An event is detected at a first device. Responsive to the detection, at least some functionality of the first device is deactivated. The presence of a second device, cryptographically paired with the first device, is detected by the first device. Responsive to the detection, at least some functionality of the first device is activated or reactivated.

An anomaly handling method using a roadside device is disclosed. The method includes receiving, from a vehicle, an anomaly detection notification, which includes level information indicating a level affecting safety, and a location of the vehicle. The method also includes obtaining a location of the roadside device and determining whether a distance between the location of the vehicle and the location of the roadside device is within a predetermined range. When the distance is within the predetermined range and is shorter than a first predetermined distance, not changing the level information and transmitting the received anomaly detection notification externally from the one vehicle. When the distance is within the predetermined range and is longer than or equal to the first predetermined distance, changing to decrement a level indicated by the level information, and transmitting changed anomaly detection notification externally from the one vehicle.

An anomaly handling method using a roadside device is disclosed. The method includes receiving, from a vehicle, an anomaly detection notification, which includes level information indicating a level affecting safety, and a location of the vehicle. The method also includes obtaining a location of the roadside device and determining whether a distance between the location of the vehicle and the location of the roadside device is within a predetermined range. When the distance is within the predetermined range and is shorter than a first predetermined distance, not changing the level information and transmitting the received anomaly detection notification externally from the one vehicle. When the distance is within the predetermined range and is longer than or equal to the first predetermined distance, changing to decrement a level indicated by the level information, and transmitting changed anomaly detection notification externally from the one vehicle.

A system and method for encrypting a data frame of a low-power communication protocol. The method includes providing an input data frame, the input date frame includes a random number, a unique identifier, and a payload data, encrypting the payload data, generating a Message Integrity Code (MIC), generating a rotating identifier by encrypting the unique identifier, and generating an output frame based on the generated rotating identifier, the generated MIC, and the encrypted payload data.

A detection device includes: an acquisition unit configured to acquire a target distribution that is a distribution of reception intervals of periodic messages transmitted in an in-vehicle network; an extraction unit configured to extract a part of the target distribution acquired by the acquisition unit, in accordance with a predetermined criterion; and a detection unit configured to perform a detection process of detecting an unauthorized message, based on the part, of the target distribution, extracted by the extraction unit.

Data can originate from at least one device. The data can be received by at least one network element corresponding to a network. The data can be sent over the network by the at least one device. The data can be analyzed to determine a presence of one or more keywords or key phrases in the data received. A determination can be performed to determine whether or not to filter or block the data. The data can be blocked or filtered according to the determination.

Data can originate from at least one device. The data can be received by at least one network element corresponding to a network. The data can be sent over the network by the at least one device. The data can be analyzed to determine a presence of one or more keywords or key phrases in the data received. A determination can be performed to determine whether or not to filter or block the data. The data can be blocked or filtered according to the determination.

Systems and methods include, in a cloud node executing a security service, causing a mobile device to perform a validation check to determine if the mobile device is any of fake, counterfeit, jailbroken, and rooted; responsive to successful validation, allowing traffic to and from the mobile device through the security service; and responsive to unsuccessful validation, preventing traffic to and from the mobile device through the security service. The systems and methods can further include, prior to the causing, requiring the mobile device to install and launch an application, wherein registration with the security service requires the application; and performing the validation check via the application and a fake check service.

A wireless security method performed by a network monitoring system for a wireless station, the method maintaining continuous wireless service, the method including identifying a desired network, to which the wireless station is currently connected vis a legitimate access point, as having become an undesirable network, based on a network security policy, and based on network variables, activate the legitimate access point to create a desired network, comprising changing network variables of the undesired network, and maintaining the wireless station connection to the network, based on the security policy.

A wireless security method performed by a network monitoring system for a wireless station, the method maintaining continuous wireless service, the method including identifying a desired network, to which the wireless station is currently connected vis a legitimate access point, as having become an undesirable network, based on a network security policy, and based on network variables, activate the legitimate access point to create a desired network, comprising changing network variables of the undesired network, and maintaining the wireless station connection to the network, based on the security policy.