Systems and methods for detecting and interfering with compromised devices and unauthorized device relocation in a communication network are disclosed. The described embodiments may be deployed in a content delivery network where receivers have been compromised in a manner that renders the conditional access system (CAS) inoperative at controlling the receivers' ability to receive content. In some embodiments, alternate commands not protected by the CAS system may be used to detect hacked devices and interdict same. In some embodiments, service devices in the content delivery network may allow for detection of unauthorized device relocation.

Identifying suspicious activity in utilizing a load testing service can include establishing an amount of domain calls to a domain, modifying the amount, and blocking domain calls exceeding the amount.

Identifying suspicious activity in utilizing a load testing service can include establishing an amount of domain calls to a domain, modifying the amount, and blocking domain calls exceeding the amount.

A dual-mode communication device adapted for communication over a public network, wherein the dual-mode communication device is adapted to be operated in a normal mode and in an obfuscated mode. The dual-mode communication device includes a processor and a network interface device. The processor develops a frame from a payload received by the dual-communication device and, if the dual-mode communication device is operating in the obfuscated mode, an obfuscated frame from the frame. The frame and the obfuscated frame comprise a preamble that conforms with protocols associated with the public network and the processor. A network interface transmits one of the frame or the obfuscated frame using the public network. The payload may be extracted from the frame by any receiving device operating in the normal mode in the public network and the payload may be extracted from the obfuscated frame only by another communication device also operating in the obfuscated mode in the public network.

A dual-mode communication device adapted for communication over a public network, wherein the dual-mode communication device is adapted to be operated in a normal mode and in an obfuscated mode. The dual-mode communication device includes a processor and a network interface device. The processor develops a frame from a payload received by the dual-communication device and, if the dual-mode communication device is operating in the obfuscated mode, an obfuscated frame from the frame. The frame and the obfuscated frame comprise a preamble that conforms with protocols associated with the public network and the processor. A network interface transmits one of the frame or the obfuscated frame using the public network. The payload may be extracted from the frame by any receiving device operating in the normal mode in the public network and the payload may be extracted from the obfuscated frame only by another communication device also operating in the obfuscated mode in the public network.

According to an embodiment, a communication system includes a first communication control apparatus connected between a network connection apparatus and a first client apparatus, a second communication control apparatus connected between the network connection apparatus and a second client apparatus, and a communication control management apparatus that is connected to the network connection apparatus and manages communication by the first communication control apparatus and second communication control apparatus. The communication control management apparatus monitors communication based on management information defining regular communication between the first client apparatus and the second client apparatus as communication by the first packet including the first virtual tag, and defining regular communication between the communication control management apparatus and the first communication control apparatus or second communication control apparatus as communication by the second packet including the second virtual tag.

According to an embodiment, a communication system includes a first communication control apparatus connected between a network connection apparatus and a first client apparatus, a second communication control apparatus connected between the network connection apparatus and a second client apparatus, and a communication control management apparatus that is connected to the network connection apparatus and manages communication by the first communication control apparatus and second communication control apparatus. The communication control management apparatus monitors communication based on management information defining regular communication between the first client apparatus and the second client apparatus as communication by the first packet including the first virtual tag, and defining regular communication between the communication control management apparatus and the first communication control apparatus or second communication control apparatus as communication by the second packet including the second virtual tag.

Services from domainless machines are made available in a security domain under a virtual name. Each machine is not joined to the domain but can reach a security domain controller. The controller controls at least one security domain using an authentication protocol, such as a modified Kerberos protocol. One obtains a set of security domain credentials, generates a cluster name secret, gives the cluster a virtual name, and authenticates the machines to the domain controller using these items. In some cases, authentication uses a ticket-based protocol which accepts the cluster name secret in place of a proof of valid security domain membership. In some, the domain controller uses a directory service which is compatible with an active directory service; the cluster virtual name is provisioned as an account in the directory service. The cluster virtual name may concurrently serve clients on different security domains of the directory service.

Systems, methods and computer-readable media are disclosed for performing single sign-on processing between associated mobile applications. The single sign-on processing may include processing to generate an interaction session between a user and a back-end server associated with a mobile application based at least in part on one or more existing interaction sessions between the user and one or more back-end servers associated with one or more other mobile applications. In order to establish an interaction session with an associated back-end server, a mobile application may leverage existing interaction sessions that have already been established in connection with the launching of other associated mobile applications.

Systems and methods for managing and providing content and services on a network system. Aspects of the invention include controlling user perceived connection speed. Other aspects of the invention include authorization and authentication components that determine access rights of client computers. Additional aspects include systems and methods for directing client computers to select connection speed. The disclosed systems and methods may be used in numerous network system applications.