Abstract: A Software-Defined Network (SDN) authorizes Application Programming Interface (API) calls from user SDN applications to user SDN controllers. A user SDN application transfers an embedded code to an authorization SDN controller. The authorization SDN controller translates the embedded code into an SDN controller network address and an SDN application privilege data set. The authorization SDN controller transfers the SDN controller network address to the user SDN application. The authorization SDN controller transfers the SDN application privilege data set to the user SDN controller. The user SDN application transfers an SDN API call to the user SDN controller using the SDN controller network address. The user SDN controller determines if the SDN API call is authorized by the SDN application privilege data set. The user SDN controller services the API call if the SDN API call is authorized and inhibits an unauthorized API call.

Abstract: A data communication system determines Software Defined Network (SDN) Quality-of-Service (QoS). SDN applications transfer SDN controller Application Programming Interface (API) calls and receive SDN controller API responses. The SDN applications measure Key Performance Indicators (KPIs) and transfer SDN application KPI data. An SDN controller receives the controller API calls, transfers the controller API responses, transfers SDN data machine API calls, and receives SDN data machine API responses. The SDN controller measures KPIs and transfer SDN controller KPI data. SDN data machines receive the SDN data machine API calls, perform SDN actions on user data responsive to the data machine API calls, and transfer the data machine API responses. The SDN data machines measure KPIs and transfer SDN data machine KPI data. An SDN QoS server processes the SDN KPI data to generate an SDN QoS score.

Abstract: A Software-Defined Network (SDN) data-plane machine stores flow data and a hardware-trust key. The SDN data-plane machine receives and processes a hardware-trust challenge based on the hardware-trust key to generate and transfer a hardware-trust response. The SDN data-plane machine receives and routes user data based on the flow data. The SDN data-plane machine receives modification data from an SDN controller. The SDN data-plane machine validates hardware-trust of the SDN controller and modifies the flow data based on the modification data responsive to the hardware-trust validation of the SDN controller. The SDN data-plane machine receives and routes additional user data responsive to the modified flow data.

Abstract: In Software-Defined Network (SDN), a trust controller and trust processor exchange hardware-trust data over an SDN southbound interface to maintain hardware-trust. A flow controller transfers a Flow Description Table (FDT) modification to the data-plane machine over the southbound interface. The flow controller transfers an FDT modification notice to the trust controller which transfers FDT security data over the southbound interface to authorize the FDT change in the SDN data-plane machine. The data-plane machine authorizes the FDT modification based on the FDT security data from the trust controller. The data-plane machine modifies the FDT in response to the successful authorization and processes user data traffic using the modified FDT. The trust controller may also transfer a Threat Description Table (TDT) to the data-plane machine to filter the user traffic for other threats.

Abstract: In Software-Defined Network (SDN), a trust controller and trust processor exchange hardware-trust data over an SDN southbound interface to maintain hardware-trust. A flow controller transfers a Flow Description Table (FDT) modification to the data-plane machine over the southbound interface. The flow controller transfers an FDT modification notice to the trust controller which transfers FDT security data over the southbound interface to authorize the FDT change in the SDN data-plane machine. The data-plane machine authorizes the FDT modification based on the FDT security data from the trust controller. The data-plane machine modifies the FDT in response to the successful authorization and processes user data traffic using the modified FDT. The trust controller may also transfer a Threat Description Table (TDT) to the data-plane machine to filter the user traffic for other threats.