System and method for providing security aboard a moving platform

US 8,402,268 B2
Filed: 06/11/2010
Issued: 03/19/2013
Est. Priority Date: 06/11/2009
Status: Active Grant

First Claim

Patent Images

1. A security appliance, comprising:

a general purpose computer for running an operating system configured to programmatically execute a plurality of software modules and to interface with a plurality of access points within a distribution system of a selected information system,wherein said plurality of software modules provides a plurality of security functions including at least two of an antivirus module, a security log module, a payment processing module, a firewall module, a hardware security module, an intrusion detection/prevention module, and a network interface module, andwherein said security appliance is disposed within a single line replaceable unit for installation within the distribution system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for providing network security on a vehicle information system and methods for manufacturing and using same. The security system comprises an all-in-one security system that facilitates security system functions for the vehicle information system. Exemplary security system functions include secure storage of keys used to encrypt and/or decrypt system data, security-related application programming interfaces, a security log file, and/or private data. The security system likewise can utilize antivirus software, anti-spyware software, an application firewall, and/or a network firewall. As desired, the security system can include an intrusion prevention system and/or an intrusion detection system. If the information system includes a wireless distribution system, the security system can include an intrusion prevention (and/or detection) system that is suitable for use with wireless network systems. Thereby, the security system advantageously can provide a defense in depth approach by adding multiple layers of security to the information system.

529 Citations

25 Claims

1. A security appliance, comprising:
- a general purpose computer for running an operating system configured to programmatically execute a plurality of software modules and to interface with a plurality of access points within a distribution system of a selected information system,wherein said plurality of software modules provides a plurality of security functions including at least two of an antivirus module, a security log module, a payment processing module, a firewall module, a hardware security module, an intrusion detection/prevention module, and a network interface module, andwherein said security appliance is disposed within a single line replaceable unit for installation within the distribution system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The security appliance of claim 1, wherein said network interface facilitates bi-directional communications between the selected information system and an external communication connection.
  - 3. The security appliance of claim 2, wherein said external communication connection includes at least one of a secure wired communication connection, a secure wireless communication connection, a broadband communication connection, a cellular communication connection, and a Universal Serial Bus communication connection.
  - 4. The security appliance of claim 2, wherein said external communication connection is configured to transmit secure data to a processing system that is remote from the selected information system.
  - 5. The security appliance of claim 4, wherein said secure data is selected from a group consisting of credit card data, medical data, and data that is protected under applicable law.
  - 6. The security appliance of claim 1, wherein said intrusion detection/prevention module is configured to identify unauthorized access to a wireless distribution system of the selected information system.
  - 7. The security appliance of claim 1, wherein said hardware security module is accredited to at a security level of at least Federal Information Processing Standard (FIPS) Level 2.
  - 8. The security appliance of claim 1, wherein the distribution system interfaces with said security appliance via a fiber communications medium.
  - 9. The security appliance of claim 1, wherein the operating system comprises a Linux-based operating system.
  - 10. The security appliance of claim 1, wherein the selected information system is installed aboard a passenger vehicle.
  - 11. The security appliance of claim 1, further comprising a biometric authentication device for preventing unauthorized access to the selected information system, said biometric authentication device communicating with the distribution system of the selected information system.
  - 12. The security appliance of claim 11, wherein said biometric authentication device is selected from a group consisting of a face scanner, a hand scanner, a fingerprint scanner, a retina scanner, and an iris scanner.
  - 13. The security appliance of claim 11, wherein said biometric authentication device is associated with a crew panel system of the selected information system.
  - 14. A vehicle information system suitable for installation aboard a passenger vehicle, comprising:
    - a content source; and
      
      a distribution system for communicating with said content source and including the security appliance of claim 1.
  - 15. An aircraft, comprising:
    - a fuselage and a plurality of passenger seats arranged within the fuselage; and
      
      a vehicle information system, said vehicle information system coupled with said fuselage and comprising;
      
      a headend system that provides overall system control functions for said vehicle information system and that includes a content source;
      
      a user interface system that includes a user input system for selecting viewing content available from said content source and a content presentation system for presenting the selected viewing content; and
      
      a distribution system that distributes the selected viewing content throughout said vehicle information system and that includes the security appliance characterized by claim 1.

16. A method for providing network security for an information system, comprising:
- disposing a general purpose computer within a single line replaceable unit;
  
  installing the line replaceable unit within a distribution system of the information system; and
  
  enabling the general purpose computer to execute a plurality of software modules that are configured to interface with a plurality of access points within a distribution system of the information system, wherein the plurality of software modules provide a plurality of security functions including at least two of an antivirus module, a security log module, a payment processing module, a firewall module, a hardware security module, an intrusion detection/prevention module, and a network interface module.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The method of claim 16, wherein said enabling the general purpose computer includes enabling the network interface module to facilitate bi-directional communications between the information system and an external communication connection for transmitting secure data to a processing system that is remote from the information system.
  - 18. The method of claim 16, wherein said enabling the general purpose computer includes enabling the intrusion detection/prevention module to configure a wireless distribution system of the information system to identify unauthorized access to the information system.
  - 19. The method of claim 16, further comprising installing the information aboard a passenger vehicle.
  - 20. The method of claim 16, further comprising installing a biometric authentication device for preventing unauthorized access to the information system, wherein said biometric authentication device communicates with the distribution system of the information system.
  - 21. The security appliance of claim 20, wherein said installing a biometric authentication device comprises installing said biometric authentication device at a crew panel system of the information system.

22. A computer program product for providing network security for a selected information system, the computer program product being encoded on one or more non-transitory machine-readable storage media and being suitable for execution on a general purpose computer disposed within a single line replaceable unit for installation within a distribution system of the selected information system, comprising:
- instruction for activating at least one access point within the distribution system; and
  
  instruction for executing a plurality of software modules that provides a plurality of security functions including at least two of an antivirus module, a security log module, a payment processing module, a firewall module, a hardware security module, an intrusion detection/prevention module, and a network interface module; and
  
  instruction for monitoring signal activity between the selected information system and at least one portable media device via the at least one access point.
- View Dependent Claims (23, 24, 25)
- - 23. The computer program product of claim 22, wherein said instruction for executing includes instruction for enabling the network interface module to facilitate bi-directional communications between the selected information system and an external communication connection for transmitting secure data to a processing system that is remote from the selected information system.
  - 24. The computer program product of claim 22, wherein said instruction for executing includes instruction for enabling the intrusion detection/prevention module to configure a wireless distribution system of the selected information system to identify unauthorized access to the selected information system.
  - 25. The computer program product of claim 22, further comprising instruction for preventing unauthorized access to the selected information system via a biometric authentication device, wherein said biometric authentication device communicates with the distribution system of the selected information system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Panasonic Avionics Corporation (Panasonic Holdings Corporation)
Original Assignee
Panasonic Avionics Corporation (Panasonic Holdings Corporation)
Inventors
Dierickx, Michael
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
WYSZYNSKI, AUBREY H

Application Number

US12/813,973
Publication Number

US 20100318794A1
Time in Patent Office

1,012 Days
Field of Search

713/164, 726/23, 726/5
US Class Current

713/164
CPC Class Codes

B60R 25/04   operating on the propulsion...

H04B 7/18506   Communications with or from...

H04L 63/02   for separating internal fro...

H04L 63/0861   using biometrical features,...

H04L 63/10   for controlling access to d...

H04L 63/1408   by monitoring network traff...

System and method for providing security aboard a moving platform

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

529 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing security aboard a moving platform

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

529 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links