A communication system and a communication method for one-way transmission are provided. The communication method includes: transmitting a filtering rule to a programmable logic device by a server; receiving a signal and obtaining data from the signal by the server; packing the data to generate at least one data packet by the server; transmitting the at least one data packet to the programmable logic device by the server; and determining, according to the filtering rule, whether to output the at least one data packet by the programmable logic device.

Systems and methods are described that mitigates and/or prevents distributed denial-of-service (DDOS) attacks. In one implementation, a gateway include one or more processors configured to obtain network data from one or more entities associated with the gateway, provide the network data to a server, and obtain a set of entity identifiers from the server. The set of entity identifiers may be generated based on at least the network data. The one or more processors may be further configured to filter communications based on the set of entity identifiers.

A brownfield security gateway is configured to support a trusted execution environment (TEE) that employs cryptographic and physical security—which forms a trusted cyber physical system—to protect sensitive transmissions on route to a controllable device. The gateway may be implemented with a System on Chip (SoC) that utilizes an application layer gateway to filter content within a transmission. When the application layer gateway authorizes the transmission, the transmission is forwarded to a trusted peripheral device that is configured with communication transport protocols, and the trusted peripheral device transfers the transmission to the controllable device. The trusted peripheral device and the controllable device are physically protected by, for example, protected distribution systems. Accordingly, the trusted peripheral device functions as a gateway between the SoC and the controllable device.

Embodiments include a system, method, and computer program product that enable secure access to cameras in smart buildings. Some embodiments control outbound video from an environment such as a local network through an intelligent on-event video pushing mechanism. The local intelligent on-event video pushing mechanism hides the IP address of a source video camera, transcodes the video to a reduced size for wide area distribution, and pushes video to a recipient upon an event triggered received within the local environment (e.g., the local network.) Embodiments enable a remote video client on the far-side of the local network firewall to view the video streams of cameras on the near-side of the local network firewall when an event or trigger occurs.

A transmission device for transmitting data between a first network and a second network is provided. The transmission device includes a first network port for coupling to the first network and a second network port for coupling to the second network, and the transmission device further includes: a first detection unit which is connected to the first network port and is configured to receive data transmitted by the first network via the first network port and to detect anomalies with respect to the received data, and a second detection unit which is connected to the second network port and is configured to receive data transmitted by the second network via the second network port and to detect anomalies with respect to the received data. The provided transmission device leads to an optimized detection of anomalies in the first and the second network, thereby increasing security during data transmission between the first and the second network.

A facility controlling a communication device to create a disconnected ad hoc network and then to rejoin an internetwork is described. The communication device makes a direct or indirect wireless connection with a participant in a network in which the communication device was formerly a participant. In response to making the connection, the communication device: (1) communicates with a registration authority of the network to synchronize a provisional registration authority state established by the first communication device during a period after the communication device was formally a participant in the network and before the connection was made; and (2) communicates with a security authority of the network to synchronize a security authority state established by the communication device during the period.

Methods, systems, and programs are presented for securing user-address information. A first memory is configured according to a first table that does not include information about user identifiers. Each entry in the first table includes a physical location identifier and information about a physical location. A second memory is configured according to a second table, where each entry in the second table includes the physical location identifier and an account identifier of a user for accessing a service. The first and second tables are configured to separate profile information from the address information of the user. Additionally, a firewall is configured to control access to the second memory. The firewall defines an authentication zone including the second memory but not the first memory, where access to the second memory by internal services is allowed and direct access by the user to the second memory is denied.

Phishing attacks attempt to solicit valuable information such as personal information, account credentials, and the like from human users by disguising a malicious request for information as a legitimate inquiry, typically in the form of an electronic mail or similar communication. By tracking a combination of outbound web traffic from an endpoint and inbound electronic mail traffic to the endpoint, improved detection of phishing attacks or similar efforts to wrongly obtain sensitive information can be achieved.

Methods and systems for performing an electronic security assessment of a building automation system are provided. The building automation system includes a controller and a network of electronic devices connected in electronic communication. The method includes requesting, by the controller, an electronic security scan of the controller with a data set of the controller via a secured channel to a cloud-based service. The method also includes initiating the electronic security scan of the controller based on the data set of the controller. The method further includes electronically assessing security vulnerabilities of the building automation system. The method also includes electronically assessing, by the controller, security vulnerabilities of the network of electronic devices connected in electronic communication with the controller. Also the method includes determining a recommendation list for resolving security vulnerabilities of the building automation system based on the electronically assessing security vulnerabilities.

Provided are a method and a system for transmitting multiple data, in which the method includes receiving a plurality of transmission files for transmission from a transmission device of the first network to a reception device of the second network, and temporarily storing the received files, generating flexible packets by dividing each of the plurality of transmission files by a flexible packet length determined according to size of the files, in which a transmission file in a size smaller than the flexible packet length among the plurality of transmission files is generated as one flexible packet without being divided, loading the flexible packets into a plurality of flexible frames based on a corresponding transmission file priority according to a maximum data transmission size, and transmitting the plurality of flexible frames to the second network.