Patent Application
20240333376
This application claims the benefit of European Patent Application Number 23165845.1 filed on Mar. 31, 2023, the entire disclosure of which is incorporated herein by way of reference.
The present invention relates to communication between aircraft and, in particular, to a secure communication between flying aircraft, which communication allows for a provision of flight operation commands from one aircraft to another aircraft.
Current aircraft safety communication systems do not allow access and information flow to the Aircraft Control Domain (ACD) due to security constraints—this is the highest trust domain and interactions are possible only with the aircraft pilots. In addition, use-cases such as remote piloted or assisted aircraft require end-to-end communication latencies that cannot be provided by the communication systems installed today on aircraft.
A communication system of such aircraft should augment autonomous systems and both contribute toward achieving a desired design assurance level for specific aircraft functions and reduce the on-board autonomous system complexity and redundancy. It should also be possible to retrofit the communication system to existing aircraft to enhance the safety of flight.
Moreover, such communication systems may be used in case of emergency scenarios, such as pilot incapacitation, to enable the handover of aircraft control to authorize personnel and assist the safe completion of the flight mission. Currently, such a scenario cannot be realized due to security constraints.
The proposed communication system aims at solving both problems described above, i.e., provide a trustful system that can communicate with very low latencies with the aircraft.
The proposed communication system is a “short range secure communication system for aircraft” that can support aircraft flight operations in, e.g., emergency scenarios. The communication system leverages existing technology bricks such as, e.g., UWB and/or 5G or future cellular network standards. It supports both human to machine (h2m) and machine to machine (m2m) communications. The advantage of the proposed system is that the safety of flight can be increased, aviation accidents can be avoided and trust in air travel can be kept at maximum level.
The mentioned objects are solved by the subject-matter of the independent claims. Further embodiments are incorporated in the dependent claims. It should be noted that the following described aspects of the invention apply for communication systems as well as for methods establishing a communication between aircraft.
An air-to-air communication system for short range secure communication between aircraft is proposed which allows for a secure transfer of data to the aircraft control domain systems, for example autopilot, by authorized personnel or remote pilot.
In general, a communication system for secure communication between a first flying aircraft and a second flying aircraft comprises communication infrastructure in both aircraft as well as a computer program establishing a communication link between the aircraft. The first aircraft may be provided with a first communication node and a first processing unit and the second aircraft may be provided with a second communication node and a second processing unit. The communication infrastructure of both aircraft may be seen as forming an overall communication system in accordance with the disclosure herein. The communication system comprises a computer program product including sets of instructions, wherein the computer program product is configured, when executed on the processing units of the aircraft, to cause the communication system to establish a communication link between the flying aircraft.
For security reasons, a distance between the flying aircraft should be less than 1000 meters. It will be understood that the distance may be less than 500 meters or less than 200 meters. In particular, the distance between the flying aircraft may even be less than 100 meters. At such a distance, the pilots of the aircraft may see the other aircraft and, in particular, it may be ensured that no further aircraft is within the range of the communication system.
According to an embodiment, the computer program product may be configured to cause the communication system to determine the position of a first communication node relative to a second communication node. In other words, the communication system may be configured to determine the relative position of the communication hardware and, thus, of the aircraft. The communication system may be configured to automatically determine the distance between the aircraft. For improving the accuracy of the determination of the position, a plurality of communication nodes may be provided in each of the aircraft.
An aspect of the communication system is that the computer program product includes further sets of instructions allowing a secure transfer of data to an aircraft control domain system from one of the aircraft to the other aircraft. A secure transfer of data may be realized by unique certificates and/or by confirmation of acceptance of the intended communication as a necessary step. It may be noted that an acceptance for the establishing of a communication link may be provided by the pilot or even by the ground control.
The communication system according to an embodiment utilizes ultra wide band (UWB) technology and/or a cellular network like 5G. It will be understood that the mentioned technologies are only examples and that future communication technologies may also be used for the purposes addressed herein. An aspect of the utilized technology may be seen as being only suitable within a short range. As mentioned above, the range in which the proposed communication may be established encompasses a distance up to 1000 meters but preferably less than 1000 meters, e.g., 500 meters, 200 meters or only 100 meters. The short range provides a further security aspect, namely that it can be ensured that the communication link will be established between predetermined aircraft.
The communication link may be configured to transfer human to machine and/or machine to machine communication. For example, the communication link may be configured to transfer commands for adjusting parameters of the auto pilot system.
A method of secure communication between two flying aircraft in accordance with the disclosure comprises, in general, the steps of activating the communication system of a first one of the aircraft, detecting the activated communication system by means of a communication system at the second one of the aircraft, determining a distance between the aircraft, and establishing, when the distance between the aircraft is within a short range, a communication link between the communication systems of the first and second aircraft.
According to an embodiment, a verification must be performed before the communication link will be established. The communication link may be established based on a security protocol. As soon as a communication link is established between the aircraft, human to machine and/or machine to machine commands can be transferred from one of the aircraft to the other one of the aircraft, for example, for controlling flight operation of the other one of the aircraft.
When considering the communication system, it is noted that a processing unit may be realized by only one processor performing all the steps of the process, or by a group or a plurality of processors, which need not be located at the same place. For example, a processing unit may be divided into a first sub-processor that controls interactions with the user, including a monitor for visualizing data, and a second sub-processor (possibly located elsewhere) that performs all computations including, for example, the determination of the position and distance of an aircraft.
A computer program product as described herein may preferably be loaded into the random-access memory of a data processor. The data processor or processing unit of a system according to an embodiment may thus be equipped to carry out at least a part of the described process. Further, the disclosure may relate to a computer-readable medium on which the disclosed computer program product may be stored. However, the computer program product may also be presented over a network like the World Wide Web and can be downloaded into the random-access memory of the data processor of an aircraft from such a network.
It has to be noted that embodiments are described with reference to different subject-matters. In particular, some embodiments are described with reference to method-type claims (computer program product) whereas other embodiments are described with reference to apparatus-type claims (system/device). However, a person skilled in the art will gather from the above and the following description that, unless otherwise specified, any combination of features belonging to one type of subject-matter as well as any combination between features relating to different subject-matters is considered to be disclosed herein.
The aspects defined above and further aspects, features and advantages of the present invention can also be derived from the examples of the embodiments to be described hereinafter and are explained with reference to examples of embodiments also shown in the figures, but to which the invention is not limited.
Exemplary embodiments will be described in the following with reference to the following drawings:
Certain embodiments will now be described in greater details with reference to the accompanying drawings. The matters defined in the description, such as detailed construction and elements, are provided to assist in a comprehensive understanding of the exemplary embodiments. Also, well-known functions or constructions are not described in detail since they would obscure the embodiments with unnecessary detail. Moreover, expressions such as “at least one of”, when preceding a list of elements, modify the entire list of elements and do not modify the individual elements of the list.
In the example of
The security and the trust in the proposed system is based on the following pillars. Firstly, physical security: the localization system used to enable the communication system, has a short range communication capability and works within the aviation separation standards. No aircraft is usually allowed to be present within this range. The exception here is an escort aircraft sent to establish the reason for lost communication from ATC to the aircraft.
If the controlled aircraft pilot(s) is (are) capable of flying the aircraft (i.e., the sole problem of lost communication with ATC is technical problem), they can disable the remote control from the in-command aircraft.
Use of traditional cryptography and security techniques employing public key infrastructure (PKI) and digital certificates to verify the identity of the aircraft in-command, before granting the access to the ACD system. This step addresses the possibility that a passenger onboard of the aircraft is equipped with a special device and is trying to gain access to the ACD system via spoofing its position.
In the following, a method is described illustrating steps for establishing a communication link between aircraft in flight. For example, in case the communication between an aircraft and air traffic control (ATC) is lost, the aircraft of interest may be escorted by a military aircraft in order to establish visual contact with its pilots.
In step 1, if no visual contact can be established with the left aircraft, a person/pilot on the military aircraft 20 starts the process to establish a secure communication with the passenger aircraft 10.
In step 2, at least one communication node 21 is started in broadcast mode, i.e. it is announcing its presence.
In step 3, the short range communication system on the passenger aircraft 10 detects the presence of a signal from the communication node 21 and starts the localization process. It consists of data exchange between the nodes 11, 21 on both aircraft 10, 20. Once the accurate positioning is established and is within the predefined security range, the passenger aircraft 10 sends a message to the military aircraft 20 to switch to communication mode.
In step 4, once the communication link is set up, traditional cryptography and security techniques are used, such as digital certificates for authentication, to verify the identity of the military aircraft.
In step 5, the passenger aircraft 10 enables the link between the ACD systems and the communication link.
Finally, in step 6, the aircraft are in communication mode using either the UWB system or optionally the 5G sidelink system, and the military aircraft 20 is sending control commands to the passenger aircraft 10. The commands can range from providing input to the autopilot, direct stick control or follow-me.
The systems and devices described herein may include a controller or a computing device comprising a processing and a memory which has stored therein computer-executable instructions for implementing the processes described herein. The processing unit may comprise any suitable devices configured to cause a series of steps to be performed so as to implement the method such that instructions, when executed by the computing device or other programmable apparatus, may cause the functions/acts/steps specified in the methods described herein to be executed. The processing unit may comprise, for example, any type of general-purpose microprocessor or microcontroller, a digital signal processing (DSP) processor, a central processing unit (CPU), an integrated circuit, a field programmable gate array (FPGA), a reconfigurable processor, other suitably programmed or programmable logic circuits, or any combination thereof.
The memory may be any suitable known or other machine-readable storage medium. The memory may comprise non-transitory computer readable storage medium such as, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. The memory may include a suitable combination of any type of computer memory that is located either internally or externally to the device such as, for example, random-access memory (RAM), read-only memory (ROM), compact disc read-only memory (CDROM), electro-optical memory, magneto-optical memory, erasable programmable read-only memory (EPROM), and electrically-erasable programmable read-only memory (EEPROM), Ferroelectric RAM (FRAM) or the like. The memory may comprise any storage means (e.g., devices) suitable for retrievably storing the computer-executable instructions executable by processing unit.
The methods and systems described herein may be implemented in a high-level procedural or object-oriented programming or scripting language, or a combination thereof, to communicate with or assist in the operation of the controller or computing device. Alternatively, the methods and systems described herein may be implemented in assembly or machine language. The language may be a compiled or interpreted language. Program code for implementing the methods and systems described herein may be stored on the storage media or the device, for example a ROM, a magnetic disk, an optical disc, a flash drive, or any other suitable storage media or device. The program code may be readable by a general or special-purpose programmable computer for configuring and operating the computer when the storage media or device is read by the computer to perform the procedures described herein.
Computer-executable instructions may be in many forms, including modules, executed by one or more computers or other devices. Generally, modules include routines, programs, objects, components, data structures, etc., that perform particular tasks or implement particular abstract data types. Typically, the functionality of the modules may be combined or distributed as desired in various embodiments.
It will be appreciated that the systems and devices and components thereof may utilize communication through any of various network protocols such as TCP/IP, Ethernet, FTP, HTTP and the like, and/or through various wireless communication technologies such as GSM, CDMA, Wi-Fi, and WiMAX, is and the various computing devices described herein may be configured to communicate using any of these network protocols or technologies.
While the invention has been illustrated and described in detail in the drawings and foregoing description, such illustration and description are to be considered illustrative or exemplary and not restrictive. The invention is not limited to the disclosed embodiments. Other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing a claimed invention, from a study of the drawings, the disclosure, and the dependent claims.
In the claims, the word “comprising” does not exclude other elements or steps, and the indefinite article “a” or “an” does not exclude a plurality. A single processor or other unit may fulfil the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage. Any reference signs in the claims should not be construed as limiting the scope.
While at least one exemplary embodiment of the present invention(s) is disclosed herein, it should be understood that modifications, substitutions and alternatives may be apparent to one of ordinary skill in the art and can be made without departing from the scope of this disclosure. This disclosure is intended to cover any adaptations or variations of the exemplary embodiment(s). In addition, in this disclosure, the terms “comprise” or “comprising” do not exclude other elements or steps, the terms “a” or “one” do not exclude a plural number, and the term “or” means either or both. Furthermore, characteristics or steps which have been described may also be used in combination with other characteristics or steps and in any order unless the disclosure or context suggests otherwise. This disclosure hereby incorporates by reference the complete disclosure of any patent or application from which it claims benefit or priority.
| Number | Date | Country | Kind |
|---|---|---|---|
| 23165845.1 | Mar 2023 | EP | regional |
