This application provides a network access control method. Before a second device accesses a target to-be-accessed device in an internal network, authentication is first performed on the second device by using a local domain name carried in a domain name request packet. Only when the local domain name is authenticated, an IP address of the second device and an IP address of the target device to be accessed by the second device are recorded in forwarding information. Therefore, when a data request packet is received, it may be determined, based on a source IP address, a destination IP address, and the forwarding information that are carried in the data request packet, whether to forward the data request packet.

Various techniques for detecting homographs of domain names are disclosed. In some embodiments, a system, process, and/or computer program product for detecting homographs of domain names includes receiving a DNS data stream, wherein the DNS data stream includes a DNS query and a DNS response for resolution of the DNS query; applying a homograph detector for each domain in the DNS data stream; and detecting a homograph of a domain name in the DNS data stream using the homograph detector.

A system, method, and computer-readable medium for resolving an identity of an entity, comprising: parsing entity identifier information, the parsing generating entity identifier elements from the entity identifier information; classifying an entity identifier element with an entity identifier element type; normalizing an entity identifier element to provide a normalized entity identifier element; and, associating the normalized entity identifier element with an entity to resolve the identity of the entity.

A method, reception apparatus, and computer-readable medium for communicating with a server to download or upload data. The method includes acquiring a URI (Uniform Resource Identifier) message that includes a DNS (Domain Name System) name registered with the IANA (Internet Assigned Numbers Authority). A URL (Uniform Resource Locator) is generated based on the registered DNS name in the acquired URI message and a predetermined domain name. The data is downloaded from, or uploaded to, the server using the generated URL.

A method in a proxy call session control function, P-CSCF, of handling an unauthenticated emergency call originating from a roaming user equipment that is not attached to the P-CSCF. The P-CSCF receives a session initiation protocol (SIP) REGISTER request from the UE, where the REGISTER request relating to the emergency registration. The P-CSCF determines an IP address of the UE. The P-CSCF sends an identity query to a policy and charging rules function (PCRF) indicating the IP address of the UE and requesting other identifiers of the UE. The P-CSCF receives one or more other identifiers of the UE from the PCRF. The P-CSCF obtains a

TEL and/or SIP uniform resource identifier (URI) for the UE on the basis of at least one of the one or more other identifiers. The P-CSCF sends a 200 OK response to the UE in response to the SIP REGISTER request, where the 200 OK response includes the TEL and/or SIP URI. Also provided are corresponding methods in other nodes and for authenticated emergency calls, and apparatus for implementing the methods.

Various arrangements for performing secure domain name system (DNS) routing are presented. A secure signature may be generated using an internet protocol (IP) address of an authorized device. An encoded character string may be generated that comprises the IP address. The domain name server may receive a request for an IP address mapped to the hostname. The hostname may be validated using the secure signature. The IP address of the authorized device may be decoded from the encoded character string at least partially in response to the hostname being validated by the domain name server. The IP address decoded from the encoded character string may be transmitted at least partially based on the hostname being validated and the request for the IP address.

The present disclosure relates to a base station in a cellular communication network and methods of operation thereof. In one embodiment, a base station determines that the base station is transitioning to an unavailable state. The base station then notifies one or more radio network nodes with which the base station conducts base-station-to-node communication that the base station is unavailable. Thereafter, in one embodiment, the one or more radio network nodes cease communication attempts with the base station. In this manner, the radio network nodes can avoid spending additional resources on attempts to re-establish communication connections to base stations that tend to be offline more often (e.g., low-power base stations (LP-BSs)).

The present disclosure relates generally to communication with payment terminals via TCP/IP protocol. Using network technology and novel processes, in particular embodiments, the present systems and methods facilitate local network discovery and communication between a payment terminal and an electronic cash register (ECR) via a browser. For example, in certain embodiments, the present systems and methods leverage TCP/IP network technology to securely facilitate communications between SaaS ECR software running in a browser environment and one or more payment terminals.

Various techniques for detecting homographs of domain names are disclosed. In some embodiments, a system, process, and/or computer program product for detecting homographs of domain names includes receiving a DNS data stream, wherein the DNS data stream includes a DNS query and a DNS response for resolution of the DNS query; applying a homograph detector for each domain in the DNS data stream; and detecting a homograph of a domain name in the DNS data stream using the homograph detector.

In one aspect, the present disclosure relates to a method comprising: receiving a first request from a client device; generating a plurality of uniform resource locators (URLs), each of the plurality of URLs comprising an encoded representation of a network address associated with a respective node from a plurality of nodes in a computer cluster; sending a first response to a client device, the first response comprising the plurality of URLs; receiving a second request from the client device, the second request comprising a first URL from the plurality of URLs; determining the second request should be routed to a first network address based on decoding the first URL, the first network address associated with a first node from the plurality of nodes; and forwarding the second request to the first node in response to the determining.