An access point for a private network onboards a wireless device obtaining a connection request from the wireless device and detecting a standardized identifier that indicates the wireless device is unprovisioned for access to the private network. The access point disables an authentication protocol for granting access to the wireless device on the private network and limits access of the private network by the wireless device to accessing a provisioning server. The access point provides a connection response to the wireless device that indicates limited access to the private network.

Methods and systems may be provided to receive a first client request for a first service. A unicast mDNS query response may be provided to the first client, wherein the query response comprises information indicative of a denial of the first service and the query response is available for display to the first client.

A method is disclosed for more efficiently and economically transporting data on a network using network access links between the first switch, which is the entry point of the network, and an end-user device, which is either on a fixed link on a customer premises or is a mobile device. The method includes terminating one or more protocol sessions at the first switch and removing corresponding packet headers. The first switch creates a substitute packet, adding a substitute header that identifies the transport path and the communications connection. Removed headers are not delivered to the end-user device which processes received substitute packets into usable streams based on the substitute header.

Some embodiments provide a novel method for distributing control-channel communication load between multiple controllers in a network control system. In some embodiments, the controllers manage physical forwarding elements that forward data between several computing devices (also called hosts or host computers), some or all of which execute one or more virtual machines (VMs). The method of some embodiments distributes a controller assignment list to the host computers. The host computers use this list to identify the controllers with which they need to interact to perform some of the forwarding operations of their associated logical forwarding elements. In some embodiments, agents executing on the host computers (1) review the controller assignment list to identify the appropriate controllers, and (2) establish control channel communications with these controllers to obtain the needed data for effectuating the forwarding operations of their associated physical forwarding elements. These agents in some embodiments are responsible for out-of-band control channel communication with the controllers.

A domain-name-based network-connection attestation system provides for more user friendly and less error prone (compared to IP-address-based attestation systems) updating of a whitelist used to determine whether or not to allow a requested network connection. A guest agent extracts from a DNS reply a domain name, and an IP address mapped to a domain name. The agent enters these values in an agent DNS cache. When a process requests a connection to an IP address, the agent uses the IP address to determine the domain name from the agent DNS cache. The agent then determines whether the IP address is mapped to the process identity in a domain-name-based whitelist. If it is, the connection is attested to and allowed; if it is not, a secondary IP address whitelist can be checked.

A domain-name-based network-connection attestation system provides for more user friendly and less error prone (compared to IP-address-based attestation systems) updating of a whitelist used to determine whether or not to allow a requested network connection. A guest agent extracts from a DNS reply a domain name, and an IP address mapped to a domain name. The agent enters these values in an agent DNS cache. When a process requests a connection to an IP address, the agent uses the IP address to determine the domain name from the agent DNS cache. The agent then determines whether the IP address is mapped to the process identity in a domain-name-based whitelist. If it is, the connection is attested to and allowed; if it is not, a secondary IP address whitelist can be checked.

A system for distributed domain name address resolution, including top-level domain name address resolution, and method for use of the same are disclosed. In one embodiment of the system, a blockchain stores distributed domain names with respective Internet Protocol address information. A smart contract, which defines shared logic to execute operations on the blockchain, runs on the blockchain. With respect to distributed domain names, the system may perform read operations to identify the Internet Protocol address information, create operations to create a new distributed domain name with respective Internet Protocol address information, delete operations to remove a distributed domain name, and update operations to update the mapping between a distributed domain name and the respective Internet Protocol address information.

A system for distributed domain name address resolution, including top-level domain name address resolution, and method for use of the same are disclosed. In one embodiment of the system, a blockchain stores distributed domain names with respective Internet Protocol address information. A smart contract, which defines shared logic to execute operations on the blockchain, runs on the blockchain. With respect to distributed domain names, the system may perform read operations to identify the Internet Protocol address information, create operations to create a new distributed domain name with respective Internet Protocol address information, delete operations to remove a distributed domain name, and update operations to update the mapping between a distributed domain name and the respective Internet Protocol address information.

QR codes or the like are used in hardlink applications, by which different users may receive different information in response to a user’s interaction with a touchpoint. The content delivered to a particular user in response to a hardlink code or a presented hyperlink may be dependent on the time of the scan, the geographic location of the user, a weather condition at the geographical location, personal information associated with the user, a number of previous scans of the code by prior individuals, and any combination of the these or other variables, which may be determined by an originator of the QR code or other party. User devices may be re-directed to alternate content or network addresses based on one or more programmed conditions.

QR codes or the like are used in hardlink applications, by which different users may receive different information in response to a user’s interaction with a touchpoint. The content delivered to a particular user in response to a hardlink code or a presented hyperlink may be dependent on the time of the scan, the geographic location of the user, a weather condition at the geographical location, personal information associated with the user, a number of previous scans of the code by prior individuals, and any combination of the these or other variables, which may be determined by an originator of the QR code or other party. User devices may be re-directed to alternate content or network addresses based on one or more programmed conditions.