Methods, systems, and computer program products for managing Internet of Things (IoT) network-connected devices.

Systems and methods are described for the generation of domain names that may be associated with a particular user device and may be encrypted to obfuscate the domain names of content requested by the user device.

Systems and methods are described for detecting domain name impersonation in the domain name system (DNS). A nefarious party may register a domain name in the DNS that impersonates a domain name associated with a company in an attempt to lure users to malicious destination network addresses based on their trust of that company. This may lead to the dilution of the company's online presence as its domains come to be associated with malicious activity. In embodiments, a system is described which receives inputs from a subscriber including the domain names the subscriber wishes to protect, ignore, or give special scrutiny to. The system receives instances of domain names registered in the DNS and performs methods to determine if the domain name is attempting to impersonate the domain names of the subscriber. Alerts are generated so that the subscriber may take corrective action.

The subject technology provides an in-place encoding of a network identifier that compresses the network identifier without mapping the network identifier to a another server or service, such as URL shortening service. The network identifier may be compressed using segmented encoding operations that segment the network identifier, and encode the characters of the network identifier using a first set of encoding operations for a first portion of the network identifier and a second set of encoding operations for a second portion of the network identifier. Template encoding may also be provided for network identifiers that conform to a predefined template format.

The subject technology provides an in-place encoding of a network identifier that compresses the network identifier without mapping the network identifier to a another server or service, such as URL shortening service. The network identifier may be compressed using segmented encoding operations that segment the network identifier, and encode the characters of the network identifier using a first set of encoding operations for a first portion of the network identifier and a second set of encoding operations for a second portion of the network identifier. Template encoding may also be provided for network identifiers that conform to a predefined template format.

A method performed by a first node implementing a first NF in a visited network (VPLMN) for communicating with a third node implementing a second NF in a home network (HPLMN) is provided. Embodiments include: determining that the third node should be communicated with; sending, towards a second node implementing a Security Edge Protection Proxy (SEPP) in the visited network, a request for a telescopic FQDN for the third node in the home network to be used by the first node in the visited network to communicate with the third node in the home network, which request comprises a FQDN of the third node in the home network; receiving, from the second node, a telescopic FQDN for the third node wherein the FQDN for the third node in the home network is flattened to a single label to be used by the first node to communicate with the third node.

A server-side technique to detect and mitigate client-side content filtering, such as ad blocking. In operation, the technique operates on a server-side of a client-server communication path to provide real-time detect the existence of a client filter (e.g., an ad blocker plug-in) through transparent request exchanges, and then to mitigate (defeat) that filter through one or operations designed to modify the HTML response body or otherwise obscure URLs. Preferably, the publisher (the CDN customer) defines one or more criteria of the page resources being served by the overlay (CDN) and that need to be protected against the client-side filtering.

A server-side technique to detect and mitigate client-side content filtering, such as ad blocking. In operation, the technique operates on a server-side of a client-server communication path to provide real-time detect the existence of a client filter (e.g., an ad blocker plug-in) through transparent request exchanges, and then to mitigate (defeat) that filter through one or operations designed to modify the HTML response body or otherwise obscure URLs. Preferably, the publisher (the CDN customer) defines one or more criteria of the page resources being served by the overlay (CDN) and that need to be protected against the client-side filtering.

A content delivery method including the operations of receiving a uniform resource locator resolution request at an authoritative name server for a domain where the uniform resource resolution request is received based, at least in part, on a host name of the uniform resource resolution request where the host name is uniquely related to a resource associated with the uniform resource resolution request. The method further including the operation of tracking a popularity of the resource based on the host name uniquely related to the resource and providing a location within a network capable of delivering the resource where the provided location is based on the popularity of the resource.

A method is provided that includes obtaining an access request for a device to access a visited access network, the access request including an authentication identifier for the device including an identity for the device and a realm comprising a network identifying portion; determining a re-write rule for the realm by querying a database based on an identity type of the device and the network identifying portion of the realm, the database including a plurality of re-write rules for a plurality of networks and a plurality of identity types; re-writing the realm based on the re-write rule using the identity for the device to generate a re-written realm; obtaining, based on the re-written realm, an address for an authentication server of an identity provider associated with the device; and performing an authentication with the authentication server using the authentication identifier to authenticate the device for the visited access network.