US008495722B1
`
`(12) United States Patent
`McCusker
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 8.495,722 B1
`Jul. 23, 2013
`
`(54) METHOD AND SYSTEM FOR
`CONTROLLING ACCESS TO AN
`AIRCRAFT-BASED WIRELESS NETWORK
`
`(*) Notice:
`
`(75) Inventor: Patrick D. McCusker, Walker, IA (US)
`(73) Assignee: Rockwell Collins, Inc., Cedar Rapids,
`IA (US)
`Subject to any site the still
`past S. e 5 o:d justed under 35
`M
`YW-
`(b) by
`ayS.
`(21) Appl. No.: 12/567,529
`(22) Filed:
`Sep. 25, 2009
`
`(51) Int. Cl.
`G06F 15/16
`(2006.01)
`(52) U.S. Cl.
`USPC ............... 726/10, 726/2: 726/4; 726/5: 726/9
`(58) Field of Classification Search
`USPC .............. 726/4, 9, 10, 2.5: 244f1 18.5: 701 (3
`s - s
`r. ss 1-9 al- s
`701 /32.6
`See application file for complete search history.
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`7.440,591 B1
`10/2008 McCusker
`7,580,776 B1
`8, 2009 McCusker et al.
`7,586,869 B2
`9, 2009 Johnson et al.
`7,633,428 B1
`12/2009 McCusker et al.
`
`
`
`235,375
`7968 R ck 1239, She et al.
`w sy
`Orlano .......................
`2003/0109973 A1* 6/2003 Hensey et al. .................. 7O1/35
`2009/0327701 A1* 12/2009 Holz ..............
`T13,155
`2010/02876O1 A1* 11/2010 Croize .............................. T26/4
`
`FOREIGN PATENT DOCUMENTS
`WO WO 2008. 145934 A1 * 12/2008
`* cited by examiner
`Primary Examiner — Edward Zee
`Assistant Examiner — Baotran NTo
`(74) Attorney, Agent, or Firm — Donna P. Suchy; Daniel M.
`Barbieri
`ABSTRACT
`(57)
`A system for controlling access to an aircraft system by a
`portable electronic device attempting to connect to the air
`craft system via an aircraft-based wireless network includes a
`d
`figured
`d first identification information f
`reader COInfigured to read first 1dent1licat1On 1nOrmat1On from
`a first device. The system further includes communications
`electronics for the aircraft-based wireless network configured
`to receive second identification information from the portable
`electronic device. The system yet further includes a process
`ing circuit configured to receive the first identification infor
`mation from the reader and the second identification infor
`mation from the communications electronics and to compare
`the first and second identification information. The process
`ing circuit is configured to grant access to the aircraft system
`when the comparison indicates a match between the first and
`second identification information.
`
`20 Claims, 4 Drawing Sheets
`
`118
`
`12
`
`Unts Uncer
`Test
`
`Aircraft Systems
`Onboard
`Maintenance
`System (OMS
`
`114
`
`Security
`Processing
`Electronics
`
`DJI-1023
`IPR2023-01107
`
`

`

`U.S. Patent
`
`Jul. 23, 2013
`
`Sheet 1 of 4
`
`US 8,495,722 B1
`
`116
`
`118
`
`120
`
`Units Under
`Test
`
`114
`
`
`
`113
`
`102
`
`Access Point
`
`Receive First identification information from a Reader
`
`Receive Second identification information from a Portable Electronic Device
`via Communications Electronics
`
`
`
`
`
`Compare the First and Second lodentification information
`
`Grant Access to the Aircraft System When the Comparison indicates a
`Match Between the First and Second certification formation
`FIG. 2
`
`
`
`

`

`U.S. Patent
`
`Jul. 23, 2013
`
`Sheet 2 of 4
`
`US 8,495,722 B1
`
`Aircraft Systems
`Onboard Maintenance System
`322
`Security Processing Electronics
`
`
`
`Aircraft Systems
`Interface
`
`Wireless
`Access Point
`
`Communications
`Electronics
`
`
`
`Portabl
`Electric Evice
`
`s
`300
`FIG. 3
`
`112
`
`
`
`113
`
`322
`
`
`
`Security Processing
`Electronics
`
`Aircraft Systems Interface
`
`Decryption
`Module
`
`Comparison
`Module
`
`Module
`
`Reader Interface
`
`FIG. 4
`
`

`

`U.S. Patent
`
`Jul. 23, 2013
`
`Sheet 3 of 4
`
`US 8,495,722 B1
`
`500 --
`
`The User Accesses and Uses a Card Reader on the Aircraft with an ID Card /
`or Badge
`
`The Card Reader Provides dentification information Received From or
`Derived Using the ID Card or Badge to an Aircraft System
`
`The User Logs into a Portable Electronic Device or an Application Thereof
`Using a Credential (e.g., Username/Password)
`
`The User Causes the Portable Electronic Device to ACCess a Wireless
`ACCeSS Point for the AirCraft
`
`The Portable Electronic Device Provides a Digital Certificate to the Wireless
`ACCeSS Point
`
`The Wireless Access Point Provides the Digital Certificate to the Aircraft
`System
`
`The Aircraft System Decrypts the Digital Certificate
`
`
`
`The Aircraft System Compares lodentification information Determined Based
`on Decrypting the Digital Certificate with the lodentification information
`Received From the Reader
`
`510
`/
`
`512
`/
`
`514
`-
`
`The Aircraft System Grants the Portable Electronic Device with Access to
`the Aircraft System or the Aircraft's Wireless Network
`
`FIG. 5
`
`

`

`U.S. Patent
`
`Jul. 23, 2013
`
`Sheet 4 of 4
`
`US 8,495,722 B1
`
`Aircraft Systems
`
`116
`
`600
`
`112
`
`
`
`
`
`
`
`Security
`Processing
`Electronics
`
`Aircraft Systems
`interface
`Security
`Processing
`Electronics
`Communications
`Electronics
`
`Portable
`Electronic DeVice
`
`Aircraft Systems
`
`116
`
`Access Point
`
`Communications
`Electronics
`
`Portable
`Electronic Device
`
`

`

`US 8,495,722 B1
`
`1.
`METHOD AND SYSTEM FOR
`CONTROLLING ACCESS TO AN
`AIRCRAFT-BASED WIRELESS NETWORK
`
`2
`Alternative exemplary embodiments relate to other fea
`tures and combinations of features as may be generally
`recited in the claims.
`
`BACKGROUND
`
`BRIEF DESCRIPTION OF THE FIGURES
`
`The present invention relates generally to the field of air
`craft systems and aircraft-based wireless networks.
`Aircraft-based wireless networks can be used to provide
`access to aircraft systems such as an onboard maintenance
`system (OMS), an adaptive flight display system (AFD), a
`cabin crew system, a passenger entertainment system, a hos
`pitality inventory system, an aircraft flight plan or navigation
`system, and/or other aircraft systems. Applicants have found
`it challenging and difficult to securely authenticate, using
`conventional systems, the many users that may want to access
`aircraft systems via the aircraft-based wireless networks.
`
`10
`
`15
`
`SUMMARY
`
`One embodiment of the invention relates to a system for
`controlling access to an aircraft system by a portable elec
`tronic device attempting to connect to the aircraft system via
`an aircraft-based wireless network. The system includes a
`reader configured to read first identification information from
`a first device. The system further includes communications
`electronics for the aircraft-based wireless network configured
`to receive second identification information from the portable
`electronic device. The system yet further includes a process
`ing circuit configured to receive the first identification infor
`mation from the reader and the second identification infor
`mation from the communications electronics and to compare
`the first and second identification information. The process
`ing circuit is configured to grant access to the aircraft system
`when the comparison indicates a match between the first and
`second identification information.
`Another embodiment of the invention relates to a method
`for controlling access to an aircraft system by a portable
`electronic device attempting to connect to the aircraft system
`via an aircraft-based wireless network. The method includes
`receiving, at a processing circuit, first identification informa
`tion from a reader configured to read the first identification
`information from a first device. The method further includes
`receiving, at a processing circuit, second identification infor
`mation from communications electronics configured to
`receive the second identification information from the por
`table electronic device. The method yet further includes using
`the processing circuit to compare the first and second identi
`fication information and granting access to the aircraft system
`when the comparison indicates a match between the first and
`second identification information.
`Yet another embodiment of the invention relates to an
`apparatus for controlling access to an aircraft system by a
`portable electronic device attempting to connect to the air
`craft system via an aircraft-based wireless network. The
`apparatus includes means for receiving first identification
`information from a reader configured to read the first identi
`fication information from a first device. The apparatus yet
`further includes means for receiving second identification
`information from communications electronics configured to
`receive the second identification information from the por
`table electronic device. The apparatus also includes means for
`comparing the first and second identification information.
`The apparatus yet further includes means for granting access
`to the aircraft system when the comparison indicates a match
`between the first and second identification information.
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`The disclosure will become more fully understood from
`the following detailed description, taken in conjunction with
`the accompanying figures, wherein like reference numerals
`refer to like elements, in which:
`FIG. 1 is a block diagram of a system for controlling access
`to an aircraft system accessible via an aircraft-based wireless
`network, according to an exemplary embodiment;
`FIG. 2 is a flow chart of a process for controlling access to
`an aircraft system accessible via an aircraft-based wireless
`network, according to an exemplary embodiment;
`FIG.3 is a block diagram of a system for controlling access
`to an aircraft system accessible via an aircraft-based wireless
`network, according to another exemplary embodiment;
`FIG. 4 is a block diagram of security processing electron
`ics, according to an exemplary embodiment;
`FIG. 5 is more detailed flow chart of a process for control
`ling access to an aircraft system accessible via an aircraft
`based wireless network, according to an exemplary embodi
`ment;
`FIG. 6 is a block diagram of a system for controlling access
`to an aircraft system accessible via an aircraft-based wireless
`network, according to another exemplary embodiment; and
`FIG. 7 is a block diagram of a system for controlling access
`to an aircraft system accessible via an aircraft-based wireless
`network, according to another exemplary embodiment.
`
`DETAILED DESCRIPTION OF THE
`EXEMPLARY EMBODIMENTS
`
`Before turning to the figures, which illustrate the exem
`plary embodiments in detail, it should be understood that the
`application is not limited to the details or methodology set
`forth in the description or illustrated in the figures. It should
`also be understood that the terminology is for the purpose of
`description only and should not be regarded as limiting.
`Referring generally to the Figures, systems and methods
`for controlling access to an aircraft system accessible via an
`aircraft-based wireless networkare shown and described. The
`systems and methods generally complete the authentication
`of a portable electronic device by comparing identification
`information of two devices a user has: (1) the portable elec
`tronic device attempting to access the network and (2) a
`badge, card, or other identifying device. The systems and
`methods may also authenticate the portable electronic device
`for access to the network using something the user knows
`(e.g., a password to the portable electronic device, a password
`to the network, a password to the aircraft system). In various
`exemplary embodiments of the present application, the sys
`tem for authentication does not check user credentials
`received from the portable electronic device with a central
`ized authentication server or system remotely located from
`the aircraft.
`Referring now to FIG. 1, a block diagram of a system 100
`for controlling access to aircraft systems 116 accessible via
`an aircraft-based wireless network is shown, according to an
`exemplary embodiment. User 104 (e.g., pilot, maintenance
`technician, etc.) would like to access aircraft systems 116 via
`a portable electronic device 108 and a wireless network pro
`vided by wireless access point 110 on aircraft 102. For
`example, user 104 may be a maintenance technician desiring
`to access aircraft 102’s onboard maintenance system 120
`
`

`

`US 8,495,722 B1
`
`5
`
`10
`
`15
`
`25
`
`35
`
`3
`while user 104 walks around the aircraft with portable elec
`tronic device 108. Security processing electronics 114 are
`configured to grant portable electronic device 108 access to
`aircraft systems 116 when a comparison between first iden
`tification information received at a reader 112 matches sec
`ond identification information received from portable elec
`tronic device 108 at wireless access point 110. Accordingly,
`in the exemplary embodiment shown in FIG. 1, user 104
`walks up to reader 112 and scans ID badge 106 at reader 112.
`Within a period of time before, during, or after the scan, when
`portable electronic device 108 communicates identification
`information for user 104 or device 108 to wireless access
`point 110 that matches the identification information received
`via ID badge 106, security processing electronics 114 grants
`access to portable electronic device 108.
`Reader 112 may be configured to communicate with ID
`badge 106 via radio-frequency identification (RFID) technol
`ogy or near-field communication (NFC) technology. In other
`embodiments, other short range radio communications tech
`nologies are used by reader 112. In yet other exemplary
`embodiments, reader 112 is configured to communicate with
`ID badge 106 using visual or contact-based reading technolo
`gies (e.g., bar code scanning). Reader 112 may be located
`near an entrance to aircraft 102 (e.g., just inside the front most
`door of the aircraft, just inside a service bay), may be located
`in or near the cockpit, or may be located at any other location
`on or in aircraft 102. While device 106 is described as being
`a badge, it should be appreciated that a device or circuit for
`providing identification information to reader 112 may be of
`any technology suitable with the various embodiments of
`30
`reader 112. Further device 106 may not be formed as a badge
`in some embodiments but may rather beformed as a patch, a
`button, integrated with a key fob or key, embedded on or
`within human skin, printed on a card or other Substrate, or
`otherwise formed.
`Reader 112 is shown in FIG. 1 as being communicably
`coupled to airport security system 113. When user 104 holds
`his or her ID badge 106 near reader 112 so that reader 112
`reads information from ID badge 106, reader 112 may be
`configured to validate the information or recall additional
`information from airport security system 113. For example,
`memory of ID badge 106 may not store an identity or identi
`fication information for user 104. Rather, reader 112 may pass
`a key or unique string of information provided by ID badge
`106 to airport security system 113 for looking up identifica
`tion information of user 104 associated with badge 106. In
`other embodiments, airport security system 113 validates ID
`badge 106 and returns identification information not descrip
`tive of user 104 back to reader 112. The identification infor
`mation returned back to reader 112 from airport security
`system 113 may be encrypted or provided back to reader 112
`in the form of a token that security processing electronics 114
`can recognize.
`Reader 112 is configured to provide security processing
`electronics 114 with identification information relating to ID
`badge 106 or user 104. The information may be obtained
`directly from ID badge 106, derived from ID badge 106 by
`logic of reader 112, retrieved from airport security system
`113, looked up by reader 112, or obtained in another way by
`reader 112. The identification information may be provided to
`security processing electronics 114 in the form of a number,
`a string of text, an encrypted signal, a token having an
`encrypted portion, an XML message or other self-describing
`message, or in any other form.
`The portable electronic device 108 for which user 104 is
`seeking to have access aircraft systems 116 is shown as a
`laptop computer in FIG. 1. In other embodiments, portable
`
`50
`
`40
`
`45
`
`55
`
`60
`
`65
`
`4
`electronic device 108 may be a personal digital assistant
`(PDA), a mobile phone, a tablet PC, or any other device
`configured to communicate with other electronic systems via
`wireless communications. Portable electronic device 108
`may communicate with wireless access point 110 via wireless
`communications according to one or more wireless commu
`nications protocols (e.g., IEEE 802.11, IEEE 802.15, Blue
`tooth, Zigbee, WiFi, WiMax, municipal WiFi, etc.) compat
`ible with wireless access point 110 or another wireless
`transceiver associated with aircraft 102. Portable electronic
`device 108 may include processing electronics (e.g., proces
`Sor, memory, etc.) configured to execute one or more appli
`cations that are stored local to portable electronic device 108.
`In other embodiments, portable electronic device 108 may
`include a “thin' browser or client configured to access appli
`cations served by aircraft systems 116, security processing
`electronics 114, wireless access point 110, or another aircraft
`system (e.g., a web server located on aircraft 102 and in
`communication with wireless access point 110). Whether
`operating with a “thick’ application or a “thin client, por
`table electronic device 108 may be configured to prompt a
`user of portable electronic device 108 for identification infor
`mation (e.g., a username, a personal identification number, a
`password, a keyphrase, an authentication code, etc.) and can
`send the identification information to wireless access point
`110 for use (e.g., for decoding, for providing to security
`processing electronics 114, etc.).
`Wireless access point 110 may be or include communica
`tions electronics (e.g., transmitter and receiver, transceiver,
`wireless radio, etc.) configured to communicate with one or
`more compatible wireless devices such as portable electronic
`device 108 via wireless data communications. Wireless
`access point 110 may be configured to communicate via one
`or more wireless data communications protocols (e.g., Blue
`tooth, Zigbee, WiFi, a mobile phone protocol, one or more
`proprietary protocols, etc.). Wireless access point 110 can be
`configured to receive identification information from por
`table electronic device 108 and to pass the identification
`information to security processing electronics 114 (e.g., via
`an Ethernet connection, via a wireless connection, etc.).
`Wireless access point 110 may process identification infor
`mation received from portable electronic device 108 to pro
`vide a first level of security. For example, portable electronic
`device 108 may be configured to provide a passcode (e.g.,
`encrypted, unencrypted, etc.) to wireless access point 110
`before wireless access point 110 will allow communications
`with portable electronic device 108. In other embodiments,
`wireless access point 110 provides identification information
`received from portable electronic device 108 to security pro
`cessing electronics 114 prior to allowing further wireless
`network communications by portable electronic device 108.
`For example, wireless access point 110 may be configured to
`provide identification information received from portable
`electronic device 108 to security processing electronics 114
`for matching to identification information from reader 112
`prior to allowing portable electronic device 108 to join' or
`otherwise regularly “connect to wireless access point 110 or
`the wireless network provided or supported by access point
`110.
`Security processing electronics 114 is a computer-based
`system configured to receive first identification information
`from reader 112 and second identification information
`received from wireless access point 110 and to compare the
`received identification information to authenticate portable
`electronic device 108 for access to aircraft systems 116. Secu
`rity processing electronics 114 may be an application server,
`
`

`

`US 8,495,722 B1
`
`10
`
`15
`
`5
`a web server, or another type of server onboard aircraft 102.
`Security processing electronics 114 is shown in greater detail
`in FIG. 4.
`Aircraft systems 116 are shown to include units under test
`118, an onboard maintenance system (OMS) 120, and adap
`tive flight displays 122. Aircraft systems 116 may include
`other systems such as flight or cabin crew systems, cabin
`entertainment systems, cabin hospitality systems, avionics
`electronics, radar systems, communications systems, or any
`other aircraft system that may be accessed remotely via data
`communications. Units under test 118 may be or include
`particular aircraft components or systems that are being
`tested by a mechanic (e.g., user 104, OMS 120, a fault detec
`tion and diagnostics systems of the aircraft, portable elec
`tronic device 108, other systems, etc.). In an exemplary
`embodiment, units under test 118 are communicably coupled
`to OMS 120 and are configured to provide signals to OMS
`120 that can be used for troubleshooting, checkup, or main
`tenance purposes. For example, units under test 118 may
`include a brake system for the aircraft including one or more
`sensors configured to detect brake position and to make the
`brake position available on a wire bus in the aircraft. OMS
`120 may retrieve the brake position from the wire bus and
`make its value available, for example, to wireless access point
`110 for communication to portable electronic device 108.
`Portable electronic device 108 may be configured to display
`the received information on a text-based or graphic-based
`interface so that user 104 can check or diagnose the brakes. In
`some embodiments OMS 120 or other aircraft systems 116
`may be configured to change values or states based on data
`received from portable electronic device 108 via wireless
`access point 110. Adaptive flight displays 122 may include
`cockpit avionics systems configured to provide information
`to pilots during flight. Adaptive flight displays 122 may be
`configured to make fault information, flight information for
`previous flights, or other information available to portable
`electronic device 108 via wireless access point 110 when
`appropriate access is granted to portable electronic device
`108.
`FIG. 2 is a flow chart of a process 200 for controlling access
`to an aircraft system accessible via an aircraft-based wireless
`network, according to an exemplary embodiment. Process
`200 may be an algorithm completed by, for example, security
`processing electronics 114 or another processing circuit
`located on the aircraft and configured to grant or restrict
`access to a wireless network, a wireless resource, or an air
`craft system. The steps of process 200 may be embodied as
`computer code instructions on a computer readable medium
`(e.g., CDROM, flash memory, hard-drive based memory,
`Solid state memory, etc.) of Such a device and configured to
`conduct or facilitate the activities of each step when the
`instructions are executed by a processing circuit.
`Process 200 is shown to include receiving first identifica
`tion information from a reader (step 202). The first identifi
`cation information may be read from a first portable device. In
`other embodiments, the first identification information may
`be calculated or obtained (e.g., from an airport security sys
`tem) based on information received from the first portable
`device.
`Process 200 further includes receiving second identifica
`60
`tion information from a portable electronic device via com
`munications electronics (step 204). The communication elec
`tronics may be, for example, those of a wireless access point
`for a wireless network hosted by the aircraft. In some embodi
`ments, the second identification information may be calcu
`lated by the communications electronics based on informa
`tion received from the portable electronic device. For
`
`45
`
`6
`example, information received from the portable electronic
`device may be decrypted by the communications electronics
`to extract the second identification information.
`Process 200 is further shown to include comparing the first
`and second identification information (step 206). Access is
`granted to the aircraft system when the comparison indicates
`a match between the first and second identification informa
`tion (step 208). The comparison of step 206 can be or include
`activities other than a straight character-by-character com
`parison of the information. For example, the comparison of
`step 206 may include transforming one or both of the first
`information and the second information and comparing that
`transformation to the other information. For example, the first
`information received from the reader may be truncated,
`decrypted, or shifted and that transformation result may be
`compared to the second identification information received
`from the wireless access point. In another example, the com
`parison may include looking up another value based on either
`of the first information or the second information and com
`paring that looked up value. Accordingly, the matching of
`step 208 can be or include an exact character match or other
`levels or types of matching. For example, the matching of step
`208 can include checksum matching, prefix matching, match
`ing using one or more of the first information and the second
`information in a decrypting process, or by conducting any
`other logic configured to indicate whether the first informa
`tion and the second information are related or associated in an
`expected or acceptable way. Granting access can mean grant
`ing access to communicate on a wireless network, to commu
`nicate via a wireless access point of the aircraft, to commu
`nicate through a gateway (e.g., the security processing
`electronics may be, may be a part of, or serve as the gateway),
`or whether to grant access in another way to the aircraft
`systems.
`Referring now to FIG. 3, a block diagram of a system 300
`for controlling access to an aircraft system accessible via an
`aircraft-based wireless network is shown, according to
`another exemplary embodiment. In the embodiment shown in
`FIG. 3, security processing electronics 322 is shown as a
`component of onboard maintenance system 320. Security
`processing electronics 322 may interface (e.g., via a commu
`nications bus, an Ethernet network, a wireless network) with
`wireless access point 110 via aircraft systems interface 324 of
`wireless access point 110. Wireless access point 110 is shown
`in greater detail relative to the version shown in FIG. 1 and is
`shown to include communications electronics 326. Commu
`nications electronics 326 may be or include any of the elec
`tronics or software described above for communicating with
`portable electronic device 108 via wireless communications.
`Communications electronics 326 is also shown in communi
`cation with reader 112. For example, reader 112 may com
`municate with communications electronics 326 via a wireless
`connection. In other embodiments, reader 112 communicates
`with wireless access point 110 via a wired connection. FIG.3
`illustrates that the first identification information associated
`with first device 106 and the second identification informa
`tion associated with portable electronic device 108 may be
`received by security processing electronics 322 in a variety of
`different ways according to different embodiments of the
`present invention.
`Referring now to FIG. 4, a detailed a block diagram of
`security processing electronics 322 from FIG. 3 is shown,
`according to an exemplary embodiment. Security processing
`electronics 322 is shown to include an aircraft systems inter
`face 400, a processor 406, memory 408, a reader interface
`402, and a communications interface 404.
`
`25
`
`30
`
`35
`
`40
`
`50
`
`55
`
`65
`
`

`

`US 8,495,722 B1
`
`10
`
`15
`
`30
`
`35
`
`40
`
`25
`
`7
`Aircraft systems interface 400 is a terminal, circuitry, soft
`ware or combination thereof for communicating with one or
`more aircraft systems. For example, aircraft systems interface
`400 may include a service for sending and receiving commu
`nications on an aircraft data network (ADN), an avionics
`full-duplex switched Ethernet (AFDX) network, an ARINC
`network, an Ethernet network, etc.
`Processor 406 may be a general or specific purpose pro
`cessor configured to execute computer code or instructions
`stored in memory 408 or received from other computer read
`able media (e.g., CDROM, network storage, a remote server,
`etc.). Memory 408 may be RAM, hard drive storage, tempo
`rary storage, non-volatile memory, flash memory, optical
`memory, or any other Suitable memory for storing Software
`objects and/or computer instructions. When processor 406
`executes instructions stored in memory 408 for completing
`the various activities described herein, processor 406 gener
`ally causes security processing electronics 322 to complete
`such activities. Modules 410, 412, and 414 within memory
`408 may be scripts, functions, executables, or other sets of
`computer code or instructions for execution by processor 406.
`When executed, modules 410, 412, and 414 configure pro
`cessor 406 or more generally security processing electronics
`322 for the activities described herein. Decryption module
`410, for example, is configured to decrypt communications
`received at aircraft systems interface 400, reader interface
`402, and/or communications interface 404. Comparison
`module 412 is configured to receive or otherwise access the
`first identification information received at reader interface
`402 and the second identification information received at
`communications interface 404 and to conduct the comparison
`of the information (e.g., as described with reference to pro
`cess 200 shown in FIG. 2, etc.). Permissions module 414 is
`configured to check identification information received from
`either or both of reader interface 402 and communications
`interface 404 for whether the identified user is permitted to
`access the wireless network, aircraft systems, or other
`resources. In some embodiments permissions module 414
`may not be configured to provide different sets of permissions
`for different particular users but may rather be configured to
`identify a user as being associated with a permissions group.
`For example, a “pilot' group may be granted different access
`to avionics information than a “pre-flight inspector' group. It
`should be noted that other modules may be stored in memory
`408 for executing one or more of the activities described in the
`present application.
`Reader interface 402 may be any set of hardware or soft
`ware jacks, terminals, circuitry, Software or any combination
`thereof for receiving data from reader 112. For example,
`reader interface 402 may be an Ethernet-based interface, an
`optical/digital interface, an analog interface, a USB interface,
`or any other suitable interface for receiving data from the
`types of readers described above or from a network between
`the reader and security processing electronics 322. Commu
`nications interface 404 may be an Ethernet interface, an avi
`55
`onics bus, an optical/digital interface, or any other Suitable
`interface for communicating with, for example, a network in
`the aircraft, a wireless access point in the aircraft, or other
`communications electronics configured to receive informa
`tion from portable electronic device 108.
`Referring now to FIG. 5, a detailed flow chart of an exem
`plary process 500 for controlling access to an aircraft system
`accessible via an aircraft-based wireless network is shown,
`according to an exemplary embodiment. Process 500 is
`shown to include a user accessing and using a card reader on
`the aircraft with an ID card or badge (step 502). The reader
`uses information from the card or badge (or obtained in con
`
`45
`
`50
`
`60
`
`65
`
`8
`junction with another system Such as an airport security sys
`tem) to provide identification information to an aircraft sys
`tem (e.g., a security processing system, an aircraft
`communications gateway, an aircraft wireless access point,
`etc.) (step 504). The user then logs into a portable electronic
`device oran application thereofusing one or more credentials
`(e.g., a username and password combination) (step 506). This
`user may then use an application (e.g., an aircraft service
`application, a connection manager, etc.) to access a wireless
`access point for the aircraft (step 508). This access may
`include the portable electronic device providing a digital cer
`tificate, encrypted key, or another credential to the wireless
`access point (st