1. Field:
The present disclosure relates generally to systems and methods for verifying the authenticity and integrity of information used on aircraft. More particularly, the present disclosure relates to verifying the authenticity and integrity of information used on the aircraft when a digital certificate associated with the information is known or suspected to be compromised.
2. Background:
Modern aircraft are extremely complex. For example, an aircraft may have many types of electronic systems on-board. These systems are often in the form of line-replaceable units (LRUs). A line-replaceable unit is an item that can be removed and replaced from an aircraft. A line-replaceable unit is designed to be easily replaceable.
A line-replaceable unit may take on various forms. A line-replaceable unit on an aircraft may be, for example, without limitation, a flight management system, an autopilot, an in-flight entertainment system, a communications system, a navigation system, a flight controller, a flight recorder, a collision avoidance system, a system to support maintenance functions, or a system to support crew processes. The various line-replaceable units on an aircraft may be parts of an aircraft network data processing system.
Line-replaceable units may use software or programming to provide the logic or control for various operations and functions. Typically, software on an aircraft is treated as one or more separate parts or is combined with a hardware part and is unchangeable without changing the hardware part number. Aircraft software that is treated as an aircraft part may be referred to as a loadable aircraft software part or an aircraft software part. Aircraft software parts are parts of the configuration of an aircraft.
Aircraft operators are entities that operate aircraft. Aircraft operators also may be responsible for the maintenance and repair of aircraft. Examples of aircraft operators include airlines and military units. When an aircraft operator receives an aircraft, aircraft software parts may already be installed in the line-replaceable units on the aircraft.
An aircraft operator may also receive copies of loaded aircraft software parts in case the parts need to be reinstalled or reloaded into the line-replaceable units on the aircraft. Reloading of aircraft software parts may be required, for example, if a line-replaceable unit in which the software is used is replaced or repaired. Further, the aircraft operator also may receive updates to the aircraft software parts from time to time. These updates may include additional features not present in the currently-installed aircraft software parts and may be considered upgrades to one or more line-replaceable units. Specified procedures may be followed during loading of an aircraft software part on an aircraft such that the current configuration of the aircraft, including all of the aircraft software parts loaded on the aircraft, is known.
It may be desirable that only approved software and other data from trusted suppliers is used on an aircraft. Unapproved software and other data may include data that is corrupted, data that is infected with a virus, or other unapproved data. Unapproved software and other data may affect the operation of the aircraft in undesired ways.
Data processing networks may employ digital certificates in a public key infrastructure to ensure that only approved software and other data are used on the network. Such digital certificates also may be known as public key certificates or identity certificates. The digital certificates are issued by a certificate authority that is trusted by the network. The digital certificate identifies the source of the software or other data to the network in a manner that can be trusted. The network may use the digital certificate to determine whether or not the software or other data will be used on the network.
Current systems and methods for verifying the authenticity and integrity of software and other data for use on entirely ground-based computer networks may not be applied effectively to mobile systems, such as aircraft. The particular environment in which network data processing systems on aircraft are operated and maintained may make it difficult or impossible to use such current methods for validating software or other data for use on an aircraft network data processing system.
Accordingly, it would be desirable to have a method and apparatus that takes into account one or more of the issues discussed above as well as possibly other issues.