Abstract: A data communication system uses Border Gateway Protocol (BGP) and Network Function Virtualization (NFV). A first BGP Virtual Machine (VM) in a first NFV computer system transfers NFV request data in first BGP signaling for delivery to a second BGP VM in a second NFV computer system. The second BGP VM in the second NFV computer system processes the NFV request data and responsively transfers NFV time-slice data for the second BGP VM in second BGP signaling for delivery to the first BGP VM in the first NFV computer system. The first BGP VM in the first NFV computer system verifies the NFV time-slice data for the second BGP VM and performs a BGP state process only if the NFV time-slice data for the second BGP VM is verified. A Hardware Root of Trust (HRoT) verification for the second BGP VM may be also performed using the BGP signaling.

Abstract: Systems, methods, and software for operating communication systems are provided herein. In one example, method of operating a communication system to establish secure communications between a first user device communicating in a first communication network and a second user device communicating in a second communication network is presented. The method includes, responsive to a communication request received from the first user device, establishing a secure communication link between the first user device and a first security node. When a second security node has a security relationship established with the first security node, the method includes establishing the secure communication link for the secure communications between the first user device and the second user device using at least the security relationship between the first security node and the second security node, and exchanging the secure communications over the secure communication link.

Abstract: A Long Term Evolution (LTE) communication network transfers data communications for User Equipment (UE). An LTE gateway system exchanges hardware trust data with a server system to maintain hardware trust for the LTE gateway system. An LTE access node processes a Radio Resource Control (RRC) message that contains a trusted bearer requirement for the UE to generate an S1 Application Protocol (S1-AP) initial UE message that contains the trusted bearer requirement for the UE. An LTE management node processes the S1-AP initial UE message to generate a General Packet Radio Service Transfer Protocol (GTP) create session message that contains the trusted bearer requirement for the UE. The LTE gateway system exchanges user data for the UE between the LTE access node and a communication node responsive to the GTP create session message.

Abstract: A data communication system has data processing circuitry to transfer data communications. Trust modules establish and maintain network trust of the data processing circuitry. A Network Function Virtualization (NFV) system executes hypervisors to establish and maintain an NFV processing environment in the data processing circuitry. A Software Defined Network (SDN) system executes SDN applications, SDN controllers, and SDN data machines in the data processing circuitry during NFV slices to transfer the data communications. The data communication system maintains a data structure that associates, based on execution relationships, individual blocks of the data processing circuitry, the trust modules, the hypervisors, the NFV slices, the SDN applications, the SDN controllers, and the SDN data machines. The database may be queried for the hardware trust data related to specific NFV and SDN software modules.

Abstract: A data communication network has computer systems that process virtual network elements during network processing time cycles to forward data communication packets for user data services. The computer systems process hardware-embedded codes during the network processing time cycles to identify the computer systems. A security server validates the computer system identities for the virtual network elements. A database system maintains a distributed data structure that individually associates the data services, the computer systems, the virtual network elements, and the computer system validities. The security server and the database system could be discrete systems or they may be at least partially integrated within the computer systems where they would typically execute during different processing time cycles from the virtual network elements.

Abstract: Examples disclosed herein provide systems, methods, and software to handoff virtual machines between hypervisors. In one implementation, a method of transitioning a virtual machine from a first hypervisor to a second hypervisor includes identifying a request to transition the virtual machine from the first hypervisor to the second hypervisor. The method further provides determining security trust requirements for the virtual machine, and exchanging trust information between the first hypervisor and the second hypervisor. The method further provides determining if the second hypervisor can support the virtual machine based on the security trust requirements and the trust information, and transitioning the device to the second hypervisor if the second hypervisor can support the virtual machine.

Abstract: Systems, methods, and software for operating environmental sensor systems are provided herein. In one example, a method is provided that includes monitoring environmental conditions to detect a trigger condition and transferring an access request for delivery to a data system responsive to the trigger condition. The method also includes receiving a security challenge transferred by the data system, and in response, transferring a security answer for delivery to the data system that includes a hash result generated using one of the security keys, and receiving a security grant transferred by the data system indicating one of the hash results. The method also includes selecting an environmental sensor function based on an association with one of the security keys used to generate the hash result indicated in the security grant, performing the environmental sensor function to obtain sensor data, and transferring the sensor data for delivery to the data system.

Abstract: Examples disclosed herein provide systems, methods, and software for initiating communication for a secured application. In one example, a method for initiating communication on a wireless communication device includes identifying a communication request for a secured application and selecting one or more radio transceivers for the communication request. The method further provides initializing the one or more radio transceivers to search for availability data based on an open operating system command and identifying an appropriate transceiver based on the availability data. The method further includes initializing a communication for the secured application using the appropriate transceiver.

Abstract: A first Network Function Virtualization (NFV) computer system generates Hardware Root-of-Trust (HRoT) challenge data and transfers the HRoT challenge data in first Border Gateway Protocol (BGP) signaling to a second NFV computer system. The second NFV computer system identifies a physically-embedded HRoT code and generates an HRoT result based on the challenge data and code. The second NFV computer system transfers second BGP signaling having the HRoT result to the first NFV computer system. The first NFV computer system compares the HRoT result from the second BGP signaling to target HRoT data. The first NFV computer system executes a BGP process based on the second BGP signaling if the HRoT result corresponds to the target HRoT data. In some examples, the NFV computer systems also exchange the BGP signaling to verify NFV time slices for BGP Virtual Machines (VMs).

Abstract: Examples disclosed herein provide systems, methods, and software for rolling over a data communication from one communication network to another. In one example, a wireless communication device may initiate a Voice over Long Term Evolution communication using Long Term Evolution or LTE. However, during the communication, the device may be required to transition to a different communication format such as CDMA2000. In response to this transition, an IP multimedia subsystem is configured to gather information about the subscriber equipment and provide this information to a media gateway controller to transition the communication.

Abstract: Systems, methods, and software for operating communication systems are provided herein. In one example, method of operating a communication system to establish secure communications between a first user device communicating in a first communication network and a second user device communicating in a second communication network is presented. The method includes, responsive to a communication request received from the first user device, establishing a secure communication link between the first user device and a first security node. When a second security node has a security relationship established with the first security node, the method includes establishing the secure communication link for the secure communications between the first user device and the second user device using at least the security relationship between the first security node and the second security node, and exchanging the secure communications over the secure communication link.

Abstract: A communication network processes intermediate security data from intermediate access nodes on a communication path between a network access node and an end-point device to determine if the intermediate access nodes are authorized. If the intermediate access nodes are authorized, then the network processes end-point security data from the end-point device to determine if the end-point device is authorized. If the end-point device is authorized, then the network processes end-point tethering data from the end-point device to determine if any tethered communication devices are coupled to the end-point device. If the end-point device is not coupled to any tethered communication devices, then the network authorizes a data transfer session for the end-point device over the communication path. If the end-point device is coupled to a tethered communication device, then the network denies authorization for the data transfer session over the communication path for the end-point device.

Abstract: A wireless communication device displays network names and accounting names and responsively receives user inputs indicating user-priority for network names and accounting names. The device wirelessly attaches to a first one of the wireless access systems having a first one of network names and a first one of System Identifiers (SIDs) and responsively receives network data characterizing SIDs and BIDs (Billing Identifiers). The device processes the network data characterizing SIDs and BIDs in combination with user-priority for network names and accounting names to determine a second one of SIDs for a second one of the wireless access systems. The device wirelessly attaches to the second one of the wireless access systems having the second one of SIDs, displays the second one of the network names for the second one of the wireless access systems, and wirelessly exchanges user data with the second one of the wireless access systems.

Abstract: A wireless communication device generates content-delivery data indicating stored media content, content-delivery interface capability, tethered media devices, and Internet Protocol (IP) address data for the wireless communication device and for the tethered media devices. The wireless communication device wirelessly transfers the content-delivery data to a wireless communication network for delivery to a content distribution network. The wireless communication device transfers at least a portion of the stored media content to the wireless communication network for subsequent content delivery.

Abstract: A method of operating a communication system comprises, in a wireless communication device, acquiring a packet address from a communication network, wherein the communication network assigns the packet address to the wireless communication device, and transmitting the packet address, a device identifier, and a location of the wireless communication device for delivery to a database in the communication network. The method further comprises, in a packet router, receiving a data packet with a destination address of the packet address assigned to the wireless communication device, querying the database with the packet address to determine the device identifier and the location of the wireless communication device, processing the location to select a plurality of output ports of the packet router, and broadcasting the data packet over the plurality of output ports.

Abstract: Examples disclosed herein provide systems, methods, and software for communication using Common Public Radio Interface. In one example, a system for CPRI communication includes a radio equipment control system configured to generate a timing security flag for a basic frame, insert the security flag into the basic frame, and initiate transfer of the basic frame to a radio equipment system. The radio equipment system is further configured to receive the basic frame, identify validity of the timing security flag, and upon validation, update timing on the radio equipment.

Abstract: A Long Term Evolution (LTE) communication network transfers data communications for User Equipment (UE). An LTE gateway system exchanges hardware trust data with a server system to maintain hardware trust for the LTE gateway system. An LTE access node processes a Radio Resource Control (RRC) message that contains a trusted bearer requirement for the UE to generate an S1 Application Protocol (S1-AP) initial UE message that contains the trusted bearer requirement for the UE. An LTE management node processes the S1-AP initial UE message to generate a General Packet Radio Service Transfer Protocol (GTP) create session message that contains the trusted bearer requirement for the UE. The LTE gateway system exchanges user data for the UE between the LTE access node and a communication node responsive to the GTP create session message.

Abstract: Systems, methods, and software for operating communication systems and wireless communication devices are provided herein. In one example, a method of operating a wireless communication is provided. In processing circuitry of the wireless communication device, the method includes receiving a user request in an application for a voice call over a wireless communication network. In security circuitry of the wireless communication device, the method includes processing the request and a security key associated with the wireless communication network to authorize an identification number for the voice call over the wireless communication network, and indicating the identification number to the application. In a communication transceiver of the wireless communication device, the method includes, responsive to the application initiating the voice call using the identification number, exchanging communications of the voice call over the wireless communication network.

Abstract: A wireless communication network exchanges wireless data with wireless communication devices and transfers device data indicating device locations and device status to a network server. A sensor system detects a trigger condition and responsively determines proximate wireless communication devices. The sensor system transfers indications of the trigger condition and the currently proximate wireless communication devices to the network server. The network server processes the device data, trigger condition, and proximate wireless communication devices to generate notice data indicating the trigger condition and to select at least one of the wireless communication devices for receipt of the notice data. The network server transfers the notice data to the selected wireless communication devices over the wireless communication network.

Abstract: Systems, methods, and software for operating communication systems and wireless communication devices are provided herein. In one example, a method is provided that includes transferring an access request for delivery to a remote data system, receiving a security challenge transferred by the remote data system, and in response, transferring a security answer for delivery to the remote data system that includes at least one hash result generated in the security portion using at least one of the security keys. The method also includes receiving a security grant transferred by the remote data system indicating one of the hash results, selecting at least one of the transceivers based on an association of the transceivers with one of the security keys used to generate the hash result indicated in the security grant, and transferring the data for delivery to the remote data system over a wireless network associated with the selected transceiver.