A method of communicating in a secure communication system, comprises the steps of assembling a message at a sender, then determining a security level, and including an indication of the security level in a header of the message. The message is then sent to a recipient.

A method for software-based emulation of media access control security (MACsec) includes generating, using a software-based emulated MACsec packet generator, a plurality of emulated MACsec packets, each of the emulated MACsec packets including a MACsec header having a packet number field value that remains fixed across the emulated MACsec packets. The method further includes configuring a device under test to accept plural MACsec packets with the same MACsec packet number field value. The method further includes transmitting the emulated MACsec packets to the device under test (DUT). The method further includes determining whether the DUT responds correctly to the emulated MACsec packets given a replay protection configuration of the DUT. The method further includes generating test output based on a result of the determination.

A network server is provided. The network server includes at least one processor in communication with at least one memory device. The network server is programmed to receive an access request originating from a user device, perform an authentication process for connecting with the user device, transmit, to the user device, a request message for a media access control (MAC) address of the user device, receive, from the user device, a response message including the MAC address of the user device, and determine whether to grant the access request based on the MAC address of the user device.

A hybrid network communication method is disclosed. A gateway device receives a first association request of a multimode device through a first physical interface, where the first association request includes a MAC address of a second physical interface of the multimode device. The gateway device receives a second association request of the multimode device through a third physical interface, where the second association request includes a MAC address of a fourth physical interface of the multimode device. The gateway device obtains an IPv6 address of the multimode device, and records a first correspondence and a second correspondence. The first correspondence includes the IPv6 address of the multimode device, the MAC address of the second physical interface, and the first physical interface. The second correspondence includes the IPv6 address of the multimode device, the MAC address of the fourth physical interface, and the third physical interface.

Techniques for increasing security for pre-authenticated links are disclosed herein. Computing systems that generate pre-authenticated links are configured to assign an entity identifier to pre-authenticated links to specify an entity permitted to access respective data through the pre-authenticated link. When activating a respective pre-authenticated link, an entity attaches an entity token to the request to prove an identity of the requesting entity. If the identity from the entity token matches the entity identifier, the computing system may grant access to the respective data.

Methods, computer program products, and apparatuses are provided for enabling a user equipment (UE) to connect to the wireless access network that support non-seamless wireless local area network (WLAN) offload (NSWO), such as using the UE's fifth generation (5G) credentials. An apparatus may include a processor and a memory storing computer program code configured to cause the apparatus to request, by the UE, a wireless connection to a network entity; receive, by the UE, from the network entity, an identity request; and in response to the identity request, cause transmission, by the UE, an identity response including a UE identifier to the network entity such that the UE is configured to establish a security context with the network entity upon successful authentication using the UE identifier.

A network node configured to perform a process that includes receiving a PDU Session Establishment Request message for establishing a PDU session, wherein the PDU Session Establishment Request message was transmitted by a UE and includes a PDU session ID. The process also includes communicating a Session Management (SM) Request comprising the PDU Session Establishment Request to an SMF. The process also includes receiving from the SMF a message that includes: i) the PDU Session ID identifying the PDU session, ii) a PDU Session Establishment Accept message, and iii) a user plane (UP) security policy for the PDU session, wherein the UP security policy for the PDU session indicates: i) whether UP confidentiality protection shall be activated or not for all data radio bearers (DRBs) belonging to the PDU session, and/or ii) whether UP integrity protection shall be activated or not for all data radio bearers (DRBs) belonging to the PDU session.

The present disclosure is directed to systems and methods for transparent Provider Backbone Bridge forwarding of MACsec key exchanges over public Ethernet provider backbones. The method includes the steps of receiving, at a first PBB device, an Ethernet frame from a first edge router for transmission to a second edge router via a MACsec connection, the Ethernet frame comprising a plurality of fields; performing a lookup of one or more fields of the plurality of fields to determine a match with one or more pre-defined values; determining that the one or more fields of the Ethernet frame match the one or more pre-defined values; rewriting the one or more fields of the Ethernet frame to one or more open values operable to allow the Ethernet frame to be transmitted to a next hop device; and transmitting the Ethernet frame to the next hop device.

In an embodiment, a method comprises intercepting, from a first computer, a first set of instructions that define one or more original operations, which are configured to cause one or more requests to be sent if executed by a client computer; modifying the first set of instructions to produce a modified set of instructions, which are configured to cause a credential to be included in the one or more requests sent if executed by the client computer; rendering a second set of instructions comprising the modified set of instructions and one or more credential-morphing-instructions, wherein the one or more credential-morphing-instructions define one or more credential-morphing operations, which are configured to cause the client computer to update the credential over time if executed; sending the second set of instructions to a second computer.

Transmitting node (120) and receiving node (121) for handling LLDP messages in a communication network (100). The transmitting node (120) transmits a LLDP message to the receiving node (121), which LLDP message comprises security related information enabling to verify authenticity of the transmitting node (120). The receiving node (121) receives one or more LLDP messages, at least one comprising security related information enabling to verify authenticity of the transmitting node (120; 124) that transmitted the LLDP message.