US Patent 11671451 Server/client resolution for link level security protocol

A secure communication channel is established between network devices separated by an unsecured physical space by dynamically performing server/client resolution based on comparison of unique identifiers of the devices. After a link between a first network device and a second network device is established, the devices exchange start frames in accordance with a network security protocol such as the Media Access Control Security (MACsec) protocol. Comparison logic at the first network device compares a value of a unique identifier of the first network device to a value of a unique identifier of the second network device obtained from the start frame transmitted by the second network device, and vice versa. Based on the comparison, one of the devices assumes a server/authenticator role, and the other device assumes a client/supplicant role. The devices operate in their determined roles to perform an authentication process and thereby establish a secure communication channel.