Personal electronic devices (PEDs) become increasingly widespread. Usually those PEDs get carried around along with the user wherever he travels, including on board of aircraft. Considering the manifold communication interfaces which such PEDs comprise it is desirable to provide passengers on board an aircraft with access to the different networks of the aircraft, for example a wireless local area network (WLAN). Mobile content distribution networks on board of aircraft allow extending comfort amenities and services such as internet access, on-board shopping opportunities and access to in-flight entertainment (IFE) systems. For example, the document God, R; Hintze, H.: “Drahtlose Kommunikation in der Flugzeugkabine für effiziente Arbeitsabläufe and Passagierdienstleistungen”, MKWI 2010 Multikonferenz Wirtschaftsinformatik, Göttingen, Feb. 23-25, 2010, p. 2361-2374 discloses the use of non-contact aircraft cabin interfaces for network access of electronic devices employing smart card, RFID and near field communication (NFC) technology.
Apart from providing wireless network access to passengers of the aircraft, cabin crew members may also benefit from being able to wirelessly connect specific mobile devices to the aircraft network. Since cabin crew members regularly have a higher level of role authorization in a role-based access control policy of an aircraft network it is desirable to establish a reliable authentication procedure for safely restricting wireless access of electronic devices to the aircraft network to those devices that may be guaranteed to belong to cabin crew members.
One of the challenges associated with managing network access to networks on board of an aircraft pertains to the wide range of electronic devices requesting access which are, a priori, not always known to the network. A network access control system therefore needs to employ elaborate access control schemes to be able to reliably identify and authenticate electronic devices in order to selectively authorize and approve operations of the electronic devices in the network and hold the authenticated user of the electronic devices accountable for such operations.
Common measures for identification and authentication of an electronic device requesting access to a network element involve the exchange of authentication codes between the device and the network element and the subsequent validation of the presented codes. Such codes may, for example, include knowledge-based passphrases (for example passwords, PIN codes or pre-assigned user information such as ticket or customer numbers), pre-validated information inherently tied to the device or tokens and fobs physically located in the vicinity of the device (for example a MAC address of the device or a digital authenticity certificate for the device), or inherent user-based coded parameters (for example biometric user identification information such as fingerprints, retina patterns, DNA information or behavioral characteristics).
Several different approaches for access control procedures of electronic devices to network elements of vehicles are known in the prior art: Document DE 10 2012 203 032 A1 discloses an authentication method for an electronic device of an aircraft passenger based on flight specific pre-assigned authentication data. Document US 2014/0187149 A1 discloses the use of dynamically created uniform resources identifiers to redirect an electronic device to a remote authentication system for verifying access credentials of the electronic device to access a network element of a vehicle. Document WO 2015/163774 A1 discloses a multi-factor authentication scheme for access control of a user to a system based on acoustically convolved audio passphrases of different origin.