Abstract: A method implemented by an onboard avionics computer for executing a plurality of binary codes that are associated with a plurality of sets of metadata, wherein: the plurality of binary codes and the plurality of metadata are hierarchized into a number of levels at least equal to two; a first binary code, of a level, is associated with a first set of metadata of the level, and a second binary code of a lower level, itself associated with a second set of metadata of the lower level; the first set of metadata comprises a data signature, the data comprising at least a first message digest associated with the first binary code, and the second set of metadata comprises a public key; the method comprising the execution, by the second binary code, of the following steps: applying a hash function to obtain a second message digest of the first binary code; decrypting the signature using the public key to obtain the first message digest; authorizing the execution of the binary code, if and only if the first message dig

Abstract: The gateway, which connects a low-trust domain (12) and a high-trust domain (13) of an avionics computing infrastructure, provides a plurality of security functions, each function being performed by a data processing node. The gateway comprises, connected in series along a filtering chain of a data flow received from the low-trust domain: a firewall data processing node (4); a protocol break data processing node (5); a master data processing node (1) and an inverse protocol break data processing node (6), the gateway further including a security data processing node (2) connected to each of the data processing nodes of the filtering chain, the different data processing nodes being physically segregated.

Abstract: The present invention relates to a securing boot controller for an embedded system, the embedded system further comprising an operational module incorporating an operational function of the system, and a verification module incorporating a function of verifying various components of the system; The controller is configured to: upon cold startup of the system, make the verification function executable at boot up to perform a functional verification including a verification of the authenticity and integrity of the operational function; upon successful completion of the functional verification, at each warm start following said cold start of the system, making the operational function executable at boot up.

Abstract: The present invention relates to a storage method of digital files carried out by a determinist avionic network with predetermined routing. This method comprises a phase (PE) for writing digital files comprising the steps of determining by an end system sending a digital file to be stored, associating a time reference with the digital file to be stored, sending the digital file to be stored with the associated time reference to K separate switches using one or several data frames, generating, via at least some of the switches, a copy of the digital file to be stored and storing this copy in the storage unit of each of these switches with the associated time reference.

Abstract: The present invention relates to an avionic communication system that comprises a plurality of switches and a plurality of equipment units. Each equipment unit is capable of generating digital data that are present in the form of a plurality of frames of the first type that are in compliance with a first protocol, or of the second type that are in compliance with a second protocol. Each switch and each receiving equipment unit are configured so as to determine the type of each frame received and, as a function of the determined type, to process this frame in accordance with the corresponding protocol, each frame of the first type being processed on a prioritised basis in relation to each frame of the second type. The first protocol is of the type ARINC 664 P7 and the second protocol is of the type Ethernet with predetermined routing.

Abstract: The present invention relates to a switch including a plurality of input ports, a plurality of output ports, at least one output port, called observation port, being connected to an observation module able to analyze the traffic of the frames passing through via the switch, and a conveying component configured to convey each frame. The switch is configured to transmit, to the observation modules via the observation port, only frames according to a first observation condition and a second observation condition. The compliance of a frame with the first observation condition is determined as a function of an observation field and the compliance with the second observation condition is determined as a function of the identifier and/or of an input and/or output port associated with this frame.

Abstract: A method for filling a container with a pyrotechnic charge using a filling system, said method including, when the powder is conveyed, a step of regulating the powder flow rate in which at least one powder conveyor device is brought to vibrate according to a vibration frequency control sequence, the vibration frequency being inversely proportional to the filling ratio of the container of the pyrotechnic charge.

Abstract: A method implemented by an onboard avionics computer for executing a plurality of binary codes that are associated with a plurality of sets of metadata, wherein: the plurality of binary codes and the plurality of metadata are hierarchized into a number of levels at least equal to two; a first binary code, of a level, is associated with a first set of metadata of the level, and a second binary code of a lower level, itself associated with a second set of metadata of the lower level; the first set of metadata comprises a data signature, the data comprising at least a first message digest associated with the first binary code, and the second set of metadata comprises a public key; the method comprising the execution, by the second binary code, of the following steps: applying a hash function to obtain a second message digest of the first binary code; decrypting the signature using the public key to obtain the first message digest; authorizing the execution of the binary code, if and only if the first message dig

Abstract: The invention relates to a method for authentication of a piece of equipment by a communication system, comprising: a step for exchanging at least one data frame between a first piece of equipment and a second piece of equipment through a communication bus using a packet switching protocol, the data frame including a preamble and a message body, a step for searching in each exchanged data frame for the presence of a marker in the preamble, the marker being specific to the communication system, and only when the marker has been found by the second piece of equipment in a data frame, a step for authenticating the first piece of equipment.

Abstract: The present invention relates to a securing boot controller for an embedded system, the embedded system further comprising an operational module incorporating an operational function of the system, and a verification module incorporating a function of verifying various components of the system; The controller is configured to: upon cold startup of the system, make the verification function executable at boot up to perform a functional verification including a verification of the authenticity and integrity of the operational function; upon successful completion of the functional verification, at each warm start following said cold start of the system, making the operational function executable at boot up.

Abstract: This electronic device for receiving data via an asynchronous communication network including at least one elementary network, is configured to be connected to said elementary network and comprises: a receiving module configured to receive several successive data frames via the asynchronous communication network, each frame being sent over the elementary network according to a predefined sending table and with a minimum time gap between the sending time instants of two successive frames, a verification module configured, for at least two received data frames, to estimate a network jitter from the minimum time gap and reception time instants of at least two frames received on said elementary network, then to compare the estimated jitter to an authorized range of network jitter values.

Abstract: The present invention relates to a storage method of digital files carried out by a determinist avionic network with predetermined routing. This method comprises a phase (PE) for writing digital files comprising the steps of determining by an end system sending a digital file to be stored, associating a time reference with the digital file to be stored, sending the digital file to be stored with the associated time reference to K separate switches using one or several data frames, generating, via at least some of the switches, a copy of the digital file to be stored and storing this copy in the storage unit of each of these switches with the associated time reference.

Abstract: This electronic device for receiving data via an asynchronous communication network including at least one elementary network, is configured to be connected to said elementary network and comprises: a receiving module configured to receive several successive data frames via the asynchronous communication network, each frame being sent over the elementary network according to a predefined sending table and with a minimum time gap between the sending time instants of two successive frames, a verification module configured, for at least two received data frames, to estimate a network jitter from the minimum time gap and reception time instants of at least two frames received on said elementary network, then to compare the estimated jitter to an authorized range of network jitter values.

Abstract: The present invention relates to a switch comprising a plurality of input ports, a plurality of output ports, and a first routing component that is capable of routing each frame of a first type in compliance with a first protocol between at least one input port and one output port associated with this component. The switch in addition comprises a second routing component capable of routing each frame of a second type in compliance with a second protocol between at least one input port and one output port associated with this component, and an allocation interface capable of associating each input port and each output port with the first routing component or with the second routing component, in accordance with a predetermined configuration.

Abstract: The present invention relates to an avionic communication system that comprises a plurality of switches and a plurality of equipment units. Each equipment unit is capable of generating digital data that are present in the form of a plurality of frames of the first type that are in compliance with a first protocol, or of the second type that are in compliance with a second protocol. Each switch and each receiving equipment unit are configured so as to determine the type of each frame received and, as a function of the determined type, to process this frame in accordance with the corresponding protocol, each frame of the first type being processed on a prioritised basis in relation to each frame of the second type. The first protocol is of the type ARINC 664 P7 and the second protocol is of the type Ethernet with predetermined routing.

Abstract: The present invention relates to a switch including a plurality of input ports, a plurality of output ports, at least one output port, called observation port, being connected to an observation module able to analyze the traffic of the frames passing through via the switch, and a conveying component configured to convey each frame. The switch is configured to transmit, to the observation modules via the observation port, only frames according to a first observation condition and a second observation condition, The compliance of a frame with the first observation condition is determined as a function of an observation field and the compliance with the second observation condition is determined as a function of the identifier and/or of an input and/or output port associated with this frame.

Abstract: The invention relates to a method for authentication of a piece of equipment by a communication system, comprising: a step for exchanging at least one data frame between a first piece of equipment and a second piece of equipment through a communication bus using a packet switching protocol, the data frame including a preamble and a message body, a step for searching in each exchanged data frame for the presence of a marker in the preamble, the marker being specific to the communication system, and only when the marker has been found by the second piece of equipment in a data frame, a step for authenticating the first piece of equipment.

Abstract: Disclosed is method for monitoring an avionics software application, able to be executed on a platform including resources and hosting an operating system, the platform being intended to be on board an aircraft, implemented by an electronic monitoring device. The method includes: implementing at least one monitoring operation of the application from among syntactic monitoring of each call emitted by the application to the operating system; semantic monitoring of each call emitted by the application to the operating system; monitoring of a dynamic of the calls emitted by the application to the operating system; and monitoring of the use by the application of the resources of the platform; and generating an alarm signal if an abnormal behavior of the application is detected.

Abstract: A processing device for video signal includes a video buffer memory capable of storing a video signal currently being played back, a graphical interface generation module capable of generating a graphical interface to control functions of the processing device, a video mixer capable of producing a display signal for a display, the display signal representing a combination of the graphical interface originating from the generation module and of the video signal currently being played back originating from the video buffer memory, in which the graphic control elements include an image capture triggering element that can be displayed on the display in combination with the video signal currently being played back and that can be activated to trigger the step of selecting a section of the video signal currently being played back including an image displayed on the display at the time of the activation of the image capture triggering element.

Abstract: A frame switching device for an AFDX network, the device including a first port, configured to be connected to a frame switch of the network or else to a terminal, for example a computer, and a plurality of second ports configured to be respectively connected to on-board pieces of equipment. Each frame incident on the first port is replicated on each of the second ports. The second ports are periodically polled in turn, each frame present on a second polled port being transferred onto the first port.