Methods, apparatus and computer program products for authenticating and determining integrity of a software part of an air vehicle

US 8,949,611 B1
Filed: 06/22/2011
Issued: 02/03/2015
Est. Priority Date: 06/22/2011
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating and determining integrity of a software part of an air vehicle comprising:

determining a first hash of digital data that comprises the software part; and

utilizing first and second different techniques to determine authenticity and integrity of the software part depending upon whether the air vehicle has data communications connectivity with an off-board security system in which case the first technique is utilized or lacks data communications connectivity with the off-board security system in which case the second technique is utilized,wherein, in an instance in which the air vehicle lacks data communications connectivity with the off-board security system, determining authenticity and integrity of the software part in accordance with the second technique by;

decrypting an encrypted hash of a software part in accordance with a public-private key pair to create a decrypted hash;

comparing the first hash with the decrypted hash;

executing the software part in an instance in which the first hash matches the decrypted hash without awaiting establishment of data communications connectivity with the off-board security system; and

thereafter transmitting the first hash to the off-board security system, following execution of the software part, once data communications connectivity is established; and

wherein, in an instance in which the air vehicle has data communications connectivity with the off-board security system, determining the integrity of the software part in accordance with the first technique by transmitting the first hash to the off-board security system for comparison with a whitelist including a plurality of hashes of authentic software parts.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatus and computer program products are provided to authenticate and determine the integrity a software part. In this regard, a software part is authenticated and its integrity is determined by determining a first hash of the digital data that comprises the software part. If the air vehicle lacks data communications connectivity with an off-board security system, the method determines the authenticity and integrity of the software part by decrypting an encrypted hash of a software part in accordance with a public-private key pair to create a decrypted hash, comparing the first hash with the decrypted hash and transmitting the first hash to the off-board security system once data communications connectivity is established. Conversely, if the air vehicle has data communications connectivity with the off-board security system, the method determines the integrity of the software part by transmitting the first hash to the off-board security system for comparison with a whitelist.

13 Citations

View as Search Results

20 Claims

1. A method for authenticating and determining integrity of a software part of an air vehicle comprising:
- determining a first hash of digital data that comprises the software part; and
  
  utilizing first and second different techniques to determine authenticity and integrity of the software part depending upon whether the air vehicle has data communications connectivity with an off-board security system in which case the first technique is utilized or lacks data communications connectivity with the off-board security system in which case the second technique is utilized,wherein, in an instance in which the air vehicle lacks data communications connectivity with the off-board security system, determining authenticity and integrity of the software part in accordance with the second technique by;
  
  decrypting an encrypted hash of a software part in accordance with a public-private key pair to create a decrypted hash;
  
  comparing the first hash with the decrypted hash;
  
  executing the software part in an instance in which the first hash matches the decrypted hash without awaiting establishment of data communications connectivity with the off-board security system; and
  
  thereafter transmitting the first hash to the off-board security system, following execution of the software part, once data communications connectivity is established; and
  
  wherein, in an instance in which the air vehicle has data communications connectivity with the off-board security system, determining the integrity of the software part in accordance with the first technique by transmitting the first hash to the off-board security system for comparison with a whitelist including a plurality of hashes of authentic software parts.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method according to claim 1 wherein determining authenticity and integrity of the software part in an instance in which the air vehicle lacks data communications connectivity with an off-board security system further comprises initially authenticating and determining the integrity of the software part in an instance in which the first hash matches the decrypted hash.
  - 3. A method according to claim 1 wherein determining authenticity and integrity of the software part in an instance in which the air vehicle lacks data communications connectivity with an off-board security system further comprises flagging the software part as potentially lacking authenticity or integrity in an instance in which the first hash fails to match the decrypted hash.
  - 4. A method according to claim 1 further comprising updating the whitelist as the software parts carried by the air vehicle change.
  - 5. A method according to claim 1 wherein transmitting the first hash to the off-board security system once data communications connectivity is established comprises auditing the integrity of the software part.
  - 6. A method according to claim 1 wherein decrypting an encrypted hash of a software part comprises decrypting a hash of a software part that has been encrypted with a private key of an airline with a public key of the airline.

7. A system for authenticating and determining integrity of a software part of an air vehicle comprising:
- an on-board computing system comprising a processor and memory configured to determine a first hash of digital data that comprises the software part, said on-board computing system also configured to utilize first and second different techniques to determine authenticity and integrity of the software part depending upon whether the air vehicle has data communications connectivity with an off-board security system in which case the first technique is utilized or lacks data communications connectivity with the off-board security system in which case the second technique is utilized, wherein, in an instance in which the air vehicle lacks data communications connectivity with an off-board security system, said on-board computing system is configured to determine authenticity and integrity of the software part in accordance with the second technique by decrypting an encrypted hash of a software part in accordance with a public-private key pair to create a decrypted hash, comparing the first hash with the decrypted hash, executing the software part in an instance in which the first hash matches the decrypted hash without awaiting establishment of data communications connectivity with the off-board security system and thereafter transmitting the first hash to the off-board security system, following execution of the software part, once data communications connectivity is established, and wherein, in an instance in which the air vehicle has data communications connectivity with the off-board security system, said on-board computing system is configured to determine the integrity of the software part in accordance with the first technique by transmitting the first hash to the off-board security system for comparison with a whitelist including a plurality of hashes of authentic software parts.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. A system according to claim 7 wherein the on-board computing system is configured to determine authenticity and integrity of the software part in an instance in which the air vehicle lacks data communications connectivity with an off-board security system by initially authenticating and determining the integrity of the software part in an instance in which the first hash matches the decrypted hash.
  - 9. A system according to claim 7 wherein the on-board computing system is configured to determine authenticity and integrity of the software part in an instance in which the air vehicle lacks data communications connectivity with an off-board security system by flagging the software part as potentially lacking authenticity or integrity in an instance in which the first hash fails to match the decrypted hash.
  - 10. A system according to claim 7 wherein the off-board security system is configured to update the whitelist as the software parts carried by the air vehicle change.
  - 11. A system according to claim 7 wherein the on-board computing system is configured to transmit the first hash to the off-board security system once data communications connectivity is established in order to audit the integrity of the software part.
  - 12. A system according to claim 7 wherein the on-board computing system is configured to decrypt an encrypted hash of a software part by decrypting a hash of a software part that has been encrypted with a private key of an airline with a public key of the airline.

13. A computer program product for authenticating and determining integrity of a software part of an air vehicle and comprising at least one non-transitory computer-readable storage medium having computer-executable program code portions stored therein, the computer-executable program code portions comprising:
- program code instructions for determining a first hash of digital data that comprises the software part; and
  
  program code instructions for utilizing first and second different techniques to determine authenticity and integrity of the software part depending upon whether the air vehicle has data communications connectivity with an off-board security system in which case the first technique is utilized or lacks data communications connectivity with the off-board security system in which case the second technique is utilized,wherein the program code instructions are configured to determine authenticity and integrity of the software part in an instance in which the air vehicle lacks data communications connectivity with an off-board security system in accordance with the second technique by;
  
  decrypting an encrypted hash of a software part in accordance with a public-private key pair to create a decrypted hash;
  
  comparing the first hash with the decrypted hash;
  
  executing the software part in an instance in which the first hash matches the decrypted hash without awaiting establishment of data communications connectivity with the off-board security system; and
  
  thereafter transmitting the first hash to the off-board security system, following execution of the software part, once data communications connectivity is established; and
  
  wherein the program code instructions are configured to determine the integrity of the software part in an instance in which the air vehicle has data communications connectivity with the off-board security system in accordance with the first technique by transmitting the first hash to the off-board security system for comparison with a whitelist including a plurality of hashes of authentic software parts.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. A computer program product according to claim 13 wherein the program code instructions for determining authenticity and integrity of the software part in an instance in which the air vehicle lacks data communications connectivity with an off-board security system further comprise program code instructions for initially authenticating and determining the integrity of the software part in an instance in which the first hash matches the decrypted hash.
  - 15. A computer program product according to claim 13 wherein the program code instructions for determining authenticity and integrity of the software part in an instance in which the air vehicle lacks data communications connectivity with an off-board security system further comprise program code instructions for flagging the software part as potentially lacking authenticity or integrity in an instance in which the first hash fails to match the decrypted hash.
  - 16. A computer program product according to claim 13 wherein the whitelist is updated as the software parts carried by the air vehicle change.
  - 17. A computer program product according to claim 13 wherein the program code instructions for transmitting the first hash to the off-board security system once data communications connectivity is established comprise program code instructions for auditing the integrity of the software part.
  - 18. A computer program product according to claim 13 wherein the program code instructions for decrypting an encrypted hash of a software part comprise program code instructions for decrypting a hash of a software part that has been encrypted with a private key of an airline with a public key of the airline.

19. A system for authenticating and determining integrity of a software part of an air vehicle comprising:
- an off-board security system having access to a whitelist include a plurality of hashes of authentic software parts; and
  
  an on-board computing system comprising a processor and memory configured to determine a first hash of digital data that comprises the software part, said processor of said on-board computing system also configured to utilize first and second different techniques to determine authenticity and integrity of the software part depending upon whether the air vehicle has data communications connectivity with an off-board security system in which case the first technique is utilized or lacks data communications connectivity with the off-board security system in which case the second technique is utilized, wherein the processor of the on-board computing system is configured to determine authenticity and integrity of the software part in an instance in which the air vehicle lacks data communications connectivity with the off-board security system in accordance with the second technique by decrypting an encrypted hash of a software part in accordance with a public-private key pair to create a decrypted hash, comparing the first hash with the decrypted hash, executing the software part in an instance in which the first hash matches the decrypted hash without awaiting establishment of data communications connectivity with the off-board security system and thereafter transmitting the first hash to the off-board security system, following execution of the software part, once data communications connectivity is established, and wherein the processor of said on-board computing system further configured to determine the integrity of the software part in an instance in which the air vehicle has data communications connectivity with the off-board security system in accordance with the first technique by transmitting the first hash to the off-board security system,wherein the off-board security system comprises a processor configured to compare the first hash provided by the on-board computing system with the whitelist and to provide an indication of the integrity of the software part.
- View Dependent Claims (20)
- - 20. A system according to claim 19 wherein the processor of the on-board computing system is configured to determine authenticity and integrity of the software part in an instance in which the air vehicle lacks data communications connectivity with the off-board security system by initially authenticating and determining the integrity of the software part in an instance in which the first hash matches the decrypted hash.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Kimberly, Greg A., Gould, Todd William, Royalty, Charles D., Lawson, Jack
Primary Examiner(s)
Benoit, Esther

Application Number

US13/166,489
Time in Patent Office

1,322 Days
Field of Search

713/176
US Class Current

713/176
CPC Class Codes

G06F 21/51   at application loading time...

H04L 9/3226   using a predetermined code,...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3247   involving digital signatures

Methods, apparatus and computer program products for authenticating and determining integrity of a software part of an air vehicle

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods, apparatus and computer program products for authenticating and determining integrity of a software part of an air vehicle

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links