The present invention relates to Electronic Flight Bags (EFBs) providing auxiliary computer functions in aircraft, and in particular, to Class-3 EFBs permanently installed in the aircraft and suitable for hosting and executing Type A, B and C applications concurrently.
EFBs are computer systems designed to allow the flight crew to perform flight management tasks more easily, efficiently and with less paper. The EFB's general computing platform is intended to reduce or replace paper reference material such as aircraft operating manuals, navigational charts and other items traditionally required to be brought on board the aircraft by the flight crew in the pilot's carry-on flight bag. In the United States, EFB devices are regulated by the Federal Aviation Administration (FAA) in accordance with Advisory Circular (AC) 120-76A and in Europe by the European Aviation Safety Agency (EASA) in accordance with Temporary Guidance Leaflet (TGL) 36, hereby incorporated by reference.
In many cases, the applications designed to provide data intended to replace paper reference and display it electronically on the EFB have been developed for use with Commercial-Off-The-Shelf (COTS) Operating Systems (OSes) and software components, for example, Microsoft Windows® OS with .NET framework components. Examples of these applications are document readers used to display manuals and reference documents, terminal chart viewers and electronic logbook applications.
As EFBs matured and grew in prevalence, the availability of an additional computer system with a display in the cockpit was exploited to provide additional functionality traditionally associated with primary flight display systems and multifunction displays. These include the display of avionics data related to the current state of the aircraft including position, orientation and flight planning. These additional functions in addition to the traditional functions of the EFB are divided into three application categories: Type A, B and C. Type A applications include fixed presentations of pre-composed data traditionally presented in paper format (electronic pilot manuals, reference documents, equipment lists, and maintenance manuals). Type B applications include interactive applications that can manipulate dynamic data and presentation (terminal charts, performance calculations, cabin video). Type C applications include items that are typically associated with the primary flight display and could have an impact on flight safety and crew workload. An example of Type C applications are an interactive moving map displaying own-ship position or an application that interacts with an Automatic Dependent Surveillance-Broadcast (ADS-B) processor providing guidance for In-Trail Procedures or Merging and Spacing (M&S), hereby incorporated by reference.
Per AC-120-76A, Type C applications require Aircraft Certification Service (AIR) Design Approval with a rigor determined by the effects its failure has on crew safety and workload. Radio Technical Commission for Aeronautics (RTCA) publishes DO-178B “Software Considerations in Airborne Systems and Equipment Certification”, an FAA accepted guidance for acquiring Design Approval for software used in avionics. RTCA, Inc, is a private, not for profit corporation based in Washington DC USA. DO-178B is one means, but not the only means, to gain design assurance approval from the FAA.
Per AC120-76A, the physical EFB hardware is classified into one of three classes based on installation and intended use. The classes are Class 1, 2 and 3. Class 1 EFBs are generally COTS-based systems, such as a laptop or tablet PC, that are portable and not attached to the aircraft. Class 2 EFBs are also generally COTS based systems and portable, but are connected to the aircraft during normal operations. Class-3 EFBs are installed avionics equipment and, unlike Class 1 and 2 EFBs, are required to meet the regulatory requirements pursuant to its intended function on the aircraft. RTCA, Inc publishes DO-160F “Environmental Conditions and Test Procedures for Airborne Equipment”, one FAA approved accepted guidance for acquiring AIR Approval for hardware used in avionics, hereby incorporated by reference.
Type A and/or B (henceforth Type A/B) applications may be hosted on any Class of EFB and do not require Design Approval. Type C applications, however, do require Design Approval and can only be hosted on Class-3 EFBs, except in those situations where the application has a Technical Standard Order (TSO) and that other hosted applications on the Class 1 or Class 2 EFB have minor or no safety effect and do not interfere with the Type C application with a TSO.
When hosting Type A/B applications and Type C applications on a single Class-3 EFB, it is important to isolate the design approved Type C applications and aircraft interfaces from the Type A/B applications so that there are no adverse effects or interference to any safety critical components or software on the aircraft connected to or hosted on the EFB from Type A/B applications. A current method for isolating the design approved software and protecting the aircraft components connected to the EFB is to use two separate processors within a single EFB, one hosting a design approved operating system such as a custom Linux-based operating system and Type C applications and the other hosting a COTS operating system, such as the Windows® operating system manufactured by Microsoft Corporation of Washington USA. The circuitry connecting the two processors provides hardware control over the COTS operating system by the design approved operating system allowing it to control, monitor and restrict its operation to protect the aircraft interfaces connected to the EFB. The physical separation provided by the two separate processors provides sufficient isolation of Type C applications from Type A/B applications.