WO2003014891A2 - An airborne security manager - Google Patents

An airborne security manager Download PDF

Info

Publication number
WO2003014891A2
WO2003014891A2 PCT/US2002/023226 US0223226W WO03014891A2 WO 2003014891 A2 WO2003014891 A2 WO 2003014891A2 US 0223226 W US0223226 W US 0223226W WO 03014891 A2 WO03014891 A2 WO 03014891A2
Authority
WO
WIPO (PCT)
Prior art keywords
security
network
mobile
user access
response
Prior art date
Application number
PCT/US2002/023226
Other languages
French (fr)
Other versions
WO2003014891A3 (en
Inventor
Lawrence I. Rockwell
Original Assignee
The Boeing Company
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by The Boeing Company filed Critical The Boeing Company
Priority to CN02819635XA priority Critical patent/CN1602610B/en
Priority to EP02747074A priority patent/EP1413117B1/en
Priority to JP2003519756A priority patent/JP4124728B2/en
Priority to CA2454223A priority patent/CA2454223C/en
Priority to DE60228975T priority patent/DE60228975D1/en
Priority to AU2002316744A priority patent/AU2002316744A1/en
Publication of WO2003014891A2 publication Critical patent/WO2003014891A2/en
Publication of WO2003014891A3 publication Critical patent/WO2003014891A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B64AIRCRAFT; AVIATION; COSMONAUTICS
    • B64DEQUIPMENT FOR FITTING IN OR TO AIRCRAFT; FLIGHT SUITS; PARACHUTES; ARRANGEMENTS OR MOUNTING OF POWER PLANTS OR PROPULSION TRANSMISSIONS IN AIRCRAFT
    • B64D45/00Aircraft indicators or protectors not otherwise provided for
    • B64D45/0015Devices specially adapted for the protection against criminal attack, e.g. anti-hijacking systems
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B64AIRCRAFT; AVIATION; COSMONAUTICS
    • B64DEQUIPMENT FOR FITTING IN OR TO AIRCRAFT; FLIGHT SUITS; PARACHUTES; ARRANGEMENTS OR MOUNTING OF POWER PLANTS OR PROPULSION TRANSMISSIONS IN AIRCRAFT
    • B64D45/00Aircraft indicators or protectors not otherwise provided for
    • B64D45/0015Devices specially adapted for the protection against criminal attack, e.g. anti-hijacking systems
    • B64D45/0059Devices specially adapted for the protection against criminal attack, e.g. anti-hijacking systems by communicating emergency situations to ground control or between crew members
    • GPHYSICS
    • G08SIGNALLING
    • G08BSIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
    • G08B31/00Predictive alarm systems characterised by extrapolation or other computation using updated historic data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/04Large scale networks; Deep hierarchical networks
    • H04W84/06Airborne or Satellite Networks

Definitions

  • the present invention relates generally to an airborne security management system for monitoring security activities in a mobile network platform, and more particularly to an autonomous airborne security manager for responding to detected security intrusion events when the mobile network platform is or is not in communication with a terrestrial-based network security management system.
  • such a network security architecture should be designed to (a) secure computing resources to which passengers may have access on the mobile platform; (b) communicate reliably with terrestrial-based system components over an unreliable communication link; (c) provide a policy mediated response to detected security intrusion events occurring on the mobile platform; and (d) scale the management of the system to hundreds or thousands of mobile platforms.
  • a network security architecture should be designed to (a) secure computing resources to which passengers may have access on the mobile platform; (b) communicate reliably with terrestrial-based system components over an unreliable communication link; (c) provide a policy mediated response to detected security intrusion events occurring on the mobile platform; and (d) scale the management of the system to hundreds or thousands of mobile platforms.
  • the security management system includes a mobile network that is interconnected via an unreliable communication link to a terrestrial-based network security management system; an intrusion detection system connected to the mobile network and operable to detect a security intrusion event whose origination is associated with the mobile network; and a mobile security manager adapted to receive the security intrusion events from the intrusion detection system.
  • the mobile security manager is operable to transmit a message indicative of the security intrusion event to the network security management system and to perform security response activities in response to security commands received from the network security management system.
  • the mobile security manager is further operable to command security response activities on the mobile network platform, when the mobile network platform is not connected with network security management system.
  • Figure 1 is a block diagram depicting a network security architecture for a mobile network platform in accordance with the present invention
  • Figures 2A and 2B are state machine diagrams illustrating a security policy for a given user access point on the mobile network platform in accordance with the present invention
  • Figure 3 is a diagram of an exemplary data structure for implementing the security policies of the present invention.
  • Figure 4 is a diagram depicting the primary software components of the network security architecture of the present invention
  • Figure 5 is a block diagram depicting the functional software modules which comprise the airborne security manager in accordance with the present invention
  • Figure 6 is a block diagram depicting the functional components implementing the terrestrial control and data storage functions of a terrestrial- based network security system in accordance with the present invention
  • Figure 7 is an exemplary aircraft browser window used to implement the monitoring and manual control functions of a terrestrial-based network security system in accordance with the present invention.
  • Figure 8 is an exemplary aircraft status window used to implement the monitoring and manual control functions of a terrestrial-based network security system in accordance with the present invention.
  • FIG. 1 illustrates a network security architecture 10 for monitoring security activities in an unattended mobile network platform 12.
  • the primary purpose of the network security architecture 10 is to monitor, record, report and respond to security- relevant events associated with the mobile network platform 12.
  • the network security architecture 10 supports a mobile network platform residing in an aircraft.
  • the mobile network platform 12 is in turn interconnected via one or more unreliable wireless communication links 14 to a terrestrial-based communication system16, including a terrestrial-based network security management system 18. While the following description is provide with reference to an airborne application, it is readily understood that the broad aspects of the network security architecture are applicable to mobile network platforms which may reside in passenger buses, cruise ships, etc.
  • the mobile network platform 12 provides aircraft passengers a suite of broadband two-way data and video communication services.
  • the infrastructure allows information to be transferred to and from the aircraft at high enough data rates to support a variety of services.
  • the mobile network platform 12 is primarily comprised of four subsystems: an antenna subsystem 22, a receive and transmit subsystem (RTS) 24, a control subsystem 26, and a cabin distribution subsystem 28. Each of these four subsystems will be further described below.
  • the antenna subsystem 22 provides two-way broadband data connectivity and direct broadcast television reception capability to the aircraft. Although the invention is not limited thereto, the antenna subsystem 22 is generally designed to provide this connectivity during cruise conditions (limited roll and pitch angles) of the aircraft. Connectivity with the aircraft is most commonly achieved via a K band Fixed Satellite Service (FSS) satellite, a Broadcast Satellite Service (BSS) satellites, and/or a direct broadcast television service (DBS) satellite.
  • FSS Fixed Satellite Service
  • BSS Broadcast Satellite Service
  • DBS direct broadcast television service
  • the antenna subsystem 22 may receive and/or transmit Ku band satellite broadcast signals.
  • the antenna system 22 down-converts an incoming Ku-band signal, amplifies, and outputs the L-band signals to the RTS 24.
  • the antenna system may also provide a broadband downlink capability.
  • the antenna system 22 receives an L-band data signal from an on-aircraft modem, up-converts this signal, amplifies it and then broadcasts as a Ku band signal to selected satellite transponders.
  • the receive and transmit subsystem (RTS) 24 operates in receive and transmit modes.
  • receive mode the RTS 24 may receive rebroadcast video signals, rebroadcast audio signals and/or IP data embedded in an L-band carrier.
  • the RTS 24 in turn demodulates, de-spreads, decodes, and routes the received signals to the cabin distribution subsystem 28.
  • transmit mode the RTS 24 sends IP data modulated into an L-band signal.
  • the RTS 24 encodes, spreads, and modulates the signal the IP data it receives from the cabin distribution subsystem 28.
  • the control subsystem 26 controls the operation of the mobile security platform 12 and each of its four subsystems.
  • the control subsystem 26 includes one or more intrusion detection subsystems 32 and an airborne security manager 34.
  • An intrusion detection subsystem 32 is operable to detect security intrusion activities which may occur on or in relation to the mobile network platform. To do so, an intrusion detection subsystem 32 inspects all of the data packets entering a computing device on which it is hosted and, upon detection of a security intrusion activity, transmits a security intrusion event to the airborne security manager 34.
  • the intrusion detection subsystem 32 may be implemented using one of many commercially available software products.
  • the airborne security manager 34 is responsible for enforcing security policy for an aircraft. Because communication with the aircraft may be sporadic, the airborne security manager 34 must provide the capability to act autonomously when responding to security intrusion events. When a security intrusion event is detected, the airborne security manager 34 responds appropriately in accordance with a customizable security policy. Thus, the airborne security manager 34 is adapted to receive security intrusion events from any of the intrusion detection subsystems and operable to implement a security response. Exemplary responses may include warnings one or more passengers on the aircraft, alerting terrestrial-based security administrators, and/or disconnecting a passenger's network access.
  • the cabin distribution subsystem (CDS) 28 provides network connectivity through a plurality of user access points to the passengers of the aircraft.
  • the cabin distribution system may be composed of either a series of 802.3 Ethernet switches or 802.11X wireless access points.
  • 802.11 B standard only allows for a shared secret between all users of a wireless access point and thus is not suitable for providing the desired level of communication privacy in the passenger cabin.
  • next generation wireless standards such as 802.11X ("X" denotes a revision of 802.11 beyond "B") will support "channelized” or individual user level encryption. It is envisioned that such wireless standards are within the scope of the present invention.
  • Each user access point preferably has the properties of a managed layer 3 switch.
  • each user access point must enforce the association of IP address and MAC address with a particular port. This requirement his applicable to either a wired and wireless cabin environment.
  • a second requirement for each user access point is to accept a command to shut off its access port.
  • a communication channel consisting of a particular frequency, time division or sub-frame substitutes for the physical access port.
  • a third requirement for each user access point is to preclude passengers from eavesdropping or receiving Ethernet packets not directly addressed to them. In a wired cabin distribution system, this can be accomplished through the use of a switched Ethernet architecture.
  • a security policy mechanism is the most fundamental element of the network security architecture 10. In accordance with the present invention, it is envisioned that the security policy will be designed within the following design constraints. First, the security policy mechanism should map different security intrusion events to different responses. It should be appreciated that the severity of response is based on the danger of the detected activities. Second, the automated response policy has to be enforced at all times (subject to over-ride conditions), regardless of whether airborne to terrestrial communications are available or not.
  • the connectivity might fail before a security administrator has a chance to take action in which case the system reverts to the automated policy in effect prior to the override.
  • the security administrator can retract the response if they desire.
  • the policy mechanism has to arbitrate between automated responses from the airborne security manager and manual commands received from terrestrial-based security administrators. If the automated system mistakenly blocks a passenger's network address, and the terrestrial administrator overrides that action, the security policy mechanism needs to know about that action and not try to enforce the block.
  • FIG. 2A and 2B illustrates basic UML state machines which model the security policy associated with an user access point in the mobile network platform.
  • each user access point can be in one of three defined states.
  • all user access points begin in a normal state 42.
  • a security intrusion event of any kind will result in a transition to either a suspected state 44 or a disconnected state 46 for the applicable user access point.
  • Each transition is in the form of "event/response" where events are the external triggers that cause the state transition and responses are external actions that the system initiates when making the transition. For instance, a low or medium priority event 48 occurring in a normal state will cause the system to log the event and/or attempt to provide a warning to the passenger connected at that user access point. The user access point then transitions to the suspected state as shown in Figure 2A.
  • State machine models may be enhanced to incorporate manual controls.
  • Specific manual control commands enable a terrestrial-based security administrator to explicitly disable or enable a user access point from the ground. By adding a state that indicates that the user access point is under manual control ensures that the automated responses do not override the manual control command received from the security administrator. Therefore, it is envisioned that each state machine may provide an autoresponse disable state 50 as shown in Figure 2B. Transitions to and from the autoresponse disable state are commanded by a terrestrially-based security administrator. While in the autoresponse disable state, the administrator can initiate any one of various predefined security responses. In the event connectivity is lost between the administrator and the aircraft, the state machine model reverts to the normal state or the previous state depending on configuration settings.
  • State machines models are also used to represent each of the host servers or other types of computing devices which reside on the mobile security platform. In this way, a server that is under attack may respond differently than a user access point. It is also envisioned that each of the state machines can be tied together through synthetic event generation, such that when a server is under attack, the user access points may employ a different security policy that is less tolerant of suspicious behavior.
  • Each state machine can be represented by a data structure 51 as depicted in Figure 3.
  • the data structure includes a current state 52, a possible security event 54, a resulting state 56 and a possible response 58.
  • each state can be cross-referenced against possible events to produce a resulting state and a list of possible actions.
  • Possible events may include (but are not limited to) a security intrusion event having high priority, a security intrusion event having medium priority, a security intrusion event having a low priority, a reset event, a timer expiration event, a communication link up event, a communication link down event and one or more custom events for supporting manual control commands from the security administrator.
  • Possible responses may include (but are not limited to) setting a timer, installing a filter, resetting a filter, alerting control panel, alerting terrestrial-based security administrator, disconnecting user access point, issuing a passenger warning, and one or more predefined customer responses.
  • setting a timer installing a filter, resetting a filter, alerting control panel, alerting terrestrial-based security administrator, disconnecting user access point, issuing a passenger warning, and one or more predefined customer responses.
  • the overall network security architecture 10 may be logically decomposed into five major components.
  • the five major components are airborne policy enforcement 62, air-ground communication 64, terrestrial control and data storage 66, terrestrial monitoring and manual control 68, and terrestrial policy editing and assignment 70.
  • Each of these logical components are also mapped to their physical location within the network security architecture 10 as shown in Figure 4.
  • the airborne policy enforcement component 62 is provided by the airborne security manager 34.
  • the primary responsibilities of the airborne security manager include (but are not limited to) managing and monitoring intrusion detection sensors, monitoring other airborne event sources, responding to security events in accordance with the applicable security policy, monitoring the airborne intrusion detection sensors, configuring static network traffic filters at user access points, executing any manual overrides commands from the terrestrial- based network security management system, installing new security policies received from the terrestrial-based network security management system, and reporting events and status of interest to the terrestrial-based network security management system.
  • the airborne security manager 34 is comprised of one or more software applications residing on one or more server(s) on each aircraft. A configuration of redundant airborne security managers provide for fail over in the event of a hardware or software failure.
  • the airborne security manager 34 is further comprised of five functional modules: an event response module 72, an onboard status module 74, a policy manager 76, a persistent storage manager 78, and a communication manager 80.
  • the event response module 72 is responsible for receiving events, interpreting the active security policy, and triggering the appropriate actions in response to each event. It should be appreciated that this module is adapted to handle events other than security intrusion events received from the intrusion detection subsystems.
  • the event response module interprets and executes the state machine representing the active security policy. For instance, upon arrival of a security intrusion event, the event response module determines whether the event is associated with an individual passenger connection, an individual host server, or the airborne security manager as a whole. This module then retrieves the current state of that passenger connection, host server, or airborne security manager from the onboard status module 74 and performs the actions associated with that state and event in accordance with the active security policy. Exemplary actions may include issuing new events, making state transitions, modifying network filters, disabling passenger connections, and/or queuing messages for transmission to the terrestrial-based network security management system.
  • the onboard status module 74 maintains the current state of each individual passenger connection, each host server, and of the airborne security manager as a whole for the purpose of directing the state machine event response.
  • the onboard status module 74 also tracks the status of intrusion detection sensors (e.g., signature file, operational/inactive status, sensor configuration) as well as collects status information from the other onboard modules.
  • intrusion detection sensors e.g., signature file, operational/inactive status, sensor configuration
  • the policy manager 76 is responsible for reacting to commands from the terrestrial-based network security system regarding security policy loading and activation.
  • the policy manager also serves as a repository for configuration information relating to the airborne security manager, including, for instance, general communications parameters that determine frequency of status reports and event reporting.
  • the persistent storage manager 78 manages the overall data storage requirements for the onboard network security architecture. Data residing in persistent storage generally falls into one of three categories: (1) communications queue (i.e., messages to be transmitted to the terrestrial-based security management system), (2) onboard status (i.e., per-passenger connection, per-host, and system-wide data requirements), and (3) security policies.
  • the persistent storage manager may rely on various well known, lightweight mechanisms for data storage.
  • the terrestrial control and data storage (C&DS) component 66 is provided by the terrestrial-based network security management system 16.
  • the control and data storage functions include (but are not limited to) storing all event data in persistent storage, tracking the desired and last known configurations for each aircraft, supporting multiple security management consoles having multiple windows, notifying open console windows of any data changes that affect the window contents, providing an interface for effecting manual overrides in security policy, offering a reporting interface for reviewing stored data, and controlling access to all stored data.
  • This component may be implemented using Java-based applications residing on one or more terrestrial servers which constitute the network security management system 16.
  • a more detailed description of the terrestrial control and data storage component 66 is provided with reference to Figure 6.
  • This terrestrial component will maintain one aircraft object 90 for each aircraft associated with the security architecture.
  • the aircraft object 90 maintains all state information for a given aircraft as well as keeps track of the last reported and the desired state of the airborne security manager 34 residing on the given aircraft.
  • the aircraft object 90 is a dynamic object, such that it state is maintained in dynamic memory and can be reconstructed from event histories, if necessary. Any activity that could alter the state of the airborne security manager 34 is performed by invoking a method of the aircraft object. Each method represents an event and is logged in an appropriate event log. In addition, these methods are all synchronized, ensuring that only one thread can be effecting state changes at any given time. In order to eliminate the possibility of deadlock, none of these event operations will block on communication or issue events to other aircraft.
  • the aircraft object 90 uses a communication subsystem 100 to exchange information with the airborne security manager 34.
  • the aircraft object 90 issues commands and requests for status reports as well as receives events and status reports. Until an appropriate event or status report is received, any command is considered pending. This does not mean that the command has not yet executed - it may not have been executed, or it may have been and the acknowledging status report has simply not yet been received. Due to this gap in knowledge about what is actually taking place onboard the aircraft, the aircraft object 90 must carefully differentiate between the last known status and the desired status.
  • the aircraft object 90 is the controller in a Model-View-Controller architecture as is well known in the art.
  • the model is the data stored in a database, and the views are the various user interfaces being used to display information about the aircraft.
  • the aircraft object is responsible for updating all of the views any time the model changes. In order to enforce this, all changes to the model must be performed by the aircraft object and the aircraft object must keep track of those user interfaces that could be affected by the change.
  • the aircraft object 90 also maintains a collection of host objects 92 and passenger connection objects 94.
  • the host objects 92 are used to represent the state of each onboard host server that the airborne security manager 34 is responsible for.
  • the passenger connection objects 94 represent the individual passenger connections to the onboard network.
  • the terrestrial control and data storage component 66 also includes a single aircraft container object 96. It is envisioned that this object may be implemented as a collection class, such as a hash table. Under this approach, aircraft objects will be created by the aircraft container 96 for every aircraft in the system. By routing incoming communication through the aircraft container 96, we ensure that the communication subsystem 100 will be able to deliver incoming messages to the appropriate aircraft object.
  • the container concept may be used to facilitate the manner in which aircraft objects are created. For instance, aircraft objects may be created only as they are needed. When an incoming message is received, the aircraft container 96 locates the applicable aircraft object. If the aircraft object is not present in memory, the aircraft container can create the object. Likewise, aircraft objects that are no longer being actively monitored could be deleted until they are needed again.
  • the terrestrial control and data storage component 66 will also maintain event histories for each of the aircraft in a central database 98.
  • the database 98 will maintain a record of all the events reported by an aircraft in the system. In addition, it will maintain a record of all of the commands performed by terrestrial-based security administrator.
  • the former represents the last known state of each aircraft; whereas the latter represents the desired stated of each aircraft.
  • the choice of the term "last known" reflects the time delay between events occurring on board the aircraft which might not have been reflected on the ground.
  • Security policy files are also stored within the database 98.
  • the policy tables may be append-only.
  • the primary policy table will maintain a mapping of names and version numbers to a series of smaller policy elements.
  • the communication subsystem 100 interfaces with the database 98 in order to retrieve security policy files and update the policy files onboard the aircraft.
  • a policy manager 99 will be responsible for any changes to policy files. This object is necessary because policy is the only thing that is not associated with a single aircraft. The policy manager 99 will ensure that any changes to policy files are properly versioned. It will also be responsible for delivering updated policy to one or more aircraft.
  • the terrestrial monitoring and manual control component 68 and the terrestrial policy editing and assignment component 70 also reside at the terrestrial-based network security management system 12.
  • the monitoring and manual control component functions include (but are not limited to) monitoring the state and activities of a group of aircraft and selecting an individual aircraft for closing examination, monitoring the state and activities of a single aircraft and selecting an individual server or passenger connection for closer examination, monitoring the state and activities of a single airborne server, manually controlling a single airborne server, monitoring the state and activities of a single airborne passenger connection, and manually controlling a single airborne passenger connection.
  • This component may be implemented using a Java-based user interface running on one or more terrestrial servers.
  • the user interface includes a number of windows that may be monitored by a human network security administrator.
  • an aircraft browser allows groups of aircraft to be navigated and aggregate/summary information displayed as shown in Figure 7. However, this window does not show the status of the communication link. In order to display such status information, the user can select a specific aircraft from the aircraft browser, thereby navigating to an aircraft status window.
  • An exemplary aircraft status window is shown in Figure 8. The aircraft status window enables the user to view all data relevant to a specific aircraft in a single tree structure view 102. In addition, all logged events and commands are displayed in a lower log panel 104.
  • the tabs 106 along the top of the window permit navigation to other panels which in turn focus on a different specific element associated with the aircraft.
  • the seat panel 108 will provide status information, log detail, and manual controls for a specific seat.
  • Other exemplary windows used to support the monitoring and manual control functions may include (but is not limited to) a passenger connection status window that focuses on displaying information for a single passenger connection, an onboard host status window that focuses on displaying information on a specific host computing device residing on the aircraft, and an events log window that displays event information for a given group, aircraft, passenger connection or host device. It is envisioned that the above-described windows are merely representative of some of the functionality and appearance that be used to implement the monitoring and manual control functions of the present invention.
  • the policy editing and application functions include (but are not limited to) editing sensor configuration files, retrieving intrusion detection signature file updates from the applicable vendor website, editing response policy state machines and parameters, editing static security configurations, combining sensor files, signature files, response policies, and static configuration into specific security policies, providing version control over security policy updates, browsing the aircraft in the system by last known policy and desired policy, and distributing a new policy to a selected group of aircraft.
  • the editing of security policy is not intended to be a routine daily activity. For this reason, policy editing and application functions are treated as a separate, distinct logical component from the other functions administered through the user interface running on the terrestrial servers.
  • the air-ground communication component 64 is responsible for communication between the airborne security manager and the terrestrial servers. Thus, this component is distributed across these two physical locations.
  • the air- ground communication functions include (but are not limited to) providing non- blocking communications, retrying transmissions until reliable delivery is achieved, queuing up messages during periods of non-connectivity, handling communication session authentication, utilizing cryptographic integrity checks to protect against tampering and replay, optimizing away redundant or superseded messages where possible, utilizing available bandwidth according to message priorities, minimizing bandwidth consumption, and delivering security policy updates to aircrafts.
  • Logically isolating the communications component helps protect the design of the airborne security manager and the terrestrial servers from unnecessary complexity arising from sporadic connectivity.

Abstract

An airborne security management system is provided for monitoring security activities in a mobile network platform. The airborne security management system includes a mobile network that is interconnected via an unreliable communication link to a terrestrial-based network security management system; an intrusion detection system connected to the mobile network and operable to detect a security intrusion event whose origination is associated with the mobile network; and a mobile security manager adapted to receive the security intrusion events from the intrusion detection system. The mobile security manager is operable to transmit a message indicative of the security intrusion event to the network security management system and to perform security response activities in response to security commands received from the network security management system. The mobile security manager is further operable to command security response activities on the mobile network platform, when the mobile network platform is not connected with network security management system.

Description

AN AIRBORNE SECURITY MANAGER
[0001] This application claims priority under 35 U.S.C. §119(e) to United States Provisional Application No. 60/309,862 filed on August 3, 2001 , and entitled "An Airborne Security Manager" the specification and drawings of which are hereby expressly incorporated by reference.
TECHNICAL FIELD [0002] The present invention relates generally to an airborne security management system for monitoring security activities in a mobile network platform, and more particularly to an autonomous airborne security manager for responding to detected security intrusion events when the mobile network platform is or is not in communication with a terrestrial-based network security management system.
BACKGROUND OF THE INVENTION [0003] Broadband data and video services, on which our society and economy have grown to depend, have heretofore generally not been readily available to users onboard mobile network platforms such as aircraft, ships, trains, automobiles, etc. While the technology exists to deliver such services to most forms of mobile network platforms, past solutions have been generally quite expensive, with low data rates and/or available to only very limited markets of government/military users and some high-end maritime markets (i.e., cruise ships). [0004] Previously developed systems which have attempted to provide data and video services to mobile network platforms have done so with only limited success. One major obstacle has been the high cost of access to such broadband data and video services. Another problem is the limited capacity of previously developed systems, which is insufficient for mobile network platforms carrying dozens, or even hundreds, of passengers who each may be simultaneously requesting different channels of programming or different data services. Furthermore, presently existing systems are generally not readily scalable to address the demands of the traveling public. [0005] Of particular interest, presently existing systems also have not comprehensively addressed security issues relating to the mobile network platform. Therefore, it is desirable to provide a network security architecture for monitoring, reporting and responding to onboard security activities in a mobile network platform. It is envisioned that such a network security architecture should be designed to (a) secure computing resources to which passengers may have access on the mobile platform; (b) communicate reliably with terrestrial-based system components over an unreliable communication link; (c) provide a policy mediated response to detected security intrusion events occurring on the mobile platform; and (d) scale the management of the system to hundreds or thousands of mobile platforms. SUMMARY OF THE INVENTION [0006] In accordance with the present invention, an airborne security management system is provided for monitoring security activities in a mobile network platform. The security management system includes a mobile network that is interconnected via an unreliable communication link to a terrestrial-based network security management system; an intrusion detection system connected to the mobile network and operable to detect a security intrusion event whose origination is associated with the mobile network; and a mobile security manager adapted to receive the security intrusion events from the intrusion detection system. The mobile security manager is operable to transmit a message indicative of the security intrusion event to the network security management system and to perform security response activities in response to security commands received from the network security management system. The mobile security manager is further operable to command security response activities on the mobile network platform, when the mobile network platform is not connected with network security management system.
BRIEF DESCRIPTION OF THE DRAWINGS
[0007] The various advantages of the present invention will become apparent to one skilled in the art by reading the following specification and subjoined claims and by referencing the following drawings in which:
[0008] Figure 1 is a block diagram depicting a network security architecture for a mobile network platform in accordance with the present invention;
[0009] Figures 2A and 2B are state machine diagrams illustrating a security policy for a given user access point on the mobile network platform in accordance with the present invention;
[0010] , Figure 3 is a diagram of an exemplary data structure for implementing the security policies of the present invention;
[0011] Figure 4 is a diagram depicting the primary software components of the network security architecture of the present invention; [0012] Figure 5 is a block diagram depicting the functional software modules which comprise the airborne security manager in accordance with the present invention;
[0013] Figure 6 is a block diagram depicting the functional components implementing the terrestrial control and data storage functions of a terrestrial- based network security system in accordance with the present invention;
[0014] Figure 7 is an exemplary aircraft browser window used to implement the monitoring and manual control functions of a terrestrial-based network security system in accordance with the present invention; and
[0015] Figure 8 is an exemplary aircraft status window used to implement the monitoring and manual control functions of a terrestrial-based network security system in accordance with the present invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS [0016] Figure 1 illustrates a network security architecture 10 for monitoring security activities in an unattended mobile network platform 12. The primary purpose of the network security architecture 10 is to monitor, record, report and respond to security- relevant events associated with the mobile network platform 12. In a preferred embodiment, the network security architecture 10 supports a mobile network platform residing in an aircraft. The mobile network platform 12 is in turn interconnected via one or more unreliable wireless communication links 14 to a terrestrial-based communication system16, including a terrestrial-based network security management system 18. While the following description is provide with reference to an airborne application, it is readily understood that the broad aspects of the network security architecture are applicable to mobile network platforms which may reside in passenger buses, cruise ships, etc.
[0017] It is envisioned that the mobile network platform 12 provides aircraft passengers a suite of broadband two-way data and video communication services. The infrastructure allows information to be transferred to and from the aircraft at high enough data rates to support a variety of services. To do so, the mobile network platform 12 is primarily comprised of four subsystems: an antenna subsystem 22, a receive and transmit subsystem (RTS) 24, a control subsystem 26, and a cabin distribution subsystem 28. Each of these four subsystems will be further described below.
[0018] The antenna subsystem 22 provides two-way broadband data connectivity and direct broadcast television reception capability to the aircraft. Although the invention is not limited thereto, the antenna subsystem 22 is generally designed to provide this connectivity during cruise conditions (limited roll and pitch angles) of the aircraft. Connectivity with the aircraft is most commonly achieved via a K band Fixed Satellite Service (FSS) satellite, a Broadcast Satellite Service (BSS) satellites, and/or a direct broadcast television service (DBS) satellite. [0019] For illustration purposes, additional description is provided for the processing associated with Ku band satellite broadcast signals. The antenna subsystem 22 may receive and/or transmit Ku band satellite broadcast signals. The antenna system 22 down-converts an incoming Ku-band signal, amplifies, and outputs the L-band signals to the RTS 24. The antenna system may also provide a broadband downlink capability. In this case, the antenna system 22 receives an L-band data signal from an on-aircraft modem, up-converts this signal, amplifies it and then broadcasts as a Ku band signal to selected satellite transponders.
[0020] The receive and transmit subsystem (RTS) 24 operates in receive and transmit modes. In receive mode, the RTS 24 may receive rebroadcast video signals, rebroadcast audio signals and/or IP data embedded in an L-band carrier. The RTS 24 in turn demodulates, de-spreads, decodes, and routes the received signals to the cabin distribution subsystem 28. In transmit mode, the RTS 24 sends IP data modulated into an L-band signal. The RTS 24 encodes, spreads, and modulates the signal the IP data it receives from the cabin distribution subsystem 28.
[0021] The control subsystem 26 controls the operation of the mobile security platform 12 and each of its four subsystems. Of particular interest, the control subsystem 26 includes one or more intrusion detection subsystems 32 and an airborne security manager 34. An intrusion detection subsystem 32 is operable to detect security intrusion activities which may occur on or in relation to the mobile network platform. To do so, an intrusion detection subsystem 32 inspects all of the data packets entering a computing device on which it is hosted and, upon detection of a security intrusion activity, transmits a security intrusion event to the airborne security manager 34. As will be apparent to one skilled in the art, the intrusion detection subsystem 32 may be implemented using one of many commercially available software products.
[0022] The airborne security manager 34 is responsible for enforcing security policy for an aircraft. Because communication with the aircraft may be sporadic, the airborne security manager 34 must provide the capability to act autonomously when responding to security intrusion events. When a security intrusion event is detected, the airborne security manager 34 responds appropriately in accordance with a customizable security policy. Thus, the airborne security manager 34 is adapted to receive security intrusion events from any of the intrusion detection subsystems and operable to implement a security response. Exemplary responses may include warnings one or more passengers on the aircraft, alerting terrestrial-based security administrators, and/or disconnecting a passenger's network access. [0023] The cabin distribution subsystem (CDS) 28 provides network connectivity through a plurality of user access points to the passengers of the aircraft. In a preferred embodiment, the cabin distribution system may be composed of either a series of 802.3 Ethernet switches or 802.11X wireless access points. It should be noted that the current 802.11 B standard only allows for a shared secret between all users of a wireless access point and thus is not suitable for providing the desired level of communication privacy in the passenger cabin. In contrast, next generation wireless standards, such as 802.11X ("X" denotes a revision of 802.11 beyond "B") will support "channelized" or individual user level encryption. It is envisioned that such wireless standards are within the scope of the present invention.
[0024] Each user access point preferably has the properties of a managed layer 3 switch. First, each user access point must enforce the association of IP address and MAC address with a particular port. This requirement his applicable to either a wired and wireless cabin environment. A second requirement for each user access point is to accept a command to shut off its access port. In the case of a wireless access device, a communication channel consisting of a particular frequency, time division or sub-frame substitutes for the physical access port. A third requirement for each user access point is to preclude passengers from eavesdropping or receiving Ethernet packets not directly addressed to them. In a wired cabin distribution system, this can be accomplished through the use of a switched Ethernet architecture. In a wireless cabin distribution system, this can be accomplished through the use of "channel level encryption" specific to a particular user. [0025] The design of a security policy mechanism is the most fundamental element of the network security architecture 10. In accordance with the present invention, it is envisioned that the security policy will be designed within the following design constraints. First, the security policy mechanism should map different security intrusion events to different responses. It should be appreciated that the severity of response is based on the danger of the detected activities. Second, the automated response policy has to be enforced at all times (subject to over-ride conditions), regardless of whether airborne to terrestrial communications are available or not. If the automated responses are disabled during periods of connectivity, the connectivity might fail before a security administrator has a chance to take action in which case the system reverts to the automated policy in effect prior to the override. The security administrator can retract the response if they desire. Third, the policy mechanism has to arbitrate between automated responses from the airborne security manager and manual commands received from terrestrial-based security administrators. If the automated system mistakenly blocks a passenger's network address, and the terrestrial administrator overrides that action, the security policy mechanism needs to know about that action and not try to enforce the block.
[0026] State machines are a flexible, yet intuitively appealing, mechanism for modeling complex behaviors. Therefore, state-machines have been chosen to represent the security policies of the present invention. Figures 2A and 2B illustrates basic UML state machines which model the security policy associated with an user access point in the mobile network platform.
[0027] In Figure 2A, each user access point can be in one of three defined states. By default, all user access points begin in a normal state 42. A security intrusion event of any kind will result in a transition to either a suspected state 44 or a disconnected state 46 for the applicable user access point. Each transition is in the form of "event/response" where events are the external triggers that cause the state transition and responses are external actions that the system initiates when making the transition. For instance, a low or medium priority event 48 occurring in a normal state will cause the system to log the event and/or attempt to provide a warning to the passenger connected at that user access point. The user access point then transitions to the suspected state as shown in Figure 2A.
State machine models may be enhanced to incorporate manual controls. Specific manual control commands enable a terrestrial-based security administrator to explicitly disable or enable a user access point from the ground. By adding a state that indicates that the user access point is under manual control ensures that the automated responses do not override the manual control command received from the security administrator. Therefore, it is envisioned that each state machine may provide an autoresponse disable state 50 as shown in Figure 2B. Transitions to and from the autoresponse disable state are commanded by a terrestrially-based security administrator. While in the autoresponse disable state, the administrator can initiate any one of various predefined security responses. In the event connectivity is lost between the administrator and the aircraft, the state machine model reverts to the normal state or the previous state depending on configuration settings.
State machines models are also used to represent each of the host servers or other types of computing devices which reside on the mobile security platform. In this way, a server that is under attack may respond differently than a user access point. It is also envisioned that each of the state machines can be tied together through synthetic event generation, such that when a server is under attack, the user access points may employ a different security policy that is less tolerant of suspicious behavior.
[0028] Each state machine can be represented by a data structure 51 as depicted in Figure 3. The data structure includes a current state 52, a possible security event 54, a resulting state 56 and a possible response 58. In this way, each state can be cross-referenced against possible events to produce a resulting state and a list of possible actions. Possible events may include (but are not limited to) a security intrusion event having high priority, a security intrusion event having medium priority, a security intrusion event having a low priority, a reset event, a timer expiration event, a communication link up event, a communication link down event and one or more custom events for supporting manual control commands from the security administrator. Possible responses may include (but are not limited to) setting a timer, installing a filter, resetting a filter, alerting control panel, alerting terrestrial-based security administrator, disconnecting user access point, issuing a passenger warning, and one or more predefined customer responses. One skilled in the art will readily recognize from such discussion how to implement a security policy mechanism in accordance with the present invention.
[0029] Referring to Figure 4, the overall network security architecture 10 may be logically decomposed into five major components. The five major components are airborne policy enforcement 62, air-ground communication 64, terrestrial control and data storage 66, terrestrial monitoring and manual control 68, and terrestrial policy editing and assignment 70. Each of these logical components are also mapped to their physical location within the network security architecture 10 as shown in Figure 4. [0030] The airborne policy enforcement component 62 is provided by the airborne security manager 34. The primary responsibilities of the airborne security manager include (but are not limited to) managing and monitoring intrusion detection sensors, monitoring other airborne event sources, responding to security events in accordance with the applicable security policy, monitoring the airborne intrusion detection sensors, configuring static network traffic filters at user access points, executing any manual overrides commands from the terrestrial- based network security management system, installing new security policies received from the terrestrial-based network security management system, and reporting events and status of interest to the terrestrial-based network security management system. As will be apparent to one skilled in the art, the airborne security manager 34 is comprised of one or more software applications residing on one or more server(s) on each aircraft. A configuration of redundant airborne security managers provide for fail over in the event of a hardware or software failure.
[0031] With reference to Figure 5, the airborne security manager 34 is further comprised of five functional modules: an event response module 72, an onboard status module 74, a policy manager 76, a persistent storage manager 78, and a communication manager 80. The event response module 72 is responsible for receiving events, interpreting the active security policy, and triggering the appropriate actions in response to each event. It should be appreciated that this module is adapted to handle events other than security intrusion events received from the intrusion detection subsystems.
[0032] In conjunction with the onboard status module 74, the event response module interprets and executes the state machine representing the active security policy. For instance, upon arrival of a security intrusion event, the event response module determines whether the event is associated with an individual passenger connection, an individual host server, or the airborne security manager as a whole. This module then retrieves the current state of that passenger connection, host server, or airborne security manager from the onboard status module 74 and performs the actions associated with that state and event in accordance with the active security policy. Exemplary actions may include issuing new events, making state transitions, modifying network filters, disabling passenger connections, and/or queuing messages for transmission to the terrestrial-based network security management system.
[0033] The onboard status module 74 maintains the current state of each individual passenger connection, each host server, and of the airborne security manager as a whole for the purpose of directing the state machine event response. The onboard status module 74 also tracks the status of intrusion detection sensors (e.g., signature file, operational/inactive status, sensor configuration) as well as collects status information from the other onboard modules.
[0034] The policy manager 76 is responsible for reacting to commands from the terrestrial-based network security system regarding security policy loading and activation. The policy manager also serves as a repository for configuration information relating to the airborne security manager, including, for instance, general communications parameters that determine frequency of status reports and event reporting. [0035] The persistent storage manager 78 manages the overall data storage requirements for the onboard network security architecture. Data residing in persistent storage generally falls into one of three categories: (1) communications queue (i.e., messages to be transmitted to the terrestrial-based security management system), (2) onboard status (i.e., per-passenger connection, per-host, and system-wide data requirements), and (3) security policies. The persistent storage manager may rely on various well known, lightweight mechanisms for data storage.
[0036] Referring to Figure 4, the terrestrial control and data storage (C&DS) component 66 is provided by the terrestrial-based network security management system 16. The control and data storage functions include (but are not limited to) storing all event data in persistent storage, tracking the desired and last known configurations for each aircraft, supporting multiple security management consoles having multiple windows, notifying open console windows of any data changes that affect the window contents, providing an interface for effecting manual overrides in security policy, offering a reporting interface for reviewing stored data, and controlling access to all stored data. This component may be implemented using Java-based applications residing on one or more terrestrial servers which constitute the network security management system 16. [0037] A more detailed description of the terrestrial control and data storage component 66 is provided with reference to Figure 6. This terrestrial component will maintain one aircraft object 90 for each aircraft associated with the security architecture. The aircraft object 90 maintains all state information for a given aircraft as well as keeps track of the last reported and the desired state of the airborne security manager 34 residing on the given aircraft. The aircraft object 90 is a dynamic object, such that it state is maintained in dynamic memory and can be reconstructed from event histories, if necessary. Any activity that could alter the state of the airborne security manager 34 is performed by invoking a method of the aircraft object. Each method represents an event and is logged in an appropriate event log. In addition, these methods are all synchronized, ensuring that only one thread can be effecting state changes at any given time. In order to eliminate the possibility of deadlock, none of these event operations will block on communication or issue events to other aircraft. [0038] The aircraft object 90 uses a communication subsystem 100 to exchange information with the airborne security manager 34. The aircraft object 90 issues commands and requests for status reports as well as receives events and status reports. Until an appropriate event or status report is received, any command is considered pending. This does not mean that the command has not yet executed - it may not have been executed, or it may have been and the acknowledging status report has simply not yet been received. Due to this gap in knowledge about what is actually taking place onboard the aircraft, the aircraft object 90 must carefully differentiate between the last known status and the desired status. [0039] The aircraft object 90 is the controller in a Model-View-Controller architecture as is well known in the art. In this paradigm, the model is the data stored in a database, and the views are the various user interfaces being used to display information about the aircraft. The aircraft object is responsible for updating all of the views any time the model changes. In order to enforce this, all changes to the model must be performed by the aircraft object and the aircraft object must keep track of those user interfaces that could be affected by the change.
[0040] The aircraft object 90 also maintains a collection of host objects 92 and passenger connection objects 94. The host objects 92 are used to represent the state of each onboard host server that the airborne security manager 34 is responsible for. The passenger connection objects 94 represent the individual passenger connections to the onboard network.
[0041] The terrestrial control and data storage component 66 also includes a single aircraft container object 96. It is envisioned that this object may be implemented as a collection class, such as a hash table. Under this approach, aircraft objects will be created by the aircraft container 96 for every aircraft in the system. By routing incoming communication through the aircraft container 96, we ensure that the communication subsystem 100 will be able to deliver incoming messages to the appropriate aircraft object. In addition, the container concept may be used to facilitate the manner in which aircraft objects are created. For instance, aircraft objects may be created only as they are needed. When an incoming message is received, the aircraft container 96 locates the applicable aircraft object. If the aircraft object is not present in memory, the aircraft container can create the object. Likewise, aircraft objects that are no longer being actively monitored could be deleted until they are needed again.
[0042] The terrestrial control and data storage component 66 will also maintain event histories for each of the aircraft in a central database 98. The database 98 will maintain a record of all the events reported by an aircraft in the system. In addition, it will maintain a record of all of the commands performed by terrestrial-based security administrator. The former represents the last known state of each aircraft; whereas the latter represents the desired stated of each aircraft. The choice of the term "last known" reflects the time delay between events occurring on board the aircraft which might not have been reflected on the ground.
[0043] Security policy files are also stored within the database 98. As a configuration option, in order to maintain a history of old policies, the policy tables may be append-only. The primary policy table will maintain a mapping of names and version numbers to a series of smaller policy elements. The communication subsystem 100 interfaces with the database 98 in order to retrieve security policy files and update the policy files onboard the aircraft.
[0044] A policy manager 99 will be responsible for any changes to policy files. This object is necessary because policy is the only thing that is not associated with a single aircraft. The policy manager 99 will ensure that any changes to policy files are properly versioned. It will also be responsible for delivering updated policy to one or more aircraft.
[0045] Returning to Figure 4, the terrestrial monitoring and manual control component 68 and the terrestrial policy editing and assignment component 70 also reside at the terrestrial-based network security management system 12. The monitoring and manual control component functions include (but are not limited to) monitoring the state and activities of a group of aircraft and selecting an individual aircraft for closing examination, monitoring the state and activities of a single aircraft and selecting an individual server or passenger connection for closer examination, monitoring the state and activities of a single airborne server, manually controlling a single airborne server, monitoring the state and activities of a single airborne passenger connection, and manually controlling a single airborne passenger connection. This component may be implemented using a Java-based user interface running on one or more terrestrial servers.
[0046] To support the monitoring and manual control functions, the user interface includes a number of windows that may be monitored by a human network security administrator. For instance, an aircraft browser allows groups of aircraft to be navigated and aggregate/summary information displayed as shown in Figure 7. However, this window does not show the status of the communication link. In order to display such status information, the user can select a specific aircraft from the aircraft browser, thereby navigating to an aircraft status window. An exemplary aircraft status window is shown in Figure 8. The aircraft status window enables the user to view all data relevant to a specific aircraft in a single tree structure view 102. In addition, all logged events and commands are displayed in a lower log panel 104. The tabs 106 along the top of the window permit navigation to other panels which in turn focus on a different specific element associated with the aircraft. For instance, the seat panel 108 will provide status information, log detail, and manual controls for a specific seat. Other exemplary windows used to support the monitoring and manual control functions may include (but is not limited to) a passenger connection status window that focuses on displaying information for a single passenger connection, an onboard host status window that focuses on displaying information on a specific host computing device residing on the aircraft, and an events log window that displays event information for a given group, aircraft, passenger connection or host device. It is envisioned that the above-described windows are merely representative of some of the functionality and appearance that be used to implement the monitoring and manual control functions of the present invention. [0047] In addition to monitoring and manual control, services for editing security policy files and distributing security policy updates also reside at the terrestrial-based network security management system 16. The policy editing and application functions include (but are not limited to) editing sensor configuration files, retrieving intrusion detection signature file updates from the applicable vendor website, editing response policy state machines and parameters, editing static security configurations, combining sensor files, signature files, response policies, and static configuration into specific security policies, providing version control over security policy updates, browsing the aircraft in the system by last known policy and desired policy, and distributing a new policy to a selected group of aircraft. The editing of security policy is not intended to be a routine daily activity. For this reason, policy editing and application functions are treated as a separate, distinct logical component from the other functions administered through the user interface running on the terrestrial servers.
[0048] The air-ground communication component 64 is responsible for communication between the airborne security manager and the terrestrial servers. Thus, this component is distributed across these two physical locations. The air- ground communication functions include (but are not limited to) providing non- blocking communications, retrying transmissions until reliable delivery is achieved, queuing up messages during periods of non-connectivity, handling communication session authentication, utilizing cryptographic integrity checks to protect against tampering and replay, optimizing away redundant or superseded messages where possible, utilizing available bandwidth according to message priorities, minimizing bandwidth consumption, and delivering security policy updates to aircrafts. Logically isolating the communications component helps protect the design of the airborne security manager and the terrestrial servers from unnecessary complexity arising from sporadic connectivity.
[0049] The foregoing discussion discloses and describes preferred embodiments of the invention. One skilled in the art will readily recognize from such discussion, and from the accompanying drawings and claims, that changes and modifications can be made to the invention without departing from the true spirit and fair scope of the invention as defined in the following claims.

Claims

What is claimed is:
1. A network security architecture for monitoring security activities in a mobile network platform, comprising a mobile network residing on the mobile network platform, the mobile network being interconnected via an unreliable communication link to a terrestrial-based network security management system; an intrusion detection system connected to the mobile network and residing on the mobile network platform, the intrusion detection system operable to detect a security intrusion event that is associated with the mobile network; and a mobile security manager residing on the mobile network platform and adapted to receive the security intrusion events from the intrusion detection system, the mobile security manager is further operable to perform security response activities in response to the security intrusion events, when the mobile network platform is not connected with network security management system.
2. The network security architecture of Claim 1 wherein the mobile security manager is operable perform security response activities in accordance with a security policy resident on the mobile network platform.
3. The network security architecture of Claim 2 wherein the security policy is defined as a plurality of predefined security intrusion events and a corresponding security response for each of said plurality of security intrusion events.
4. The network security architecture of Claim 2 wherein the security policy is defined by a data structure having a current operational state element, a possible security intrusion event element, a resulting operational state element, and a security response element.
5. The network security architecture of Claim 1 wherein the mobile network includes a plurality of user access points, such that the security intrusion event is associated with one of the plurality of user access points and the security response is directed to said one of the plurality of user access points.
6. The network security architecture of Claim 5 wherein the security response is selected from the group consisting of logging the security intrusion event received from the intrusion detection system, providing a warning message to at least one of said user access points, providing an alert message to a terrestrial-based network security management system, installing a network traffic blocking filter at one of said user access points, and disconnecting one of said user access points from the mobile network.
7. The network security architecture of Claim 5 wherein the mobile security manager maintains an indicator of the current operational state for each of the plurality of user access points, such that the security response directed to said one of the plurality of user access points is in part based on the operational state of said one of the plurality of user access points.
8. The network security architecture of Claim 7 wherein the current operational state for any given user access point is selected from the group consisting of a normal state, a suspected state, and a disconnect state.
9. The network security architecture of Claim 7 wherein the mobile security1 manager is further operable to identify the current operational state for said one of the plurality of user access points and perform security response activities based in part on the identified operational state and the security intrusion event received from the intrusion detection system.
10. The network security architecture of Claim 9 wherein the mobile security manager is further operable to modify the current operational state for said one of the plurality of user access points in accordance with the security policy.
11. The network security architecture of Claim 1 wherein the mobile security manager is operable to transmit a message indicative of the security intrusion event to the network security management system and to perform security response activities in response to security commands received from the network security management system.
12. A method for monitoring security activities associated with a network residing in a mobile network platform, the mobile network platform being interconnected via an unreliable communication link to a terrestrial-based network security management system, comprising: detecting a security intrusion event whose origination is associated with the network residing on the mobile network platform; providing a mobile security manager residing on the mobile network platform, where the mobile security manager is adapted to receive the security intrusion event; and performing a security response activity in response to the detected security intrusion event, when the mobile network platform is not connected with the network security management system.
13. The method of Claim 12 wherein the step of performing a security response activity further comprises applying the security response activity in accordance with a security policy, where the security policy is defined as a plurality of predefined security intrusion events and a corresponding security response for each of said plurality of security intrusion events.
14. The method of Claim 1 further comprising the steps of applying the security response activity in accordance with a security policy, where the security policy is defined by a data structure having a current operational state element, a possible security intrusion event element, a resulting operational state element, and a security response element.
15. The method of Claim 12 wherein the network includes a plurality of user access points, such that the security intrusion event is associated with one of the plurality of user access points and the security response is directed to said one of the plurality of user access points.
16. The method of Claim 15 wherein the security response activity is selected from the group consisting of logging the security intrusion event, providing a warning message to at least one of the user access points, providing an alert message to a terrestrial-based network security management system, installing a network traffic blocking filter at one of the user access points, and disconnecting one of the user access points from the network.
17. The method of Claim 15 further comprising the steps of maintaining an indicator of the current operational state for each of the plurality of user access points and performing a security response activity in response to the detected security intrusion event, where the security response activity is in part' based on the operational state of said one of the plurality of user access points.
18. The method of Claim 17 wherein the current operational state for any given user access point is selected from the group consisting of a normal state, a suspected state, and a disconnect state.
19. An airborne security system for monitoring security activities associated with a network residing on an aircraft, the aircraft being interconnected via an unreliable communication link to a terrestrial-based network security management system, comprising: an intrusion detection system connected to the network and operable to detect a security intrusion event that is associated with network; and an airborne security manager connected to the network and adapted to receive the security intrusion event from the intrusion detection system, the security manager is further operable to perform security response activities in accordance with a security policy, when the aircraft is not connected with the network security management system.
PCT/US2002/023226 2001-08-03 2002-07-19 An airborne security manager WO2003014891A2 (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
CN02819635XA CN1602610B (en) 2001-08-03 2002-07-19 An airborne security manager
EP02747074A EP1413117B1 (en) 2001-08-03 2002-07-19 An airborne security manager
JP2003519756A JP4124728B2 (en) 2001-08-03 2002-07-19 Airborne security management program
CA2454223A CA2454223C (en) 2001-08-03 2002-07-19 An airborne security manager
DE60228975T DE60228975D1 (en) 2001-08-03 2002-07-19 AN AIR-ASSISTED SAFETY MANAGER
AU2002316744A AU2002316744A1 (en) 2001-08-03 2002-07-19 An airborne security manager

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US30986201P 2001-08-03 2001-08-03
US60/309,862 2001-08-03
US09/992,310 2001-11-19
US09/992,310 US7715819B2 (en) 2001-08-03 2001-11-19 Airborne security manager

Publications (2)

Publication Number Publication Date
WO2003014891A2 true WO2003014891A2 (en) 2003-02-20
WO2003014891A3 WO2003014891A3 (en) 2003-12-04

Family

ID=26977066

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2002/023226 WO2003014891A2 (en) 2001-08-03 2002-07-19 An airborne security manager

Country Status (8)

Country Link
US (1) US7715819B2 (en)
EP (1) EP1413117B1 (en)
JP (2) JP4124728B2 (en)
CN (1) CN1602610B (en)
AU (1) AU2002316744A1 (en)
CA (1) CA2454223C (en)
DE (1) DE60228975D1 (en)
WO (1) WO2003014891A2 (en)

Cited By (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006521061A (en) * 2003-03-20 2006-09-14 ザ・ボーイング・カンパニー Delivery policy tool
US8350725B2 (en) 2006-03-08 2013-01-08 Airbus Operations (S.A.S.) Method and device for detecting attempts at intruding on a communication link between an aircraft and a ground station
US8437271B2 (en) 2009-01-28 2013-05-07 Headwater Partners I Llc Verifiable and accurate service usage monitoring for intermediate networking devices
US8626115B2 (en) 2009-01-28 2014-01-07 Headwater Partners I Llc Wireless network service interfaces
US8745191B2 (en) 2009-01-28 2014-06-03 Headwater Partners I Llc System and method for providing user notifications
US8832777B2 (en) 2009-03-02 2014-09-09 Headwater Partners I Llc Adapting network policies based on device service processor configuration
US8898293B2 (en) 2009-01-28 2014-11-25 Headwater Partners I Llc Service offer set publishing to device agent with on-device service selection
US8924469B2 (en) 2008-06-05 2014-12-30 Headwater Partners I Llc Enterprise access control and accounting allocation for access networks
US9094311B2 (en) 2009-01-28 2015-07-28 Headwater Partners I, Llc Techniques for attribution of mobile device data traffic to initiating end-user application
US9609544B2 (en) 2009-01-28 2017-03-28 Headwater Research Llc Device-assisted services for protecting network capacity
US9609510B2 (en) 2009-01-28 2017-03-28 Headwater Research Llc Automated credential porting for mobile devices
US9647918B2 (en) 2009-01-28 2017-05-09 Headwater Research Llc Mobile device and method attributing media services network usage to requesting application
US9706061B2 (en) 2009-01-28 2017-07-11 Headwater Partners I Llc Service design center for device assisted services
US9755842B2 (en) 2009-01-28 2017-09-05 Headwater Research Llc Managing service user discovery and service launch object placement on a device
US9819808B2 (en) 2009-01-28 2017-11-14 Headwater Research Llc Hierarchical service policies for creating service usage data records for a wireless end-user device
US9858559B2 (en) 2009-01-28 2018-01-02 Headwater Research Llc Network service plan design
US9942796B2 (en) 2009-01-28 2018-04-10 Headwater Research Llc Quality of service for device assisted services
US9954975B2 (en) 2009-01-28 2018-04-24 Headwater Research Llc Enhanced curfew and protection associated with a device group
US9955332B2 (en) 2009-01-28 2018-04-24 Headwater Research Llc Method for child wireless device activation to subscriber account of a master wireless device
US9973930B2 (en) 2009-01-28 2018-05-15 Headwater Research Llc End user device that secures an association of application to service policy with an application certificate check
US9980146B2 (en) 2009-01-28 2018-05-22 Headwater Research Llc Communications device with secure data path processing agents
US10057775B2 (en) 2009-01-28 2018-08-21 Headwater Research Llc Virtualized policy and charging system
US10057141B2 (en) 2009-01-28 2018-08-21 Headwater Research Llc Proxy system and method for adaptive ambient services
US10064055B2 (en) 2009-01-28 2018-08-28 Headwater Research Llc Security, fraud detection, and fraud mitigation in device-assisted services systems
US10064033B2 (en) 2009-01-28 2018-08-28 Headwater Research Llc Device group partitions and settlement platform
US10070305B2 (en) 2009-01-28 2018-09-04 Headwater Research Llc Device assisted services install
US10080250B2 (en) 2009-01-28 2018-09-18 Headwater Research Llc Enterprise access control and accounting allocation for access networks
US10200541B2 (en) 2009-01-28 2019-02-05 Headwater Research Llc Wireless end-user device with divided user space/kernel space traffic policy system
US10237757B2 (en) 2009-01-28 2019-03-19 Headwater Research Llc System and method for wireless network offloading
US10248996B2 (en) 2009-01-28 2019-04-02 Headwater Research Llc Method for operating a wireless end-user device mobile payment agent
US10264138B2 (en) 2009-01-28 2019-04-16 Headwater Research Llc Mobile device and service management
US10326800B2 (en) 2009-01-28 2019-06-18 Headwater Research Llc Wireless network service interfaces
US10492102B2 (en) 2009-01-28 2019-11-26 Headwater Research Llc Intermediate networking devices
US10715342B2 (en) 2009-01-28 2020-07-14 Headwater Research Llc Managing service user discovery and service launch object placement on a device
US10779177B2 (en) 2009-01-28 2020-09-15 Headwater Research Llc Device group partitions and settlement platform
US10783581B2 (en) 2009-01-28 2020-09-22 Headwater Research Llc Wireless end-user device providing ambient or sponsored services
US10798252B2 (en) 2009-01-28 2020-10-06 Headwater Research Llc System and method for providing user notifications
US10834577B2 (en) 2009-01-28 2020-11-10 Headwater Research Llc Service offer set publishing to device agent with on-device service selection
US10841839B2 (en) 2009-01-28 2020-11-17 Headwater Research Llc Security, fraud detection, and fraud mitigation in device-assisted services systems
US11218854B2 (en) 2009-01-28 2022-01-04 Headwater Research Llc Service plan design, user interfaces, application programming interfaces, and device management
US11412366B2 (en) 2009-01-28 2022-08-09 Headwater Research Llc Enhanced roaming services and converged carrier networks with device assisted services and a proxy

Families Citing this family (85)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7921442B2 (en) 2000-08-16 2011-04-05 The Boeing Company Method and apparatus for simultaneous live television and data services using single beam antennas
US6947726B2 (en) * 2001-08-03 2005-09-20 The Boeing Company Network security architecture for a mobile network platform
US20040203764A1 (en) * 2002-06-03 2004-10-14 Scott Hrastar Methods and systems for identifying nodes and mapping their locations
US7058796B2 (en) * 2002-05-20 2006-06-06 Airdefense, Inc. Method and system for actively defending a wireless LAN against attacks
US7383577B2 (en) * 2002-05-20 2008-06-03 Airdefense, Inc. Method and system for encrypted network management and intrusion detection
US7086089B2 (en) * 2002-05-20 2006-08-01 Airdefense, Inc. Systems and methods for network security
US7532895B2 (en) * 2002-05-20 2009-05-12 Air Defense, Inc. Systems and methods for adaptive location tracking
US7277404B2 (en) * 2002-05-20 2007-10-02 Airdefense, Inc. System and method for sensing wireless LAN activity
US7042852B2 (en) * 2002-05-20 2006-05-09 Airdefense, Inc. System and method for wireless LAN dynamic channel change with honeypot trap
US7322044B2 (en) * 2002-06-03 2008-01-22 Airdefense, Inc. Systems and methods for automated network policy exception detection and correction
US7324804B2 (en) * 2003-04-21 2008-01-29 Airdefense, Inc. Systems and methods for dynamic sensor discovery and selection
US7359676B2 (en) * 2003-04-21 2008-04-15 Airdefense, Inc. Systems and methods for adaptively scanning for wireless communications
US7522908B2 (en) * 2003-04-21 2009-04-21 Airdefense, Inc. Systems and methods for wireless network site survey
US20040210654A1 (en) * 2003-04-21 2004-10-21 Hrastar Scott E. Systems and methods for determining wireless network topology
US7355996B2 (en) * 2004-02-06 2008-04-08 Airdefense, Inc. Systems and methods for adaptive monitoring with bandwidth constraints
CA2534630C (en) * 2003-07-17 2016-05-24 Interdigital Technology Corporation Signaling method for wlan network control
US7295831B2 (en) * 2003-08-12 2007-11-13 3E Technologies International, Inc. Method and system for wireless intrusion detection prevention and security management
CN1902902A (en) * 2003-09-04 2007-01-24 Emc公司 Data message mirroring and redirection
US8051477B2 (en) * 2004-04-19 2011-11-01 The Boeing Company Security state vector for mobile network platform
DE102004021975A1 (en) * 2004-05-04 2005-12-01 Carl v. Ossietzky Universität Oldenburg, vertreten durch den Kanzler Method for determining deadlocks in concurrent processes
US8196199B2 (en) * 2004-10-19 2012-06-05 Airdefense, Inc. Personal wireless monitoring agent
US20060123133A1 (en) * 2004-10-19 2006-06-08 Hrastar Scott E Detecting unauthorized wireless devices on a wired network
US7620068B2 (en) * 2004-11-08 2009-11-17 Harris Corporation Adaptive bandwidth utilization for telemetered data
US8605878B2 (en) 2005-06-30 2013-12-10 Emc Corporation Redirecting and mirroring of telephonic communications
US8831194B2 (en) * 2005-06-30 2014-09-09 Emc Corporation Telephonic communication redirection and compliance processing
US8059805B2 (en) 2005-06-30 2011-11-15 Emc Corporation Enhanced services provided using communication redirection and processing
US7715800B2 (en) 2006-01-13 2010-05-11 Airdefense, Inc. Systems and methods for wireless intrusion detection using spectral analysis
FR2898456B1 (en) * 2006-03-08 2015-03-06 Airbus France METHODS AND DEVICES FOR TRANSMITTING AND RECEIVING A MESSAGE TO BE EXCHANGED BETWEEN AN AIRCRAFT AND A GROUND BASE, AND AN AIRCRAFT EQUIPPED WITH SUCH DEVICES
US20070218874A1 (en) * 2006-03-17 2007-09-20 Airdefense, Inc. Systems and Methods For Wireless Network Forensics
US7971251B2 (en) * 2006-03-17 2011-06-28 Airdefense, Inc. Systems and methods for wireless security using distributed collaboration of wireless clients
US20090021343A1 (en) * 2006-05-10 2009-01-22 Airdefense, Inc. RFID Intrusion Protection System and Methods
US7970013B2 (en) 2006-06-16 2011-06-28 Airdefense, Inc. Systems and methods for wireless network content filtering
US8281392B2 (en) * 2006-08-11 2012-10-02 Airdefense, Inc. Methods and systems for wired equivalent privacy and Wi-Fi protected access protection
US8091114B2 (en) * 2006-09-15 2012-01-03 Bombardier Transportation Gmbh Integrated security event management system
US7581002B2 (en) * 2006-10-06 2009-08-25 The Boeing Company Methods and systems for network failure reporting
US8331904B2 (en) * 2006-10-20 2012-12-11 Nokia Corporation Apparatus and a security node for use in determining security attacks
FR2912578B1 (en) * 2007-02-13 2009-05-22 Airbus France Sas METHOD OF AUTHENTICATING AN ELECTRONIC DOCUMENT AND METHOD OF VERIFYING A DOCUMENT THUS AUTHENTICATED.
FR2922702B1 (en) * 2007-10-17 2010-02-26 Airbus France SECURING TELECHARGEABLE COMPUTER FILE DATA ON AN AIRCRAFT BASED ON IDENTITY OF ENTITIES, AUTHENFICATION METHOD, SYSTEM AND AIRCRAFT
US8635335B2 (en) 2009-01-28 2014-01-21 Headwater Partners I Llc System and method for wireless network offloading
US8340634B2 (en) 2009-01-28 2012-12-25 Headwater Partners I, Llc Enhanced roaming services and converged carrier networks with device assisted services and a proxy
US8924543B2 (en) 2009-01-28 2014-12-30 Headwater Partners I Llc Service design center for device assisted services
US8391834B2 (en) 2009-01-28 2013-03-05 Headwater Partners I Llc Security techniques for device assisted services
US9557889B2 (en) 2009-01-28 2017-01-31 Headwater Partners I Llc Service plan design, user interfaces, application programming interfaces, and device management
US9578182B2 (en) 2009-01-28 2017-02-21 Headwater Partners I Llc Mobile device and service management
US9351193B2 (en) 2009-01-28 2016-05-24 Headwater Partners I Llc Intermediate networking devices
US8893009B2 (en) 2009-01-28 2014-11-18 Headwater Partners I Llc End user device that secures an association of application to service policy with an application certificate check
US9253663B2 (en) 2009-01-28 2016-02-02 Headwater Partners I Llc Controlling mobile device communications on a roaming network based on device state
US9571559B2 (en) 2009-01-28 2017-02-14 Headwater Partners I Llc Enhanced curfew and protection associated with a device group
US8793758B2 (en) 2009-01-28 2014-07-29 Headwater Partners I Llc Security, fraud detection, and fraud mitigation in device-assisted services systems
FR2944117B1 (en) * 2009-04-06 2014-05-09 Airbus France METHODS AND DEVICES FOR MANAGING EVENTS RELATING TO THE SAFETY OF COMPUTER AIRCRAFT SYSTEMS
US9426768B1 (en) 2009-07-22 2016-08-23 The Boeing Company Aircraft communications during different phases of flight
US8811616B2 (en) 2010-04-12 2014-08-19 Flight Focus Pte. Ltd. Secure aircraft data channel communication for aircraft operations
US9037169B2 (en) 2010-04-12 2015-05-19 Flight Focus Pte. Ltd. SMS communication to and from messaging devices in an aircraft
CN102158686A (en) * 2011-01-13 2011-08-17 重庆桓浩科技发展有限公司 Novel security management system for Internet of things residential district
US8767537B1 (en) 2011-03-17 2014-07-01 The Boeing Company Airborne wireless device security
US9154826B2 (en) 2011-04-06 2015-10-06 Headwater Partners Ii Llc Distributing content and service launch objects to mobile devices
US9148846B2 (en) * 2011-06-30 2015-09-29 Motorola Solutions, Inc. Methods for intelligent network selection
US9507965B2 (en) 2011-12-22 2016-11-29 Intel Corporation Always-available embedded theft reaction subsystem
US9619671B2 (en) * 2011-12-22 2017-04-11 Intel Corporation Always-available embedded theft reaction subsystem
US9520048B2 (en) 2011-12-22 2016-12-13 Intel Corporation Always-available embedded theft reaction subsystem
US9734359B2 (en) 2011-12-22 2017-08-15 Intel Corporation Always-available embedded theft reaction subsystem
US9507918B2 (en) 2011-12-22 2016-11-29 Intel Corporation Always-available embedded theft reaction subsystem
US9454678B2 (en) 2011-12-22 2016-09-27 Intel Corporation Always-available embedded theft reaction subsystem
EP2795512A4 (en) 2011-12-22 2016-01-06 Intel Corp Always-available embedded theft reaction subsystem
EP2795516A4 (en) 2011-12-22 2015-09-02 Intel Corp Always-available embedded theft reaction subsystem
US9552500B2 (en) 2011-12-22 2017-01-24 Intel Corporation Always-available embedded theft reaction subsystem
JP5445626B2 (en) * 2012-06-25 2014-03-19 横河電機株式会社 Network management system
CN103458413A (en) * 2013-05-28 2013-12-18 大连理工大学 Method for intrusion detection based on wireless signal characters
US9407638B2 (en) * 2013-08-26 2016-08-02 The Boeing Company System and method for trusted mobile communications
US20150134801A1 (en) * 2013-11-14 2015-05-14 Broadcom Corporation Making policy-based decisions in a network
US9344439B2 (en) 2014-01-20 2016-05-17 The Boeing Company Executing unprotected mode services in a protected mode environment
US9591005B2 (en) * 2014-08-20 2017-03-07 Ge Aviation Systems Llc Avionics intrusion detection system and method of determining intrusion of an avionics component or system
US9996692B2 (en) * 2015-08-06 2018-06-12 The Boeing Company Method and system for using principal components analysis (PCA) to display trends in aircraft cyber events in real time
US9591009B2 (en) * 2015-08-06 2017-03-07 The Boeing Company Air-based and ground-based security information and event management system
CN105530477A (en) * 2015-12-24 2016-04-27 北京中电普华信息技术有限公司 Infrastructure construction monitoring system based on power internet of things
US20170295154A1 (en) * 2016-04-07 2017-10-12 Gogo Llc Systems and methods for authenticating applications to on-board services
CN106027961A (en) * 2016-05-18 2016-10-12 常州市武进金阳光电子有限公司 Wireless video monitoring system of electric power network
US10412100B2 (en) * 2016-08-01 2019-09-10 The Boeing Company System and methods for providing secure data connections in an aviation environment
US10560326B2 (en) * 2017-09-22 2020-02-11 Webroot Inc. State-based entity behavior analysis
WO2019116054A1 (en) * 2017-12-15 2019-06-20 GM Global Technology Operations LLC Ethernet network-profiling intrusion detection control logic and architectures for in-vehicle controllers
US10991255B2 (en) * 2018-04-05 2021-04-27 Ge Aviation Systems Llc Providing an open interface to a flight management system
US10992689B2 (en) * 2018-09-18 2021-04-27 The Boeing Company Systems and methods for relating network intrusions to passenger-owned devices
US11889392B2 (en) 2019-06-14 2024-01-30 The Boeing Company Aircraft network cybersecurity apparatus and methods
US11658990B2 (en) 2019-06-28 2023-05-23 The Boeing Company Systems and methods for detecting cybersecurity threats
CN112787836B (en) * 2019-11-07 2022-04-15 比亚迪股份有限公司 Information security network topology system for rail transit and method for implementing information security for rail transit

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0890907A1 (en) * 1997-07-11 1999-01-13 ICO Services Ltd. Providing web access to users in a vehicle
WO1999057625A1 (en) * 1998-05-06 1999-11-11 Prc Inc. Dynamic system defence for information warfare

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4868859A (en) 1987-06-12 1989-09-19 Bt Telecom, Inc. Supervised, interactive alarm reporting system
US5027383A (en) 1987-06-12 1991-06-25 Versus Technology, Inc. Supervised, interactive alarm reporting system
US4825457A (en) 1988-04-25 1989-04-25 Lebowitz Mayer M Cellular network data transmission system
US5055851A (en) 1988-05-16 1991-10-08 Trackmobile, Inc. Vehicle location system
US5866888A (en) 1990-11-20 1999-02-02 Symbol Technologies, Inc. Traveler security and luggage control system
US5917405A (en) 1993-06-08 1999-06-29 Joao; Raymond Anthony Control apparatus and methods for vehicles
US5537460A (en) 1994-07-08 1996-07-16 Holliday, Jr.; Robert O. Method and apparatus for determining the precise location of a modified cellular telephone using registration messages and reverse control channel transmission
JPH10322262A (en) * 1997-05-15 1998-12-04 Mitsubishi Electric Corp Portable information terminal equipment communication support system in mobile object
US6092008A (en) 1997-06-13 2000-07-18 Bateman; Wesley H. Flight event record system
US6052604A (en) 1997-10-03 2000-04-18 Motorola, Inc. Exchange which controls M SIMs and N transceivers and method therefor
US6725378B1 (en) * 1998-04-15 2004-04-20 Purdue Research Foundation Network protection for denial of service attacks
US6052304A (en) * 1998-06-18 2000-04-18 Lsi Logic Corporation Non-volatile storage element and method for manufacturing using standard processing
GB9909825D0 (en) * 1998-09-08 1999-06-23 Airnet Global Holdings Limited Communications system for aircraft
EP1149339A1 (en) * 1998-12-09 2001-10-31 Network Ice Corporation A method and apparatus for providing network and computer system security
EP1017188A3 (en) * 1998-12-30 2001-12-12 Lucent Technologies Inc. Method and system for high speed data access from remote locations
US6392692B1 (en) * 1999-02-25 2002-05-21 David A. Monroe Network communication techniques for security surveillance and safety system
US6177887B1 (en) 1999-07-06 2001-01-23 George A. Jerome Multi-passenger vehicle catering and entertainment system
JP2001034553A (en) * 1999-07-26 2001-02-09 Hitachi Ltd Network access control method and device therefor
JP3546771B2 (en) * 1999-09-07 2004-07-28 日本電気株式会社 System and method for restricting unauthorized access of cable modem
US7475405B2 (en) * 2000-09-06 2009-01-06 International Business Machines Corporation Method and system for detecting unusual events and application thereof in computer intrusion detection

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0890907A1 (en) * 1997-07-11 1999-01-13 ICO Services Ltd. Providing web access to users in a vehicle
WO1999057625A1 (en) * 1998-05-06 1999-11-11 Prc Inc. Dynamic system defence for information warfare

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"AN INTRODUCTION TO INTRUSION DETECTION ASSESSMENT FOR SYSTEM AND NETWORK SECURITY MANAGEMENT, PASSAGE" INTRODUCTION TO INTRUSION DETECTION ASSESSMENT FOR SYSTEM AND NETWORK SECURITY MANAGEMENT, XX, XX, 1998, pages 1-38, XP002935681 *

Cited By (105)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006521061A (en) * 2003-03-20 2006-09-14 ザ・ボーイング・カンパニー Delivery policy tool
US8350725B2 (en) 2006-03-08 2013-01-08 Airbus Operations (S.A.S.) Method and device for detecting attempts at intruding on a communication link between an aircraft and a ground station
US8924469B2 (en) 2008-06-05 2014-12-30 Headwater Partners I Llc Enterprise access control and accounting allocation for access networks
US10536983B2 (en) 2009-01-28 2020-01-14 Headwater Research Llc Enterprise access control and accounting allocation for access networks
US9615192B2 (en) 2009-01-28 2017-04-04 Headwater Research Llc Message link server with plural message delivery triggers
US8531986B2 (en) 2009-01-28 2013-09-10 Headwater Partners I Llc Network tools for analysis, design, testing, and production of services
US8626115B2 (en) 2009-01-28 2014-01-07 Headwater Partners I Llc Wireless network service interfaces
US10582375B2 (en) 2009-01-28 2020-03-03 Headwater Research Llc Device assisted services install
US8839387B2 (en) 2009-01-28 2014-09-16 Headwater Partners I Llc Roaming services network and overlay networks
US8898293B2 (en) 2009-01-28 2014-11-25 Headwater Partners I Llc Service offer set publishing to device agent with on-device service selection
US9094311B2 (en) 2009-01-28 2015-07-28 Headwater Partners I, Llc Techniques for attribution of mobile device data traffic to initiating end-user application
US9609544B2 (en) 2009-01-28 2017-03-28 Headwater Research Llc Device-assisted services for protecting network capacity
US9609510B2 (en) 2009-01-28 2017-03-28 Headwater Research Llc Automated credential porting for mobile devices
US9609459B2 (en) 2009-01-28 2017-03-28 Headwater Research Llc Network tools for analysis, design, testing, and production of services
US10681179B2 (en) 2009-01-28 2020-06-09 Headwater Research Llc Enhanced curfew and protection associated with a device group
US9641957B2 (en) 2009-01-28 2017-05-02 Headwater Research Llc Automated device provisioning and activation
US9647918B2 (en) 2009-01-28 2017-05-09 Headwater Research Llc Mobile device and method attributing media services network usage to requesting application
US9674731B2 (en) 2009-01-28 2017-06-06 Headwater Research Llc Wireless device applying different background data traffic policies to different device applications
US9706061B2 (en) 2009-01-28 2017-07-11 Headwater Partners I Llc Service design center for device assisted services
US9705771B2 (en) 2009-01-28 2017-07-11 Headwater Partners I Llc Attribution of mobile device data traffic to end-user application based on socket flows
US9749898B2 (en) 2009-01-28 2017-08-29 Headwater Research Llc Wireless end-user device with differential traffic control policy list applicable to one of several wireless modems
US9749899B2 (en) 2009-01-28 2017-08-29 Headwater Research Llc Wireless end-user device with network traffic API to indicate unavailability of roaming wireless connection to background applications
US9755842B2 (en) 2009-01-28 2017-09-05 Headwater Research Llc Managing service user discovery and service launch object placement on a device
US9769207B2 (en) 2009-01-28 2017-09-19 Headwater Research Llc Wireless network service interfaces
US9819808B2 (en) 2009-01-28 2017-11-14 Headwater Research Llc Hierarchical service policies for creating service usage data records for a wireless end-user device
US9858559B2 (en) 2009-01-28 2018-01-02 Headwater Research Llc Network service plan design
US9866642B2 (en) 2009-01-28 2018-01-09 Headwater Research Llc Wireless end-user device with wireless modem power state control policy for background applications
US9942796B2 (en) 2009-01-28 2018-04-10 Headwater Research Llc Quality of service for device assisted services
US9954975B2 (en) 2009-01-28 2018-04-24 Headwater Research Llc Enhanced curfew and protection associated with a device group
US9955332B2 (en) 2009-01-28 2018-04-24 Headwater Research Llc Method for child wireless device activation to subscriber account of a master wireless device
US9973930B2 (en) 2009-01-28 2018-05-15 Headwater Research Llc End user device that secures an association of application to service policy with an application certificate check
US9980146B2 (en) 2009-01-28 2018-05-22 Headwater Research Llc Communications device with secure data path processing agents
US10028144B2 (en) 2009-01-28 2018-07-17 Headwater Research Llc Security techniques for device assisted services
US10057775B2 (en) 2009-01-28 2018-08-21 Headwater Research Llc Virtualized policy and charging system
US10057141B2 (en) 2009-01-28 2018-08-21 Headwater Research Llc Proxy system and method for adaptive ambient services
US10064055B2 (en) 2009-01-28 2018-08-28 Headwater Research Llc Security, fraud detection, and fraud mitigation in device-assisted services systems
US10064033B2 (en) 2009-01-28 2018-08-28 Headwater Research Llc Device group partitions and settlement platform
US10070305B2 (en) 2009-01-28 2018-09-04 Headwater Research Llc Device assisted services install
US10080250B2 (en) 2009-01-28 2018-09-18 Headwater Research Llc Enterprise access control and accounting allocation for access networks
US10165447B2 (en) 2009-01-28 2018-12-25 Headwater Research Llc Network service plan design
US10200541B2 (en) 2009-01-28 2019-02-05 Headwater Research Llc Wireless end-user device with divided user space/kernel space traffic policy system
US10694385B2 (en) 2009-01-28 2020-06-23 Headwater Research Llc Security techniques for device assisted services
US10237146B2 (en) 2009-01-28 2019-03-19 Headwater Research Llc Adaptive ambient services
US10237757B2 (en) 2009-01-28 2019-03-19 Headwater Research Llc System and method for wireless network offloading
US10248996B2 (en) 2009-01-28 2019-04-02 Headwater Research Llc Method for operating a wireless end-user device mobile payment agent
US10264138B2 (en) 2009-01-28 2019-04-16 Headwater Research Llc Mobile device and service management
US10321320B2 (en) 2009-01-28 2019-06-11 Headwater Research Llc Wireless network buffered message system
US10320990B2 (en) 2009-01-28 2019-06-11 Headwater Research Llc Device assisted CDR creation, aggregation, mediation and billing
US10326675B2 (en) 2009-01-28 2019-06-18 Headwater Research Llc Flow tagging for service policy implementation
US10326800B2 (en) 2009-01-28 2019-06-18 Headwater Research Llc Wireless network service interfaces
US10462627B2 (en) 2009-01-28 2019-10-29 Headwater Research Llc Service plan design, user interfaces, application programming interfaces, and device management
US10492102B2 (en) 2009-01-28 2019-11-26 Headwater Research Llc Intermediate networking devices
US8437271B2 (en) 2009-01-28 2013-05-07 Headwater Partners I Llc Verifiable and accurate service usage monitoring for intermediate networking devices
US8745191B2 (en) 2009-01-28 2014-06-03 Headwater Partners I Llc System and method for providing user notifications
US8516552B2 (en) 2009-01-28 2013-08-20 Headwater Partners I Llc Verifiable service policy implementation for intermediate networking devices
US10237773B2 (en) 2009-01-28 2019-03-19 Headwater Research Llc Device-assisted services for protecting network capacity
US10715342B2 (en) 2009-01-28 2020-07-14 Headwater Research Llc Managing service user discovery and service launch object placement on a device
US10716006B2 (en) 2009-01-28 2020-07-14 Headwater Research Llc End user device that secures an association of application to service policy with an application certificate check
US10749700B2 (en) 2009-01-28 2020-08-18 Headwater Research Llc Device-assisted services for protecting network capacity
US10771980B2 (en) 2009-01-28 2020-09-08 Headwater Research Llc Communications device with secure data path processing agents
US10779177B2 (en) 2009-01-28 2020-09-15 Headwater Research Llc Device group partitions and settlement platform
US10783581B2 (en) 2009-01-28 2020-09-22 Headwater Research Llc Wireless end-user device providing ambient or sponsored services
US10791471B2 (en) 2009-01-28 2020-09-29 Headwater Research Llc System and method for wireless network offloading
US10798254B2 (en) 2009-01-28 2020-10-06 Headwater Research Llc Service design center for device assisted services
US10798558B2 (en) 2009-01-28 2020-10-06 Headwater Research Llc Adapting network policies based on device service processor configuration
US10798252B2 (en) 2009-01-28 2020-10-06 Headwater Research Llc System and method for providing user notifications
US10803518B2 (en) 2009-01-28 2020-10-13 Headwater Research Llc Virtualized policy and charging system
US10834577B2 (en) 2009-01-28 2020-11-10 Headwater Research Llc Service offer set publishing to device agent with on-device service selection
US10841839B2 (en) 2009-01-28 2020-11-17 Headwater Research Llc Security, fraud detection, and fraud mitigation in device-assisted services systems
US10848330B2 (en) 2009-01-28 2020-11-24 Headwater Research Llc Device-assisted services for protecting network capacity
US10855559B2 (en) 2009-01-28 2020-12-01 Headwater Research Llc Adaptive ambient services
US10869199B2 (en) 2009-01-28 2020-12-15 Headwater Research Llc Network service plan design
US10985977B2 (en) 2009-01-28 2021-04-20 Headwater Research Llc Quality of service for device assisted services
US11039020B2 (en) 2009-01-28 2021-06-15 Headwater Research Llc Mobile device and service management
US11096055B2 (en) 2009-01-28 2021-08-17 Headwater Research Llc Automated device provisioning and activation
US11134102B2 (en) 2009-01-28 2021-09-28 Headwater Research Llc Verifiable device assisted service usage monitoring with reporting, synchronization, and notification
US11190545B2 (en) 2009-01-28 2021-11-30 Headwater Research Llc Wireless network service interfaces
US11190645B2 (en) 2009-01-28 2021-11-30 Headwater Research Llc Device assisted CDR creation, aggregation, mediation and billing
US11190427B2 (en) 2009-01-28 2021-11-30 Headwater Research Llc Flow tagging for service policy implementation
US11218854B2 (en) 2009-01-28 2022-01-04 Headwater Research Llc Service plan design, user interfaces, application programming interfaces, and device management
US11219074B2 (en) 2009-01-28 2022-01-04 Headwater Research Llc Enterprise access control and accounting allocation for access networks
US11228617B2 (en) 2009-01-28 2022-01-18 Headwater Research Llc Automated device provisioning and activation
US11337059B2 (en) 2009-01-28 2022-05-17 Headwater Research Llc Device assisted services install
US11363496B2 (en) 2009-01-28 2022-06-14 Headwater Research Llc Intermediate networking devices
US11405224B2 (en) 2009-01-28 2022-08-02 Headwater Research Llc Device-assisted services for protecting network capacity
US11405429B2 (en) 2009-01-28 2022-08-02 Headwater Research Llc Security techniques for device assisted services
US11412366B2 (en) 2009-01-28 2022-08-09 Headwater Research Llc Enhanced roaming services and converged carrier networks with device assisted services and a proxy
US11425580B2 (en) 2009-01-28 2022-08-23 Headwater Research Llc System and method for wireless network offloading
US11477246B2 (en) 2009-01-28 2022-10-18 Headwater Research Llc Network service plan design
US11494837B2 (en) 2009-01-28 2022-11-08 Headwater Research Llc Virtualized policy and charging system
US11516301B2 (en) 2009-01-28 2022-11-29 Headwater Research Llc Enhanced curfew and protection associated with a device group
US11533642B2 (en) 2009-01-28 2022-12-20 Headwater Research Llc Device group partitions and settlement platform
US11538106B2 (en) 2009-01-28 2022-12-27 Headwater Research Llc Wireless end-user device providing ambient or sponsored services
US11563592B2 (en) 2009-01-28 2023-01-24 Headwater Research Llc Managing service user discovery and service launch object placement on a device
US11570309B2 (en) 2009-01-28 2023-01-31 Headwater Research Llc Service design center for device assisted services
US11582593B2 (en) 2009-01-28 2023-02-14 Head Water Research Llc Adapting network policies based on device service processor configuration
US11589216B2 (en) 2009-01-28 2023-02-21 Headwater Research Llc Service selection set publishing to device agent with on-device service selection
US11665186B2 (en) 2009-01-28 2023-05-30 Headwater Research Llc Communications device with secure data path processing agents
US11665592B2 (en) 2009-01-28 2023-05-30 Headwater Research Llc Security, fraud detection, and fraud mitigation in device-assisted services systems
US11750477B2 (en) 2009-01-28 2023-09-05 Headwater Research Llc Adaptive ambient services
US11923995B2 (en) 2009-01-28 2024-03-05 Headwater Research Llc Device-assisted services for protecting network capacity
US11757943B2 (en) 2009-01-28 2023-09-12 Headwater Research Llc Automated device provisioning and activation
US8832777B2 (en) 2009-03-02 2014-09-09 Headwater Partners I Llc Adapting network policies based on device service processor configuration
US10834583B2 (en) 2013-03-14 2020-11-10 Headwater Research Llc Automated credential porting for mobile devices
US11743717B2 (en) 2013-03-14 2023-08-29 Headwater Research Llc Automated credential porting for mobile devices

Also Published As

Publication number Publication date
JP4573307B2 (en) 2010-11-04
US20030027550A1 (en) 2003-02-06
WO2003014891A3 (en) 2003-12-04
US7715819B2 (en) 2010-05-11
CN1602610A (en) 2005-03-30
EP1413117B1 (en) 2008-09-17
JP4124728B2 (en) 2008-07-23
EP1413117A2 (en) 2004-04-28
JP2008167460A (en) 2008-07-17
CA2454223C (en) 2011-04-26
CN1602610B (en) 2010-07-07
CA2454223A1 (en) 2003-02-20
AU2002316744A1 (en) 2003-02-24
DE60228975D1 (en) 2008-10-30
JP2005527990A (en) 2005-09-15

Similar Documents

Publication Publication Date Title
EP1413117B1 (en) An airborne security manager
CA2453565C (en) Network security architecture for a mobile network platform
CN104813337B (en) Hardware management interface
US7321566B2 (en) Hierarchical management system on distributed network management platform
JP4620686B2 (en) System and method for recording events in a vehicle
EP2074788B1 (en) Methods and systems for network failure reporting
US9591009B2 (en) Air-based and ground-based security information and event management system
US20030069015A1 (en) Method and apparatus for remote initiation of ARINC 615 downloads
US10187405B2 (en) Macro grid governance and communication
KR101425287B1 (en) Air traffic control integrated system
EP1008947A1 (en) Method of bringing an air traffic service unit into use
WO2006015633A1 (en) Device and method for configuration of a data processing unit
CA2663181A1 (en) Integrated security event management system
US20120007981A1 (en) Passenger surveillance
US8392534B2 (en) Device for access to data aboard an aircraft
KR101417519B1 (en) Air traffic control integrated system
Waheed et al. A system for real-time monitoring of cybersecurity events on aircraft
KR102220103B1 (en) Satellite communication method and apparatus performing orchestration of satellite communication assets
DE102017217475A1 (en) Automated delivery of safety references to planned crew
Branlat et al. Connectivity and resilience of remote operations: insights from air traffic management
Holmes et al. An Operational Viewpoint of Centralised vs. Remote Ground M&C at EUMETSAT

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG UZ VN YU ZA ZM ZW

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BY BZ CA CH CN CO CR CU CZ DE DM DZ EC EE ES FI GB GD GE GH HR HU ID IL IN IS JP KE KG KP KR LC LK LR LS LT LU LV MA MD MG MN MW MX MZ NO NZ OM PH PL PT RU SD SE SG SI SK SL TJ TM TN TR TZ UA UG UZ VN YU ZA ZM

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ UG ZM ZW AM AZ BY KG KZ RU TJ TM AT BE BG CH CY CZ DK EE ES FI FR GB GR IE IT LU MC PT SE SK TR BF BJ CF CG CI GA GN GQ GW ML MR NE SN TD TG

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2454223

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 2002747074

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2003519756

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 2002819635X

Country of ref document: CN

WWP Wipo information: published in national office

Ref document number: 2002747074

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642