The invention enables a device to discover one or more other devices within range for a device-to-device mode of communication. This proximity discovery may trigger a target device, e.g. to start listening to signals from a source device or perform any other action based on the proximity discovery like e.g. charging at a toll gate. A source device that wants to be discovered broadcasts a message including an identifier or a representation of the identifier. This identifier may be an identifier of the target device to be contacted or of the source device or a derivation thereof or a common security association used by a set of peers. The target device compares the broadcast identifier with a known identifier to establish proximity discovery.

A virtual private router (VPR) intercepts DNS requests and returns a pseudo IP address to the requesting application and the pseudo IP address is mapped to a domain name in the request. Requests for content including the pseudo IP address are modified to include the corresponding domain name and transmitted to an intermediary server, which resolves the domain name to a real IP address and forwards the content request. The content is received by the intermediary server, which returns it to the requesting application, such as by way of the VPR. Real IP addresses may be returned by the intermediary server such that subsequent content requests to the domain name may bypass the intermediary server. Requests for certain domains, ports, and/or protocols may bypass the intermediary server such that the VPR resolves the domain names to real IP addresses.

In a wireless docking system a host (100) is arranged for docking a dockee (120) and relaying data packets from the dockee to an audio/video peripheral (110,111,112). The host is arranged for using a first host interne protocol [IP] address as address for the host for the wireless communication while docking the dockee, and using a second host IP address as address for the host for the wireless communication for setting up a direct connection to the audio/video peripheral, while the host operates as an audio/video data source towards the peripheral, and providing the second host IP address to the dockee. The dockee is arranged for using the second host IP address as source IP address for the dockee for exchanging data packets with the audio/video peripheral while transferring the data packets via the host. The audio/video peripheral can keep on using the same destination IP address and is not aware of actually communicating with the dockee.

A network address translation (NAT) gateway intercepts packets and determines whether they contain multicast domain name server (mDNS) query or response messages. Upon receiving an mDNS message, the NAT gateway performs address translation to assign a new source address and stores the original source address in a translation table. The NAT gateway then forwards the message to all adjacent networks in order to expand the reach of the packet. If the mDNS messages establish a new client-server connection, the NAT gateway brokers the connection by either acting as a proxy or continuing to perform network address translation.

This application discloses a method and a device for performing domain name resolution by sending a key value to a GRS server, and relates to the field of mobile communications, to ensure proper business running on an electronic device, ensure network security, and protect user privacy. A solution is as follows: After receiving an input of a user, the electronic device may obtain a key value and an identifier in response to the input, where the identifier may be an IP address or a domain name. In this case, the electronic device may send the key value to a GRS server identified by the identifier, so that the GRS server performs domain name resolution to return the IP address. Based on the returned IP address, the electronic device can access a resource on a server identified by the IP address, to provide the business service for the user.

A managed directory service obtains a request to generate a first account of a first directory within a first network. In response to the request, the managed directory service creates the first account within the first directory. From the request, the managed directory service also obtains credential information of a second account of a second directory within a second network. The managed directory service updates the first account to include this credential information to enable the first account to be used to access the second directory within the second network.

Systems and methods for protecting sensitive mobile applications from attack include incorporating private application access software in a mobile application that operates on a user device to provide functionality to an end user, the functionality is separate from the private application access; deploying application connectors in front of a private application that is accessed by the mobile application; responsive to a request to access the private application, authenticating the end user through the mobile application; and, responsive to authentication, providing access to the private application through the mobile application via a plurality of secure tunnels. The application connectors are configured to only provide outbound connections, thereby protecting the private application from the attack. The request to access is received via a cloud-based system which is configured to drop any invalid request, thereby protecting the private application from the attack.

Systems and methods include receiving a request, in a cloud system from a first device, to access a second device; determining if the first device is permitted to access the second device; if the first device is not permitted to access the second device, notifying the first device the second device does not exist; and, if the first device is permitted to access the second device, stitching together connections between the cloud system, the first device, and the second device to provide access to the second device for the first device, wherein the connections are implemented through the cloud-based system.

The present disclosure relates to a 5G or pre-5G communication system to be provided for supporting a data transmission rate higher than that of a 4G communication system such as LTE. A method, according to one embodiment of the present invention, is a method for authenticating an electronic device which receives an edge computing service from an authentication server of a mobile communication system, wherein the method may comprise the steps of: performing first authentication (403) of the electronic device by means of authentication and key agreement (AKA) with the electronic device, and, when the first authentication is successful, providing first authentication information to the electronic device; and performing second authentication (411) for the edge computing service of the electronic device, and, when the second authentication is successful, providing the electronic device with second authentication information which includes an access token for authentication of the edge computing service.

A method for obtaining and maintaining Internet protocol (IP) address pools and using the IP address pools to respond to IP address allocation requests from service management functions (SMFs) includes, at an IP address provider microservice implemented using at least one processor, obtaining from dynamic host configuration protocol (DHCP) servers, a plurality of IP addresses and corresponding IP address leases and storing the IP addresses in IP address pools. The steps further include maintaining the IP address leases. The method further includes receiving, from an SMF, a request for allocation of an IP address. The method further includes allocating one of the IP addresses from one of the pools to the SMF. The method further includes communicating the IP address to the SMF.