A system and method of controlling access to a vehicle network that includes a plurality of electronic control units (ECUs) communicating over the network. The method carried out by the system operates a network of ECUs that include at least first and second ECUs in communication with each other over the network. The first ECU may be an external access point which can establish communication with an external device. The first ECU provides the external device with limited privilege access to the network. The method further includes detecting unauthorized escalated privilege access of the first ECU, and in response to the detection, at least partially restricting use of the first ECU as the external access point, thereby preventing external devices from using the first ECU for the limited privilege access to the network.

A device and methods are described that comprise at least one host application and a rich execution environment. At least one interface is operably coupled to the REE for communicating with a remote server. A security sub-system comprises a security monitoring and control circuit coupled to the REE and connectable to the remote server via the REE and the at least one interface. The security monitoring and control circuit comprises an analytics circuit configured to detect an anomaly following a compromisation of the device. The security monitoring and control circuit is arranged to treat the REE as an untrusted component and in response to a detection of a compromisation of the REE or a component in the device that is accessible by the REE by the analytics circuit, the security monitoring and control circuit is configured to re-establish a secure connection to the remote server that tunnels through the REE and at least partially removes the compromisation from the device.

Obtaining mobile terminal security information based on a cloud service includes synchronizing mobile terminal information with a cloud, receiving security information sent by the cloud, and performing corresponding security processing according to the security information. The security information is generated when the cloud determines that a security risk exists in a mobile terminal. The generated security information is sent by the cloud to the mobile terminal. Whether the security risk exists in the mobile terminal is obtained by the cloud through determining with reference to the mobile terminal information and latest security data of the cloud, and the determining step is triggered by updating of security data of the cloud.

In one implementation, a method for providing security on externally connected controllers includes receiving, at a reporting agent that is part of a security middleware layer operating on a controller, an indication that a process has been blocked; obtaining, by the reporting agent, trace information for the blocked process; determining, by the reporting agent, a code portion in an operating system of the controller that served as an exploit for the blocked process; obtaining, by the reporting agent, a copy of malware that was to be executed by the blocked process; generating, by the reporting agent, an alert for the blocked process that includes (i) the trace information, (ii) information identifying the code portion, and (iii) the copy of the malware; and providing, by the reporting agent, the alert to a network interface on the controller for immediate transmission to a backend computer system.

In one implementation, a method for providing security on externally connected controllers includes receiving, at a reporting agent that is part of a security middleware layer operating on a controller, an indication that a process has been blocked; obtaining, by the reporting agent, trace information for the blocked process; determining, by the reporting agent, a code portion in an operating system of the controller that served as an exploit for the blocked process; obtaining, by the reporting agent, a copy of malware that was to be executed by the blocked process; generating, by the reporting agent, an alert for the blocked process that includes (i) the trace information, (ii) information identifying the code portion, and (iii) the copy of the malware; and providing, by the reporting agent, the alert to a network interface on the controller for immediate transmission to a backend computer system.

The invention relates to a method for making a transaction of a contactless application secure, said application (11) being stored in the mobile terminal (10), said transaction taking place between the mobile terminal and a contactless reader (12), said terminal including a security element (14), said method comprising the following steps carried out by the mobile terminal: the application sends (E13) a token representing a piece of sensitive data and a first authentication value relating to the token to the reader, the security element receives (E16) the token and the related first authentication value from the reader, the security element calculates (E17) a second authentication value from the received token and compares the first authentication value with the second authentication value, and sending (E18) the result of the comparison to the reader, said reader cancelling the transaction if the result is negative.

The present disclosure relates to a communication technique for fusing a 5G communication system for supporting a high data transmission rate after a 4G system with the IoT technology, and a system thereof. The present disclosure can be applied to an intelligent service (e.g., a smart home, a smart building, a smart city, a smart car or connected car, healthcare, digital education, retail business, security and safety related service, etc.) based on the 5G communication technology and the IoT related technology. In accordance with an embodiment of the present disclosure, a method for detecting a malicious code which is injected into the command stream of a widget miming on a web-based OS in a device by a web server in a wireless communication system is provided. The method includes: analyzing the widget in the web server; determining at least one invariant condition constantly maintained and conserved while the widget is running, on the basis of a result of the analyzing; generating a metadata file including data satisfying the at least one invariant condition; associating the metadata file with the widget and providing the widget in a state in which the associated metadata file is included in the widget.

Techniques for neutralizing malicious malware embedded in a media item being sent to a user equipment (UE) are discussed herein. A network device may receive (e.g., intercept) a medial file in transit via a wireless communication network being sent to a UE. The media file may include some type of perceptible content (e.g., audio, video, image data, etc.) as well as malware embedded in the media file. The network device may generate a transcoded media file based on the received media file that includes the perceptible content while neutralizing the malware.

Techniques for neutralizing malicious malware embedded in a media item being sent to a user equipment (UE) are discussed herein. A network device may receive (e.g., intercept) a medial file in transit via a wireless communication network being sent to a UE. The media file may include some type of perceptible content (e.g., audio, video, image data, etc.) as well as malware embedded in the media file. The network device may generate a transcoded media file based on the received media file that includes the perceptible content while neutralizing the malware.

An improved core network that includes a network resilience system that can detect network function virtualization (NFV)-implemented nodes that have been compromised and/or that are no longer operational, remove such nodes from the virtual network environment, and restart the removed nodes in a last-known good state is described herein. For example, the network resilience system can use health status messages provided by nodes, intrusion data provided by intrusion detection agents running on nodes, and/or operational data provided by the nodes as applied to machine learning models to identify nodes that may be compromised and/or non-operational. Once identified, the network resilience system can delete these nodes and restart or restore the nodes using the last-known good state.