Abstract: Techniques are disclosed of forming communications links with a vehicle, where each of at least two communication links are formed through different virtual and logical communications networks operated on a physical communications network.

Abstract: Encrypted vehicle data service exchanges are provided. In one embodiment, a vehicle communication manager comprises memory storing an embedded public key (EPK) for a data service; a processor executing a vehicle data service protocol to initiate a session with the data service. The protocol causes the processor to: transmit a session request to the data service and receive a session reply, the reply indicates if the manager is authorized for encrypted service, the processor validates authenticity of the session reply using the EPK; determine whether to enable message encryption, and transmit an initialization request indicating whether encryption is elected; generate a key derivation key (KDK) and transmit the KDK to the data service; receive an initiation response confirming whether message encryption is elected; and when elected generate at least one Message Encryption Key (MEK) from the KDK; encrypt data service uplink and downlink messages using the at least one MEK.

Abstract: Secure subscription based vehicle data services are provided. In one embodiment, a device comprises: a non-volatile memory comprising an embedded public key (EPK) that comprises a public key of a public-private key pair associated with a data service system not onboard the vehicle; a protocol that initiates a communication session that includes a session validation sequence that causes a processor to transmit a session request message and validate an authenticity of a session reply request using the EPK; the protocol includes a session initiation sequence that causes the processor to: transmit an initiation request message to the data service system that includes a key derivation key, and apply the key derivation key to a key derivation function to generate a message authentication key. The processor authenticates uplink messages exchanged with a host data service using the message authentication key.

Abstract: Encrypted vehicle data service exchanges are provided. In one embodiment, a vehicle communication manager comprises memory storing an embedded public key (EPK) for a data service; a processor executing a vehicle data service protocol to initiate a session with the data service. The protocol causes the processor to: transmit a session request to the data service and receive a session reply, the reply indicates if the manager is authorized for encrypted service, the processor validates authenticity of the session reply using the EPK; determine whether to enable message encryption, and transmit an initialization request indicating whether encryption is elected; generate a key derivation key (KDK) and transmit the KDK to the data service; receive an initiation response confirming whether message encryption is elected; and when elected generate at least one Message Encryption Key (MEK) from the KDK; encrypt data service uplink and downlink messages using the at least one MEK.

Abstract: Systems and methods for secure communications over broadband datalinks are provided. In certain implementations, a system for providing secure communications through a communication link includes a first communication unit that includes a processing unit that is configured to execute code that causes the first communication unit to verify messages with a firewall as they are received by the first communication unit; remove encapsulation data that encapsulates a message received from a second communication unit; check a digital signature appended to the message received from a second communication unit through a non-secure communication link; perform an integrity check on the message; and when the message is verified through the digital signature and the integrity check, process the message; wherein removal of the encapsulation data and implementation of the firewall is in a first partition and performance of the integrity check and verification of the digital signature is in a second partition.

Abstract: Encrypted vehicle data service exchanges are provided. In one embodiment, a vehicle communication manager comprises memory storing an embedded public key (EPK) for a data service; a processor executing a vehicle data service protocol to initiate a session with the data service. The protocol causes the processor to: transmit a session request to the data service and receive a session reply, the reply indicates if the manager is authorized for encrypted service, the processor validates authenticity of the session reply using the EPK; determine whether to enable message encryption, and transmit an initialization request indicating whether encryption is elected; generate a key derivation key (KDK) and transmit the KDK to the data service; receive an initiation response confirming whether message encryption is elected; and when elected generate at least one Message Encryption Key (MEK) from the KDK; encrypt data service uplink and downlink messages using the at least one MEK.

Abstract: Secure subscription based vehicle data services are provided. In one embodiment, a device comprises: a non-volatile memory comprising an embedded public key (EPK) that comprises a public key of a public-private key pair associated with a data service system not onboard the vehicle; a protocol that initiates a communication session that includes a session validation sequence that causes a processor to transmit a session request message and validate an authenticity of a session reply request using the EPK; the protocol includes a session initiation sequence that causes the processor to: transmit an initiation request message to the data service system that includes a key derivation key, and apply the key derivation key to a key derivation function to generate a message authentication key. The processor authenticates uplink messages exchanged with a host data service using the message authentication key.

Abstract: Secure subscription based vehicle data services are provided. In one embodiment, a device comprises: a non-volatile memory comprising an embedded public key (EPK) that comprises a public key of a public-private key pair associated with a data service system not onboard the vehicle; a protocol that initiates a communication session that includes a session validation sequence that causes a processor to transmit a session request message and validate an authenticity of a session reply request using the EPK; the protocol includes a session initiation sequence that causes the processor to: transmit an initiation request message to the data service system that includes a key derivation key, and apply the key derivation key to a key derivation function to generate a message authentication key. The processor authenticates uplink messages exchanged with a host data service using the message authentication key.

Abstract: Secure subscription based vehicle data services are provided. In one embodiment, a device comprises: a non-volatile memory comprising an embedded public key (EPK) that comprises a public key of a public-private key pair associated with a data service system not onboard the vehicle; a protocol that initiates a communication session that includes a session validation sequence that causes a processor to transmit a session request message and validate an authenticity of a session reply request using the EPK; the protocol includes a session initiation sequence that causes the processor to: transmit an initiation request message to the data service system that includes a key derivation key, and apply the key derivation key to a key derivation function to generate a message authentication key. The processor authenticates uplink messages exchanged with a host data service using the message authentication key.

Abstract: Encrypted vehicle data service exchanges are provided. In one embodiment, a vehicle communication manager comprises memory storing an embedded public key (EPK) for a data service; a processor executing a vehicle data service protocol to initiate a session with the data service. The protocol causes the processor to: transmit a session request to the data service and receive a session reply, the reply indicates if the manager is authorized for encrypted service, the processor validates authenticity of the session reply using the EPK; determine whether to enable message encryption, and transmit an initialization request indicating whether encryption is elected; generate a key derivation key (KDK) and transmit the KDK to the data service; receive an initiation response confirming whether message encryption is elected; and when elected generate at least one Message Encryption Key (MEK) from the KDK; encrypt data service uplink and downlink messages using the at least one MFK.

Abstract: An apparatus is provided. The apparatus comprises a processing system comprising: an ARINC 429 converter system; an Internet protocol (IP) suite; and an Ethernet driver; wherein the processing system is configured to be coupled to a communications management system and at least one IP radio; wherein the processing system converts data, from the communications management system, from an ARINC 429 protocol into a transport layer protocol, an IP and a Ethernet protocol; and wherein the processing system converts data, from the IP radio, from the Ethernet protocol, IP, and transport layer protocol to the ARINC 429 protocol.

Abstract: An apparatus is provided. The apparatus comprises a processing system comprising: an ARINC 429 converter system; an Internet protocol (IP) suite; and an Ethernet driver; wherein the processing system is configured to be coupled to a communications management system and at least one IP radio; wherein the processing system converts data, from the communications management system, from an ARINC 429 protocol into a transport layer protocol, an IP and a Ethernet protocol; and wherein the processing system converts data, from the IP radio, from the Ethernet protocol, IP, and transport layer protocol to the ARINC 429 protocol.

Abstract: Systems and methods for secure communications over broadband datalinks are provided. In certain implementations, a system for providing secure communications through a communication link includes a first communication unit that includes a processing unit that is configured to execute code that causes the first communication unit to verify messages with a firewall as they are received by the first communication unit; remove encapsulation data that encapsulates a message received from a second communication unit; check a digital signature appended to the message received from a second communication unit through a non-secure communication link; perform an integrity check on the message; and when the message is verified through the digital signature and the integrity check, process the message; wherein removal of the encapsulation data and implementation of the firewall is in a first partition and performance of the integrity check and verification of the digital signature is in a second partition.

Abstract: Systems and methods for dynamic transport protocol layer management for avionics system are provided. In one embodiment, a method for providing dynamic transport protocol layer management for avionics applications comprises: selecting an air-ground communication IP datalink based at least in part on criteria defined by one or more profile and policy definitions; selecting a transport layer protocol based on the air-ground communication IP datalink selected and further based on criteria defined by the one or more profile and policy definitions; and instantiating a port entity to transport air-ground communications between a first on-board application and the air-ground communication IP datalink through a Socket API, based on the selected transport layer protocol.

Abstract: Provided are methods and systems for the automatic calculation and presentation of data on a display device alerting a pilot that a change in flight plan is desirable, possible and administratively compliant under air traffic control protocol. The methods and systems may automatically request the flight clearance over a data link or the pilot may override the data link.

Abstract: A method of ensuring secure and cost effective communication of aeronautical data to and from an aircraft is provided. The method includes uplinking air-ground aircraft data communications via an aeronautical safety data link and downlinking air-ground aircraft data communications via a consumer data link separated from the aeronautical safety data link by a one-way firewall.

Abstract: A method of ensuring secure and cost effective communication of aeronautical data to and from an aircraft is provided. The method includes uplinking air-ground aircraft data communications via an aeronautical safety data link and downlinking air-ground aircraft data communications via a consumer data link separated from the aeronautical safety data link by a one-way firewall.

Abstract: A method of ensuring secure and cost effective communication of aeronautical data to and from an aircraft is provided. The method includes uplinking air-ground aircraft data communications via an aeronautical safety data link and downlinking air-ground aircraft data communications via a consumer data link separated from the aeronautical safety data link by a one-way firewall.

Abstract: One embodiment is directed to a method for managing cryptographic information. The method includes initiating cryptographic information loading application on a general purpose mobile device (GPMD) and establishing a connection between the GPMD and a server that includes cryptographic information. Authentication input is received from a user of the GPMD. Data identifying the GPMD and the authentication input is sent from the GPMD to the server for authentication of the GPMD and the user. The GPMD also sends data identifying an electronic device into which cryptographic information is to be loaded. In response, the GPMD receives cryptographic information for the electronic device at the GPMD from the server. The GPMD then sends the cryptographic information from the GPMD to the electronic device for loading therein.

Abstract: A method to facilitate securing of air-to-ground communications for an aircraft is provided. The method includes receiving security management information at the aircraft via at least one broadband data link prior to takeoff of the aircraft. The security management information is received for ground entities that can be communicatively coupled with the aircraft traveling on a flight path. The method of securing avionics also includes validating the security management information for the ground entities, and storing the validated security management information for the ground entities in the aircraft. The validating and storing of security management information occur prior to takeoff of the aircraft.