Abstract: A distributed control system includes an electronic control unit to establish secure communication with a distributed control module. Upon determination that a previously negotiated session key is stored on the electronic control unit, the electronic control unit transmits encrypted communications with the distributed control module using the previously negotiated session key, negotiates a new session key with the distributed control module, and stores the new session key. Upon determination that the previously negotiated session key is not stored on the electronic control unit, the electronic control unit negotiates the new session key with the distributed control module. After negotiating the new session key with the distributed control module, the electronic control unit ceases transmission of unencrypted communications with the distributed control module, transmits encrypted communications with the distributed control module using the new session key, and stores the new session key.

Abstract: A method for initializing an engine control system of an aircraft may include authenticating a boot loader, authenticating a manifest in response to authentication of the boot loader wherein the manifest contains hashes of one or more software components, and in response to authentication of the manifest, loading a first set of software components from among the one or more software components onto a non-transitory computer-readable medium, calculating a hash of each software component of the first set of software components, authenticating the first set of software components by comparing the calculated hash of each software component of the first set of software components to the hash of a corresponding software component in the manifest, and executing the first set of software components in response to authentication of the one or more software components. Devices and systems are also provided for initializing an engine control system of an aircraft.

Abstract: A method is disclosed and includes authenticating a first stage boot loader and authenticating a second stage boot loader in response to authentication of the first stage boot loader. The method also includes executing the second stage boot loader in response to authentication of the second stage boot loader. Executing the second stage boot loader includes loading an operating system, a first set of machine-readable instructions, and first configuration information associated with the first set of machine-readable instructions onto a non-transitory computer-readable medium, wherein the first set of machine-readable instructions and the first configuration information are associated with one or more priority partitions. Executing the second stage boot loader includes authenticating the operating system and the first set of machine-readable instructions.

Abstract: A method to be performed by a processor includes determining whether an application software has called an application programming interface, upon determination that the application software has called the application programming interface, determining whether one or more floating-point errors are recorded in a floating-point status register, and upon determination that one or more floating-point errors are recorded in the floating-point status register, performing a predefined action for each type of floating-point error recorded in the floating-point status register.

Abstract: A method comprises a server generating a server nonce and transmitting a server public key, a key signature and the server nonce to a device, the device verifying the server public key, signing the server nonce with a device private key, generating a device nonce, and transmitting the server nonce, the server nonce signature, a device public key, a device key signature, and the device nonce to the server, the server verifying the server nonce and the device public key, generating a session key, encrypting the session key with the device public key, signing the device nonce and the session key with a server private key, and transmitting the device nonce, the signed device nonce and session key, and the encrypted session key to the device, and the device verifying the device nonce, decrypting the encrypted session key with the device private key, and verifying the decrypted session key.

Abstract: A method to be performed by a processor includes determining whether an application software has called an application programming interface, upon determination that the application software has called the application programming interface, determining whether one or more floating-point errors are recorded in a floating-point status register, and upon determination that one or more floating-point errors are recorded in the floating-point status register, performing a predefined action for each type of floating-point error recorded in the floating-point status register.

Abstract: A method comprises a server generating a server nonce and transmitting a server public key, a key signature and the server nonce to a device, the device verifying the server public key, signing the server nonce with a device private key, generating a device nonce, and transmitting the server nonce, the server nonce signature, a device public key, a device key signature, and the device nonce to the server, the server verifying the server nonce and the device public key, generating a session key, encrypting the session key with the device public key, signing the device nonce and the session key with a server private key, and transmitting the device nonce, the signed device nonce and session key, and the encrypted session key to the device, and the device verifying the device nonce, decrypting the encrypted session key with the device private key, and verifying the decrypted session key.

Abstract: Devices, systems, and methods for providing an engine control system configured with a two-part test equipment monitor where at least one part is selectively removable are disclosed. An engine control system for an aircraft includes an electronic control unit (ECU). The ECU is configured to implement a production support equipment module and a selectively removable test support equipment module. The production support equipment module enables restricted data monitoring of the engine control system. The test support equipment module enables a comprehensive interface with the engine control system when installed with the ECU.

Abstract: A system and method determines a unique performance benchmark for specific computer object code for a particular microprocessor. By generating multiple unique benchmarks for a single, same code module on multiple different processors, the method determines which processor is optimal for the code module. By generating for a single designated processor a performance benchmark for each code modules of multiple modules, where the multiple modules have a same/similar functionality but variations in detailed code or algorithms, the system and method identifies code variation(s) which is/are optimal for the single designated processor. The system and method may entail first extracting selected features of object code (as actually executed) into a code profile, and then generating the performance benchmark based on the code profile and in machine-level timing data for the selected microprocessor. In this way, code security is achieved by fire-walling the object code from the second stage of the method.

Abstract: Devices, systems, and methods for routing data to distributed devices in an aircraft are disclosed. A data routing system includes an aircraft and an equipment communicatively coupled to a control unit. The aircraft includes a control unit, and one or more distributed modules. The control unit is configured to communicate with each of the one or more distributed modules via an engine control bus. The control unit is configured to receive an Ethernet packet from the equipment via an Ethernet connection, translate protocols of the Ethernet packet to protocols for the engine control bus, identify an IP address in the Ethernet packet, and route data of the Ethernet packet to one of the one or more distributed modules over the engine control bus based on the IP address and the translated protocols.

Abstract: A system and method determines a unique performance benchmark for specific computer object code for a particular microprocessor. By generating multiple unique benchmarks for a single, same code module on multiple different processors, the method determines which processor is optimal for the code module. By generating for a single designated processor a performance benchmark for each code modules of multiple modules, where the multiple modules have a same/similar functionality but variations in detailed code or algorithms, the system and method identifies code variation(s) which is/are optimal for the single designated processor. The system and method may entail first extracting selected features of object code (as actually executed) into a code profile, and then generating the performance benchmark based on the code profile and in machine-level timing data for the selected microprocessor. In this way, code security is achieved by fire-walling the object code from the second stage of the method.

Abstract: A server device that includes server elements that receive a modification request to modify a respective access permission level, designated to a client device for a target server element, from a baseline permission level among a permission hierarchy of access permission levels to a different permission level among the permission hierarchy. The server device sends a nonce associated with the modification request to the client device, and receives a signed nonce or nonce signature generated by the client device based on the nonce and a client private key of the client device. In response to determining an authenticity of the signed nonce or nonce signature based on a client public key that is associated with the client private key and trusted by the server device, the server device modifies the respective access permission level designated to the client device for the target server element to the requested permission level.

Abstract: A method is disclosed and includes authenticating a first stage boot loader and authenticating a second stage boot loader in response to authentication of the first stage boot loader. The method also includes executing the second stage boot loader in response to authentication of the second stage boot loader. Executing the second stage boot loader includes loading an operating system, a first set of machine-readable instructions, and first configuration information associated with the first set of machine-readable instructions onto a non-transitory computer-readable medium, wherein the first set of machine-readable instructions and the first configuration information are associated with one or more priority partitions. Executing the second stage boot loader includes authenticating the operating system and the first set of machine-readable instructions.

Abstract: A method comprises a server generating a server nonce and transmitting a server public key, a key signature and the server nonce to a device, the device verifying the server public key, signing the server nonce with a device private key, generating a device nonce, and transmitting the server nonce, the server nonce signature, a device public key, a device key signature, and the device nonce to the server, the server verifying the server nonce and the device public key, generating a session key, encrypting the session key with the device public key, signing the device nonce and the session key with a server private key, and transmitting the device nonce, the signed device nonce and session key, and the encrypted session key to the device, and the device verifying the device nonce, decrypting the encrypted session key with the device private key, and verifying the decrypted session key.

Abstract: Devices, systems, and methods for providing an engine control system configured with a two-part test equipment monitor where at least one part is selectively removable are disclosed. An engine control system for an aircraft includes an electronic control unit (ECU). The ECU is configured to implement a production support equipment module and a selectively removable test support equipment module. The production support equipment module enables restricted data monitoring of the engine control system. The test support equipment module enables a comprehensive interface with the engine control system when installed with the ECU.