Airborne security manager
First Claim
1. In a mobile platform, a security system for monitoring an onboard communication system communicating with a terrestrial-based system over an intermittent link, the security system comprising:
- an onboard communication network accessible for use by a plurality of users onboard the mobile platform;
an intrusion detection system onboard the mobile platform for monitoring use of the onboard network for detecting if a potential intrusion event has occurred by one of the plurality of users onboard the mobile platform; and
an onboard security management system responsive to the intrusion detection system for initiating an action to address the potential intrusion event, based on a set of security policies, the action able to be directed to at least a selected one of a plurality of user access points on the onboard network, the set of security policies defining the action as initiatable subject to an override of the action through the terrestrial-based system and as changeable, when the intermittent link makes communication with the terrestrial-based system unavailable, to restore a previous policy-defined state of the selected user access point;
and the onboard security management system receives updates to said security policies from the terrestrial-based system when said intermittent link is operational;
wherein the action includes one of;
notifying a particular user on the onboard network that a suspected intrusion event has occurred;
orblocking access by the particular user to the onboard network;
the security system further provides a status indication as to a status of the onboard network.
1 Assignment
0 Petitions
Accused Products
Abstract
An airborne security management system is provided for monitoring security activities in a mobile network platform. This system includes a mobile network that is interconnected via an unreliable communication link to a terrestrial-based network security management system; an intrusion detection system connected to the mobile network and operable to detect a security intrusion event whose origination is associated with the mobile network; and a mobile security manager adapted to receive the security intrusion events from the intrusion detection system. The mobile security manager is operable to transmit a message indicative of the security intrusion event to the network security management system and to perform security response activities in response to security commands received from the network security management system. The mobile security manager is further operable to command security response activities on the mobile network platform, when the mobile network platform is not connected with network security management system.
-
Citations
7 Claims
-
1. In a mobile platform, a security system for monitoring an onboard communication system communicating with a terrestrial-based system over an intermittent link, the security system comprising:
-
an onboard communication network accessible for use by a plurality of users onboard the mobile platform; an intrusion detection system onboard the mobile platform for monitoring use of the onboard network for detecting if a potential intrusion event has occurred by one of the plurality of users onboard the mobile platform; and an onboard security management system responsive to the intrusion detection system for initiating an action to address the potential intrusion event, based on a set of security policies, the action able to be directed to at least a selected one of a plurality of user access points on the onboard network, the set of security policies defining the action as initiatable subject to an override of the action through the terrestrial-based system and as changeable, when the intermittent link makes communication with the terrestrial-based system unavailable, to restore a previous policy-defined state of the selected user access point; and the onboard security management system receives updates to said security policies from the terrestrial-based system when said intermittent link is operational; wherein the action includes one of; notifying a particular user on the onboard network that a suspected intrusion event has occurred;
orblocking access by the particular user to the onboard network; the security system further provides a status indication as to a status of the onboard network.
-
-
2. The security system as recited in claim 1, wherein the onboard security management system further operates to provide an alert message to the terrestrial-based system when an intrusion event is detected.
-
3. The security system recited in claim 1, wherein said status indication provides a status of a current operational state of each one of a plurality of network user access points of the onboard network.
-
4. The security system recited in claim 3, wherein the indication indicates one of:
-
a normal operational state; a suspect operational state wherein an intrusion event is suspected; and a disconnect state in which access by a user of a specific access point on the onboard network is prevented.
-
-
5. The security system recited in claim 1, wherein the onboard security management system notifies the terrestrial-based system that a potential intrusion event has occurred.
-
6. The security system recited in claim 1, where the action taken by the onboard security management system further includes installing a network traffic blocking filter on said user access point on which a potential intrusion event has occurred.
-
7. A method for monitoring an onboard network on a mobile platform, the method comprising:
-
providing a plurality of network access points to users on the mobile platform, the access points capable of providing access by user devices to an onboard network configured to communicate with a terrestrial-based system over an intermittent link; monitoring the onboard network to detect an intrusion event made by at least one of the users on the mobile platform; using a security management system onboard the mobile platform, and responsive to notification of an intrusion event, initiating a security action to address the intrusion event, in accordance with a set of security policies, where the security action can be directed to one or more selected access points on the network; and indicating an operational status of the network, the operational status resulting from the initiated action when the intermittent link prevents communication with the terrestrial-based system, the set of security policies defining the status as changeable based on whether the intermittent link makes input from the terrestrial-based system available for transitioning the one or more selected user access points into an auto-response disabled state.
-
Specification