Among other things, apparatuses and techniques are described for managing security of devices in a vehicle using a security gateway. In one aspect, a circuit is coupled to a device in a vehicle, and manages communications between the device and entities external to the vehicle. The circuit receives, from an external entity, communication traffic for the device. The circuit determines, using a known security policy for the device, whether the communication traffic is valid communication traffic for the device. The circuit also determines, using a known device profile of the device, whether the communication traffic satisfies characteristics of the device profile. If the communication traffic is valid communication traffic for the device, and the communication traffic satisfies the characteristics of the device profile, the circuit forwards the communication traffic to the device.

A multi-modal portal system provides an authorization prior to establishing a visual interface connection between a support user or caller and a client user or receiving party. Once the caller is authorized, the caller is permitted to drop-in such that a visual interface connection is established with the receiving party. The authorization can be based on a profile configuration that indicates whether the caller has the credentials required for the visual interface. The authorization can require that a notification be sent to a trusted user or primary contact or the caller can be associated with a profile configuration that allows for a pre-authorization without requiring the notification. Also, a trusted user can be provided access to control an optical instrument associated with a client user where the client user is associated profile configuration or both.

A multi-modal portal system provides an authorization prior to establishing a visual interface connection between a support user or caller and a client user or receiving party. Once the caller is authorized, the caller is permitted to drop-in such that a visual interface connection is established with the receiving party. The authorization can be based on a profile configuration that indicates whether the caller has the credentials required for the visual interface. The authorization can require that a notification be sent to a trusted user or primary contact or the caller can be associated with a profile configuration that allows for a pre-authorization without requiring the notification. Also, security is enhanced by validating network devices and providing resiliency in data paths between network devices and data aggregators.

A system that detects malicious traffic flows in a network includes a computer system including a processor in communication with at least one memory device. The processor is programmed to store a plurality of context information about the network including a plurality of devices. The processor is also programmed to determine a network configuration of the network at a specific point in time. The processor is further programmed to generate one or more security policies for one or more devices of the plurality of devices in the network based on the network configuration and the plurality of context information. In addition, the processor is programmed to deploy the one or more security policies to the one or more devices in the network, wherein the one or more devices are configured to execute an algorithm to monitor communications on the network in view of a corresponding security policy of the one or more security policies.

Various technologies described herein pertain to detecting operation of an autonomous vehicle on an untrusted network. The autonomous vehicle retrieves a beacon token from a data store of the autonomous vehicle. The beacon token comprises an identifier for the autonomous vehicle and an identifier for a server computing device. The autonomous vehicle generates a data packet based upon the beacon token, wherein the data packet includes the identifier for the autonomous vehicle. The autonomous vehicle transmits the data packet to the server computing device. When the data packet is transmitted via a trusted network, networking rules of the trusted network prevent the data packet from being received by the server computing device. When the data packet is transmitted via the untrusted network, the server computing device receives the data packet. Responsive to receiving the data packet, the server computing device generates and transmits an alert to a computing device.

A method and apparatus are provided for delivering user equipment (UE) new radio (NR) security capabilities and mobility management entity interworking. In the embodiments, adding the UE NR security capabilities in a new information element over a non-access stratum (NAS) is compatible with a legacy mobility management entity and eliminate any potential of bidding-down attack and is more advantageous and serves the security solution better. As long as the UE is connected to the long term evolution (LTE) and all UE security capabilities including LTE security capabilities have been replayed correctly and successfully in the NAS security mode command (SMC) message, the UE may not consider the absence of the UE NR security capabilities in the NAS SMC as a security vulnerability.

A method and apparatus are provided for delivering user equipment (UE) new radio (NR) security capabilities and mobility management entity interworking. In the embodiments, adding the UE NR security capabilities in a new information element over a non-access stratum (NAS) is compatible with a legacy mobility management entity and eliminate any potential of bidding-down attack and is more advantageous and serves the security solution better. As long as the UE is connected to the long term evolution (LTE) and all UE security capabilities including LTE security capabilities have been replayed correctly and successfully in the NAS security mode command (SMC) message, the UE may not consider the absence of the UE NR security capabilities in the NAS SMC as a security vulnerability.

Technologies disclosed herein are directed to context-based mobile device management. According to one embodiment, an application executing in a mobile device detects an event to trigger context-based management of the mobile device. A usage context associated with the mobile device is determined. One or more policies to enforce on the mobile device are identified as a function of the usage context. The application enforces the one or more policies on the mobile device.

Aspects of the invention are directed towards methods and systems for managing access of an application. One or more embodiments of the invention describe receiving an indication from a user to access an application. One or more embodiments of the invention further describe determining whether a user device is in an offline mode and if the user device is in the offline mode, prompting the user to input user credentials. Furthermore, the embodiments of the invention also describe receiving the user credentials from the user and validating the user credentials of the user with pre-stored user credentials. Accordingly, access of the application to the user is controlled based on said validation.

A method performed by a wireless device on a wireless network. The method includes sending an access request for an application. In response to sending the access request, the wireless device receives a visual voicemail message including authentication information. The wireless device can access and send the authentication information of the visual voicemail message to an authentication system. The wireless device is then authenticated to participate in a restricted activity or access restricted content in response to the sent authentication information.