[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

US20160212618A1 - Automated distribution of logon credentials for establishing wireless connectivity of electronic flight bag (efb) - Google Patents

Automated distribution of logon credentials for establishing wireless connectivity of electronic flight bag (efb) Download PDF

Info

Publication number
US20160212618A1
US20160212618A1 US14/599,198 US201514599198A US2016212618A1 US 20160212618 A1 US20160212618 A1 US 20160212618A1 US 201514599198 A US201514599198 A US 201514599198A US 2016212618 A1 US2016212618 A1 US 2016212618A1
Authority
US
United States
Prior art keywords
wireless
efb
nfc
access point
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US14/599,198
Other versions
US9402182B1 (en
Inventor
Martin Henzl
Petr Gotthard
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Honeywell International Inc
Original Assignee
Honeywell International Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Honeywell International Inc filed Critical Honeywell International Inc
Priority to US14/599,198 priority Critical patent/US9402182B1/en
Assigned to HONEYWELL INTERNATIONAL INC. reassignment HONEYWELL INTERNATIONAL INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: GOTTHARD, PETR, HENZL, MARTIN
Priority to CA2916507A priority patent/CA2916507A1/en
Priority to EP16150505.2A priority patent/EP3046305B1/en
Priority to CN201610025857.8A priority patent/CN105813009A/en
Publication of US20160212618A1 publication Critical patent/US20160212618A1/en
Application granted granted Critical
Publication of US9402182B1 publication Critical patent/US9402182B1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04B5/0025
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B5/00Near-field transmission systems, e.g. inductive or capacitive transmission systems
    • H04B5/70Near-field transmission systems, e.g. inductive or capacitive transmission systems specially adapted for specific purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0492Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/04Large scale networks; Deep hierarchical networks
    • H04W84/06Airborne or Satellite Networks

Definitions

  • An Electronic Flight Bag is a handheld mobile computing device carried by aircraft flight crews that reference materials such as aircraft operating manuals, flight-crew operating manuals, navigational charts, weather forecasts, flight schedules, and the like.
  • the Electronic Flight Bag is a resource intended primarily for cockpit use by the flight crew's pilot and co-pilot. Contents on the electronic flight bag may be updated while on-board an aircraft by connecting the electronic flight bag to an on-board aircraft network which includes an on-board EFB data server.
  • the most secure way of connecting EFB to the on-board aircraft network is by using a cable, because the adversary would have to gain physical access to the connector, which is situated in cockpit, hence under control of pilots.
  • a cable provides a hardwired point-to-point connection that ensures only one EFB device can be connected to the on-board aircraft network at any one time.
  • cables can fail, tangle, and can be a source of clutter on the flight deck.
  • Wireless links such as those provided by dedicated Wi-Fi (i.e., IEEE 802.11) access points are one means to avoid the need for hardwire cable connections.
  • Such wireless connections introduce security issues because their signals are not restricted to the cockpit, and logon credentials can be hacked or stolen by an attacker eavesdropping on the access point enabling the attacker to connect to the dedicated Wi-Fi network.
  • Embodiments of the present invention provide methods and systems for providing automated secure distribution of logon credentials for establishing wireless connectivity of Electronic Flight Bags and will be understood by reading and studying the following specification.
  • a method for secured aircraft wireless network access comprises: establishing a first wireless NFC link between a first electronic flight bag (EFB) and a first Near Field Communications (NFC) node, wherein the first NFC node is hardwired to a wireless access point and the wireless access point is coupled to one or more EFB service applications via an aircraft data network, wherein the wireless access point provides a plurality of wireless channels for accessing the aircraft data network, and wherein each of the plurality of wireless channels are single user wireless channels; in response to a request for access received at the first NFC node from the first EFB, determining whether a wireless channel of the plurality of wireless channels is available; when the wireless channel is available, generating a logon credential associated with the first wireless channel and transmitting the logon credential to the EFB with the NFC node; establishing a second wireless link between the first EFB and the wireless access point using the logon credential; and transferring data between the first EFB and the one or more EFB server applications over the second wireless link.
  • EFB
  • FIG. 1 is a diagram illustrating a secured aircraft wireless network access system of one embodiment of the present disclosure
  • FIG. 2 is a diagram illustrating a secured aircraft wireless network access system of one embodiment of the present disclosure.
  • FIG. 3 is a flowchart illustrating a method for a secured aircraft wireless network access system of one embodiment of the present disclosure.
  • Embodiments disclosed herein reduces the chances that an unauthorized party onboard an aircraft can obtain wireless access point login credentials used by flight crew members to wirelessly connect their Electronic Flight Bag (EFB) to the aircraft's data network. These embodiments limit the number of simultaneously connected devices which may wirelessly connect to the aircraft's data network in order to enable only authorized EFBs to be connected and refuse all other potentially harmful connections.
  • EFB Electronic Flight Bag
  • Wi-Fi access points The AES encryption used by Wi-Fi access points is currently the best widely available wireless communication protection and cannot be broken in reasonable time but there is a difficulty with respect to secure key storage and key distribution.
  • wireless access point login credentials should not be stored in a pilot's EFB, since these device are personal items carried by the pilots and will leave the aircraft, and may be left unattended. This leaves the devices vulnerable to an attacker that can install malware or access sensitive keys, rendering EFBs not-trusted devices.
  • Another possibility is to have the pilot manually enter wireless access point login credentials after the pilots board the aircraft. The login credentials can be memorized by the pilots or written on a piece of paper.
  • the embodiments proposed in the present disclosure solve the problem of protecting logon credentials against unauthorized use.
  • connecting an EFB to the aircraft's data network via a wireless access point will be possible only from aircraft's cockpit.
  • the logon credential will be loaded to the device in the cockpit without the need of typing long password.
  • FIG. 1 is a diagram illustrating a secured aircraft wireless network access system 100 of one embodiment of the present disclosure.
  • a pilot in possession of an Electronic Flight Bag (EFB, such as shown at 105 ) and operating the EFB 105 from within the aircraft's cockpit can securely and wirelessly connect to the aircraft data network 120 to exchange data with one or more EFB service applications 135 .
  • Aircraft data network 120 may be implemented as a wired network, or at least in part implemented using a wireless network.
  • an “EFB service application” is defined with any application configured to send or receive data with an EFB 105 regardless as to whether the application may perform other functions.
  • electronic flight bag and EFB may include any mobile computing device in the possession of a pilot which may be authorized to connect to the aircraft data network 120 from within the aircraft cockpit.
  • pilot is used through-out this disclosure, it should be appreciated that term generally is not intended to only refer to a flight crew captain, but may, consistent with the context of a particular passage, apply to other flight crew officers. That is, any act, task, function, selection, etc., described herein as being associated with a pilot action could in fact be performed by another flight crew member regardless of whether that member is a pilot or non-pilot.
  • system 100 comprises an on-board wireless access point 110 coupled by a hardwired connection to the aircraft data network 120 .
  • wireless access point 110 comprises a Wi-Fi (i.e., IEEE 802.11 standard) compatible access point.
  • the wireless access point 110 is located in the cockpit of the aircraft, but in other embodiments may be located elsewhere on-board the aircraft but wirelessly accessible by mobile devices in the cockpit.
  • Network 120 comprises a network that is further coupled to at least one server 130 , which may comprise a computer system executing the one or more EFB service applications 135 .
  • the at least one server 130 will often be located on-board the aircraft, but in some embodiments may instead be implemented at a ground facility in communication with the aircraft such as through satellite communications (SATCOM).
  • SATCOM satellite communications
  • Wireless access to network 120 is achievable through one or more single user wireless channels (shown at 111 ) provided by wireless access point 110 . That is, while wireless access point 110 may provide multiple wireless channels, each of those wireless channels has a unique Service Set Identifier (SSID) for example, SSID1 and SSID2, and will support only one wireless connection to one EFB 105 .
  • SSID Service Set Identifier
  • System 100 further comprises a pair of Near Field Communication (NFC) nodes 125 , each hardwire coupled to the wireless access point 110 .
  • NFC Near Field Communication
  • one of the NFC nodes 125 (such as shown at 126 ) is located at the Pilot's (or Captain's) station which the other (shown at 127 ) is located at the co-Pilot's (or First Officer's) station.
  • NFC devices 125 support very short range communications, which in this application is advantageous as the limited communication range prevents unauthorized communication with the NFC nodes 125 from outside of the cockpit.
  • the NFC nodes 125 operates at a frequency of 13.56 MHz and have a maximum operating range of about 10 cm.
  • NFC nodes 125 are compliant or otherwise compatible with one or more of ISO/IEC 14443, ISO/IEC 18000-3, ISO/IEC 18092/ECMA-340 (Near Field Communication Interface and Protocol-1) and/or ISO/IEC 21481/EC VIA-352 (Near Field Communication Interface and Protocol-2)
  • the communication link between an EFB 105 and the wireless access point 110 is secured and encrypted so that an EFB 105 requesting access to wireless access point 110 must present proper logon credentials before being granted access.
  • the logon credentials may be in the form of a pre-share key, or IEEE 802.1X authentication credentials, for example, or other authentication methods.
  • the logon credentials are loaded to an EFB 105 automatically in cockpit after the pilot puts the EFB 105 in the proximity of an NFC node 125 . After receiving the logon credentials, the EFB 105 is immediately able to authenticate itself with wireless access point 110 and connect with the EFB service applications 135 .
  • the pilot places an EFB 105 into the proximity of an NFC node 125 to send a request for access to the access point 110 .
  • server authentication may optionally be employed by EFB 105 to ensure that it is connecting to a valid NFC node 125 rather than a rogue NFC device.
  • Such a scenario could occur, for example, when EFB 105 is take off the aircraft by the pilot between flights. If the EFB 105 were provided logon credentials by a rogue NFC device, the EFB could be tricked into connected to a rogue Wi-Fi access point that would open the EFB 105 up to security risks.
  • EFB 105 can ensure that the logon credentials it receives via NFC come from a trusted source.
  • client authentication may be optionally employed by NFC node 125 to ensure it is communicating with a legitimate EFB rather than a rogue EFB.
  • the EFB 105 may authenticate itself with the NFC node 125 and then send a request for access to the access point 110 .
  • the NFC node 125 verifies that the EFB 105 is an authorized device prior to accepting such requests. This may be accomplished by verifying cryptographically that the EFB 105 possesses a valid not-revoked certificate.
  • the request for access initiated by EFB 105 via NFC node 125 is sent to the wireless access point 110 , which then generates a fresh set of logon credentials valid for one of the wireless channels 111 provided by the wireless access point 110 .
  • the NFC node 125 will then provide the requesting EFB 105 with the fresh logon credentials and the SSID of the wireless channel it is authorized to access.
  • the wireless channel is a single user wireless channel limited to a single connected user at any one time.
  • a single user wireless channel may be implemented, for example, by configuring DHCP services to provide only one IP address per wireless channel.
  • the NFC node 125 optionally transmits the fresh logon credentials back to the EFB using an encrypted format.
  • encryption of the logon credentials may be used to mitigate concerns regarding passive eavesdropping. It would not be possible for an adversary to connect to wireless access point 110 using such stolen credentials because only one device can be connected to one SSID at one particular point in time. However, it would be possible for the adversary possessing the credentials to sniff the Wi-Fi client association and then decrypt the following communication over Wi-Fi. For example, if an adversary knows the WPA2 pre-shared key and has the opportunity to witnesses the client association, the potential exists that the adversary can then decrypt the whole communication. Transmitting the logon credentials over NFC to the EFB 105 in an encrypted format guards against such potential threats.
  • the logon credentials are freshly generated before each connection. That is, once the connection between an EFB 105 and wireless access point 110 is terminated, the logon credentials provided to the EFB 105 for that wireless channel are voided. When that occurs, no access to network 120 via that wireless channel are possible until new logon credentials are generated in response to an access request from an EFB 105 placed into proximity with NFC node 125 . In other embodiments, the logon credentials provided to an EFB 105 remain valid for some duration, such as the duration of a specific flight, for example.
  • wireless access point 110 limits use of an wireless channel to only one EFB 105 at a time, should a second EFB 105 request access to wireless access point 110 , it may need to use another wireless channel (if another wireless channel is available). For example, in one embodiment, if the pilot initiates the above procedure, that pilot's EFB 105 will obtain access to the EFB service applications 135 using a first wireless channel (e.g. SSID1). If the co-pilot then subsequently attempts to access the above procedure, SSID1 will be in use and not available. In that situation, when the co-pilot requests access, the wireless access point 110 generates a fresh set of logon credentials to a second wireless channel (e.g. SSID2).
  • a first wireless channel e.g. SSID1
  • the NFC node 125 will then provide the co-pilot's EFB 105 with the fresh logon credentials for SSID2. In this way, system 100 can set a limit on the total number of EFBs that can connect to the network 120 at any one time. That is, if wireless access point 110 is setup to provide a maximum of two single use wireless channels, then the total number of EFB 105 s which can access network 120 using wireless access point 110 is limited to two. In some embodiments, there may be only a single NFC node 125 provided in the cockpit (e.g., in a location within the cockpit convenient to both the pilot and co-pilot). In that case, each pilot initiates access through that single NFC node 125 .
  • wireless channel assignment is position sensitive. That is, each NFC node 125 in the cockpit is associated with a specific SSID for a wireless channel provided by wireless access point 110 . For example, if an EFB 105 initiates its request for access from the first NFC node shown at 126 , it will be assigned logon credentials for the wireless channel associated with the NFC node at 126 (i.e. “SSID1”). Similarly, if an EFB 105 initiates its request for access from the second NFC node shown at 127 , it will be assigned logon credentials for the wireless channel associated with the NFC node at 127 (i.e. “SSID2”). In this way, there can be a wireless channel that remains dedicated for an EFB 105 that initiates login from the pilot position within the cockpit, and another wireless channel that remains dedicated for an EFB 105 that initiates login from the co-pilot position within the cockpit.
  • the secured aircraft wireless network access system 100 further includes pilot controlled wireless channel activation control interface 210 .
  • the pilot has full control over how many wireless channels and/or which particular wireless channels and SSIDs are made available by wireless acess point 110 .
  • the pilot using wireless channel activation control interface 210 may choose to maintain in an off state all wireless channels available from access point 110 .
  • the wireless channel activation control interface 210 are used to active one wireless channel.
  • the pilot touches the EFB 105 to an NFC node 105 , receives logon credentials via NFC node 105 , and immediately connects to wireless acess point 110 and exchanges data with the EFB service applications 135 .
  • the pilot may use wireless channel activation control interface 210 to activate a specific wireless channel associated with a specific one of the NFC nodes 105 . Only SSIDs for those wireless channels selected to be active may be used. The pilot may again choose to use wireless channel activation control interface 210 to maintain all wireless channels available from access point 110 in an off state. Then, when the need arrives to couple the pilot's EFB 105 to the EFB service applications 135 , the pilot may use the wireless channel activation control interface 210 to active the specific wireless channel associated with the NFC node 126 located near the pilot's position in the aircraft (in this case, SSID1).
  • FIG. 2 illustrates one implementation of wireless channel activation control interface 210 comprising a first control 212 for enabling or disabling a first wireless channel and a second control 213 for enabling or disabling a second wireless channel.
  • wireless channel activation control interface 210 may further include a maintenance control 214 for enabling a maintenance device to obtain access to a wireless channel from access point 110 (which may be a dedicated maintenance channel) by requesting logon credentials from one of the NFC nodes 105 .
  • a maintenance control 214 for enabling a maintenance device to obtain access to a wireless channel from access point 110 (which may be a dedicated maintenance channel) by requesting logon credentials from one of the NFC nodes 105 .
  • control options 212 , 213 , 214 provided by wireless channel activation control interface 210 may be implemented as physical switches or knobs, or alternately may be virtually implemented such as through touch screen controls for example.
  • embodiments of the present disclosure enable a pilot to automatically connect their EFB to the aircraft's network through a wireless connection without the need to memorize pass keys or phrases.
  • the process is quick, and may require nothing more from the pilot than taking his or her position in the cockpit and placing their EFB near an NFC node.
  • an audible beep may be generated once the connection is made.
  • physical access to the cockpit which is typically restricted during flights to non-flight crew members, is required to obtain logon credentials. In some embodiments, once those logon credentials are used once, they are no longer valid.
  • single use SSIDs ensure that only a limited, controllable, number of EFBs may be connected at any one time.
  • FIG. 3 is a flow chart illustrating a method 300 of one embodiment of the present disclosure.
  • the method 300 may be implemented using the secured aircraft wireless network access system 100 disclosed above with respect to FIGS. 1 and 2 .
  • elements, alternatives and options discussed with respect to FIGS. 1 and 2 may be applied in any combination with the elements of method 300 , and vise verse.
  • the method 300 begins at 310 with establishing a first wireless NFC link between a first electronic flight bag (EFB) and a first Near Field Communications (NFC) node.
  • the first NFC node is hardwired to a wireless access point and the wireless access point is coupled to one or more EFB service applications via an aircraft data network.
  • EFB electronic flight bag
  • NFC Near Field Communications
  • the wireless access point provides a plurality of wireless channels for accessing the aircraft data network, and each of the plurality of wireless channels are single user wireless channels.
  • the first NFC node is located in the aircraft cockpit and may either be the only NFC node, or one of a plurality of NFC nodes in the aircraft cockpit. In some embodiment, one of the NFC nodes is located at the Pilot's (or Captain's) station which another is located at the co-Pilot's (or First Officer's) station.
  • wireless channel assignment is position sensitive such that each NFC node in the cockpit is associated with a specific and dedicated wireless channel provided by wireless access point.
  • server authentication and client authentication may be employed by the EFB and/or the NFC node in the manner previously described.
  • the method proceeds to 320 where, in response to a request for access received at the first NFC node from the first EFB, the method proceeds with determining whether a wireless channel of the plurality of wireless channels is available. That is, the method determines which, if any, of the wireless channels supported by the wireless access point are currently in use. Since the wireless channels are single user channels, only one EFB may be connected to the wireless access point through the first wireless channel at a time. In one embodiment, when the first wireless channel is in use, the method may proceed to determining whether another wireless channel is available, and then proceed with the method using that wireless channel. When a connection attempt is made when all channels are already used, in some embodiments, the oldest running connection may be terminated and the channel freed and made available for the new connection.
  • wireless channel activation control interface (such as wireless channel activation control interface 210 ) may be implemented so that a pilot can control which wireless channels are available, or how many wireless channels are available.
  • determining whether a first wireless channel of the plurality of wireless channels is available may further comprises determining whether wireless channel activation control interface have enabled the first wireless channel.
  • the method proceeds to 330 wherein when the first wireless channel is available, the method proceeds with generating a logon credential associated with the first wireless channel and transmitting the logon credential to the EFB with the NFC node.
  • the logon credential may be transmitted in an encrypted format.
  • the communication link between an EFB and the wireless access point is secured and encrypted so that an EFB requesting access to wireless access point must present proper logon credentials before being granted access.
  • the logon credentials may be in the form of a pre-share key, or IEEE 802.1X authentication credentials, for example, or other authentication methods.
  • the logon credential is loaded to the EFB automatically in cockpit after the pilot puts the EFB in the proximity of the NFC node.
  • the EFB After receiving the logon credentials, the EFB is immediately able to authenticate itself with wireless access point and connect with the EFB service applications. As such, the method proceeds to 340 with establishing a second wireless link between the first EFB and the wireless access point using the logon credential, and then to 350 with transferring data between the EFB and the one or more EFB server applications over the second wireless link.
  • the logon credential generated at block 330 is freshly generated in response to the access request from the EFB received at the first NFC node.
  • the fresh logon credential is valid for one of the single user wireless channels provided by the wireless access point.
  • the logon credentials are freshly generated before each connection. That is, once the connection between an EFB and a wireless access point is terminated, the logon credentials provided to the EFB are voided and no access to the aircraft data network via that wireless channel are possible until new logon credentials are generated in the manner described above. In other embodiments, the logon credentials provided to an EFB remain valid for some duration, such as the duration of a specific flight, for example.
  • Example 1 includes a secured aircraft wireless network access system, the system comprising: at least one server, the at least one server comprising one or more electronic flight bag (EFB) service applications; an aircraft data network comprising a network coupled to the at least one server; a wireless access point having a plurality of single user wireless channels, the wireless access point coupled to the aircraft data network; and at least one Near Field Communication (NFC) node hardwire coupled to the wireless access point, the NFC node located within the cockpit of an aircraft; wherein the at least one NFC node is configured to transmit a logon credential to a first EFB using a first wireless NFC link, the logon credential associated with a first single user wireless channel from the wireless access point, wherein the logon credential is freshly generated by the wireless access point upon receiving an access request via at least one NFC node from the first EFB; and wherein upon receiving the logon credential from the first EFB at the wireless access point, the wireless access point establishes a second wireless link over the first single user wireless channel with the first E
  • Example 2 includes the system of any of examples 1, wherein the logon credential is voided when the second wireless link is terminated.
  • Example 3 includes the system of any of examples 1, wherein the at least one NFC node transmits the logon credential to the first EFB in an encrypted format.
  • Example 4 includes the system of any of examples 1, wherein either the at least one NFC node is authenticated by the first EFB using server authentication, the first EFB is authenticated by the at least one NFC node using client authentication, or both.
  • Example 5 includes the system of any of examples 1, wherein the at least one Near Field Communication (NFC) node comprises at least a first NFC node and a second NFC node.
  • NFC Near Field Communication
  • Example 6 includes the system of any of examples 5, wherein the wireless access point associates the first single user wireless channel with the first NFC node and associates a second single user wireless channel with the second NFC node.
  • Example 7 includes the system of any of examples 5, wherein the wireless access point generates the logon credential for one of the plurality of wireless channels based on which of the first NFC node or the second NFC node receives the access request.
  • Example 8 includes the system of any of examples 5, wherein first NFC node is located at a Pilot station within the cockpit and the second NFC node is located at a co-Pilot station within the cockpit.
  • Example 9 includes the system of any of examples 1, further comprising: a wireless channel activation control interface located in the cockpit, the wireless channel activation control interface configured to individually enable and disable each of the plurality of single user wireless channels.
  • Example 10 includes the system of any of examples 1, further comprising: a wireless channel activation control interface located in the cockpit, the wireless channel activation control interface configured to control how many of the plurality of single user wireless channels are enabled.
  • Example 11 includes a method for secured aircraft wireless network access, the method comprising: establishing a first wireless NFC link between a first electronic flight bag (EFB) and a first Near Field Communications (NFC) node, wherein the first NFC node is hardwired to a wireless access point and the wireless access point is coupled to one or more EFB service applications via an aircraft data network, wherein the wireless access point provides a plurality of wireless channels for accessing the aircraft data network, and wherein each of the plurality of wireless channels are single user wireless channels; in response to a request for access received at the first NFC node from the first EFB, determining whether a wireless channel of the plurality of wireless channels is available; when the wireless channel is available, generating a logon credential associated with the first wireless channel and transmitting the logon credential to the EFB with the NFC node; establishing a second wireless link between the first EFB and the wireless access point using the logon credential; and transferring data between the first EFB and the one or more EFB server applications over the second
  • Example 12 includes the method of example 11, wherein the logon credential is voided when the second wireless link is terminated.
  • Example 13 includes the method of any of examples 11-12, wherein the NFC node transmits the logon credential to the first EFB in an encrypted format.
  • Example 14 includes the method of any of examples 11-13, wherein either the NFC node is authenticated by the first EFB using server authentication, the first EFB is authenticated by the NFC node using client authentication, or both.
  • Example 15 includes the method of any of examples 11-14, wherein determining whether the wireless channel of the plurality of wireless channels is available comprises determining whether a wireless channel activation control interface has enabled the first wireless channel.
  • Example 16 includes the method of any of examples 11-15, wherein determining whether the wireless channel of the plurality of wireless channels is available comprises determining whether a maximum number of wireless channels from the wireless access point are in use.
  • Example 17 includes the method of any of examples 11-16, wherein the first NFC node is one of a plurality of NFC nodes hardwired to the wireless access point, the plurality of NFC nodes further comprising at least a second NFC node.
  • Example 18 includes the method of example 17, wherein first NFC node is located at a Pilot station within the cockpit and the second NFC node is located at a co-Pilot station within the cockpit.
  • Example 19 includes the method of any of examples 17-18, wherein the wireless access point associates a first single user wireless channel with the first NFC node and associates a second single user wireless channel with the second NFC node.
  • Example 20 includes the method of any of examples 17-19, wherein the wireless access point generates the logon credential for one of the plurality of wireless channels based on which of the first NFC node or the second NFC node receives the access request.
  • system elements, method steps, or examples described throughout this disclosure may be implemented on one or more computer systems, field programmable gate array (FPGA), or similar devices comprising a processor executing code to realize those elements, processes, or examples, said code stored on a non-transient data storage device. Therefore other embodiments of the present disclosure may include elements comprising program instructions resident on computer readable media which when implemented by such computer systems, enable them to implement the embodiments described herein.
  • computer readable media refers to tangible memory storage devices having non-transient physical forms.
  • Non-transient physical forms may include computer memory devices, such as but not limited to punch cards, magnetic disk or tape, any optical data storage system, flash read only memory (ROM), non-volatile ROM, programmable ROM (PROM), erasable-programmable ROM (E-PROM), random access memory (RAM), or any other form of permanent, semi-permanent, or temporary memory storage system or device having a physical, tangible form.
  • Program instructions include, but are not limited to computer-executable instructions executed by computer system processors and hardware description languages such as Very High Speed Integrated Circuit (VHSIC) Hardware Description Language (VHDL).
  • VHSIC Very High Speed Integrated Circuit
  • VHDL Hardware Description Language

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Automated distribution of wireless logon credentials for an electronic flight bag (EFB) is provided. In one embodiment, a method for secured aircraft wireless network access comprises: establishing a NFC link between an EFB and an NFC node, wherein the node is hardwired to a wireless access point coupled to EFB service applications via an aircraft network. The access point provides a plurality of wireless channels for accessing the network, each are single user wireless channels. In response to a request from the EFB, determining whether a first wireless channel is available; if the first wireless channel is available, generating a logon credential associated with the first wireless channel and transmitting the credential to the EFB with the NFC node; establishing a second link between the EFB and the wireless access point using the credential; and transferring data between the EFB and EFB server applications over the second link.

Description

    BACKGROUND
  • An Electronic Flight Bag (EFB) is a handheld mobile computing device carried by aircraft flight crews that reference materials such as aircraft operating manuals, flight-crew operating manuals, navigational charts, weather forecasts, flight schedules, and the like. Usually, the Electronic Flight Bag is a resource intended primarily for cockpit use by the flight crew's pilot and co-pilot. Contents on the electronic flight bag may be updated while on-board an aircraft by connecting the electronic flight bag to an on-board aircraft network which includes an on-board EFB data server. The most secure way of connecting EFB to the on-board aircraft network is by using a cable, because the adversary would have to gain physical access to the connector, which is situated in cockpit, hence under control of pilots. Further, a cable provides a hardwired point-to-point connection that ensures only one EFB device can be connected to the on-board aircraft network at any one time. However, cables can fail, tangle, and can be a source of clutter on the flight deck. Wireless links, such as those provided by dedicated Wi-Fi (i.e., IEEE 802.11) access points are one means to avoid the need for hardwire cable connections. Such wireless connections, however, introduce security issues because their signals are not restricted to the cockpit, and logon credentials can be hacked or stolen by an attacker eavesdropping on the access point enabling the attacker to connect to the dedicated Wi-Fi network.
  • For the reasons stated above and for other reasons stated below which will become apparent to those skilled in the art upon reading and understanding the specification, there is a need in the art for alternate systems and methods for providing automated secure distribution of logon credentials for establishing wireless connectivity of Electronic Flight Bags.
    • SUMMARY
  • The Embodiments of the present invention provide methods and systems for providing automated secure distribution of logon credentials for establishing wireless connectivity of Electronic Flight Bags and will be understood by reading and studying the following specification.
  • In one embodiment a method for secured aircraft wireless network access comprises: establishing a first wireless NFC link between a first electronic flight bag (EFB) and a first Near Field Communications (NFC) node, wherein the first NFC node is hardwired to a wireless access point and the wireless access point is coupled to one or more EFB service applications via an aircraft data network, wherein the wireless access point provides a plurality of wireless channels for accessing the aircraft data network, and wherein each of the plurality of wireless channels are single user wireless channels; in response to a request for access received at the first NFC node from the first EFB, determining whether a wireless channel of the plurality of wireless channels is available; when the wireless channel is available, generating a logon credential associated with the first wireless channel and transmitting the logon credential to the EFB with the NFC node; establishing a second wireless link between the first EFB and the wireless access point using the logon credential; and transferring data between the first EFB and the one or more EFB server applications over the second wireless link.
    • DRAWINGS
  • Embodiments of the present invention can be more easily understood and further advantages and uses thereof more readily apparent, when considered in view of the description of the preferred embodiments and the following figures in which:
  • FIG. 1 is a diagram illustrating a secured aircraft wireless network access system of one embodiment of the present disclosure;
  • FIG. 2 is a diagram illustrating a secured aircraft wireless network access system of one embodiment of the present disclosure; and
  • FIG. 3 is a flowchart illustrating a method for a secured aircraft wireless network access system of one embodiment of the present disclosure.
    •
  • In accordance with common practice, the various described features are not drawn to scale but are drawn to emphasize features relevant to the present invention. Reference characters denote like elements throughout figures and text.
    • DETAILED DESCRIPTION
  • In the following detailed description, reference is made to the accompanying drawings that form a part hereof, and in which is shown by way of specific illustrative embodiments in which the invention may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention, and it is to be understood that other embodiments may be utilized and that logical, mechanical and electrical changes may be made without departing from the scope of the present invention. The following detailed description is, therefore, not to be taken in a limiting sense.
  • Embodiments disclosed herein reduces the chances that an unauthorized party onboard an aircraft can obtain wireless access point login credentials used by flight crew members to wirelessly connect their Electronic Flight Bag (EFB) to the aircraft's data network. These embodiments limit the number of simultaneously connected devices which may wirelessly connect to the aircraft's data network in order to enable only authorized EFBs to be connected and refuse all other potentially harmful connections.
  • The AES encryption used by Wi-Fi access points is currently the best widely available wireless communication protection and cannot be broken in reasonable time but there is a difficulty with respect to secure key storage and key distribution. However, wireless access point login credentials should not be stored in a pilot's EFB, since these device are personal items carried by the pilots and will leave the aircraft, and may be left unattended. This leaves the devices vulnerable to an attacker that can install malware or access sensitive keys, rendering EFBs not-trusted devices. Another possibility is to have the pilot manually enter wireless access point login credentials after the pilots board the aircraft. The login credentials can be memorized by the pilots or written on a piece of paper. Both these possibilities should be avoided because of very low level of security—pilots should not be expected to remember complex passwords, and passwords written on a piece of paper can be easily copied by an attacker who may see the paper. Additionally, typing long password to the EFB on board the aircraft would be unnecessary burden for pilots.
  • The embodiments proposed in the present disclosure solve the problem of protecting logon credentials against unauthorized use. As explained in greater detail below, connecting an EFB to the aircraft's data network via a wireless access point will be possible only from aircraft's cockpit. The logon credential will be loaded to the device in the cockpit without the need of typing long password.
  • FIG. 1 is a diagram illustrating a secured aircraft wireless network access system 100 of one embodiment of the present disclosure. Using system 100, a pilot in possession of an Electronic Flight Bag (EFB, such as shown at 105) and operating the EFB 105 from within the aircraft's cockpit can securely and wirelessly connect to the aircraft data network 120 to exchange data with one or more EFB service applications 135. Aircraft data network 120 may be implemented as a wired network, or at least in part implemented using a wireless network. As the term is used herein, an “EFB service application” is defined with any application configured to send or receive data with an EFB 105 regardless as to whether the application may perform other functions. Further, the terms electronic flight bag and EFB may include any mobile computing device in the possession of a pilot which may be authorized to connect to the aircraft data network 120 from within the aircraft cockpit. Also, although the term “pilot” is used through-out this disclosure, it should be appreciated that term generally is not intended to only refer to a flight crew captain, but may, consistent with the context of a particular passage, apply to other flight crew officers. That is, any act, task, function, selection, etc., described herein as being associated with a pilot action could in fact be performed by another flight crew member regardless of whether that member is a pilot or non-pilot.
  • More specifically, system 100 comprises an on-board wireless access point 110 coupled by a hardwired connection to the aircraft data network 120. In one embodiment, wireless access point 110 comprises a Wi-Fi (i.e., IEEE 802.11 standard) compatible access point. Ideally, the wireless access point 110 is located in the cockpit of the aircraft, but in other embodiments may be located elsewhere on-board the aircraft but wirelessly accessible by mobile devices in the cockpit. Network 120 comprises a network that is further coupled to at least one server 130, which may comprise a computer system executing the one or more EFB service applications 135. The at least one server 130 will often be located on-board the aircraft, but in some embodiments may instead be implemented at a ground facility in communication with the aircraft such as through satellite communications (SATCOM). Wireless access to network 120 is achievable through one or more single user wireless channels (shown at 111) provided by wireless access point 110. That is, while wireless access point 110 may provide multiple wireless channels, each of those wireless channels has a unique Service Set Identifier (SSID) for example, SSID1 and SSID2, and will support only one wireless connection to one EFB 105.
  • System 100 further comprises a pair of Near Field Communication (NFC) nodes 125, each hardwire coupled to the wireless access point 110. In some embodiments, one of the NFC nodes 125 (such as shown at 126) is located at the Pilot's (or Captain's) station which the other (shown at 127) is located at the co-Pilot's (or First Officer's) station. NFC devices 125 support very short range communications, which in this application is advantageous as the limited communication range prevents unauthorized communication with the NFC nodes 125 from outside of the cockpit. For example, in one embodiment, the NFC nodes 125 operates at a frequency of 13.56 MHz and have a maximum operating range of about 10 cm. In some embodiments, NFC nodes 125 are compliant or otherwise compatible with one or more of ISO/IEC 14443, ISO/IEC 18000-3, ISO/IEC 18092/ECMA-340 (Near Field Communication Interface and Protocol-1) and/or ISO/IEC 21481/EC VIA-352 (Near Field Communication Interface and Protocol-2)
  • The communication link between an EFB 105 and the wireless access point 110 is secured and encrypted so that an EFB 105 requesting access to wireless access point 110 must present proper logon credentials before being granted access. The logon credentials may be in the form of a pre-share key, or IEEE 802.1X authentication credentials, for example, or other authentication methods. With embodiments of the present invention, the logon credentials are loaded to an EFB 105 automatically in cockpit after the pilot puts the EFB 105 in the proximity of an NFC node 125. After receiving the logon credentials, the EFB 105 is immediately able to authenticate itself with wireless access point 110 and connect with the EFB service applications 135.
  • More specifically, in one embodiment in operation, the pilot places an EFB 105 into the proximity of an NFC node 125 to send a request for access to the access point 110. In one embodiment, server authentication may optionally be employed by EFB 105 to ensure that it is connecting to a valid NFC node 125 rather than a rogue NFC device. Such a scenario could occur, for example, when EFB 105 is take off the aircraft by the pilot between flights. If the EFB 105 were provided logon credentials by a rogue NFC device, the EFB could be tricked into connected to a rogue Wi-Fi access point that would open the EFB 105 up to security risks. By using server authentication, EFB 105 can ensure that the logon credentials it receives via NFC come from a trusted source. Similarly, client authentication may be optionally employed by NFC node 125 to ensure it is communicating with a legitimate EFB rather than a rogue EFB. For example, the EFB 105 may authenticate itself with the NFC node 125 and then send a request for access to the access point 110. In one embodiment, the NFC node 125 verifies that the EFB 105 is an authorized device prior to accepting such requests. This may be accomplished by verifying cryptographically that the EFB 105 possesses a valid not-revoked certificate.
  • The request for access initiated by EFB 105 via NFC node 125 is sent to the wireless access point 110, which then generates a fresh set of logon credentials valid for one of the wireless channels 111 provided by the wireless access point 110. The NFC node 125 will then provide the requesting EFB 105 with the fresh logon credentials and the SSID of the wireless channel it is authorized to access. In one embodiment, the wireless channel is a single user wireless channel limited to a single connected user at any one time. A single user wireless channel may be implemented, for example, by configuring DHCP services to provide only one IP address per wireless channel.
  • In some implementations the NFC node 125 optionally transmits the fresh logon credentials back to the EFB using an encrypted format. Although eavesdropping on an NFC communication in an aircraft environment would be difficult, encryption of the logon credentials may be used to mitigate concerns regarding passive eavesdropping. It would not be possible for an adversary to connect to wireless access point 110 using such stolen credentials because only one device can be connected to one SSID at one particular point in time. However, it would be possible for the adversary possessing the credentials to sniff the Wi-Fi client association and then decrypt the following communication over Wi-Fi. For example, if an adversary knows the WPA2 pre-shared key and has the opportunity to witnesses the client association, the potential exists that the adversary can then decrypt the whole communication. Transmitting the logon credentials over NFC to the EFB 105 in an encrypted format guards against such potential threats.
  • In one embodiment, in order to guarantee that no one who entered the cockpit previously in the past will be able to re-connect to wireless access point 110 with an old credential, the logon credentials are freshly generated before each connection. That is, once the connection between an EFB 105 and wireless access point 110 is terminated, the logon credentials provided to the EFB 105 for that wireless channel are voided. When that occurs, no access to network 120 via that wireless channel are possible until new logon credentials are generated in response to an access request from an EFB 105 placed into proximity with NFC node 125. In other embodiments, the logon credentials provided to an EFB 105 remain valid for some duration, such as the duration of a specific flight, for example.
  • Because wireless access point 110 limits use of an wireless channel to only one EFB 105 at a time, should a second EFB 105 request access to wireless access point 110, it may need to use another wireless channel (if another wireless channel is available). For example, in one embodiment, if the pilot initiates the above procedure, that pilot's EFB 105 will obtain access to the EFB service applications 135 using a first wireless channel (e.g. SSID1). If the co-pilot then subsequently attempts to access the above procedure, SSID1 will be in use and not available. In that situation, when the co-pilot requests access, the wireless access point 110 generates a fresh set of logon credentials to a second wireless channel (e.g. SSID2). The NFC node 125 will then provide the co-pilot's EFB 105 with the fresh logon credentials for SSID2. In this way, system 100 can set a limit on the total number of EFBs that can connect to the network 120 at any one time. That is, if wireless access point 110 is setup to provide a maximum of two single use wireless channels, then the total number of EFB 105s which can access network 120 using wireless access point 110 is limited to two. In some embodiments, there may be only a single NFC node 125 provided in the cockpit (e.g., in a location within the cockpit convenient to both the pilot and co-pilot). In that case, each pilot initiates access through that single NFC node 125.
  • In some embodiments, wireless channel assignment is position sensitive. That is, each NFC node 125 in the cockpit is associated with a specific SSID for a wireless channel provided by wireless access point 110. For example, if an EFB 105 initiates its request for access from the first NFC node shown at 126, it will be assigned logon credentials for the wireless channel associated with the NFC node at 126 (i.e. “SSID1”). Similarly, if an EFB 105 initiates its request for access from the second NFC node shown at 127, it will be assigned logon credentials for the wireless channel associated with the NFC node at 127 (i.e. “SSID2”). In this way, there can be a wireless channel that remains dedicated for an EFB 105 that initiates login from the pilot position within the cockpit, and another wireless channel that remains dedicated for an EFB 105 that initiates login from the co-pilot position within the cockpit.
  • In yet another embodiment, illustrated in FIG. 2, the secured aircraft wireless network access system 100 further includes pilot controlled wireless channel activation control interface 210. Using these controls, the pilot has full control over how many wireless channels and/or which particular wireless channels and SSIDs are made available by wireless acess point 110. For example, the pilot using wireless channel activation control interface 210 may choose to maintain in an off state all wireless channels available from access point 110. Then, when the need arrives to couple the pilot's EFB 105 to the EFB service applications 135, the wireless channel activation control interface 210 are used to active one wireless channel. The pilot touches the EFB 105 to an NFC node 105, receives logon credentials via NFC node 105, and immediately connects to wireless acess point 110 and exchanges data with the EFB service applications 135.
  • For an embodiment where position sensitive wireless channel assignment is implemented, the pilot may use wireless channel activation control interface 210 to activate a specific wireless channel associated with a specific one of the NFC nodes 105. Only SSIDs for those wireless channels selected to be active may be used. The pilot may again choose to use wireless channel activation control interface 210 to maintain all wireless channels available from access point 110 in an off state. Then, when the need arrives to couple the pilot's EFB 105 to the EFB service applications 135, the pilot may use the wireless channel activation control interface 210 to active the specific wireless channel associated with the NFC node 126 located near the pilot's position in the aircraft (in this case, SSID1). The pilot touches the EFB 105 to NFC node 106, receives logon credentials via NFC node 106, and using SSID1 immediately connects to wireless acess point 110 so that the EFB 105 may exchange data with the EFB service applications 135. Because the other wireless channels remain deactivated, NFC nodes associated with the deactivated wireless channels (such as NFC node 127, for example) cannot be used to provide valid logon credentials. FIG. 2 illustrates one implementation of wireless channel activation control interface 210 comprising a first control 212 for enabling or disabling a first wireless channel and a second control 213 for enabling or disabling a second wireless channel. In some implementations, wireless channel activation control interface 210 may further include a maintenance control 214 for enabling a maintenance device to obtain access to a wireless channel from access point 110 (which may be a dedicated maintenance channel) by requesting logon credentials from one of the NFC nodes 105. It should be appreciated that the control options 212, 213, 214 provided by wireless channel activation control interface 210 may be implemented as physical switches or knobs, or alternately may be virtually implemented such as through touch screen controls for example.
  • As described above, embodiments of the present disclosure enable a pilot to automatically connect their EFB to the aircraft's network through a wireless connection without the need to memorize pass keys or phrases. The process is quick, and may require nothing more from the pilot than taking his or her position in the cockpit and placing their EFB near an NFC node. In some embodiments, an audible beep may be generated once the connection is made. At the same time, physical access to the cockpit, which is typically restricted during flights to non-flight crew members, is required to obtain logon credentials. In some embodiments, once those logon credentials are used once, they are no longer valid. Further, single use SSIDs ensure that only a limited, controllable, number of EFBs may be connected at any one time.
  • FIG. 3 is a flow chart illustrating a method 300 of one embodiment of the present disclosure. In one embodiment, the method 300 may be implemented using the secured aircraft wireless network access system 100 disclosed above with respect to FIGS. 1 and 2. As such, elements, alternatives and options discussed with respect to FIGS. 1 and 2 may be applied in any combination with the elements of method 300, and vise verse. The method 300 begins at 310 with establishing a first wireless NFC link between a first electronic flight bag (EFB) and a first Near Field Communications (NFC) node. The first NFC node is hardwired to a wireless access point and the wireless access point is coupled to one or more EFB service applications via an aircraft data network. Further, the wireless access point provides a plurality of wireless channels for accessing the aircraft data network, and each of the plurality of wireless channels are single user wireless channels. The first NFC node is located in the aircraft cockpit and may either be the only NFC node, or one of a plurality of NFC nodes in the aircraft cockpit. In some embodiment, one of the NFC nodes is located at the Pilot's (or Captain's) station which another is located at the co-Pilot's (or First Officer's) station. In some embodiments, wireless channel assignment is position sensitive such that each NFC node in the cockpit is associated with a specific and dedicated wireless channel provided by wireless access point. One or both of server authentication and client authentication may be employed by the EFB and/or the NFC node in the manner previously described.
  • The method proceeds to 320 where, in response to a request for access received at the first NFC node from the first EFB, the method proceeds with determining whether a wireless channel of the plurality of wireless channels is available. That is, the method determines which, if any, of the wireless channels supported by the wireless access point are currently in use. Since the wireless channels are single user channels, only one EFB may be connected to the wireless access point through the first wireless channel at a time. In one embodiment, when the first wireless channel is in use, the method may proceed to determining whether another wireless channel is available, and then proceed with the method using that wireless channel. When a connection attempt is made when all channels are already used, in some embodiments, the oldest running connection may be terminated and the channel freed and made available for the new connection. In other embodiments, such as an implementation with position sensitive wireless channel assignments, if an NFC node receiving the request for logon credentials has an associated dedicated wireless channel already in use, the pilot may be so informed so that the issue may be further investigated and/or the channel cleared for the pilots use. In still other embodiments, wireless channel activation control interface (such as wireless channel activation control interface 210) may be implemented so that a pilot can control which wireless channels are available, or how many wireless channels are available. As such, determining whether a first wireless channel of the plurality of wireless channels is available may further comprises determining whether wireless channel activation control interface have enabled the first wireless channel.
  • The method proceeds to 330 wherein when the first wireless channel is available, the method proceeds with generating a logon credential associated with the first wireless channel and transmitting the logon credential to the EFB with the NFC node. As discussed above, the logon credential may be transmitted in an encrypted format. The communication link between an EFB and the wireless access point is secured and encrypted so that an EFB requesting access to wireless access point must present proper logon credentials before being granted access. The logon credentials may be in the form of a pre-share key, or IEEE 802.1X authentication credentials, for example, or other authentication methods. At block 330, the logon credential is loaded to the EFB automatically in cockpit after the pilot puts the EFB in the proximity of the NFC node. After receiving the logon credentials, the EFB is immediately able to authenticate itself with wireless access point and connect with the EFB service applications. As such, the method proceeds to 340 with establishing a second wireless link between the first EFB and the wireless access point using the logon credential, and then to 350 with transferring data between the EFB and the one or more EFB server applications over the second wireless link.
  • The logon credential generated at block 330 is freshly generated in response to the access request from the EFB received at the first NFC node. The fresh logon credential is valid for one of the single user wireless channels provided by the wireless access point. In one embodiment, the logon credentials are freshly generated before each connection. That is, once the connection between an EFB and a wireless access point is terminated, the logon credentials provided to the EFB are voided and no access to the aircraft data network via that wireless channel are possible until new logon credentials are generated in the manner described above. In other embodiments, the logon credentials provided to an EFB remain valid for some duration, such as the duration of a specific flight, for example.
    • EXAMPLE EMBODIMENTS
  • Example 1 includes a secured aircraft wireless network access system, the system comprising: at least one server, the at least one server comprising one or more electronic flight bag (EFB) service applications; an aircraft data network comprising a network coupled to the at least one server; a wireless access point having a plurality of single user wireless channels, the wireless access point coupled to the aircraft data network; and at least one Near Field Communication (NFC) node hardwire coupled to the wireless access point, the NFC node located within the cockpit of an aircraft; wherein the at least one NFC node is configured to transmit a logon credential to a first EFB using a first wireless NFC link, the logon credential associated with a first single user wireless channel from the wireless access point, wherein the logon credential is freshly generated by the wireless access point upon receiving an access request via at least one NFC node from the first EFB; and wherein upon receiving the logon credential from the first EFB at the wireless access point, the wireless access point establishes a second wireless link over the first single user wireless channel with the first EFB that couples the first EFB to the one or more EFB service applications.
  • Example 2 includes the system of any of examples 1, wherein the logon credential is voided when the second wireless link is terminated.
  • Example 3 includes the system of any of examples 1, wherein the at least one NFC node transmits the logon credential to the first EFB in an encrypted format.
  • Example 4 includes the system of any of examples 1, wherein either the at least one NFC node is authenticated by the first EFB using server authentication, the first EFB is authenticated by the at least one NFC node using client authentication, or both.
  • Example 5 includes the system of any of examples 1, wherein the at least one Near Field Communication (NFC) node comprises at least a first NFC node and a second NFC node.
  • Example 6 includes the system of any of examples 5, wherein the wireless access point associates the first single user wireless channel with the first NFC node and associates a second single user wireless channel with the second NFC node.
  • Example 7 includes the system of any of examples 5, wherein the wireless access point generates the logon credential for one of the plurality of wireless channels based on which of the first NFC node or the second NFC node receives the access request.
  • Example 8 includes the system of any of examples 5, wherein first NFC node is located at a Pilot station within the cockpit and the second NFC node is located at a co-Pilot station within the cockpit.
  • Example 9 includes the system of any of examples 1, further comprising: a wireless channel activation control interface located in the cockpit, the wireless channel activation control interface configured to individually enable and disable each of the plurality of single user wireless channels.
  • Example 10 includes the system of any of examples 1, further comprising: a wireless channel activation control interface located in the cockpit, the wireless channel activation control interface configured to control how many of the plurality of single user wireless channels are enabled.
  • Example 11 includes a method for secured aircraft wireless network access, the method comprising: establishing a first wireless NFC link between a first electronic flight bag (EFB) and a first Near Field Communications (NFC) node, wherein the first NFC node is hardwired to a wireless access point and the wireless access point is coupled to one or more EFB service applications via an aircraft data network, wherein the wireless access point provides a plurality of wireless channels for accessing the aircraft data network, and wherein each of the plurality of wireless channels are single user wireless channels; in response to a request for access received at the first NFC node from the first EFB, determining whether a wireless channel of the plurality of wireless channels is available; when the wireless channel is available, generating a logon credential associated with the first wireless channel and transmitting the logon credential to the EFB with the NFC node; establishing a second wireless link between the first EFB and the wireless access point using the logon credential; and transferring data between the first EFB and the one or more EFB server applications over the second wireless link.
  • Example 12 includes the method of example 11, wherein the logon credential is voided when the second wireless link is terminated.
  • Example 13 includes the method of any of examples 11-12, wherein the NFC node transmits the logon credential to the first EFB in an encrypted format.
  • Example 14 includes the method of any of examples 11-13, wherein either the NFC node is authenticated by the first EFB using server authentication, the first EFB is authenticated by the NFC node using client authentication, or both.
  • Example 15 includes the method of any of examples 11-14, wherein determining whether the wireless channel of the plurality of wireless channels is available comprises determining whether a wireless channel activation control interface has enabled the first wireless channel.
  • Example 16 includes the method of any of examples 11-15, wherein determining whether the wireless channel of the plurality of wireless channels is available comprises determining whether a maximum number of wireless channels from the wireless access point are in use.
  • Example 17 includes the method of any of examples 11-16, wherein the first NFC node is one of a plurality of NFC nodes hardwired to the wireless access point, the plurality of NFC nodes further comprising at least a second NFC node.
  • Example 18 includes the method of example 17, wherein first NFC node is located at a Pilot station within the cockpit and the second NFC node is located at a co-Pilot station within the cockpit.
  • Example 19 includes the method of any of examples 17-18, wherein the wireless access point associates a first single user wireless channel with the first NFC node and associates a second single user wireless channel with the second NFC node.
  • Example 20 includes the method of any of examples 17-19, wherein the wireless access point generates the logon credential for one of the plurality of wireless channels based on which of the first NFC node or the second NFC node receives the access request.
  • In various alternative embodiments, system elements, method steps, or examples described throughout this disclosure (such as the NFC nodes or wireless access points, for example) may be implemented on one or more computer systems, field programmable gate array (FPGA), or similar devices comprising a processor executing code to realize those elements, processes, or examples, said code stored on a non-transient data storage device. Therefore other embodiments of the present disclosure may include elements comprising program instructions resident on computer readable media which when implemented by such computer systems, enable them to implement the embodiments described herein. As used herein, the term “computer readable media” refers to tangible memory storage devices having non-transient physical forms. Such non-transient physical forms may include computer memory devices, such as but not limited to punch cards, magnetic disk or tape, any optical data storage system, flash read only memory (ROM), non-volatile ROM, programmable ROM (PROM), erasable-programmable ROM (E-PROM), random access memory (RAM), or any other form of permanent, semi-permanent, or temporary memory storage system or device having a physical, tangible form. Program instructions include, but are not limited to computer-executable instructions executed by computer system processors and hardware description languages such as Very High Speed Integrated Circuit (VHSIC) Hardware Description Language (VHDL).
  • Although specific embodiments have been illustrated and described herein, it will be appreciated by those of ordinary skill in the art that any arrangement, which is calculated to achieve the same purpose, may be substituted for the specific embodiment shown. This application is intended to cover any adaptations or variations of the present invention. Therefore, it is manifestly intended that this invention be limited only by the claims and the equivalents thereof.

Claims (20)

What is claimed is:
1. A secured aircraft wireless network access system, the system comprising:
at least one server, the at least one server comprising one or more electronic flight bag (EFB) service applications;
an aircraft data network comprising a network coupled to the at least one server;
a wireless access point having a plurality of single user wireless channels, the wireless access point coupled to the aircraft data network; and
at least one Near Field Communication (NFC) node hardwire coupled to the wireless access point, the NFC node located within the cockpit of an aircraft;
wherein the at least one NFC node is configured to transmit a logon credential to a first EFB using a first wireless NFC link, the logon credential associated with a first single user wireless channel from the wireless access point, wherein the logon credential is freshly generated by the wireless access point upon receiving an access request via at least one NFC node from the first EFB; and
wherein upon receiving the logon credential from the first EFB at the wireless access point, the wireless access point establishes a second wireless link over the first single user wireless channel with the first EFB that couples the first EFB to the one or more EFB service applications.
2. The system of claim 1, wherein the logon credential is voided when the second wireless link is terminated.
3. The system of claim 1, wherein the at least one NFC node transmits the logon credential to the first EFB in an encrypted format.
4. The system of claim 1, wherein either the at least one NFC node is authenticated by the first EFB using server authentication, the first EFB is authenticated by the at least one NFC node using client authentication, or both.
5. The system of claim 1, wherein the at least one Near Field Communication (NFC) node comprises at least a first NFC node and a second NFC node.
6. The system of claim 5, wherein the wireless access point associates the first single user wireless channel with the first NFC node and associates a second single user wireless channel with the second NFC node.
7. The system of claim 5, wherein the wireless access point generates the logon credential for one of the plurality of wireless channels based on which of the first NFC node or the second NFC node receives the access request.
8. The system of claim 5, wherein first NFC node is located at a Pilot station within the cockpit and the second NFC node is located at a co-Pilot station within the cockpit.
9. The system of claim 1, further comprising:
a wireless channel activation control interface located in the cockpit, the wireless channel activation control interface configured to individually enable and disable each of the plurality of single user wireless channels.
10. The system of claim 1, further comprising:
a wireless channel activation control interface located in the cockpit, the wireless channel activation control interface configured to control how many of the plurality of single user wireless channels are enabled.
11. A method for secured aircraft wireless network access, the method comprising:
establishing a first wireless NFC link between a first electronic flight bag (EFB) and a first Near Field Communications (NFC) node, wherein the first NFC node is hardwired to a wireless access point and the wireless access point is coupled to one or more EFB service applications via an aircraft data network, wherein the wireless access point provides a plurality of wireless channels for accessing the aircraft data network, and wherein each of the plurality of wireless channels are single user wireless channels;
in response to a request for access received at the first NFC node from the first EFB, determining whether a wireless channel of the plurality of wireless channels is available;
when the wireless channel is available, generating a logon credential associated with the wireless channel and transmitting the logon credential to the EFB with the NFC node;
establishing a second wireless link between the first EFB and the wireless access point using the logon credential; and
transferring data between the first EFB and the one or more EFB server applications over the second wireless link.
12. The method of claim 11, wherein the logon credential is voided when the second wireless link is terminated.
13. The method of claim 11, wherein the NFC node transmits the logon credential to the first EFB in an encrypted format.
14. The method of claim 11, wherein either the NFC node is authenticated by the first EFB using server authentication, the first EFB is authenticated by the NFC node using client authentication, or both.
15. The method of claim 11, wherein determining whether the wireless channel of the plurality of wireless channels is available comprises determining whether a wireless channel activation control interface has enabled the first wireless channel.
16. The method of claim 11, wherein determining whether the wireless channel of the plurality of wireless channels is available comprises determining whether a maximum number of wireless channels from the wireless access point are in use.
17. The method of claim 11, wherein the first NFC node is one of a plurality of NFC nodes hardwired to the wireless access point, the plurality of NFC nodes further comprising at least a second NFC node.
18. The method of claim 17, wherein first NFC node is located at a Pilot station within the cockpit and the second NFC node is located at a co-Pilot station within the cockpit.
19. The method of claim 17, wherein the wireless access point associates a first single user wireless channel with the first NFC node and associates a second single user wireless channel with the second NFC node.
20. The method of claim 17, wherein the wireless access point generates the logon credential for one of the plurality of wireless channels based on which of the first NFC node or the second NFC node receives the access request.
US14/599,198 2015-01-16 2015-01-16 Automated distribution of logon credentials for establishing wireless connectivity of electronic flight bag (EFB) Active US9402182B1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US14/599,198 US9402182B1 (en) 2015-01-16 2015-01-16 Automated distribution of logon credentials for establishing wireless connectivity of electronic flight bag (EFB)
CA2916507A CA2916507A1 (en) 2015-01-16 2015-12-30 Automated distribution of logon credentials for establishing wireless connectivity of electronic flight bag (efb)
EP16150505.2A EP3046305B1 (en) 2015-01-16 2016-01-07 Automated distribution of logon credentials for establishing wireless connectivity of electronic flight bag(efb)
CN201610025857.8A CN105813009A (en) 2015-01-16 2016-01-15 Automated distribution of logon credentials for establishing wireless connectivity of electronic flight bag(EFB)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US14/599,198 US9402182B1 (en) 2015-01-16 2015-01-16 Automated distribution of logon credentials for establishing wireless connectivity of electronic flight bag (EFB)

Publications (2)

Publication Number Publication Date
US20160212618A1 true US20160212618A1 (en) 2016-07-21
US9402182B1 US9402182B1 (en) 2016-07-26

Family

ID=55182211

Family Applications (1)

Application Number Title Priority Date Filing Date
US14/599,198 Active US9402182B1 (en) 2015-01-16 2015-01-16 Automated distribution of logon credentials for establishing wireless connectivity of electronic flight bag (EFB)

Country Status (4)

Country Link
US (1) US9402182B1 (en)
EP (1) EP3046305B1 (en)
CN (1) CN105813009A (en)
CA (1) CA2916507A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160234202A1 (en) * 2015-02-10 2016-08-11 Dell Products, Lp System and Method for Providing an Authentication Certificate for a Wireless Handheld Device a Data Center Environment
US20180097786A1 (en) * 2016-09-30 2018-04-05 Panasonic Avionics Corporation Automated delivery of security credentials to scheduled crew
US10038985B2 (en) * 2015-07-23 2018-07-31 Dassault Aviation Communication method between an embedded communication system of an aircraft and a communication device, and communication module, terminal and assembly
US10725007B2 (en) * 2017-12-19 2020-07-28 Hamilton Sundstrand Corporation Aircraft cockpit portable component gas sensor
US11172342B2 (en) * 2017-02-14 2021-11-09 Safran Passenger Innovations, Llc Systems and methods for steering wireless network traffic within a vehicle
CN113905329A (en) * 2021-09-30 2022-01-07 深圳市美科星通信技术有限公司 Access method and access device of wireless network

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6624792B2 (en) * 2015-02-26 2019-12-25 キヤノン株式会社 Information processing apparatus, information processing apparatus control method, and program
US9900082B1 (en) * 2016-06-13 2018-02-20 Stitel Networks, LLC Converged data communications in satellite networks
US10880373B2 (en) 2019-02-19 2020-12-29 Robust Analytics, Inc. Method and network to implement peer-to-peer data synchronization between electronic flight bags
US11258863B1 (en) * 2020-11-06 2022-02-22 Ge Aviation Systems Llc Systems, devices, and methods for establishing multiple electronic flight bag sessions with a flight management computer

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130309971A1 (en) * 2012-05-16 2013-11-21 Nokia Corporation Method, apparatus, and computer program product for controlling network access to guest apparatus based on presence of hosting apparatus
US20140298024A1 (en) * 2012-12-18 2014-10-02 Nagravision S.A. Method for granting access to a network and device for implementing this method
US20150120097A1 (en) * 2013-10-30 2015-04-30 Westjet Airlines Ltd. Integrated communication and application system for aircraft
US20150244422A1 (en) * 2014-02-26 2015-08-27 Kabushiki Kaisha Toshiba Memory device including wireless communication function

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8532304B2 (en) 2005-04-04 2013-09-10 Nokia Corporation Administration of wireless local area networks
US7962748B2 (en) 2006-10-04 2011-06-14 The Boeing Company Methods and systems for securing a computer network
CN101881969B (en) * 2009-09-03 2012-03-14 中国航空无线电电子研究所 Flight management system and method thereof based on multi-task parallel processing
US8495722B1 (en) 2009-09-25 2013-07-23 Rockwell Collins, Inc. Method and system for controlling access to an aircraft-based wireless network
US9516352B2 (en) 2010-06-22 2016-12-06 Livetv, Llc Registration of a personal electronic device (PED) with an aircraft IFE system using a PED generated registration identifier and associated methods
CN102868714A (en) * 2011-07-08 2013-01-09 中国商用飞机有限责任公司 Wireless broadband communication system for large aircraft
US20140059351A1 (en) 2012-08-21 2014-02-27 General Instrument Corporation Method and device for connecting to a wireless network using a visual code
US8792936B2 (en) 2012-10-01 2014-07-29 Xerox Corporation Establishing communication between devices using close proximity protocol
CA2868981C (en) 2013-10-30 2016-12-20 Westjet Airlines Ltd. Integrated communication and application system for aircraft for collecting passenger distribution data
FR3020910B1 (en) 2014-05-07 2016-07-22 Airbus Operations Sas SYSTEM FOR CONNECTING A MOBILE DEVICE TO A WIRELESS NETWORK OF AN AIRCRAFT
CN103995874A (en) * 2014-05-22 2014-08-20 北京航空航天大学 EFB system based on Windows modern UI

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130309971A1 (en) * 2012-05-16 2013-11-21 Nokia Corporation Method, apparatus, and computer program product for controlling network access to guest apparatus based on presence of hosting apparatus
US20140298024A1 (en) * 2012-12-18 2014-10-02 Nagravision S.A. Method for granting access to a network and device for implementing this method
US20150120097A1 (en) * 2013-10-30 2015-04-30 Westjet Airlines Ltd. Integrated communication and application system for aircraft
US20150244422A1 (en) * 2014-02-26 2015-08-27 Kabushiki Kaisha Toshiba Memory device including wireless communication function

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160234202A1 (en) * 2015-02-10 2016-08-11 Dell Products, Lp System and Method for Providing an Authentication Certificate for a Wireless Handheld Device a Data Center Environment
US9961074B2 (en) * 2015-02-10 2018-05-01 Dell Products, Lp System and method for providing an authentication certificate for a wireless handheld device a data center environment
US10038985B2 (en) * 2015-07-23 2018-07-31 Dassault Aviation Communication method between an embedded communication system of an aircraft and a communication device, and communication module, terminal and assembly
US20180097786A1 (en) * 2016-09-30 2018-04-05 Panasonic Avionics Corporation Automated delivery of security credentials to scheduled crew
US10742625B2 (en) * 2016-09-30 2020-08-11 Panasonic Avionics Corporation Automated delivery of security credentials to scheduled crew
US11172342B2 (en) * 2017-02-14 2021-11-09 Safran Passenger Innovations, Llc Systems and methods for steering wireless network traffic within a vehicle
US10725007B2 (en) * 2017-12-19 2020-07-28 Hamilton Sundstrand Corporation Aircraft cockpit portable component gas sensor
CN113905329A (en) * 2021-09-30 2022-01-07 深圳市美科星通信技术有限公司 Access method and access device of wireless network

Also Published As

Publication number Publication date
CN105813009A (en) 2016-07-27
EP3046305B1 (en) 2017-06-07
CA2916507A1 (en) 2016-07-16
EP3046305A1 (en) 2016-07-20
US9402182B1 (en) 2016-07-26

Similar Documents

Publication Publication Date Title
US9402182B1 (en) Automated distribution of logon credentials for establishing wireless connectivity of electronic flight bag (EFB)
US11006277B2 (en) Method and system for security and authentication of aircraft data transmissions
US10785040B2 (en) Secure communications
US10403063B2 (en) Geo-location estimate (GLE) sensitive physical access control methods of operation
US11489826B2 (en) Multi-factor authorization for IEEE 802.1x-enabled networks
US9936390B2 (en) Method and apparatus of triggering applications in a wireless environment
US9443069B1 (en) Verification platform having interface adapted for communication with verification agent
CN111031540B (en) Wireless network connection method and computer storage medium
KR101558557B1 (en) Method and server system for authenticating user based mobile phone number to replace input method of the ID and password
US20180159854A1 (en) Secure mobile access for automation systems
US9197413B1 (en) Hybrid secure communication system and method
KR20190079858A (en) System and method for transmitting encryption key of unmanned aerial vehicle
KR101827101B1 (en) Method for verifying status of drone
US20190110334A1 (en) Systems and methods for enhanced vehicle operator connectivity to external networks and onboard systems via single access point
CN105873034A (en) Safe hot spot information processing method
US20210092109A1 (en) Systems and methods for protecting drone-to-ground communications
CN103220157B (en) A kind of method and system of mobile terminal automatic shutdown
CN106028327A (en) Method for realizing hotspot security through authentication server
CN106878989A (en) A kind of connection control method and device
CN106028328A (en) NFC-based hotspot authentication method
Pomak et al. Enterprise WiFi Hotspot Authentication with Hybrid Encryption on NFC-Enabled Smartphones
Horbakha Method of protection of packet data transmitted from RPAS cameras
CN105873036A (en) Safe AP (access point) information processing method
Martellini et al. Testing the Resilience of HCWN
CN105898739A (en) Method for preventing hot spot from being illegally simulated

Legal Events

Date Code Title Description
AS Assignment

Owner name: HONEYWELL INTERNATIONAL INC., NEW JERSEY

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:HENZL, MARTIN;GOTTHARD, PETR;REEL/FRAME:034739/0931

Effective date: 20150116

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8