Network security path identification and validation
US-12170668-B2 · Dec 17, 2024 · US
Security architecture for the connected aircraft
US10375087B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10375087-B2 |
| Application number | US-201414336230-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 21, 2014 |
| Priority date | Jul 21, 2014 |
| Publication date | Aug 6, 2019 |
| Grant date | Aug 6, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods of a security architecture for a connected aircraft are disclosed. In at least one embodiment, an avionics server comprises a plurality of device ports, wherein each of the plurality of device ports is coupled to a respective one of a plurality of device network interface cards and dedicated to a respective one of a plurality of avionics domains which corresponds to the respective device network interface card. Further, at least one processing device is configured to identify one or more signals from a respective user received at one or more of the plurality of device ports and to verify whether the user has access to the respective avionics domains that are dedicated to the one or more device ports over which the one or more signals are received.
First claim
Opening claim text (preview).
What is claimed is: 1. An avionics server comprising: a plurality of domains, wherein each one of the plurality of domains comprises a separate dedicated firewall restricting access to a plurality of applications and/or services on each one of the plurality of domains; a plurality of device ports, wherein each one of the plurality of device ports is dedicated to a single respective one of the plurality of domains; a plurality of device network interface cards, wherein each one of the plurality of device network interface cards is coupled to a single respective one of the plurality of device ports; and at least one processing device configured to identify one or more signals from a respective user device received, via the respective plurality of device network interface cards, at one or more of the plurality of device ports and to verify, by the respective dedicated firewall, whether the user has access to the respective domains that are dedicated to the one or more device ports over which the one or more signals are received. 2. The avionics server of claim 1 , wherein the plurality of domains includes one or more of the following domains: an aircraft control domain, an airline information services domain, a passenger information and entertainment service domain, or a passenger owned devices domain. 3. The avionics server of claim 1 , wherein the at least one processing device is further configured to monitor the one or more signals for suspicious, unsafe, or malicious activity. 4. The avionics server of claim 1 , wherein the at least one processing device is further configured to compare the one or more signals being received from the user with one or more signals being received from a second user. 5. The avionics server of claim 1 , wherein the at least one processing device is further configured to: compare the user with a list of prohibited users and deny the user access to the avionics server when the user is included in the list of prohibited users. 6. The avionics server of claim 1 , further comprising a datalink port and a datalink network interface card for receiving signals via a datalink and wherein the at least one processing device is configured to direct the signals from the datalink port to a corresponding domain. 7. The avionics server of claim 1 , wherein the avionics server includes the plurality of device network interface cards. 8. The avionics server of claim 1 , wherein the avionics server is an application computing platform including one or more virtual machines hosting the plurality of applications and/or services. 9. A method comprising: receiving one or more signals from a device at one or more of a plurality of device ports, via a respective plurality of device network interface cards, wherein each one of the plurality of device ports is coupled to a single respective one of the plurality of device network interface cards, and wherein each one of the plurality of device ports is dedicated to a single respective one of a plurality of domains; identifying the one or more device ports that are receiving the one or more signals from the device; verifying, by a separate respective dedicated firewall on each one of the plurality of domains, whether the device has access to the respective one or more domains that are dedicated to the one or more identified device ports; and forwarding the one or more signals to the one or more domains that the device has access to. 10. The method of claim 9 , wherein the plurality of domains include one or more of the following domains: an aircraft control domain, an airline information services domain, a passenger information and entertainment service domain, or a passenger owned devices domain. 11. The method of claim 9 , further comprising monitoring the one or more signals for suspicious, unsafe, or malicious activity. 12. The method of claim 9 , further comprising comparing the one or more signals being received by the device with one or more signals being received by a second device. 13. The method of claim 9 , further comprising comparing the device with a list of prohibited devices. 14. The method of claim 13 , further comprising denying the device access to the plurality of domains when the device is included in the list of prohibited devices. 15. A system comprising: a plurality of device network interface cards; and an avionics server comprising: a plurality of domains, wherein each one of the plurality of domains comprises a separate dedicated firewall restricting access to a plurality of applications and/or services on each one of the plurality of domains; and a plurality of device ports, wherein each one of the plurality of device ports is dedicated to a single respective one of the plurality of domains; wherein each one of the plurality of device ports is coupled to a single respective one of the plurality of device network interface cards, which corresponds to the respective domain, and wherein the avionics server is configured to identify one or more signals from a respective user device received, via the respective plurality of device network interface cards, at one or more of the plurality of device ports, and to verify, by the respective dedicated firewall, whether the user has access to the respective domains that are dedicated to the one or more device ports over which the one or more signals are received. 16. The system of claim 15 , wherein the plurality of domains includes one or more of the following domains: an aircraft control domain, an airline information services domain, a passenger information and entertainment service domain, or a passenger owned devices domain. 17. The system of claim 15 , wherein the avionics server is further configured to monitor the one or more signals for suspicious, unsafe, or malicious activity. 18. The system of claim 15 , wherein the avionics server is further configured to compare the one or more signals being received from the user with one or more signals being received from a second user. 19. The system of claim 15 , wherein the avionics server is further configured to compare the user with a list of prohibited users. 20. The system of claim 19 , wherein the avionics server is further configured to deny the user access to the avionics server when the user is included in the list of prohibited users.
Assignees
Inventors
Classifications
specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks · CPC title
by monitoring network traffic (monitoring network traffic per se H04L43/00) · CPC title
- H04L63/101Primary
Access control lists [ACL] · CPC title
Multi-level security, e.g. mandatory access control · CPC title
- H04L63/1416Primary
Event detection, e.g. attack signature detection · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10375087B2 cover?
- Systems and methods of a security architecture for a connected aircraft are disclosed. In at least one embodiment, an avionics server comprises a plurality of device ports, wherein each of the plurality of device ports is coupled to a respective one of a plurality of device network interface cards and dedicated to a respective one of a plurality of avionics domains which corresponds to the resp…
- Who is the assignee on this patent?
- Honeywell Int Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/101. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 06 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).