Systems and methods for enhancing a routing protocol of a telecommunications network are provided. In one embodiment, a method for enhancing the Intermediate System to Intermediate System (IS-IS) routing protocol is provided. The method includes the steps of determining if a password on a received Link State Protocol data unit (LSP) is authenticated and determining if the LSP is generated by an authenticated node. If the LSP password is not authenticated or the LSP is not generated by an authenticated node, the method further includes the step of setting a lifetime expiration timer of the LSP to zero.

An overlay to existing infrastructure that establishes trusted paths in a communication network to fulfill a fundamental need to identify and protect a trusted plane of devices and/or applications on a need specific basis is described. Establishing trusted paths operationally fulfills a fundamental need to identify and protect a trusted plane of devices and/or applications on a need specific basis as an overlay to the existing relatively unsecured network.

A system, method, and non-transitory computer readable storage medium for privacy preserving routing of a data packet. The data packet may comprise a packet header and a data payload; the packet header comprising at least a homomorphically encrypted final destination address of a final destination device. An intermediate routing device may receive the data packet. At the intermediate routing device, in a non-TEE, homomorphic computations may be performed to determine a homomorphically encrypted address of a next intermediate routing device. At the intermediate routing device, in a TEE, one or more secret homomorphic decryption keys may be stored and used to decrypt the homomorphically encrypted address of the next address of the next intermediate routing device. The data packet may be transmitted to the decrypted address of the next intermediate routing device according to an updated packet header with the unencrypted address of the next intermediate routing device in the sequence.

A request generated by an unmanaged app to access a resource is received from a mobile device. A notification is sent to the mobile device. A device level VPN connection to the mobile device is established. A unique identifier is associated with the device level VPN. App level traffic received via the device level VPN is tagged with the unique identifier. Access to the resource is allowed in response to the request based at least in part on a determination based on the tags that app level traffic from a trusted app and app level traffic from the unmanaged app are associated with the same mobile device.

A request generated by an unmanaged app to access a resource is received from a mobile device. A notification is sent to the mobile device. A device level VPN connection to the mobile device is established. A unique identifier is associated with the device level VPN. App level traffic received via the device level VPN is tagged with the unique identifier. Access to the resource is allowed in response to the request based at least in part on a determination based on the tags that app level traffic from a trusted app and app level traffic from the unmanaged app are associated with the same mobile device.

Systems, apparatuses, and methods are described for configuring route selection policies. A user device may send, to a computing device, a route selection policy request to update route selection policy rules for applications and/or services of the user device. The computing device may determine the route selection policy rules for the applications and/or services based on various criteria. The computing device may send the determined route selection policy rules to the user device. If the user device does not accept the determined route selection policy rules, the user device may send, to the computing device, a negotiation request to obtain other route selection policy rules for the applications and/or services.

Embodiments of communication systems are disclosed for protecting communication between an implanted device ID and an external device ED. For example, a one way Transcutaneous energy transfer TET link may be used to secure two way communication over a radio channel. Optionally, the TET link may be protected from intrusion by a malicious party. For example, the TET link may be over a medium that decays very quickly over distance. In some embodiments, the TET link is used to pass an encryption key and/or to verify communications over the two-way radio channel. The TET channel may be authenticated. For example, authentication may include a minimum energy and/or power transfer.

Embodiments of communication systems are disclosed for protecting communication between an implanted device ID and an external device ED. For example, a one way Transcutaneous energy transfer TET link may be used to secure two way communication over a radio channel. Optionally, the TET link may be protected from intrusion by a malicious party. For example, the TET link may be over a medium that decays very quickly over distance. In some embodiments, the TET link is used to pass an encryption key and/or to verify communications over the two-way radio channel. The TET channel may be authenticated. For example, authentication may include a minimum energy and/or power transfer.

Embodiments of this application disclose an air interface information security protection method and apparatus, to protect security performance of air interface information sent by a terminal to a base station. in an embodiment, a terminal determines a first message authentication code (MAC) value based on a security key and air interface information, where the security key is a non-access stratum (NAS) security key between the terminal and a core network device; and the terminal sends the air interface information and the first MAC value to a base station.

Embodiments of this application disclose an air interface information security protection method and apparatus, to protect security performance of air interface information sent by a terminal to a base station. in an embodiment, a terminal determines a first message authentication code (MAC) value based on a security key and air interface information, where the security key is a non-access stratum (NAS) security key between the terminal and a core network device; and the terminal sends the air interface information and the first MAC value to a base station.