Technologies for bi-directional encryption and decryption for underlay and overlay operations are described. One network device includes multiple ports, a network processing element, a programmable path-selection circuit, and a security IC. The programmable path-selection circuit is configured to operate in a first mode in which first outgoing packets are routed to the security integrated circuit to be encrypted before sending on one of the ports, and first incoming packets, received on one of the ports, are routed to the security integrated circuit to be decrypted. The programmable path-selection circuit is configured to operate in a second mode in which second incoming packets are routed to the security integrated circuit to be encrypted before processing by the network processing element and route second outgoing packets to the security integrated circuit to be decrypted after processing by the network processing element.

Disclosed is a method for execution by a computing device. The method involves establishing a communication channel for communicating with a client device using link-layer encryption, and attempting to authenticate the client device using authentication-layer encryption on top of the link-layer encryption. The method also involves receiving a command from the client device over the communication channel, and if the client device has been authenticated, executing the command. Notably, the link-layer encryption offers some degree of security because network traffic over the communication channel is encrypted, but does not offer adequate protection from all cyber attacks. However, the authentication-layer encryption adds an additional layer of security on top of the link-layer encryption, which can help to avoid or mitigate cyber attacks. In this way, it is possible to avoid or mitigate unauthorized users from having the computing device execute commands, because security is enhanced beyond the link-layer encryption.

A method and apparatus related to developing electromagnetic emission and power models for a target device using photonic emissions thereof are provided. Data of photonic emissions of a target device during a first period of time with the target device in one or more modes is recorded. Data of electromagnetic emissions of the target device during the first period of time with the target device in the one or more modes is also recorded. The recorded data of the photonic emissions and the recorded data of the electromagnetic emissions are correlated to establish one or more electromagnetic emission models for the target device. The one or more electromagnetic emission models enable predictive analysis of emissions by the target device.

Methods, apparatuses, and computer programs products for connection parameter awareness in an authenticated link-layer network session are disclosed. A client sends, to a network access server (NAS), an initiation packet announcing the initiation of an authentication session. The client establishes an authenticated link-layer session with the NAS. The client receives, from the NAS, a network policy packet including a network policy defined by one or more connection parameters for the link-layer session. The client then enforces the network policy.

Systems, methods, and computer-readable media for interconnecting SDWANs through segment routing. A first SDWAN and a second SDWAN of a SDWAN fabric can be identified. A segment routing domain that interconnects the first SDWAN and the second SDWAN can be formed across a WAN underlay of the SDWAN fabric. Data transmission between the first SDWAN and the second SDWAN can be controlled by performing segment routing through the segment routing domain formed between the first SDWAN and the second SDWAN.

Systems, methods, and devices for performing a layer-2 scan of one or more communication networks to collect detailed information regarding the components/devices attached to the networks at a particular location (e.g., metropolitan area, city, university campus, building, floor within a building, etc.), and using the collected detailed information to generate a device profile for each of the devices attached to the one or more communication networks at the particular location. A server computing device may use the generated device profiles to perform inventory control operations, wireless vendor integration operations and/or security operations. For example, the server may use the device profiles to determine whether a component/device attached to any of the networks is non-benign (e.g., improperly configured, running malware, operated by hacker, spoofing a server, dropping packets, etc.), and initiate a reactive or mitigating action (e.g., quarantine the device, etc.).

A method for communicating overlay networks according to an embodiment of the present disclosure includes acquiring a first authentication information from a first authentication server by the first terminal, establishing a connection with a first relay node based on the first authentication information by the first terminal, acquiring a second authentication information from a second authentication server via the first relay node by the first terminal, and communicating with the second terminal by way of the first relay node using the second authentication information by the first terminal.

The present disclosure provides a security mechanism to mitigate the risk of trackability of a UE engaged in groupcast communication. The security mechanism makes use of cryptographic functions and thus provides a cryptographic-grade protection for groupcast communications. The security mechanism can be implemented without any additional signaling for even additional parameters in existing signaling message.

A method for managing local ports in a packet-oriented data network is proposed, wherein packets are assigned to a selected local port, and assignment of a local port is controlled based on observation of transmission on the network. The invention also relates to a local port managing device, a packet-oriented data network, a digital storage media, and a computer program product.

A processor is electrically connected to a communication section that transmits a control signal upon receiving an operation signal and to a relay section that transmits a control request signal upon receiving the control signal. The processor includes a first processor and a second processor. The first processor is configured to execute an authentication operation to authenticate or not authenticate the relay section, in a case in which the relay section has received the control signal. The second processor is configured to control a control target provided at the vehicle based on the control request signal received from the relay section, in a case in which an authentication-success signal indicating that the relay section is authentic has been received from the first processor.