Abstract: A Software-Defined Network (SDN) controller receives controller Application Programming Interface (API) calls from an SDN application and transfers SDN data machine API calls. SDN data machines receive the SDN data machine API calls and process user data responsive to the SDN data machine API calls. The SDN controller transfers SDN controller Key Performance Indicators (KPIs) that indicate an amount of the SDN application API calls for the SDN data machine API calls. The SDN data machines transfers SDN data machine KPIs that indicate an amount of the processed user data for the SDN data machine API calls. An SDN server receives the SDN data machine KPIs and the SDN controller KPIs. The SDN server determines an SDN Quality-of-Service (QoS) score for a data communication service based on the amount of the SDN application API calls relative to the corresponding amount of the processed user data.

Abstract: A Software Defined Network (SDN) exerts policy control over a data service. An SDN computer system executes SDN applications to direct the data service. The SDN computer system executes SDN controllers to control the data service responsive to the SDN applications. SDN data machines deliver the data service responsive to the SDN controllers. The SDN applications, SDN controllers, and SDN data machines transfer SDN Key Performance Indicators (KPIs). An SDN server processes the SDN KPIs to generate data service indices. The SDN server processes the data service indices to select policies for the data service.

Abstract: A Network Function Virtualization (NFV) system recovers from a Virtual Network Function (NFV) crash. Initially, an NFV Infrastructure (NFVI) executes the VNF, and the VNF transfers VNF state data to a VNF database. An NFV orchestrator detects a VNF crash and retrieves the VNF state data for the crashed VNF from the VNF state database. The NFV orchestrator directs the NFVI to install a new VNF to replace the crashed VNF based on the VNF state data. The NFVI installs the new VNF based on the VNF state data.

Abstract: A Network Function Virtualization (NFV) Software Defined Network (SDN) maintains hardware trusted communications. A source trust controller and a target trust controller establish hardware trust with a trust server. The trust server exchanges information with the source trust controller that indicates the hardware trust for a target vSW. The source trust controller exchanges the information with the source vSW that indicates the hardware trust for the target vSW. The source vSW receives a Virtual Data Unit (VDU) from the source VNF for delivery to the target VNF over the target vSW, and before transfer, the source vSW verifies hardware trust of the target vSW based on the HT information. Responsive to the hardware trust verification, the source vSW transfers the VDU for the delivery to the target vSW. The target vSW transfers the VDU to the target VNF.

Abstract: A Network Function Virtualization Infrastructure (NFVI) controls a Software Defined Network (SDN) Application Programming Interface (API) between a source SDN Virtual Network Function (VNF) and a target SDN VNF. NFV circuitry executes the source SDN VNF and transfers an identity code embedded in the source SDN VNF to Management and Orchestration (MANO) circuitry. The MANO circuitry translates the SDN VNF identity code into API privileges between the source SDN VNF and the target SDN VNF. The MANO circuitry transfers the SDN API privileges to the target SDN VNF. The NFV circuitry executes the source SDN VNF and transfers SDN API data from the source SDN VNF to the target SDN VNF. The NFV circuitry executes the target SDN VNF and processes the SDN API data based on the SDN API privileges.

Abstract: A Software-Defined Network (SDN) distributes Proxy Correlation Index (PCI) control in an SDN data-plane. An SDN controller transfers SDN signaling that indicates a data-plane PCI configuration. An SDN data machine processes the SDN signaling and configures a PCI generator and a flow controller to implement the data-plane PCI configuration. The SDN data-plane machine processes user data flows per a Flow Description Table (FDT) and generates Key Performance Indicators (KPIs) for the user data flows. The PCI generator generates PCIs based on the KPIs and the data-plane PCI configuration. The flow controller updates the FDT based on the PCIs and the data-plane PCI configuration. The SDN data-plane machine processes the user data flows per the updated FDT.

Abstract: A data communication system determines Software Defined Network (SDN) Quality-of-Service (QoS). SDN applications transfer SDN controller Application Programming Interface (API) calls and receive SDN controller API responses. The SDN applications measure Key Performance Indicators (KPIs) and transfer SDN application KPI data. An SDN controller receives the controller API calls, transfers the controller API responses, transfers SDN data machine API calls, and receives SDN data machine API responses. The SDN controller measures KPIs and transfer SDN controller KPI data. SDN data machines receive the SDN data machine API calls, perform SDN actions on user data responsive to the data machine API calls, and transfer the data machine API responses. The SDN data machines measure KPIs and transfer SDN data machine KPI data. An SDN QoS server processes the SDN KPI data to generate an SDN QoS score.

Abstract: A Network Function Virtualization (NFV) data communication system implements hardware trusted Management and Orchestration (MANO). A Hardware (HW) trust server issues a HW trust challenge to a MANO system. The MANO system hashes its physically-embedded hardware trust key to generate a HW trust result and transfers the HW trust result to the HW trust server. The HW trust server validates the hardware trust result and transfers a HW trust certificate to the MANO system. The MANO system transfers the HW trust certificate and NFV MANO data to an NFV Infrastructure (NFVI). The NFVI validates the HW trust certificate. The NFVI exchanges user data responsive to the NFV MANO data when the HW trust certificate is valid. The NFVI isolates the NFV MANO data when the HW trust certificate is not valid.

Abstract: A Network Function Virtualization (NFV) Software Defined Network (SDN) performs a network task. An NFV management system processes Key Performance Indicators (KPIs) to identify the network task and to direct an NFV orchestration system to install a virtual Probe (vProbe) with filter criteria to collect additional KPIs for the network task. The NFV orchestration system directs an NFV Infrastructure (NFVI) to install the vProbe. The vProbe sends the filter criteria to a virtual Switch (vSW) in the NFVI, and the vSW applies the filter criteria to Virtual Network Function (VNF) traffic and transfers the filtered data to the vProbe. The vProbe processes the filtered data to generate the additional KPIs for the NFV management system. The NFV management system processes the additional KPIs to perform the network task.

Abstract: An LTE base station facilitates handoffs in an LTE communication system. The LTE base station is configured to exchange session communications with a UE and receive session information transmitted from an LTE communication control system, the session information including a media type of the communication session and a vector associated with the UE. The LTE base station is further configured to identify a plurality of candidate base stations within a proximity threshold to a path of the vector associated with the UE, poll the plurality of candidate base stations for capability information, process the capability information to determine a set of the candidate base stations that support the media type of the communication session, select a target base station for a handoff from the set of the candidate base stations that support the media type, and instruct the UE to initiate the handoff to the target base station.

Abstract: A Network Function Virtualization (NFV) Software-Defined Network (SDN) communicates across network boundaries with other NFV SDNs to support a data communication service. An NFV orchestrator transfers forwarding graphs for service, NFV, and SDN Network-to-Network Interfaces (NNIs) to an SDN controller. The SDN controller converts the forwarding graphs into forwarding instructions and transfers the forwarding instructions for the service, NFV, and SDN NNIs to an NFV SDN switching system. The NFV orchestrator uses the NFV NNI to transfer its forwarding graphs over the NFV SDN switching system across the network boundary to another NFV orchestrator. The SDN controller uses the SDN NNI to transfer its forwarding instructions over the NFV SDN switching system across the network boundary to another SDN controller. The NFV SDN switching system uses the service NNI to transfer user data across the network boundary to another NFV SDN switching system.

Abstract: A Software-Defined Network (SDN) authorizes Application Programming Interface (API) calls from user SDN applications to user SDN controllers. A user SDN application transfers an embedded code to an authorization SDN controller. The authorization SDN controller translates the embedded code into an SDN controller network address and an SDN application privilege data set. The authorization SDN controller transfers the SDN controller network address to the user SDN application. The authorization SDN controller transfers the SDN application privilege data set to the user SDN controller. The user SDN application transfers an SDN API call to the user SDN controller using the SDN controller network address. The user SDN controller determines if the SDN API call is authorized by the SDN application privilege data set. The user SDN controller services the API call if the SDN API call is authorized and inhibits an unauthorized API call.

Abstract: A server system generates and transfers Precision Time Protocol (PTP) synch requests for delivery to a PTP clock server and responsively receives PTP synch responses transferred by the PTP clock server. The server system processes the PTP synch responses to determine PTP clock phase error data for the PTP clock server. The server system compares the PTP clock phase error data to a historical phase error threshold for the PTP clock server. If the PTP clock phase error data does not exceed the historical phase error threshold, then the server system updates the historical phase error threshold for the PTP clock server based on the PTP clock phase error data. If the PTP clock phase error data exceeds the historical phase error threshold, then the server system generates an indication that the PTP clock server comprises a malicious PTP node.

Abstract: A system for authenticating client devices for communication with one or more wireless communications networks, includes a client device configured to receive a client-side global time from a time tracking system and generate a response to an authentication challenge based on the authentication challenge, the client-side global time, a client device identifier associated with the client device, and optionally location data that corresponds to a location of the client device.

Abstract: A Network Function Virtualization (NFV) Software Defined Network (SDN) maintains hardware trusted communications. A source trust controller and a target trust controller establish hardware trust with a trust server. The trust server exchanges information with the source trust controller that indicates the hardware trust for a target vSW. The source trust controller exchanges the information with the source vSW that indicates the hardware trust for the target vSW. The source vSW receives a Virtual Data Unit (VDU) from the source VNF for delivery to the target VNF over the target vSW, and before transfer, the source vSW verifies hardware trust of the target vSW based on the HT information. Responsive to the hardware trust verification, the source vSW transfers the VDU for the delivery to the target vSW. The target vSW transfers the VDU to the target VNF.

Abstract: A Software-Defined Network (SDN) authorizes Application Programming Interface (API) calls from user SDN applications to user SDN controllers. A user SDN application transfers an embedded code to an authorization SDN controller. The authorization SDN controller translates the embedded code into an SDN controller network address and an SDN application privilege data set. The authorization SDN controller transfers the SDN controller network address to the user SDN application. The authorization SDN controller transfers the SDN application privilege data set to the user SDN controller. The user SDN application transfers an SDN API call to the user SDN controller using the SDN controller network address. The user SDN controller determines if the SDN API call is authorized by the SDN application privilege data set. The user SDN controller services the API call if the SDN API call is authorized and inhibits an unauthorized API call.

Abstract: A data communication system determines Software Defined Network (SDN) Quality-of-Service (QoS). SDN applications transfer SDN controller Application Programming Interface (API) calls and receive SDN controller API responses. The SDN applications measure Key Performance Indicators (KPIs) and transfer SDN application KPI data. An SDN controller receives the controller API calls, transfers the controller API responses, transfers SDN data machine API calls, and receives SDN data machine API responses. The SDN controller measures KPIs and transfer SDN controller KPI data. SDN data machines receive the SDN data machine API calls, perform SDN actions on user data responsive to the data machine API calls, and transfer the data machine API responses. The SDN data machines measure KPIs and transfer SDN data machine KPI data. An SDN QoS server processes the SDN KPI data to generate an SDN QoS score.

Abstract: A Software-Defined Network (SDN) data-plane machine stores flow data and a hardware-trust key. The SDN data-plane machine receives and processes a hardware-trust challenge based on the hardware-trust key to generate and transfer a hardware-trust response. The SDN data-plane machine receives and routes user data based on the flow data. The SDN data-plane machine receives modification data from an SDN controller. The SDN data-plane machine validates hardware-trust of the SDN controller and modifies the flow data based on the modification data responsive to the hardware-trust validation of the SDN controller. The SDN data-plane machine receives and routes additional user data responsive to the modified flow data.

Abstract: In Software-Defined Network (SDN), a trust controller and trust processor exchange hardware-trust data over an SDN southbound interface to maintain hardware-trust. A flow controller transfers a Flow Description Table (FDT) modification to the data-plane machine over the southbound interface. The flow controller transfers an FDT modification notice to the trust controller which transfers FDT security data over the southbound interface to authorize the FDT change in the SDN data-plane machine. The data-plane machine authorizes the FDT modification based on the FDT security data from the trust controller. The data-plane machine modifies the FDT in response to the successful authorization and processes user data traffic using the modified FDT. The trust controller may also transfer a Threat Description Table (TDT) to the data-plane machine to filter the user traffic for other threats.

Abstract: In Software-Defined Network (SDN), a trust controller and trust processor exchange hardware-trust data over an SDN southbound interface to maintain hardware-trust. A flow controller transfers a Flow Description Table (FDT) modification to the data-plane machine over the southbound interface. The flow controller transfers an FDT modification notice to the trust controller which transfers FDT security data over the southbound interface to authorize the FDT change in the SDN data-plane machine. The data-plane machine authorizes the FDT modification based on the FDT security data from the trust controller. The data-plane machine modifies the FDT in response to the successful authorization and processes user data traffic using the modified FDT. The trust controller may also transfer a Threat Description Table (TDT) to the data-plane machine to filter the user traffic for other threats.