Patent Grant
11746708
The subject matter disclosed herein generally relates to gas turbine engine communication systems and, more particularly, to a gas turbine engine with a remote update capability.
A control system of a gas turbine engine uses multiple configuration control items, such as control software, data, trim updatable values, and the like to control operation of the gas turbine engine and monitor performance of the gas turbine engine. Once a gas turbine engine is deployed in the field, it can be difficult to access data captured and/or computed by the control system and to make updates to the configuration control items. A gas turbine engine can be deployed in the field for an extended service life, such as a period of decades. Computer system technology and communication technology can evolve at a rapid pace adding to the challenges of interfacing with offboard systems as the offboard technology continues to advance during the lifespan of the engine.
According to one embodiment, a communication adapter of a gas turbine engine of an aircraft includes a communication interface configured to wirelessly communicate with an offboard system and to communicate with an engine control of the gas turbine engine. The communication adapter also includes a memory system and processing circuitry configured to receive one or more configuration items from the offboard system, confirm an authentication between the communication adapter and the engine control, apply a cryptographic algorithm using one or more parameters received and cryptographic information to decrypt the one or more configuration items, wherein the cryptographic information includes a combination of received cryptographic information and previously stored cryptographic information, and transfer the one or more configuration items to the engine control based on the authentication.
In addition to one or more of the features described above or below, or as an alternative, further embodiments may include where the processing circuitry is further configured to transmit a data state of the engine control and a configuration of the engine control to the offboard system with the update completion confirmation.
In addition to one or more of the features described above or below, or as an alternative, further embodiments may include where the one or more configuration items include a plurality of engine control trim data.
In addition to one or more of the features described above or below, or as an alternative, further embodiments may include where the engine control trim data includes at least one digital signature that is validated by the engine control prior to updating the engine control.
In addition to one or more of the features described above or below, or as an alternative, further embodiments may include where the one or more configuration items include a plurality of fault limit data.
In addition to one or more of the features described above or below, or as an alternative, further embodiments may include where the one or more configuration items include executable software for the engine control.
In addition to one or more of the features described above or below, or as an alternative, further embodiments may include where the executable software includes at least one digital signature that is validated by the engine control prior to updating the engine control.
According to an embodiment, a method includes receiving one or more configuration items from an offboard system at a communication adapter of a gas turbine engine of an aircraft. An authentication is confirmed between the communication adapter and an engine control. A cryptographic algorithm using one or more parameters received and cryptographic information is applied to decrypt the one or more configuration items, where the cryptographic information includes a combination of received cryptographic information and previously stored cryptographic information. The one or more configuration items are transferred to the engine control based on the authentication. An update completion confirmation of the engine control is transmitted from the communication adapter to the offboard system based on a confirmation message from the engine control.
In addition to one or more of the features described above or below, or as an alternative, further embodiments may include transmitting a data state of the engine control and a configuration of the engine control to the offboard system with the update completion confirmation.
According to an embodiment, a gas turbine engine of an aircraft includes a fan section with a fan case, an engine control, and a communication adapter mounted on the fan case. The engine control is configured to monitor and control operation of the gas turbine engine in real-time. The communication adapter includes processing circuitry configured to receive one or more configuration items from an offboard system, confirm an authentication between the communication adapter and the engine control, apply a cryptographic algorithm using one or more parameters received and cryptographic information to decrypt the one or more configuration items, wherein the cryptographic information includes a combination of received cryptographic information and previously stored cryptographic information, and transfer the one or more configuration items to the engine control based on the authentication.
In addition to one or more of the features described above or below, or as an alternative, further embodiments may include where the one or more configuration items include a plurality of engine control trim data with at least one digital signature that is validated by the engine control prior to updating the engine control.
A technical effect of the apparatus, systems and methods is achieved by incorporating communication features to securely update and interface an engine control system with offboard systems as described herein.
The following descriptions should not be considered limiting in any way. With reference to the accompanying drawings, like elements are numbered alike:
A detailed description of one or more embodiments of the disclosed apparatus and method are presented herein by way of exemplification and not limitation with reference to the Figures.
Referring now to the drawings,
An engine control 122 can be mounted on the fan case 118 and covered by the cowling 120. The engine control 122 is configured to monitor and control operation of the gas turbine engine 104 in real-time. In order to transfer configuration items, such as programs and data to and from the engine control 122, contemporary systems typically require that the cowling 120 is opened and multiple cables of bundled wires are coupled to the engine control 122. Such a process can ensure deliberate actions are taken in extracting data and performing updates to the engine control 122; however, the process can be slow and require large lengths of customized cables. In embodiments, the communication adapter 102, also referred to as a gas turbine engine communication gateway, is configured to establish communication with the engine control 122 and wireless communication with one or more offboard systems 106 external to the aircraft 108. Similar to the engine control 122, the communication adapter 102 can be mounted on the fan case 118 and covered by the cowling 120 of the gas turbine engine 104. Wireless communication can alleviate the need for customized cables or physically opening the cowling 120 to establish communication with the offboard systems 106.
The offboard systems 106 can include, for example, a ground station 124, a near-wing maintenance computer 126, an access portal 130, and/or other devices (not depicted) that may establish one-way or two-way wireless communication with the communication adapter 102. For example, a global positioning system (GPS) can provide one-way wireless signaling to the communication adapter 102 to assist in confirming a geographic location of the gas turbine engine 104 while the communication adapter 102 is coupled to the gas turbine engine 104. Wireless communication performed by the communication adapter 102 can be through a variety of technologies with different ranges supported. As one example, the communication adapter 102 can support Wi-Fi (e.g., radio wireless local area networking based on IEEE 802.11 or other applicable standards), GPS, cellular networks, satellite communication, and/or other wireless communication technologies known in the art. Wireless communication between the communication adapter 102 and the offboard systems 106 can be direct or indirect. For instance, wireless communication between the communication adapter 102 and ground station 124 may pass through one or more network interface components 128, such as a repeater, while wireless communication between the communication adapter 102 and the near-wing maintenance computer 126 may be direct wireless communication without any relay components.
The ground station 124 can enable communication with a variety of support systems, such as an access portal 130 that enables authorized users to access data, initiate tests, configure software, and perform other actions with respect to the engine control 122, where the communication adapter 102 acts as a secure gateway to limit access and interactions with the engine control 122. As another example, the ground station 124 can communicate with a notification system 132, which may trigger alerts, text messages, e-mails, and the like to authorized recipients regarding operational status of the gas turbine engine 104. The near-wing maintenance computer 126 may provide an authorized user with limited authority a capability to query the communication adapter 102 for fault data, test parameters, and other such information. In some embodiments, the near-wing maintenance computer 126 can be authorized with limited authority to make updates to select configuration parameters or data collection parameters of the communication adapter 102.
The engine control 122 can be a full authority digital engine control that includes processing circuitry 210 and a memory system 212 configured to store a plurality of configuration items, where at least one of the configuration items includes a sequence of the computer executable instructions for execution by the processing circuitry 210. Other types of configuration items can include data, such as constants, configurable data, and/or fault data. Examples of computer executable instructions can include boot software, operating system software, and/or application software. The executable instructions may be stored or organized in any manner and at any level of abstraction, such as in connection with controlling and/or monitoring operation of the gas turbine engine 104. The processing circuitry 210 can be any type or combination of central processing unit (CPU), including one or more of: a microprocessor, a digital signal processor (DSP), a microcontroller, an application specific integrated circuit (ASIC), a field programmable gate array (FPGA), or the like. Also, in embodiments, the memory system 212 may include volatile memory, such as random access memory (RAM), and non-volatile memory, such as Flash memory, read only memory (ROM), and/or other electronic, optical, magnetic, or any other computer readable medium onto which is stored data and algorithms in a non-transitory form.
The engine control 122 can also include one or more of an input/output interface 214, a communication interface 216, and/or other elements (not depicted). The input/output interface 214 can include support circuitry for interfacing with the effectors 202 and sensors 206, such as filters, amplifiers, digital-to-analog converters, analog-to-digital converters, and other such circuits to support digital and/or analog interfaces. Further, the input/output interface 214 can receive or output signals to/from other sources. The communication interface 216 can be communicatively coupled to the communication adapter 102. The communication interface 216 may also communicate with an aircraft bus 218 of the aircraft 108 of
Similar to the engine control 122, the communication adapter 102 can include processing circuitry 220, a memory system 222, an input/output interface 224, and a communication interface 226. The processing circuitry 220 can be any type or combination of central processing unit (CPU), including one or more of: a microprocessor, a digital signal processor (DSP), a microcontroller, an application specific integrated circuit (ASIC), a field programmable gate array (FPGA), or the like. Also, in embodiments, the memory system 222 may include volatile memory, such as random access memory (RAM), and non-volatile memory, such as Flash memory, read only memory (ROM), and/or other electronic, optical, magnetic, or any other computer readable medium onto which is stored data and algorithms in a non-transitory form. The communication adapter 102 can also include an internal sensor system 228. The internal sensor system 228 can include, for example, one or more accelerometers, gyroscopes, barometers, a magnetometer (e.g., a compass), and other such sensors. Further, the communication adapter 102 can include other devices, such as a GPS 229. The input/output interface 224 can process data collected from the internal sensors 228 and condition the data in a format usable by the processing circuitry 220. The communication interface 226 can interface with one or more antennas 230, which may be integrated with the communication adapter 102 or located remotely from the communication adapter 102, e.g., a shark-fin antenna mounted under or on the cowling 120 of
The communication adapter 102 can act as a secure communication gateway with respect to the offboard systems 106. For example, the offboard systems 106 can request to load new/updated configuration items to the memory system 212 of the engine control 122 through the communication adapter 102. The communication interface 216 of the engine control 122 can interface to the communication interface 226 of the communication adapter 102 through a wired, optical, or magnetic coupling. The communication interface 226 can communicate wirelessly through one or more antennas 230 to the offboard systems 106. The communication interface 226 may also have access to receive data directly from the aircraft bus 218 in some embodiments. In alternate embodiments, the communication adapter 102 can send a request to the engine control 122 to provide aircraft parameters received via the aircraft bus 218 and/or engine parameters computed by the engine control 122.
The communication adapter 102 can manage credentials and user authentication to limit access of the memory system 212 of the engine control 122. User authentication can be defined for particular users or classes of users, such as equipment-owner users, maintenance technicians, engineering users, and the like. For example, a maintenance technician may have authority to adjust trimmable constants or reprogram certain regions of the memory system 212. An engineering user may have authority to reprogram an operating system, boot program code, or application software in the memory system 212, in addition to having permissions of the maintenance technician and the equipment-owner user. If user authentication fails, for instance, by user credentials not being recognized with respect to user authentication data, then the communication adapter 102 can block access of the offboard systems 106 from reading from or writing to the memory system 212.
Configuration items received for the engine control 122 and/or the communication adapter 102 may be encrypted using various cryptographic methods to further enhance security. For example, the communication adapter 102 can apply a cryptographic algorithm using one or more parameters received and cryptographic information to decrypt an encrypted configuration item. A combination of transmitted and stored cryptographic information can be used together for decryption based on ‘shared secrets’ such that not all of the information is sent from the offboard systems 106 nor stored completely within the communication adapter 102. After decryption, authenticity of the configuration item can be verified using, for example, a digital signature of the configuration item. The resulting file can be a decrypted and authenticated configuration item, which may be temporarily stored in memory system 222 or otherwise buffered during authentication and passed to the engine control 122 upon authentication.
Separating the communication adapter 102 from the engine control 122 can enable the communication adapter 102 and the engine control 122 to have different expected service life durations. For example, to stay compatible with changes in wireless communication technologies used by the offboard systems 106, the communication adapter 102 may be upgraded at a faster interval than the engine control 122. The communication adapter 102 can have a lower processing and storage capacity than the engine control 122 to reduce power requirements, weight, and other costs associated with the communication adapter 102. Since the communication adapter 102 does not actively control the gas turbine engine 104, development cycles may be reduced as compared to implementing flight critical control algorithms and hardware of the engine control 122.
Referring now to
At block 502, the communication adapter 102 can receive an engine control update request from an offboard system 106.
At block 504, the communication adapter 102 can confirm an authentication between the communication adapter 102 and the engine control 122. Authentication may include verifying a shared secret or other credential between the communication adapter 102 and the engine control 122. Further, user type credentials can be used to verify a level of access granted to update specific portions of the memory system 212 of the engine control 122.
At block 506, the communication adapter 102 can transfer one or more configuration items 300 received at the communication adapter 102 from the offboard system 106 to the engine control 122 based on the authentication. Examples of the configuration items 300 can include executable software for the engine control 122, such as boot control 310, operating system 314, and/or application 316. Further, the configuration items 300 may include identification data 312, constant data 318, and/or configurable data 320, such as engine control trim data 328 and/or fault limit data 330.
At block 508, the communication adapter 102 can transmit an update completion confirmation of the engine control 122 from the communication adapter 102 to the offboard system 106 based on a confirmation message from the engine control 122. The confirmation message from the engine control 122 can be sent based on validation of at least one digital signature associated with the configuration items 300 prior to updating the engine control 122. For instance, the configuration items 300 to be updated may be digitally signed at the offboard system 106 and the digitally-signed configuration items 300 can pass through the communication adapter 102 after authentication to the engine control 122 for validation. Processing circuitry 220 of the communication adapter 102 can be further configured to transmit a data state of the engine control 122 and a configuration of the engine control 122 to the offboard system 106 with the update completion confirmation. Confirmations may include a success or failure status to assist in troubleshooting unsuccessful upload attempts. The offboard system 106 can store results and state data, such as a load state and configuration, into the configuration management database 400 (e.g., as part of the configuration data 406 and/or log files 408 associated with an engine build identifier 404).
While the above description has described the flow process of
The term “about” is intended to include the degree of error associated with measurement of the particular quantity based upon the equipment available at the time of filing the application.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the present disclosure. As used herein, the singular forms “a”, “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises” and/or “comprising,” when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, element components, and/or groups thereof.
While the present disclosure has been described with reference to an exemplary embodiment or embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted for elements thereof without departing from the scope of the present disclosure. In addition, many modifications may be made to adapt a particular situation or material to the teachings of the present disclosure without departing from the essential scope thereof. Therefore, it is intended that the present disclosure not be limited to the particular embodiment disclosed as the best mode contemplated for carrying out this present disclosure, but that the present disclosure will include all embodiments falling within the scope of the claims.
This application is a continuation of U.S. application Ser. No. 16/839,111 filed Apr. 3, 2020, which claims the benefit of priority to U.S. Provisional Application No. 62/835,169 filed Apr. 17, 2019, the disclosures of which are incorporated herein by reference in their entirety.
| Number | Name | Date | Kind |
|---|---|---|---|
| 6167239 | Wright et al. | Dec 2000 | A |
| 6173159 | Wright et al. | Jan 2001 | B1 |
| 8078354 | Loda | Dec 2011 | B2 |
| 8344912 | Mitchell et al. | Jan 2013 | B2 |
| 8768537 | Kim et al. | Jul 2014 | B2 |
| 9253816 | Gashette | Feb 2016 | B1 |
| 9303523 | Rodriguez et al. | Apr 2016 | B2 |
| 9367970 | Ziarno | Jun 2016 | B2 |
| 9435819 | Fraley et al. | Sep 2016 | B1 |
| 9464905 | Lewis | Oct 2016 | B2 |
| 9587576 | Stanek et al. | Mar 2017 | B2 |
| 9915535 | Jordan et al. | Mar 2018 | B2 |
| 10035609 | Ziarno | Jul 2018 | B2 |
| 10093436 | Bulumulla et al. | Oct 2018 | B2 |
| 10114634 | Quin et al. | Oct 2018 | B2 |
| 10444748 | Feenstra et al. | Oct 2019 | B2 |
| 10633106 | Gelwan et al. | Apr 2020 | B2 |
| 10880070 | Delaney et al. | Dec 2020 | B1 |
| 20010038143 | Sonobe et al. | Nov 2001 | A1 |
| 20040056766 | Butz et al. | Mar 2004 | A1 |
| 20040206818 | Loda et al. | Oct 2004 | A1 |
| 20050017876 | Ziarno | Jan 2005 | A1 |
| 20060108988 | McKelvey et al. | May 2006 | A1 |
| 20070118626 | Langen | May 2007 | A1 |
| 20090049441 | Mii et al. | Feb 2009 | A1 |
| 20090119657 | Link, II | May 2009 | A1 |
| 20100049377 | Scheid et al. | Feb 2010 | A1 |
| 20130006581 | Singh et al. | Jan 2013 | A1 |
| 20130332011 | Ziarno | Dec 2013 | A1 |
| 20130332025 | Ziarno | Dec 2013 | A1 |
| 20140123625 | Snell | May 2014 | A1 |
| 20150330869 | Ziarno | Nov 2015 | A1 |
| 20160110179 | Weckesser et al. | Apr 2016 | A1 |
| 20160178464 | Burns et al. | Jun 2016 | A1 |
| 20160196457 | Mylaraswamy et al. | Jul 2016 | A1 |
| 20160207639 | Ellis et al. | Jul 2016 | A1 |
| 20160222889 | Snyder | Aug 2016 | A1 |
| 20160260265 | Buehler et al. | Sep 2016 | A1 |
| 20160322826 | Okino et al. | Nov 2016 | A1 |
| 20160377506 | Bizud | Dec 2016 | A1 |
| 20170089577 | Desilva et al. | Mar 2017 | A1 |
| 20170155514 | Schulz et al. | Jun 2017 | A1 |
| 20170205817 | Lyons et al. | Jul 2017 | A1 |
| 20170234233 | Schwarz et al. | Aug 2017 | A1 |
| 20170259942 | Ziarno | Sep 2017 | A1 |
| 20170287239 | Levy | Oct 2017 | A1 |
| 20170334576 | Shams | Nov 2017 | A1 |
| 20170373612 | Sellinger et al. | Dec 2017 | A1 |
| 20180006916 | Scholten et al. | Jan 2018 | A1 |
| 20180007136 | Scholten et al. | Jan 2018 | A1 |
| 20180011481 | Smit et al. | Jan 2018 | A1 |
| 20180023413 | Chowdhury et al. | Jan 2018 | A1 |
| 20180023484 | Gelwan et al. | Jan 2018 | A1 |
| 20180045122 | Veilleux | Feb 2018 | A1 |
| 20180051587 | Fletcher | Feb 2018 | A1 |
| 20180167391 | Lawson et al. | Jun 2018 | A1 |
| 20180170575 | Ziarno | Jun 2018 | A1 |
| 20180205658 | Sullivan | Jul 2018 | A1 |
| 20180225629 | Brodersen et al. | Aug 2018 | A1 |
| 20180297718 | Adibhatla | Oct 2018 | A1 |
| 20180365265 | Blanc et al. | Dec 2018 | A1 |
| 20190005744 | Curtis et al. | Jan 2019 | A1 |
| 20190012853 | Scholten et al. | Jan 2019 | A1 |
| 20190102162 | Pitre et al. | Apr 2019 | A1 |
| 20190128191 | Moravek et al. | May 2019 | A1 |
| 20190322299 | Mong et al. | Oct 2019 | A1 |
| 20190367190 | Bewlay et al. | Dec 2019 | A1 |
| 20190385057 | Litichever et al. | Dec 2019 | A1 |
| 20190385120 | Yund et al. | Dec 2019 | A1 |
| 20200044916 | Kaufman et al. | Feb 2020 | A1 |
| 20200076596 | Chopart | Mar 2020 | A1 |
| 20200331620 | Scheid | Oct 2020 | A1 |
| 20200332675 | Scheid et al. | Oct 2020 | A1 |
| 20200332722 | Lamberti et al. | Oct 2020 | A1 |
| 20200333004 | Scheid et al. | Oct 2020 | A1 |
| 20200334925 | Scheid et al. | Oct 2020 | A1 |
| 20200362766 | Lamberti et al. | Nov 2020 | A1 |
| 20200378271 | Lamberti et al. | Dec 2020 | A1 |
| 20200380508 | Sheriff | Dec 2020 | A1 |
| 20210209868 | Scheid et al. | Jul 2021 | A1 |
| 20220216910 | Lamberti et al. | Jul 2022 | A1 |
| 20220394093 | Lamberti et al. | Dec 2022 | A1 |
| Number | Date | Country |
|---|---|---|
| 1400942 | Mar 2004 | EP |
| 2378490 | Oct 2011 | EP |
| 3217364 | Sep 2017 | EP |
| 3260939 | Dec 2017 | EP |
| 2010028729 | Mar 2010 | WO |
| 2018158102 | Sep 2018 | WO |
| Entry |
|---|
| Sampigethaya et al, “Security and Privacy of Future Aircraft Wireless Communications with Offboard Systems”, 2011, [Online], pp. 1-6, [Retrieved from internet on Mar. 30, 2023], <https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=5716527> (Year: 2011). |
| Baek et al., “Making air traffic surveillance more reliable: a new authentication framework for automatic dependent surveillance-broadcast (ADS-B) based on online/offiline identity-based signature”, Security Comm. Networks 2015; 8: 740-750. |
| Cfmi Customer Training Center Snecma: Training Manual CFM56-5A Engine Systems;dated Apr. 1, 2020; https://eduscol.education.fr/sti/sites/eduscol.education.fr.sti/files/ressources/pedagogiques/11659/11659-ctc-045-engine-systems.pdf, 467 pages. |
| Extended European Search Report; dated Aug. 24, 2020; EP Application No. 20170086.1-1009; 11 pages. |
| Extended European Search Report; dated Sep. 8, 2020; Application No. 20167253.2-1202; 10 pages. |
| Extended European Search Report; dated Aug. 24, 2020; Application No. 20167171.6-1202; 8 pages. |
| Extended European Search Report; dated Oct. 2, 2020; Application No. 20170071.3-1202; 11 pagaes. |
| Extended European Search Report; dated Sep. 25, 2020; Application No. 20170066.3-1009; 12 pages. |
| Extended European Search Report; dated Sep. 8, 2020; Application No. 20167178.1-1202; 9 pages. |
| Extended European Search Report; Sep. 18, 2020; Application No. 20167001.5-1009; 9 pages. |
| Partial European Search Report; Application No. 20170098.6-1202; dated Sep. 21, 2020; 16 pages. |
| U.S. Appl. No. 16/839,108, filed Apr. 3, 2020, NonFinal Office Action, dated Mar. 1, 2022, 48 pages. |
| Number | Date | Country | |
|---|---|---|---|
| 20230003173 A1 | Jan 2023 | US |
| Number | Date | Country | |
|---|---|---|---|
| 62835169 | Apr 2019 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 16839111 | Apr 2020 | US |
| Child | 17940288 | US |
