Abstract: A wireless relay serves a wireless User Equipment (UE) over a relay slice. The wireless relay stores a relay Control Plane Function (CPF) and relay User Plane Function (UPF) for the relay slice. The wireless relay receives attachment signaling from the UE and transfers the attachment signaling to the wireless communication network. The wireless relay receives network signaling from the wireless communication network that indicates the relay slice for the wireless UE. The wireless relay executes the relay CPF and the relay UPF for the relay slice responsive to the network signaling. The relay CPF transfers UPF instructions to the relay UPF based on the network signaling. The relay UPF receives the UPF instructions, and in response, wirelessly exchanges user data with the UE and with the wireless communication network.

Abstract: A method for providing a translating virtual network function by a network element. The method comprises receiving by the network element a first Packet Forwarding Control Protocol (PFCP) message of a plurality of PFCP messages at a first Internet Protocol (IP) address of a plurality of IP addresses of the network element, the first IP address corresponding to a first Session Management Function (SMF) of one or more SMFs, selecting by the network element a translation method based on the first IP address on which the first PFCP message was received, translating by the network element the first PFCP message using the selected translation method into a function-based model representation of the first PFCP message, and configuring by the network element a network interface controller to implement, based on the representation of the first PFCP message, a protocol data unit (PDU) session.

Abstract: A data communication system serves a User Equipment (UE) over a Third Generation Partnership Project (3GPP) network core. In the data communication system, a 3GPP UE client exchanges authentication data with the 3GPP network core over a non-3GPP link. The 3GPP network core authenticates the 3GPP UE client, selects a network slice for the 3GPP UE client, and establishes an N1 link for the network slice over the non-3GPP link. The 3GPP UE client exchanging network signaling with the 3GPP network core for the network slice over the N1 link. The 3GPP UE client exchanges additional authentication data with the 3GPP network core over the non-3GPP link. The 3GPP network core selects another network slice for the 3GPP UE client and establishes another N1 link for the other network slice over the non-3GPP link. The 3GPP UE client exchanges additional network signaling with the 3GPP network core for the other network slice over the other N1 link.

Abstract: A data communication network serves a user application in User Equipment (UE) over a Virtual Private Network (VPN) Gateway (GW), Application Function (AF), and Network Exposure Function (NEF). The user application in the UE transfers user data to a VPN application in the UE. The VPN application in the UE transfers the user data over a VPN to the VPN-GW for delivery to the NEF. The VPN-GW receives user data over the VPN and transfers the user data to the AF for delivery to the NEF. The AF receives the user data for delivery to the NEF and generates an Application Programming Interface (API) call with the user data. The AF transfers the API call to the NEF. The NEF receives the API call and responsively exposes the user data. The user data may comprise user signaling, and the UE may exchange user data with external systems over the VPN GW responsive to the user signaling.

Abstract: A data communication system serves a User Equipment (UE) over a Third Generation Partnership Project (3GPP) network core. In the data communication system, a 3GPP UE client exchanges authentication data with the 3GPP network core over a non-3GPP link. The 3GPP network core authenticates the 3GPP UE client, selects a network slice for the 3GPP UE client, and establishes an N1 link for the network slice over the non-3GPP link. The 3GPP UE client exchanging network signaling with the 3GPP network core for the network slice over the N1 link. The 3GPP UE client exchanges additional authentication data with the 3GPP network core over the non-3GPP link. The 3GPP network core selects another network slice for the 3GPP UE client and establishes another N1 link for the other network slice over the non-3GPP link. The 3GPP UE client exchanges additional network signaling with the 3GPP network core for the other network slice over the other N1 link.

Abstract: A wireless communication network performs quantum authentication for a wireless User Equipment (UE). In the wireless communication network, network quantum circuitry generates and transfers qubits. UE quantum circuitry receives and processes the qubits and determines polarization states for the qubits. The UE quantum circuitry exchanges cryptography information with the network quantum circuitry and generates cryptography keys based on polarization states and cryptography information. The UE quantum circuitry transfers the cryptography keys to UE network circuitry. The network quantum circuitry exchanges the cryptography information with the UE quantum circuitry. The network quantum circuitry generates the cryptography keys based on the polarization states and the cryptography information and transfers the cryptography keys to network authentication circuitry.

Abstract: A communication device. The communication device comprises a central processing unit (CPU), a graphics processing unit (GPU), and a non-transitory memory comprising executable instructions for a sharing application that when executed by at least one of the CPU or the GPU, causes the sharing application to transmit an executable of a trusted application to an endpoint communication device, begin execution of the sharing application in a trusted security execution zone (TSZ) execution mode for sharing media content, instantiate a trustlet application that begins execution by the CPU or the GPU in the TSZ execution mode, display a unit of media content on the communication device, determine whether the unit of media content comprises confidential information, and in response to a determination the unit of media content comprises confidential information, transmit commands to the trusted application to control one or more functions at the endpoint communication device.

Abstract: A data communication network controls network access for User Equipment (UE) over a non-Third Generation Partnership Project (non-3GPP) access node. The non-3GPP access node transfers a UE access control message to a non-3GPP Interworking Function (IWF). The non-3GPP IWF transfers an N2 message indicating the UE access control message to a 3GPP Access and Mobility Management Function (AMF). The 3GPP AMF transfers an N1 message indicating the UE access control message to the UE. The UE processes the UE access control message from the non-3GPP access node.

Abstract: In a wireless communication network, an Access and Mobility Management Function (AMF) receives signaling for a wireless relay and transfers a slice request to a Network Slice Selection Function (NSSF). The NSSF transfers a network slice Identifier (ID) and relay slice IDs to the AMF. The AMF transfers the network slice ID and the relay slice IDs to a Session Management Function (SMF). The SMF instantiates a network User Plane Function (UPF) responsive to the network slice ID. The SMF instantiates relay UPFs in the wireless relay responsive to the relay slice IDs. The wireless relay wirelessly exchanges data with the UEs. The relay UPFs process the user data for the relay slices. The wireless relay wirelessly exchanges the user data with the wireless access node which exchanges the data with the network UPF. The network UPF processes the user data for the network slice.

Abstract: A method for edge network authentication and access, implemented by an edge server, including receiving user equipment (UE) information from an application client executed on a UE to establish a connection between the edge server and the UE, verifying whether the UE has authorization to the local access point name (APN) based on the UE information, generating a session key when the UE has authorization to the local APN, sending the session key to the UE, receiving a request to access content of an application on a content server from the UE, decrypting the information to obtain a key, comparing the key with the application key to validate the UE, verifying identifiers of the UE when the UE is valid, identifying the application on the content server to obtain the content based on the request, encrypting and sending a session identifier to the UE based on a new application key.

Abstract: A communication network service record tracker. The service record tracker comprises a processor, a data store comprising a plurality of service record blockchains, a non-transitory memory, and a service record tracker application stored in the non-transitory memory. When executed by the at least one processor, the application provides a service record tracker network function that receives notices of network events from other network function instances, in response to receiving a notice of a network event from a network function, invokes an API of the network function to request information about the network event, receives information about the network event, builds a block comprising the information about the network event, and adds the block to one of the plurality of service record blockchains in the data store, whereby the service record tracker application establishes and maintains an immutable service record of network communication events accessible by authorized communication network applications.

Abstract: A method of testing a communication network. The method comprises providing network communication service to communication service subscribers by a first set of computing resources that are part of a communication network, replicating communication data packets, directing the replicated communication data packets to the first set of computing resources and to a second set of computing resources that are part of the communication network but which do not provide network communication service to communication service subscribers, introducing a random error into the second set of computing resources, capturing by a testing application executing on a server computer the outputs from the second set of computing resources after processing the replicated communication data packets in the context of the random error, analyzing the captured outputs by the testing application, determining that the captured outputs indicate a failure by the testing application, and taking action by the testing application.

Abstract: A Network Function Virtualization (NFV) Software Defined Network (SDN) controls NFV resources consumed by Virtual Network Functions (VNFs). An NFV Infrastructure (NFVI) executes SDN application VNFs, SDN controller VNFs, and SDN data-machine VNFs. The NFVI responsively transfers SDN Key Performance Indicators (KPIs). A VNF control system processes the KPIs to generate and transfer NFV control data to lighten one of the SDN VNFs. The NFVI lightens the one SDN VNF responsive to the NFV control data by increasing access to NFVI hardware for the one SDN VNF.

Abstract: A method for edge network authentication and access, implemented by an edge server, including receiving user equipment (UE) information from an application client executed on a UE to establish a connection between the edge server and the UE, verifying whether the UE has authorization to the local access point name (APN) based on the UE information, generating a session key when the UE has authorization to the local APN, sending the session key to the UE, receiving a request to access content of an application on a content server from the UE, decrypting the information to obtain a key, comparing the key with the application key to validate the UE, verifying identifiers of the UE when the UE is valid, identifying the application on the content server to obtain the content based on the request, encrypting and sending a session identifier to the UE based on a new application key.

Abstract: System and methods are provided for determining whether a media file in a private network has been suspiciously modified. In embodiments, a server controlled by a service provider, for example, can generate a digital provenance for a media file from a trusted device and immutably store a hash value representing the digital provenance of the media file. Subsequent instances of the media file that are detected within the private network, in embodiments, are evaluated by the server using the digital provenance of the media file in order to identify changes to the content of the media file. In further embodiments, the server can modify the content of a suspiciously modified media file to include a marker that disclaims the content and/or otherwise indicates that the media file has been modified.

Abstract: In a wireless communication network, an Access and Mobility Management Function (AMF) receives signaling for a wireless relay and transfers a slice request to a Network Slice Selection Function (NSSF). The NSSF transfers a network slice Identifier (ID) and relay slice IDs to the AMF. The AMF transfers the network slice ID and the relay slice IDs to a Session Management Function (SMF). The SMF instantiates a network User Plane Function (UPF) responsive to the network slice ID. The SMF instantiates relay UPFs in the wireless relay responsive to the relay slice IDs. The wireless relay wirelessly exchanges data with the UEs. The relay UPFs process the user data for the relay slices. The wireless relay wirelessly exchanges the user data with the wireless access node which exchanges the data with the network UPF. The network UPF processes the user data for the network slice.

Abstract: A method of authorizing computing services at the edge of a communication network.

Abstract: A method of testing production server applications. The method comprises monitoring a production server that is executing a first version of a production application by an agent application executing on the production server, recording changes made on the production server by the agent application in a reporting file on the production server, launching a test application on a test server, wherein the test application is associated with a second version of the production application, in response to launching the test application, reading the reporting file by a script executing on the test server, determining by the script that changes were made on the production server based on reading the reporting file, and sending by the script a notification about the changes made on the production server, whereby a tester testing the second version of the production application is made aware of changes that have been made on the production server.

Abstract: A Network Function Virtualization (NFV) system implements hardware trusted Management and Orchestration (MANO). A Hardware (HW) trust server issues a HW trust challenge to a first MANO system. The first MANO system hashes its physically-embedded read-only hardware trust key to generate a HW trust result and transfers the HW trust result to the HW trust server. The HW trust server validates the hardware trust result and transfers a HW trust certificate to the first MANO system. The first MANO system transfers the HW trust certificate and NFV MANO data to a second MANO system. The second MANO system validates the HW trust certificate. The second MANO system exchanges NFVI control data with NFVI circuitry responsive to the NFV MANO data when the HW trust certificate is valid. The second MANO system isolates the NFV MANO data when the HW trust certificate is not valid.

Abstract: A data communication system delivers voice-conferencing and video-conferencing to User Equipment (UE). A wireless communication network establishes a signaling bearer between the UE and an Internet Protocol Multimedia Subsystem (IMS). The IMS initiates a video-conference bearer for the UE over the wireless communication network. The wireless communication network exchanges video data over the video-conference bearer using Carrier Aggregation (CA). In response to a UE handover to a target wireless access node, the wireless communication network signals the IMS to convert the video-conference bearer into a voice-conference bearer based on Carrier Aggregation (CA) technology at the target wireless access node. The IMS initiates a voice-conference bearer for the UE over the wireless communication network. The wireless communication network exchanges voice data over the voice-conference bearer.