspects are described and claimed.

Abstract: Techniques for in-line filtering of insecure or unwanted mobile components or communications (e.g., insecure or unwanted behaviors associated with applications for mobile devices (“apps”), updates for apps, communications to/from apps, operating system components/updates for mobile devices, etc.) for mobile devices are disclosed. In some embodiments, in-line filtering of apps for mobile devices includes intercepting a request for downloading an application to a mobile device; and modifying a response to the request for downloading the application to the mobile device. In some embodiments, the response includes a notification that the application cannot be downloaded due to an application risk policy violation.

Abstract: Disclosed are a communication scheme and a system thereof for converging an IoT technology and a 5G communication system for supporting a high data transmission rate beyond that of a 4G system. A method and an apparatus for configuring a connection with a second device, which provides access to a network, by a first device in a communication system, is provided. The method includes discovering the second device supporting a neighbor awareness network (NAN) and located within a predetermined range from the first device, exchanging an ephemeral key of the first device for identifying the first device and an ephemeral key of the second device for identifying the second device, and performing a secure connection between the first device and the second device.

Abstract: A method and system provides access control encryption for a file system. A resource management module manages access to data on a storage container and hosts a virtual file system including files representing the data on the storage container. An access control and encryption module encrypts each of the files with a respective file encryption key. The access control module generates a plurality of application containers each associated with a respective user and that include respective lists of files that the respective user is authorized to access. The access control and encryption module generates decrypts the files and allows access to files based on the lists of files in the application containers.

Abstract: The advanced data protection system is implemented by distributing data encryption across multiple isolated computing systems and using multi-factor authentication to access remote, protected decryption material. Architectural components include: Client application software reading/writing from/to a client data store executing on a client host computer, client application plug-ins communicating with external authentication devices, server application software reading/write data from/to a server data store executing on a host computer which is physically or virtually isolated from the client host computer, authentication devices, components, or systems integrated with or connected to the client computer and exposing programmatic interfaces to client application software, and secure networking components executing on both hosts that provide secure data exchange.

Abstract: Systems and methods which provide a new application security assessment framework that allows auditing and testing systems to automatically perform security and compliance audits, detect technical security vulnerabilities, and illustrate the associated security risks affecting business-critical applications.

Abstract: A computer-implemented method, computer device and computer system for detecting multiple users based on a biometric user profile and/or a behavioral user profile.

Abstract: A security monitoring system for a Controller Area Network (CAN) comprises an Electronic Control Unit (ECU) operatively connected to the CAN bus. The ECU is programmed to classify a message read from the CAN bus as either normal or anomalous using an SVM-based classifier with a Radial Basis Function (RBF) kernel. The classifying includes computing a hyperplane curvature parameter ? of the RBF kernel as ?=ƒ(D) where ƒ( ) denotes a function and D denotes CAN bus message density as a function of time. In some such embodiments ?=ƒ(Var(D)) where Var(D) denotes the variance of the CAN bus message density as a function of time. The security monitoring system may be installed in a vehicle (e.g. automobile, truck, watercraft, aircraft) including a vehicle CAN bus, with the ECU operatively connected to the vehicle CAN bus to read messages communicated on the CAN bus.

Abstract: This disclosure provides a network security architecture that permits installation of different software security products as virtual machines (VMs). By relying on a standardized data format and communication structure, a general architecture can be created and used to dynamically build and reconfigure interaction between both similar and dissimilar security products. Use of an integration scheme having defined message types and specified query response framework provides for real-time response and easy adaptation for cross-vendor communication. Examples are provided where an intrusion detection system (IDS) can be used to detect network threats based on distributed threat analytics, passing detected threats to other security products (e.g., products with different capabilities from different vendors) to trigger automatic, dynamically configured communication and reaction.

Abstract: This disclosure provides an architecture for sharing information between network security administrators. Events converted to a normalized data format (CCF) are stored in a manner that can be queried by a third party (e.g., an administrator of another, trusted network). Optionally made available as a service, stored event records can be sanitized for third party queries (e.g., by clients of a service maintaining such a repository). In one embodiment, each contributing network encrypts or signs its (sanitized) records using a symmetric key architecture, the key being unique to the contributing network. This key is used (e.g., by the repository) to index a set of permissions or conditions of the contributing network in servicing any query, e.g., by matching a stored hash of the event record or by decrypting the record. The information sharing service can optionally be provided by a hosted information security service or on a peer-to-peer basis.

Abstract: According to one embodiment, a method in a computing device for responding to a determination that a verification with a user is desired responsive to detection of activity indicative of a possible insider threat is described. The method includes selecting a target role and a target user for the verification based on an activity context and an enterprise context repository, the selecting including selecting the target role from a plurality of target roles based on the activity context and optionally the enterprise context repository and selecting a target user in the selected target role based on the enterprise context repository. The method further includes causing a verification request to be sent to the selected target user; and generating an alert when a verification result indicates that the activity is indicative of the possible insider threat.

Abstract: Systems and methods are provided for authenticating image files when network connections should not or cannot be used to transfer image files. A user device application may capture an image at a user device, generate an image file, and generate a hash file based on the image file. Instead of sending the image file to an authentication server for authentication, the application may send the hash file. If desired, the application may transfer the image file when a desirable network connection is available. Any alteration to the image file in the meantime will result in a different hash file for the altered image file, thus allowing detection of altered image files. This approach offers decreases the amount of data that is required to be transmitted in low or undesirable signal conditions, while maintaining an ability to detect alterations to image files that may have been made in the meantime.

Abstract: Disclosed are systems, apparatus, and methods for integrating an information feed. In various implementations, an identity of a user may be determined based on authentication information, where the authentication information identifies a user profile. In some implementations, profile information is identified based on the determined identity, where the profile information identifies one or more entities tracked using one or more information feeds associated with the user profile, and where the one or more information feeds comprises one or more feed items stored in a database system. In various implementations, the identified profile information is associated with a user account provided by a network communications application.

Abstract: A system for securely sharing data and conducting transactions in an electronic environment. The system may include a personal information device having a processor, memory and biometric sensor. Personal data is stored in the memory of the personal information device. The personal information device may be registered with a centralized system. Data stored on the personal information device may be uploaded to an access device upon verification of a user's identity using a biometric recognition technique.

Abstract: Methods, systems and computer readable media are provide for protecting stored data from ransomware. In an embodiment, the data is stored in an external drive connected to the processor. The connection between the processor and external drive is interrupted (e.g., open) except during a data transfer between the processor and the external drive. Connection of the processor to the external drive, permitted for a time period specified by a user or until the transfer of data is complete, occurs in response to manual actuation of a control means interposed between the processor and external drive and optionally, an indication from the user computing system that malware has not been detected on the device. The control means may be a mechanical switch or a fingerprint authentication device.

Abstract: This patent is generally directed to a transaction-based secure information delivery system and method referred to as “SEDS” herein. SEDS consists of secure method(s) and infrastructure to transmit sensitive information, such as but not limited to medical information. SEDS may be used instead of email, fax, removable media and other non-secure methods. SEDS also supports a sender/receiver risk-assessment based communication protocol.

Abstract: A set of internal information technology (IT) architecture is received and the internal IT architecture is controlled by a service provider. A set of exogenous IT architecture is received and the exogenous IT architecture is not controlled by the service provider. A set of service level agreement (SLA) requirements, agreed upon by the service provider and a service user, are received. A set of sensor data, from sensors monitoring environmental conditions which may affect at least one of the internal IT architecture or the exogenous IT architecture, is received. A set of heuristic data relating to the internal IT architecture and the exogenous IT architecture is received. A risk metric based on the set of internal IT architecture, the set of exogenous IT architecture, the set of SLA requirements, the set of sensor data, and the set of heuristic data is determined.

Abstract: An apparatus comprises at least one container host device implementing containers for respective tenants of a multi-tenant environment. The containers are configured to utilize storage resources of at least one storage platform. A given one of the containers comprises at least one application, and an application file system security layer configured to communicate with the storage platform. The application file system security layer comprises a container storage volume supported by the storage platform, and an encryption engine configured to encrypt and decrypt data of the container storage volume utilizing one or more data encryption keys that are encrypted under a tenant-specific key encryption key. The tenant-specific key encryption key is provided to the application file system security layer by a tenant key manager that is external to the container. The tenant key manager is illustratively controlled by the tenant for which the given container is implemented.

Abstract: Disclosed are systems, methods and computer program products for antivirus checking of files based on level of trust of their digital certificates. An example method includes obtaining a digital certificate of a digital signature of a file; determining validity of the obtained digital certificate; assigning a level of trust to the digital certificate based on the determined validity or invalidity of the digital certificate of the file; based on the assigned level of trust of the digital certificate of the file, determining what antivirus checking method to perform on the file; and performing the determined antivirus checking method on the file.