公开(公告)号：US10278100B1

公开(公告)日：2019-04-30

申请号：US15071539

申请日：2016-03-16

Applicant: Sprint Communications Company L.P.

Inventor： Marouane Balmakhtar ,  Aaron Paul Hinkle ,  G. Murat Karabulut

IPC: H04W36/00 ,  H04M15/00 ,  H04W28/02 ,  H04B7/0413 ,  H04W76/10 ,  H04W80/04

Abstract: A Long Term Evolution (LTE) Mobility Management Entity (MME) manages a service level for an Internet Protocol Multimedia Subsystem (IMS) media session for a User Equipment (UE). The MME exchanges first control data with the UE to establish an IMS signaling bearer and a media session bearer. The MME identifies a UE hand-over between LTE access nodes during the IMS media session and determines an access technology difference between the LTE access nodes. The MME determines when the service level for the IMS media session should be modified based on the access technology difference and exchanges service modification data with the IMS. The MME exchanges second control data with the UE to indicate a modification to the service level for the IMS media session.

公开(公告)号：US10243959B1

公开(公告)日：2019-03-26

申请号：US15415753

申请日：2017-01-25

Applicant: Sprint Communications Company L.P.

Inventor： Marouane Balmakhtar ,  Carl J. Persson ,  Arun Rajagopal

IPC: H04L29/06 ,  H04L29/08

Abstract: A cloud computing system. The system comprises a network, a data store communicatively coupled to the network, a plurality of compute nodes, at least some of the compute nodes comprising a cloud computing framework agent coupled to an agent gate keeper, where the cloud computing framework agent communicates with the network via the agent gate keeper, an image management component coupled to an image management gate keeper, where the image management component manages images that execute in the compute instances on the compute nodes and communicates with the network via the image management gate keeper, and a security engine coupled to the network that receives a request to initiate an image on a compute instance, analyzes the image to determine an authentication metric, and when the authentication metric matches a validated authentication value, sends the image to the image management component for loading and instantiating in the computer instance.

公开(公告)号：US10097421B1

公开(公告)日：2018-10-09

申请号：US15184298

申请日：2016-06-16

Applicant: Sprint Communications Company L.P.

Inventor： Arun Rajagopal ,  Marouane Balmakhtar

IPC: H04L12/931 ,  H04L12/24 ,  H04L12/26

Abstract: A Software Defined Network (SDN) exerts policy control over a data service. An SDN computer system executes SDN applications to direct the data service. The SDN computer system executes SDN controllers to control the data service responsive to the SDN applications. SDN data machines deliver the data service responsive to the SDN controllers. The SDN applications, SDN controllers, and SDN data machines transfer SDN Key Performance Indicators (KPIs). An SDN server processes the SDN KPIs to generate data service indices. The SDN server processes the data service indices to select policies for the data service.

公开(公告)号：US10069844B2

公开(公告)日：2018-09-04

申请号：US15216677

申请日：2016-07-21

Applicant: Sprint Communications Company L.P.

Inventor： Lyle Walter Paczkowski ,  James Patrick Sisul ,  Marouane Balmakhtar

IPC: H04L29/06 ,  G06F9/455 ,  H04L29/08 ,  H04L12/701

Abstract: A Network Function Virtualization (NFV) Software Defined Network (SDN) maintains hardware trusted communications. A source trust controller and a target trust controller establish hardware trust with a trust server. The trust server exchanges information with the source trust controller that indicates the hardware trust for a target vSW. The source trust controller exchanges the information with the source vSW that indicates the hardware trust for the target vSW. The source vSW receives a Virtual Data Unit (VDU) from the source VNF for delivery to the target VNF over the target vSW, and before transfer, the source vSW verifies hardware trust of the target vSW based on the HT information. Responsive to the hardware trust verification, the source vSW transfers the VDU for the delivery to the target vSW. The target vSW transfers the VDU to the target VNF.

公开(公告)号：US20180227305A1

公开(公告)日：2018-08-09

申请号：US15944613

申请日：2018-04-03

Applicant: Sprint Communications Company L.P.

Inventor： Marouane Balmakhtar ,  Arun Rajagopal

IPC: H04L29/06 ,  H04L12/24 ,  H04L29/12

CPC classification number: H04L63/10 ,  H04L41/00 ,  H04L45/00 ,  H04L61/1511 ,  H04L63/0236 ,  H04L63/0428 ,  H04L63/101

Abstract: A Network Function Virtualization Infrastructure (NFVI) controls a Software Defined Network (SDN) Application Programming Interface (API) between a source SDN Virtual Network Function (VNF) and a target SDN VNF. NFV circuitry executes the source SDN VNF and transfers an identity code embedded in the source SDN VNF to Management and Orchestration (MANO) circuitry. The MANO circuitry translates the SDN VNF identity code into API privileges between the source SDN VNF and the target SDN VNF. The MANO circuitry transfers the SDN API privileges to the target SDN VNF. The NFV circuitry executes the source SDN VNF and transfers SDN API data from the source SDN VNF to the target SDN VNF. The NFV circuitry executes the target SDN VNF and processes the SDN API data based on the SDN API privileges.

公开(公告)号：US10033660B2

公开(公告)日：2018-07-24

申请号：US15057300

申请日：2016-03-01

Applicant: Sprint Communications Company L.P.

Inventor： Marouane Balmakhtar ,  Arun Rajagopal

IPC: H04L12/927 ,  H04L12/26 ,  H04L12/715 ,  H04L12/24

Abstract: A data communication system determines Software Defined Network (SDN) Quality-of-Service (QoS). SDN applications transfer SDN controller Application Programming Interface (API) calls and receive SDN controller API responses. The SDN applications measure Key Performance Indicators (KPIs) and transfer SDN application KPI data. An SDN controller receives the controller API calls, transfers the controller API responses, transfers SDN data machine API calls, and receives SDN data machine API responses. The SDN controller measures KPIs and transfer SDN controller KPI data. SDN data machines receive the SDN data machine API calls, perform SDN actions on user data responsive to the data machine API calls, and transfer the data machine API responses. The SDN data machines measure KPIs and transfer SDN data machine KPI data. An SDN QoS server processes the SDN KPI data to generate an SDN QoS score.

公开(公告)号：US20180191497A1

公开(公告)日：2018-07-05

申请号：US15394507

申请日：2016-12-29

Applicant: Sprint Communications Company L.P.

Inventor： Lyle Walter Paczkowski ,  Arun Rajagopal ,  Marouane Balmakhtar

IPC: H04L9/08 ,  H04L9/32

CPC classification number: H04L9/0861 ,  H04L9/3236 ,  H04L9/3263 ,  H04L41/042 ,  H04L63/0823

Abstract: A Network Function Virtualization (NFV) data communication system implements hardware trusted Management and Orchestration (MANO). A Hardware (HW) trust server issues a HW trust challenge to a MANO system. The MANO system hashes its physically-embedded hardware trust key to generate a HW trust result and transfers the HW trust result to the HW trust server. The HW trust server validates the hardware trust result and transfers a HW trust certificate to the MANO system. The MANO system transfers the HW trust certificate and NFV MANO data to an NFV Infrastructure (NFVI). The NFVI validates the HW trust certificate. The NFVI exchanges user data responsive to the NFV MANO data when the HW trust certificate is valid. The NFVI isolates the NFV MANO data when the HW trust certificate is not valid.

公开(公告)号：US20180139154A1

公开(公告)日：2018-05-17

申请号：US15352969

申请日：2016-11-16

Applicant: Sprint Communications Company L.P.

Inventor： Arun Rajagopal ,  Marouane Balmakhtar ,  Lyle Walter Paczkowski

IPC: H04L12/931 ,  H04L12/24

CPC classification number: H04L49/354 ,  H04L41/04 ,  H04L41/12 ,  H04L41/22

Abstract: A Network Function Virtualization (NFV) Software-Defined Network (SDN) communicates across network boundaries with other NFV SDNs to support a data communication service. An NFV orchestrator transfers forwarding graphs for service, NFV, and SDN Network-to-Network Interfaces (NNIs) to an SDN controller. The SDN controller converts the forwarding graphs into forwarding instructions and transfers the forwarding instructions for the service, NFV, and SDN NNIs to an NFV SDN switching system. The NFV orchestrator uses the NFV NNI to transfer its forwarding graphs over the NFV SDN switching system across the network boundary to another NFV orchestrator. The SDN controller uses the SDN NNI to transfer its forwarding instructions over the NFV SDN switching system across the network boundary to another SDN controller. The NFV SDN switching system uses the service NNI to transfer user data across the network boundary to another NFV SDN switching system.

公开(公告)号：US09967257B2

公开(公告)日：2018-05-08

申请号：US15071484

申请日：2016-03-16

Applicant: Sprint Communications Company L.P.

Inventor： Marouane Balmakhtar ,  Arun Rajagopal

IPC: H04L29/06 ,  H04L12/24 ,  H04L29/12

CPC classification number: H04L63/10 ,  H04L41/00 ,  H04L45/00 ,  H04L61/1511 ,  H04L63/0236 ,  H04L63/0428 ,  H04L63/101

Abstract: A Software-Defined Network (SDN) authorizes Application Programming Interface (API) calls from user SDN applications to user SDN controllers. A user SDN application transfers an embedded code to an authorization SDN controller. The authorization SDN controller translates the embedded code into an SDN controller network address and an SDN application privilege data set. The authorization SDN controller transfers the SDN controller network address to the user SDN application. The authorization SDN controller transfers the SDN application privilege data set to the user SDN controller. The user SDN application transfers an SDN API call to the user SDN controller using the SDN controller network address. The user SDN controller determines if the SDN API call is authorized by the SDN application privilege data set. The user SDN controller services the API call if the SDN API call is authorized and inhibits an unauthorized API call.

公开(公告)号：US09887980B1

公开(公告)日：2018-02-06

申请号：US14446732

申请日：2014-07-30

Applicant: Sprint Communications Company L.P.

Inventor： Marouane Balmakhtar ,  Ramana Venkata Gollamudi

IPC: H04L29/06

CPC classification number: H04L63/0815 ,  G06F21/31 ,  H04L63/08 ,  H04L63/10 ,  H04W12/06

Abstract: A system for authenticating client devices for communication with one or more wireless communications networks, includes a client device configured to receive a client-side global time from a time tracking system and generate a response to an authentication challenge based on the authentication challenge, the client-side global time, a client device identifier associated with the client device, and optionally location data that corresponds to a location of the client device. The system further includes a security gateway configured to receive a gateway-side global time from the time tracking system, generate an expected response to the authentication challenge based on the authentication challenge, the gateway-side global time, the client device identifier, and optionally location data that corresponds to an expected location of the client device, receive the response to the authentication challenge, and authenticate the client device on a wireless communications network based on the response and the expected response.