System and method for providing security aboard a moving platform

Description

FIELD

The present application relates generally to network security systems and more particularly, but not exclusively, to security systems suitable for use with vehicle information systems installed aboard passenger vehicles.

BACKGROUND

Vehicles, such as automobiles and aircraft, often include vehicle information systems for satisfying passenger demand for access to viewing content, such as entertainment, information content, or other viewing content, while traveling.

Conventional vehicle information (or entertainment) systems typically include overhead cabin video systems or seat-based video systems with individual controls such that viewing content is selectable by the passengers. Handheld (or portable) media devices also can be made available for selecting and presenting the viewing content. The viewing content can include audio and video content that is derived from a variety of content sources. Prerecorded viewing content, such as motion pictures and music, can be provided by internal content sources, such as audio and video players, that are installed aboard the vehicle. The conventional vehicle information systems likewise can include antenna systems for receiving viewing content, such as live television programming and/or Internet content, transmitted from one or more content providers (or sources) that are external to, and/or remote from, the vehicle. As desired, viewing content likewise can be stored within an internal memory system of the portable media devices.

Conventional vehicle information systems, however, suffer from numerous disadvantages. For example, few conventional vehicle information systems provide robust network security. Those vehicle information systems that do provide security distribute security components across multiple system elements, such as line replaceable units (or LRUs). However, these system elements themselves are insecure. For example, hardware and software applications that process and store commercial transaction information, such as credit card payment data, are distributed throughout current vehicle information systems, exposing sensitive data and placing confidential information at risk. Further, conventional vehicle information systems cannot identify security breaches.

In view of the foregoing, a need exists for an improved system and method for providing security for vehicle information systems in an effort to overcome the aforementioned obstacles and deficiencies of conventional vehicle information systems.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is an exemplary top-level block diagram illustrating an embodiment of a security system for information systems, wherein the security system is disposed within a single line replaceable unit.

FIG. 2A is an exemplary block diagram illustrating a selected method by which data can propagate through the security system of FIG. 1.

FIG. 2B is an exemplary block diagram illustrating an alternative method by which the data can propagate through the security system of FIG. 1, wherein the data is provided to the security system in a wireless manner.

FIG. 2C is an exemplary block diagram illustrating another alternative method by which the data can propagate through the security system of FIG. 1, wherein the data comprises a security log file for storage in a secure log file storage system.

FIG. 2D is an exemplary block diagram illustrating another alternative method by which the data can propagate through the security system of FIG. 1, wherein the data comprises payment application data.

FIG. 2E is an exemplary block diagram illustrating another alternative method by which the data can propagate through the security system of FIG. 1, wherein the data is stored in a secure data storage system.

FIG. 2F is an exemplary block diagram illustrating another alternative method by which the data can propagate through the security system of FIG. 1, wherein the data comprises secure payment application code.

FIG. 3A is an exemplary top-level drawing illustrating the information system of FIG. 1, wherein the information system comprises a vehicle information system installed aboard an automobile.

FIG. 3B is an exemplary top-level drawing illustrating the vehicle information system of FIG. 3A, wherein the vehicle information system is installed aboard an aircraft.

FIG. 4 is an exemplary detail drawing illustrating one preferred embodiment of a distribution system for the vehicle information systems of FIGS. 3A-B.

FIG. 5A is an exemplary detail drawing illustrating a passenger cabin of a vehicle, wherein the vehicle information system of FIGS. 3A-B has been installed.

FIG. 5B is an exemplary detail drawing illustrating an embodiment of the vehicle information system of FIG. 5A, wherein the vehicle information system is in communication with a personal media device.

FIG. 6 is an exemplary detail drawing illustrating an alternative embodiment of the security system of FIG. 1, wherein the security system includes a biometric device for preventing unauthorized access to the vehicle information system.

It should be noted that the figures are not drawn to scale and that elements of similar structures or functions are generally represented by like reference numerals for illustrative purposes throughout the figures. It also should be noted that the figures are only intended to facilitate the description of the preferred embodiments. The figures do not illustrate every aspect of the described embodiments and do not limit the scope of the present disclosure.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

Since conventional security systems for vehicle information systems are distributed across multiple, insecure system elements and cannot identify security breaches, a security system that provides network security to a vehicle information system and that is disposed within a single system element can prove desirable and provide a basis for a wide range of system applications, such as vehicle information systems for use aboard automobiles, aircraft, ships, buses, trains and other types of conventional passenger vehicles during travel. This result can be achieved, according to one embodiment disclosed herein, by the security system 500 as illustrated in FIG. 1.

Turning to FIG. 1, the security system 500 can provide network security for an information system 100. The security system 500 is shown as being provided as an integrated security system. In other words, the security system 500 can be disposed within a single system element of the information system 100. The security system 500 advantageously can comprise an all-in-one security system that facilitates security system functions, in whole and/or in part, for the information system 100. Thereby, the security system 500 can provide a defense in depth approach by adding multiple layers of security to the information system 100.

The security system 500 can provide selected security system functions such as secure storage of keys used to encrypt and/or decrypt system data, storage of security-related application programming interfaces (APIs), storage of a security log file, and/or secure storage for private data, such as user (or passenger) credit card data and/or medical data. The security system 500 likewise can utilize antivirus software, anti-spyware software, an application firewall, and/or a network firewall. As desired, the security system 500 can include an intrusion prevention system (IPS) and/or an intrusion detection system (IDS). If the information system 100 includes a wireless communication (or distribution) system 320 (shown in FIGS. 3A-3B), such as a wireless fidelity (Wi-Fi) network, for example, the security system 500 can include an intrusion prevention system (IPS) and/or an intrusion detection system (IDS) that is suitable for use with wireless network systems. The security system functions described herein are not exhaustive and are provided herein for purposes of illustration only and not for purposes of limitation.

Exemplary security system functions of the security system 500 are discussed in more detail below with reference to FIG. 1. The security system functions of the security system 500 can comprise any conventional type of security system functions and are shown and described with reference to FIG. 1 for purpose of illustration only and not for purposes of limitation. The security system 500, for example, can include antivirus (and/or anti-malware) software 1 for scanning network traffic, files, and/or other conventional types of data being exchanged with the information system 100. Preferably, the antivirus software 1 is signature-based antivirus software. The antivirus software 1 thereby can be periodically (or regularly) updated, such as at least once a month, for the latest virus signatures. As the data is transmitted through the security system 500, the antivirus software 1 can inspect the data against its virus signature files and thereby allow safe data to propagate and/or prevent malicious code from harming either the security system 500, the information system 100, and/or adjacent peripheral systems, e.g., an In-Flight Entertainment system.

Alternatively, and/or additionally, the security system 500 advantageously can utilize hardware based encryption. As illustrated in FIG. 1, Hardware Security Module (HSM) 2 of the security system 500 can be provided as an integrated circuit device that stores sensitive information using hardware encryption. For example, the HSM 2 may manage digital keys, accelerate cryptoprocesses in terms of digital signings and provide strong authentication to access critical keys for various software modules or LRUs. The encryption keys thereby can be stored in a secure place to reduce risk exposure. HSM 2 preferably meets and/or exceeds Federal Information Processing Standard (FIPS) level II certification. As desired, the HSM 2 system may handle asymmetric key pairs (and certificates) used in public key cryptography and symmetric keys. HSM 2 is a more robust security solution than conventional security solutions because software encryption-based designs can be utilized to hide information but can be reverse engineered, risking exposure to sensitive data. Software encryption-based designs likewise may present significant risk. For example, the design may be disclosed (or otherwise discovered), and/or some unforeseen event could happen to the limited number of people who know the design.

Turning If the information system 100 includes a wireless distribution system 320 (FIGS. 3A, 3B), the security system 500 may include a wireless fidelity (Wi-Fi) device 3. The Wi-Fi device 3 preferably has a built-in access point 368 (shown in FIG. 5B), such as a wireless access point (WAP), that supports wireless communications. Communications for the Wi-Fi device 3, in whole and/or in part, can pass through -the wireless access point. Since wireless connectivity typically is deemed insecure, a Denial of Service (DOS) attack could render the information system 100 useless, preventing crew and passengers from communicating. If all wireless communications pass through the access point 368, however, all communication packets can pass through Wireless Intrusion Prevention Software (WIPS) that can block and/or deny all de-auth (DOS) attacks and prevent one or more wireless devices, such as a personal media device 200 (shown in FIG. 5B), from accessing the content distribution system 320.

The security system 500 alternatively, and/or additionally, can provide secure data storage 4. The secure data storage 4 can be provided in any conventional manner and can include sufficient storage resources for securely storing credit card transactions and/or other sensitive data of any kind in an encrypted format. As desired, the data can be securely stored in accordance with a relevant data security standard. Exemplary security standards may include Payment Card Industry Data Security Standard (PCI DSS) for credit card information and/or Health Insurance Portability and Accountability Act (HIPAA) for medical information. As desired, private data likewise can include personal information protected under applicable law. European personal data privacy laws, for example, protect any type of data, such as name, address, and/or frequent flyer number, that can be used to identify a person.

As shown in FIG. 1, the security system 500 can include an Application Based Firewall 5. Applications used by the information system 100 typically communicate with each other and transfer data to (and/or from) various locations on the communication (or distribution) system 320. This data can be malformed and/or cause unexpected results, such as buffer overflows and/or remote code execution. Malformed data and/or unexpected results can compromise the information system 100. The application firewall 5 can inhibit malformed data from passing between applications and/or causing unexpected results. Moreover, an Application Based Firewall 5 (or Web Application Firewall) may provide a defense at the network security level for web application attacks capable of being launched on TCP/UDP port 80—a port that must remain open (and vulnerable) due to normal and legitimate web site traffic transmitted on the port. Similar to the antivirus software 1, the Application Based Firewall 5 may receive periodic updates in order to combat the latest web vulnerabilities.

The intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6 of the security system 500 can identify and/or prevent unauthorized access to the information system 100 by blocking unwanted data types or fragments. As desired, the IPS/IDS 6 can filter traffic based on data signatures or downloadable rules that may be updated on a regular or ad hoc basis. If a breach occurs, the security system 500 can enable the information system 100 to notify authorized personnel, such as ground control, of the breach and can respond accordingly. In an exemplary embodiment, the IDS/IPS 6 may be configured by adopting a third party open source solution, such as SNORT® provided by Sourcefire, Inc., headquartered in Columbia, Md. In a hard wired environment, the IPS/IDS 6 may be most effective in detecting intrusion if it is configured to operate as the initial input 10 to the security system 500—thereby preventing malicious data packets from entering, and possibly disabling, the security system 500. In a wireless input environment, however, a person of ordinary skill could readily determine that the Wireless Intrusion Prevention System 3 may be the initial point of entry to the security system 500. A WIPS 3 may be capable of preventing unauthorized network access to the security system 500 by wireless devices.

As desired, the security system 500 can include a payment processing system 7. The payment processing system 7 can be provided as a software (or API) application and/or can process credit card transactions and other types of secure transactions. Preferably, the payment processing system 7 resides within the security system 500, yet remains segmented from the rest of the information system 100 due the sensitivity of the data housed in the payment processing system 7 and the anticipated audits over the handling of the data. The APIs provided by the payment processing system 7 may be capable of being called by other applications and LRUs but the PCI-DSS compliant system preferably is entirely self contained, thereby minimizing the scope of PCI-DSS compliance.

FIG. 1 shows that the security system 500 has a Secure Log File 8. The Secure Log File 8 can be provided in any conventional manner. All security related events from each line replaceable unit (LRU) 326 (shown in FIG. 4) preferably are stored within the Secure Log File Storage System 8. The Secure Log File Storage System 8 essentially can serve as a central log aggregate for the information system 100.

Turning briefly to FIG. 2C, for example, a plurality of local LRUs 326 are illustrated as communicating with the security log file 8 over a direct and secure connection 16. Exemplary LRUs 326 can include an Aircraft Interface 312, File Server 314, Media Server 310A, Content Server 316, Disk Array 318, a user interface system 360, and/or a seat electronics box (SEB) (and/or video seat electronics box (VSEB) and/or premium seat electronics box (PSEB)) 324 without limitation. Exemplary LRUs 326 are shown and described in U.S. Pat. No. 7,675,849, entitled “SYSTEM AND METHOD FOR ROUTING COMMUNICATION SIGNALS VIA A DATA DISTRIBUTION NETWORK,” and in co-pending United States patent application, entitled “SYSTEM AND METHOD FOR RECEIVING BROADCAST CONTENT ON A MOBILE PLATFORM DURING TRAVEL,” application Ser. No. 12/237,253, filed on Sep. 24, 2008, which are assigned to the assignee of the present application and the respective disclosures of which are hereby incorporated herein by reference in their entireties and for all purposes. These LRUs 326 may have a need to generate security log files; however, it may not be feasible to store the log files on the respective local LRUs 326 due to their unsecured nature and/or lack of adequate storage.

In an effort to secure transmission between LRUs 326 and the secure log file storage 8, each LRU 326 configured to interface with the secure log file 8 may be configured to broadcast a unique identifier to the secure log file 8 receiver system. This interaction may adopt certificate-based authentication that is keyed to either or both of each LRUs IP or MAC address. As security log files are generated over Syslog UDP port 514, the security log files may be written to the secure log file storage 8, which may comprise one or more hard drive, compact flash device, solid state device, and/or any other adequate storage mechanism. As desired, the log files may also be encrypted by using Advanced Encryption Standard (AES) 256 or other adequate encryption means. The security system 500 preferably is configured to provide the security log files stored within the secure log file storage 8 to the remote processing system 15 (shown in FIG. 2F) via a secure Universal Serial Bus (USB) connection 12, a secure cellular communication connection 13, and/or a secure broadband communication connection 14 of the security system 500. Thereby, the processing system 15 can receive information related to any denial of service (DoS) attack, data snooping, and other types of data security incidents detected by the security system 500 and can trace the security risk to its origin and/or identify the attack methodology used for preparing a response to the security incidents.

Returning to FIG. 1, the security system 500 can receive data and other information 10 from the information system 100 and can provide data and other information 11 to the information system 100. The security system 500 can communicate with the information system 100 in any conventional wired and/or wireless manner, including in the manner set forth below with reference to the communication (or distribution) system 320 (shown in FIGS. 3A-B and 4). Preferably, the security system 500 and the information system 100 communicate via a wired communication connect, such as a fiber-optic communication connection, to help ensure secure communications between the security system 500 and the information system 100.

The security system 500 likewise can provide secure information to a processing system 15 (shown in FIG. 2F) that is remote from the information system 100. For example, the security system 500 can provide sensitive commercial transaction information, such as credit card payment data, to the remote processing system 15 for subsequent processing and completion of the commercial transaction. The security system 500 can provide the commercial transaction information to the remote processing system 15 in any conventional manner. An exemplary wireless manner of transmitting the commercial transaction information to the remote processing system 15 can include secure cellular communication connection 13 and/or secure broadband communication connection 14; whereas, a secure Universal Serial Bus (USB) connection is an illustrative manner for transmitting the commercial transaction information to the remote processing system 15 in a wired manner. If installed on an aircraft 390B (shown in FIG. 3B), for example, the information system 100 can comprise a conventional aircraft passenger in-flight entertainment system, such as the Series 2000, 3000, eFX, and/or eX2 in-flight entertainment system as manufactured by Panasonic Avionics Corporation (formerly known as Matsushita Avionics Systems Corporation) of Lake Forest, Calif., and can include Panasonic Avionics' eXconnect system that supports broadband communications with a terrestrial Earth station.

The remote processing system 15 can be provided in any suitable manner based, for example, upon the type of data being transmitted. Exemplary remote processing systems 15 are shown and described in co-pending United States patent applications, entitled “SYSTEM AND METHOD FOR MANAGING CONTENT ON MOBILE PLATFORMS,” application Ser. No. 11/123,327, filed on May 6, 2005; entitled “SYSTEM AND METHOD FOR RECEIVING BROADCAST CONTENT ON A MOBILE PLATFORM DURING TRAVEL,” application Ser. No. 12/237,253, filed on Sep. 24, 2008, and entitled “SYSTEM AND METHOD FOR PERFORMING REAL TIME DATA ANALYSIS,” application Ser. No. 12/638,655, filed on Dec. 15, 2009, which are assigned to the assignee of the present application and the respective disclosures of which are hereby incorporated herein by reference in their entireties and for all purposes.

FIG. 1 shows that the security system 500 can include a cell transport system 9 for supporting the cellular communication connection 13. Data and signature files thereby can be uploaded to (and/or downloaded from) the security system 500 via the cellular communication connection 13. Although illustrated in FIG. 1 as including the antivirus software 1, the Hardware Security Module (HSM) 2, the wireless fidelity (Wi-Fi) device 3, the secure data storage 4, the Application Based Firewall 5, the intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6, the payment processing system 7, the Secure Log File 8, and the cell transport system 9, the security system 500 can include any combination of one or more of the above system components without limitation.

One manner by which data can propagate through the security system 500 is illustrated in FIG. 2A. Turning to FIG. 2A, the security system 500 is shown as including at least the intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6, the antivirus software 1, and the Application Based Firewall 5. The intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6 can receive inbound data traffic in any conventional wired and/or wireless manner via the initial input 10 to the security system 500. Receiving the inbound data traffic, the intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6 can filter the inbound data traffic based upon data signature information. Thereby, the security system 500 can block any unwanted data types and/or data fragments from being transmitted to the information system 100.

The intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6 is shown as providing the filtered inbound data traffic to the antivirus software 1. The antivirus software 1 can inspect the filtered inbound data traffic against one or more virus signature (and/or malware) files. As desired, the antivirus software 1 likewise can determine a data type for the filtered inbound data traffic. If the filtered inbound data traffic is determined to include a virus (and/or malware) and/or a prohibited data type, the antivirus software 1 blocks the filtered inbound data traffic; otherwise, the antivirus software 1 permits the filtered inbound data traffic to be transmitted to the Application Based Firewall 5. Receiving the filtered inbound data traffic from the antivirus software 1, the Application Based Firewall 5 inspects the filtered inbound data traffic for web applications. In other words, the Application Based Firewall 5 validates the filtered inbound data traffic for web applications, such as Structured Query Language (SQL) injection and/or Cross-site scripting (XSS).

The filtered inbound data traffic that is validated by the Application Based Firewall 5 can be provided to the information system 100 via the output 11 of the security system 500. Alternatively, and/or additionally, the validated inbound data traffic can be provided to the remote processing system 15 (shown in FIG. 2F) via the secure Universal Serial Bus (USB) connection 12, the secure cellular communication connection 13, and/or the secure broadband communication connection 14 of the security system 500 in the manner set forth in more detail above with reference to FIG. 1. Although shown and described as comprising an exemplary arrangement of the intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6, the antivirus software 1, and the Application Based Firewall 5 with reference to FIG. 2A for purposes of illustration only, the intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6, the antivirus software 1, and the Application Based Firewall 5 can be provided in any suitable arrangement. The security system 500 likewise can include a greater and/or lesser number of security component modules.

If the information system 100 includes a wireless distribution system 320 (FIGS. 3A, 3B), for example, the security system 500 shown in FIG. 2A can further include a wireless fidelity (Wi-Fi) device 3 as illustrated in FIG. 2B. The wireless fidelity (Wi-Fi) device 3 can be provided in the manner set forth in more detail above with reference to FIG. 1 and is shown as being disposed between the initial input 10 to the security system 500 and the intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6. The wireless fidelity device 3 thereby can receive and inspect inbound wireless data traffic for denial of service (DoS) attacks, data snooping, and other types of wireless data security risks. Advantageously, the wireless fidelity device 3 can block any unwanted inbound wireless data traffic and can provide the wanted inbound wireless data traffic to the intrusion prevention system (IPS) and/or intrusion detection system (IDS) 6, the antivirus software 1, and the Application Based Firewall 5 for further inspection, such as filtering and/or validation, in the manner discussed in more detail above with reference to FIG. 2A. The processed inbound data traffic thereby can be provided to the information system 100 via the output 11 of the security system 500 and/or to the remote processing system 15 (shown in FIG. 2F) via the secure Universal Serial Bus (USB) connection 12, the secure cellular communication connection 13, and/or the secure broadband communication connection 14 of the security system 500 in the manner described above.

Turning to FIG. 2D, the security system 500 is illustrated as including the Hardware Security Module (HSM) 2. The Hardware Security Module 2 is provided in the manner discussed in more detail above with reference to FIG. 1. The information system 100 is shown, at A, as receiving payment application information, media content, public key infrastructure (PKI) authentication data, and/or any other relevant type of inbound data traffic. If the inbound data traffic includes a request for encryption/decryption key information, the information system 100, at B, can provide the request to the Hardware Security Module 2 via the initial input 10 to the security system 500. At C, the Hardware Security Module 2 can responds to the request by providing the requested encryption/decryption key information to the information system 100 via the output 11 of the security system 500. The information system 100 thereby can provide, at D, the requested encryption/decryption key information to a third-party application that requires the encryption/decryption key information for encrypting and/or decrypting the inbound data traffic.

FIG. 2E illustrates an exemplary embodiment of the secure data storage 4 for securely storing credit card transactions, personal identifiable information (PII), and/or other types of sensitive data in the manner discussed in more detail above with reference to FIG. 1. The secure data storage 4 can receive the sensitive data from the information system 100 via the initial input 10 of the security system 500 and/or from the remote processing system 15 (shown in FIG. 2F) via the secure Universal Serial Bus (USB) connection 12, the secure cellular communication connection 13, and/or the secure broadband communication connection 14 of the security system 500. Upon receiving the sensitive data, the secure data storage 4 can securely store the sensitive data, preferably in an encrypted format, and can provide the stored sensitive data upon receiving proper authorization. The secure data storage 4 thereby can provide the stored sensitive data to the information system 100 via the output 11 of the security system 500 and/or to the remote processing system 15 (shown in FIG. 2F) via the secure Universal Serial Bus (USB) connection 12, the secure cellular communication connection 13, and/or the secure broadband communication connection 14 of the security system 500 in the manner set forth in more detail above.

Turning to FIG. 2F, the security system 500 is illustrated as including the payment processing system 7. The payment processing system 7 preferably is provided in the manner discussed in more detail above with reference to FIG. 1 and provides secure payment application code storage. As illustrated in FIG. 2F, the payment processing system 7 exchange payment application data with the information system 100 via the initial input 10 and the output 11 of the security system 500. The payment processing system 7 likewise can exchange payment application data with the remote processing system 15 via the secure Universal Serial Bus (USB) connection 12, the secure cellular communication connection 13, and/or the secure broadband communication connection 14 of the security system 500 in the manner set forth in more detail above. Thereby, payment software applications, such as application programming interfaces (APIs) and other payment application code, used in the payment application process can be securely stored within the security system 500, wherein other applications and/or LRUs 326 can access the software applications stored within the payment processing system 7.

Storage of the software applications within the payment processing system 7 advantageously segments the payment software applications and/or the payment application data from the remainder of the information system 100. With reference to the Payment Card Industry (PCI) standard, for example, processing of payment application data can be subject to audit. By maintaining the payment software applications and/or the payment application data within the payment processing system 7, performance of audits can be facilitated because the payment information is segmented. Thereby, only the security system 500, rather than the entire information system 100, requires examination during an audit, minimizing the scope of the information system 100 that is subject to compliance under the PCI standard.

Although the information system 100 can be disposed in a fixed location, such as a building, the information system 100 likewise can advantageously be applied in mobile system applications. Turning to FIGS. 3A-B, the information system 100 is shown as comprising a vehicle information system 300 that can be configured for installation aboard a wide variety of vehicles 390. Exemplary types of vehicles can include an automobile 390A (shown in FIG. 3A), an aircraft 390B (shown in FIG. 3B), a bus, a recreational vehicle, a boat, and/or a locomotive, or any other type of passenger vehicle without limitation. If installed on an aircraft 390B as illustrated in FIG. 3B, for example, the vehicle information system 300 can comprise a conventional aircraft passenger in-flight entertainment system, such as the Series 2000, 3000, eFX, and/or eX2 in-flight entertainment system as manufactured by Panasonic Avionics Corporation (formerly known as Matsushita Avionics Systems Corporation) of Lake Forest, Calif.

As shown in FIGS. 3A-B, the vehicle information system 300 comprises at least one conventional content source 310 and one or more user (or passenger) interface systems 360 that communicate via a real-time content distribution system 320. Each content source 310 can be provided in the manner set forth in U.S. Pat. No. 7,715,783, entitled “SYSTEM AND METHOD FOR RECEIVING BROADCAST CONTENT ON A MOBILE PLATFORM DURING INTERNATIONAL TRAVEL,” and in the co-pending United States patent applications, entitled “SYSTEM AND METHOD FOR DOWNLOADING FILES,” application Ser. No. 10/772,565, filed on Feb. 4, 2004; entitled “SYSTEM AND METHOD FOR MANAGING CONTENT ON MOBILE PLATFORMS,” application Ser. No. 11/123,327, filed on May 6, 2005; entitled “PORTABLE MEDIA DEVICE AND METHOD FOR PRESENTING VIEWING CONTENT DURING TRAVEL,” application Ser. No. 11/154,749, filed on Jun. 15, 2005; entitled “SYSTEM AND METHOD FOR INTERFACING A PORTABLE MEDIA DEVICE WITH A VEHICLE INFORMATION SYSTEM,” application Ser. No. 12/210,624, filed on Sep. 15, 2008; entitled “PORTABLE USER CONTROL DEVICE AND METHOD FOR VEHICLE INFORMATION SYSTEMS,” application Ser. No. 12/210,689, filed on Sep. 15, 2008; entitled “SYSTEM AND METHOD FOR RECEIVING BROADCAST CONTENT ON A MOBILE PLATFORM DURING TRAVEL,” application Ser. No. 12/237,253, filed on Sep. 24, 2008; and entitled “SYSTEM AND METHOD FOR PRESENTING ADVERTISEMENT CONTENT ON A MOBILE PLATFORM DURING TRAVEL,” application Ser. No. 12/245,521, filed on Oct. 3, 2008, which are assigned to the assignee of the present application and the respective disclosures of which are hereby incorporated herein by reference in their entireties and for all purposes.

The content sources 310 can include one or more internal content sources, such as server system 310A, that are installed aboard the vehicle 390 and/or remote (or terrestrial) content sources 310B that can be external from the vehicle 390. The server system 310A can be provided as an information system controller for providing overall system control functions for the vehicle information system 300 and/or at least one media (or file) server system 310A, for storing viewing content 210, such as preprogrammed viewing content and/or downloaded viewing content 210D, as desired. The server system 310A can include, and/or communicate with, one or more conventional peripheral media storage systems (not shown), including optical media devices, such as a digital video disk (DVD) system or a compact disk (CD) system, and/or magnetic media systems, such as a video cassette recorder (VCR) system or a hard disk drive (HDD) system, of any suitable kind, for storing the preprogrammed content and/or the downloaded viewing content 210D.

The viewing content 210 can comprise any conventional type of audio and/or video viewing content, such as stored (or time-delayed) viewing content and/or live (or real-time) viewing content, in the manner set forth in the above-referenced U.S. Pat. No. 7,715,783, entitled “SYSTEM AND METHOD FOR RECEIVING BROADCAST CONTENT ON A MOBILE PLATFORM DURING INTERNATIONAL TRAVEL,” and in the above-referenced co-pending United States patent applications, entitled “SYSTEM AND METHOD FOR DOWNLOADING FILES,” application Ser. No. 10/772,565, filed on Feb. 4, 2004; and entitled “PORTABLE MEDIA DEVICE AND METHOD FOR PRESENTING VIEWING CONTENT DURING TRAVEL,” application Ser. No. 11/154,749, filed on Jun. 15, 2005. Exemplary viewing content 210 can include television programming content, music content, podcast content, photograph album content, audiobook content, and/or movie content without limitation.

As desired, the viewing content 210 can include geographical information in the manner set forth in U.S. Pat. No. 6,661,353, entitled “METHOD FOR DISPLAYING INTERACTIVE FLIGHT MAP INFORMATION,” which is assigned to the assignee of the present application and the disclosure of which is hereby incorporated herein by reference in its entirety and for all purposes. Alternatively, and/or additionally, to entertainment content, such as live satellite television programming and/or live satellite radio programming, the viewing content likewise can include two-way communications, such as real-time access to the Internet 310C (shown in FIG. 3B) and/or telecommunications in the manner set forth in U.S. Pat. No. 5,568,484, entitled “TELECOMMUNICATIONS SYSTEM AND METHOD FOR USE ON COMMERCIAL AIRCRAFT AND OTHER VEHICLES,” which is assigned to the assignee of the present application and the disclosure of which is hereby incorporated herein by reference in its entirety and for all purposes. The exemplary viewing content as shown and described herein are not exhaustive and are provided herein for purposes of illustration only and not for purposes of limitation.

Being configured to distribute and/or present the viewing content 210 provided by one or more selected content sources 310, the vehicle information system 300 can communicate with the content sources 310 in real time and in any conventional manner, including via wired and/or wireless communications. The vehicle information system 300 and the terrestrial content source 310B, for example, can communicate in any conventional wireless manner, including directly and/or indirectly via an intermediate communication system 370, such as a satellite communication system 370A. The vehicle information system 300 thereby can receive download viewing content 210D from a selected terrestrial content source 310B and/or transmit upload viewing content 210U, including navigation and other control instructions, to the terrestrial content source 310B. As desired, the terrestrial content source 310B can be configured to communicate with other terrestrial content sources (not shown). The terrestrial content source 310B is shown in FIG. 3B as providing access to the Internet 310C. Although shown and described as comprising the satellite communication system 370A for purposes of illustration, the communication system 370 can comprise any conventional type of wireless communication system, such as a cellular communication system (not shown) and/or an Aircraft Ground Information System (AGIS) communication system (not shown).

To facilitate communications with the terrestrial content sources 310B, the vehicle information system 300 can include an antenna system 330 and a transceiver system 340 for receiving the viewing content from the remote (or terrestrial) content sources 310B as shown in FIGS. 3A-B. The antenna system 330 preferably is disposed outside the vehicle 390, such as an exterior surface 394 of a fuselage 392 of the aircraft 390B. The antenna system 330 can receive viewing content 210 from the terrestrial content source 310B and provide the received viewing content 210, as processed by the transceiver system 340, to a computer system 350 of the vehicle information system 300. The computer system 350 can provide the received viewing content 210 to the media (or content) server system 310A and/or to one or more of the user interfaces 360, as desired. Although shown and described as being separate systems for purposes of illustration, the computer system 350 and the media server system 310A can be at least partially integrated.

The vehicle information system elements, including the content sources 310 and the user interface systems 360, are shown in FIGS. 3A-B as communicating via the content distribution system 320. FIG. 4 illustrates an exemplary content distribution system 320 for the vehicle information system 300. The content distribution system 320 of FIG. 4 couples, and supports communication between a headend system 310H, which includes the content sources 310, and the plurality of user interface systems 360. The distribution system 320 as shown in FIG. 4 is provided in the manner set forth in U.S. Pat. No. 7,675,849, entitled “SYSTEM AND METHOD FOR ROUTING COMMUNICATION SIGNALS VIA A DATA DISTRIBUTION NETWORK,” and in U.S. Pat. Nos. 5,596,647, 5,617,331, and 5,953,429, each entitled “INTEGRATED VIDEO AND AUDIO SIGNAL DISTRIBUTION SYSTEM AND METHOD FOR USE ON COMMERCIAL AIRCRAFT AND OTHER VEHICLES,” which are assigned to the assignee of the present application and the respective disclosures of which are hereby incorporated herein by reference in their entireties and for all purposes. Alternatively, and/or additionally, the distribution system 320 can be provided in the manner set forth in the co-pending United States patent application “OPTICAL COMMUNICATION SYSTEM AND METHOD FOR DISTRIBUTING CONTENT ABOARD A MOBILE PLATFORM DURING TRAVEL,” Ser. No. 12/367,406, filed Feb. 6, 2009, which is assigned to the assignee of the present application and the disclosure of which is hereby incorporated herein by reference in its entirety and for all purposes.

The content distribution system 320, for example, can be provided as a conventional wired and/or wireless communication network, including a telephone network, a local area network (LAN), a wide area network (WAN), a campus area network (CAN), personal area network (PAN) and/or a wireless local area network (WLAN), of any kind Exemplary wireless local area networks include wireless fidelity (Wi-Fi) networks in accordance with Institute of Electrical and Electronics Engineers (IEEE) Standard 802.11 and/or wireless metropolitan-area networks (MANs), which also are known as WiMax Wireless Broadband, in accordance with IEEE Standard 802.16. Preferably being configured to support high data transfer rates, the content distribution system 320 may comprise a high-speed Ethernet network, such as any type of Fast Ethernet (such as 100 Base-X and/or 100 Base-T) communication network and/or Gigabit (such as 1000 Base-X and/or 1000 Base-T) Ethernet communication network, with a typical data transfer rate of at least approximately one hundred megabits per second (100 Mbps). To achieve high data transfer rates in a wireless communications environment, free-space optics (or laser) technology, millimeter wave (or microwave) technology, and/or Ultra-Wideband (UWB) technology can be utilized to support communications among the various system resources, as desired.

As desired, the distribution system 320 likewise can include a network management system (not shown) provided in the manner set forth in co-pending United States patent applications, entitled “SYSTEM AND METHOD FOR IMPROVING NETWORK RELIABILITY,” application Ser. No. 10/773,523, filed on Feb. 6, 2004, and entitled “SYSTEM AND METHOD FOR IMPROVING NETWORK RELIABILITY,” application Ser. No. 11/086,510, filed on Mar. 21, 2005, which are assigned to the assignee of the present application and the respective disclosures of which are hereby incorporated herein by reference in their entireties and for all purposes.

As illustrated in FIG. 4, the distribution system 320 can be provided as a plurality of area distribution boxes (ADBs) 322, a plurality of floor disconnect boxes (FDBs) 323, and a plurality of seat electronics boxes (SEBs) (and/or video seat electronics boxes (VSEBs) and/or premium seat electronics boxes (PSEBs)) 324 being configured to communicate in real time via a plurality of wired and/or wireless communication connections 325. The distribution system 320 likewise can include a switching system 321 for providing an interface between the distribution system 320 and the headend system 310H. The switching system 321 can comprise a conventional switching system, such as an Ethernet switching system, and is configured to couple the headend system 310H with the area distribution boxes 322. Each of the area distribution boxes 322 is coupled with, and communicates with, the switching system 321.

Each of the area distribution boxes 322, in turn, is coupled with, and communicates with, at least one floor disconnect box 323. Although the area distribution boxes 322 and the associated floor disconnect boxes 323 can be coupled in any conventional configuration, the associated floor disconnect boxes 323 preferably are disposed in a star network topology about a central area distribution box 322 as illustrated in FIG. 4. Each floor disconnect box 323 is coupled with, and services, a plurality of daisy-chains of seat electronics boxes 324. The seat electronics boxes 324, in turn, are configured to communicate with the user interface systems 360. Each seat electronics box 324 can support one or more of the user interface systems 360.

The switching systems 321, the area distribution boxes (ADBs) 322, the floor disconnect boxes (FDBs) 323, the seat electronics boxes (SEBs) (and/or video seat electronics boxes (VSEBs) and/or premium seat electronics boxes (PSEBs)) 324, the antenna system 330, the transceiver system 340, the content source 310, the server system 310A, the headend system 310H, video interface systems 362 (shown in FIGS. 5A-B), audio interface systems 364 (shown in FIGS. 5A-B), user input systems 366 (shown in FIGS. 5A-B), and other system resources of the vehicle information system 300 preferably are provided as line replaceable units (LRUs) 326. The use of LRUs 326 facilitate maintenance of the vehicle information system 300 because a defective LRU 326 can simply be removed from the vehicle information system 300 and replaced with a new (or different) LRU 326. The defective LRU 326 thereafter can be repaired for subsequent installation. Advantageously, the use of LRUs 326 can promote flexibility in configuring the content distribution system 320 by permitting ready modification of the number, arrangement, and/or configuration of the system resources of the content distribution system 320. The content distribution system 320 likewise can be readily upgraded by replacing any obsolete LRUs 326 with new LRUs 326.

As desired, the floor disconnect boxes 323 advantageously can be provided as routing systems and/or interconnected in the manner set forth in the above-referenced U.S. Pat. No. 7,675,849, entitled “SYSTEM AND METHOD FOR ROUTING COMMUNICATION SIGNALS VIA A DATA DISTRIBUTION NETWORK.” The distribution system 320 can include at least one FDB internal port bypass connection 325A and/or at least one SEB loopback connection 325B. Each FDB internal port bypass connection 325A is a communication connection 325 that permits floor disconnect boxes 323 associated with different area distribution boxes 322 to directly communicate. Each SEB loopback connection 325B is a communication connection 325 that directly couples the last seat electronics box 324 in each daisy-chain of seat electronics boxes 324 for a selected floor disconnect box 323 as shown in FIG. 4. Each SEB loopback connection 325B therefore forms a loopback path among the daisy-chained seat electronics boxes 324 coupled with the relevant floor disconnect box 323.

Returning to FIGS. 3A-B, the user interface systems 360 are provided for selecting viewing content 210 and for presenting the selected viewing content 210. As desired, the user interface systems 360 can comprise conventional passenger interfaces and can be provided in the manner set forth in the above-referenced co-pending United States patent application, entitled “PORTABLE MEDIA DEVICE AND METHOD FOR PRESENTING VIEWING CONTENT DURING TRAVEL,” application Ser. No. 11/154,749, filed on Jun. 15, 2005, as well as in the manner set forth in the co-pending United States patent application, entitled “SYSTEM AND METHOD FOR PRESENTING HIGH-QUALITY VIDEO TO PASSENGERS ON A MOBILE PLATFORM,” Application Ser. No. 60/673,171, filed on Apr. 19, 2005, the disclosure of which is hereby incorporated herein by reference in its entirety and for all purposes.

FIG. 5A provides a view of a passenger cabin 380 of a passenger vehicle 390, such as the automobile 390A (shown in FIG. 3A) and/or the aircraft 390B (shown in FIG. 3B), aboard which the vehicle information system 300 has been installed. The passenger cabin 380 is illustrated as including a plurality of passenger seats 382, and each passenger seat 382 is associated with a selected user interface system 360. Each user interface system 360 can include a video interface system 362 and/or an audio interface system 364. Exemplary video interface systems 362 can include overhead cabin display systems 362A with central controls, seatback display systems 362B or armrest display systems (not shown) each with individualized controls, crew display panels, and/or handheld presentation systems. The audio interface systems 364 can be provided in any conventional manner, including an overhead speaker system 364A, the handheld presentation systems, and/or headphones coupled with an audio jack provided, for example, at an armrest 388 of the passenger seat 382. A speaker system likewise can be associated with the passenger seat 382, such as a speaker system 364B disposed within a base 384B of the passenger seat 382 and/or a speaker system 364C disposed within a headrest 384C of the passenger seat 382. In a preferred embodiment, the audio interface system 364 can include an optional noise-cancellation system for further improving sound quality produced by the audio interface system 364.

The video interface systems 362 and the audio interface systems 364 can be installed at any suitable cabin surface, such as a seatback 386, wall 396, ceiling, and/or bulkhead, or an armrest 388 of a passenger seat 382 in any conventional manner including via a mounting system 363 provided in the manner set forth co-pending United States patent applications, entitled “SYSTEM AND METHOD FOR MOUNTING USER INTERFACE DEVICES,” application Ser. No. 11/828,193, filed on Jul. 25, 2007, and entitled “USER INTERFACE DEVICE AND METHOD FOR PRESENTING VIEWING CONTENT,” application Ser. No. 11/835,371, filed on Aug. 7, 2007, which are assigned to the assignee of the present application and the respective disclosures of which are hereby incorporated herein by reference in their entireties and for all purposes.

As shown in FIG. 5A, the user interface system 360 likewise can include an input system 366 for permitting the user (or passenger) to communicate with the vehicle information system 300, such as via an exchange of control signals 220. For example, the input system 366 can permit the user to enter one or more user instructions 230 for controlling the operation of the vehicle information system 300. Illustrative user instructions 230 can include instructions for initiating communication with the content source 310, instructions for selecting viewing content 210 for presentation, and/or instructions for controlling the presentation of the selected viewing content 210. If a fee is required for accessing the viewing content 210, payment information likewise can be entered via the input system 366.

The input system 366 can be provided in any conventional manner and typically includes one or more switches (or pushbuttons), such as a keyboard or a keypad, and/or a pointing device, such as a mouse, trackball, or stylus. As desired, the input system 366 can be at least partially integrated with, and/or separable from, the associated video interface system 362 and/or audio interface system 364. For example, the video interface system 362 and the input system 366 can be provided as a touchscreen display system. The input system 366 likewise can include one or more input ports (not shown) for coupling a peripheral input device (not shown), such as a full-size computer keyboard, an external mouse, and/or a game pad, with the vehicle information system 300.

Preferably, at least one of the user interface systems 360 includes a wired and/or wireless access point 368, such as a conventional communication port (or connector), for coupling a personal media device 200 (shown in FIG. 5B) with the vehicle information system 300. Passengers (not shown) who are traveling aboard the vehicle 390 thereby can enjoy personally-selected viewing content during travel. The access point 368 is located proximally to an associated passenger seat 382 and can be provided at any suitable cabin surface, such as a seatback 386, wall 396, ceiling, and/or bulkhead.

Turning to FIG. 5B, the vehicle information system 300 is shown as communicating with one or more personal media devices 200. Each personal media device 200 can store the audio and/or video viewing content 210 and can be provided as a handheld device, such as a laptop computer, a palmtop computer, a personal digital assistant (PDA), cellular telephone, an iPod® digital electronic media device, an iPhone® digital electronic media device, and/or a MPEG Audio Layer 3 (MP3) device. Illustrative personal media devices 200 are shown and described in the above-referenced U.S. Pat. No. 7,715,783, entitled “SYSTEM AND METHOD FOR RECEIVING BROADCAST CONTENT ON A MOBILE PLATFORM DURING INTERNATIONAL TRAVEL,” and in the above-referenced co-pending United States patent applications, entitled “SYSTEM AND METHOD FOR DOWNLOADING FILES,” application Ser. No. 10/772,565, filed on Feb. 4, 2004; entitled “PORTABLE MEDIA DEVICE AND METHOD FOR PRESENTING VIEWING CONTENT DURING TRAVEL,” application Ser. No. 11/154,749, filed on Jun. 15, 2005; entitled “SYSTEM AND METHOD FOR INTERFACING A PORTABLE MEDIA DEVICE WITH A VEHICLE INFORMATION SYSTEM,” application Ser. No. 12/210,624, filed on Sep. 15, 2008; entitled “MEDIA DEVICE INTERFACE SYSTEM AND METHOD FOR VEHICLE INFORMATION SYSTEMS,” application Ser. No. 12/210,636, filed on Sep. 15, 2008; entitled “MEDIA DEVICE INTERFACE SYSTEM AND METHOD FOR VEHICLE INFORMATION SYSTEMS,” application Ser. No. 12/210,652, filed on Sep. 15, 2008; and entitled “PORTABLE USER CONTROL DEVICE AND METHOD FOR VEHICLE INFORMATION SYSTEMS,” application Ser. No. 12/210,689, filed on Sep. 15, 2008, which are assigned to the assignee of the present application and the respective disclosures of which are hereby incorporated herein by reference in their entireties and for all purposes.

The illustrated personal media devices 200 each include a video display system 240 for visually presenting the viewing content 210 and an audio system 250 for audibly presenting the viewing content 210. Each personal media device 200 can include a user control system 260, which can be provided in any conventional manner and typically includes one or more switches (or pushbuttons), such as a keyboard or a keypad, and/or a pointing device, such as a mouse, trackball, or stylus. The personal media devices 200 thereby can select desired viewing content 210 and control the manner in which the selected viewing content 210 is received and/or presented.

The personal media devices 200 likewise include a communication port (or connector) 270. The communication port 270 enables the personal media devices 200 to communicate with the vehicle information system 300 via the access points 368 of the user interface systems 360. As illustrated with personal media device 200A, the communication port 270 and the access points 368 can supported wireless communications; whereas, support for wired communications between the communication port 270 and the access points 368 via a communication cable assembly 369 is shown with personal media device 200B. When the communication port 270 and the access points 368 are in communication, the vehicle information system 300 supports a simple manner for permitting the associated personal media device 200 to be integrated with the vehicle information system 300 using a user-friendly communication interface.

When the personal media device 200 and the vehicle information system 300 are in communication, the vehicle information system 300 can perform a plurality of integration tasks simultaneously, enabling the personal media device 200 to become fully integrated with the vehicle information system 300 via a selected access point 368. The system elements of the vehicle information system 300 and the personal media device 200 thereby become interchangeable. The personal media device 200 likewise can receive control signals (or commands) 220 and/or operating power from the vehicle information system 300. Thereby, the personal media device 200 advantageously can become a seamless part of the vehicle information system 300.

For example, user instructions 230 (shown in FIGS. 3A-B) for controlling the operation of the vehicle information system 300 can be provided via the input system 366 of the vehicle information system 300 and/or the user control system 260 of the personal media device 200. In other words, the input system 366 of the vehicle information system 300 and/or the user control system 260 of the personal media device 200 can be used to select viewing content 210 and control the manner in which the selected viewing content 210 is received and/or presented. The selected viewing content 210 can be provided by a relevant content source 310 (shown in FIGS. 3A-B) of the vehicle information system 300 and/or by storage media (not shown) disposed within the personal media device 200. A video portion of the selected viewing content 210 thereby can be presented via the video presentation system 362 of the vehicle information system 300 and/or the video display system 240 of the personal media device 200. The audio presentation system 364 of the vehicle information system 300 and/or the audio system 250 of the personal media device 200 can be used to present an audio portion of the selected viewing content 210. If the video display system 240 of the personal media device 200 is much smaller than the video presentation system 362 of the vehicle information system 300, a passenger may prefer to view the selected viewing content 210 via the larger video presentation system 362.

When no longer in use and/or direct physical contact with the personal media device 200 is not otherwise required, the personal media device 200 can be stored at the passenger seat 382. For example, the passenger seat 382 can include a storage compartment 389 for providing storage of the personal media device 200. The storage compartment 389 can be provided in any conventional manner and at any suitable portion of the passenger seat 382. As illustrated with passenger seat 382B, the personal media device 200 can be placed in a storage pocket 389B formed in the armrest 388 of the passenger seat 382B. The storage compartment 389 likewise can be provided on the seatback 386 and/or the headrest 384 of the passenger seat 382. Storage compartment 389A of passenger seat 382A, for example, is shown as being formed on the lower seatback 386 of the passenger seat 382A. As desired, the storage compartment 389 can comprise an overhead storage compartment, a door storage compartment, a storage compartment provided underneath the passenger seat 382, or any other type of conventional storage compartment, such as a glove compartment, trunk, or closet, available in the passenger vehicle 390.

Alternatively, and/or additionally, it may be desired to further enhance the security of the vehicle information system 300 via at least one biometric device 600 as illustrated in FIG. 6. The biometric device 600 can comprise any conventional type of biometric device, such as a face scanner, a hand scanner, a fingerprint scanner, a retina scanner, and/or an iris scanner, can be employed to help prevent unauthorized access to the vehicle information system 300. Advantageously, the biometric device 600 uses human biological characteristics to identify a user rather than relying on username/password-type authentication, which is prone to being forgotten or compromised in any environment. The biometric device 600 can be disposed at any suitable location within a passenger cabin 380 (shown in FIGS. 5A-B) of a passenger vehicle 390 (shown in FIGS. 5A-B) such as a selected video interface system 362 of the vehicle information system 300 as shown in FIG. 6. Preferably, the selected video interface system 362 comprises a crew panel system 362C that is accessible only by authorized personnel, such as crew members and/or maintenance workers. The biometric device 600 thereby can permit the crew members and other authorized personnel a method of authenticating their respective identities with the vehicle information system—minimizing the risk of unauthorized access that has the potential to undermine all other security objectives.

The described embodiments are susceptible to various modifications and alternative forms, and specific examples thereof have been shown by way of example in the drawings and are herein described in detail. The described embodiments, however, are not to be limited to the particular forms or methods disclosed, but to the contrary, the present disclosure is to cover all modifications, equivalents, and alternatives.

Claims

1. A security appliance, comprising: a general purpose computer for running an operating system configured to programmatically execute a plurality of software modules and to interface with a plurality of access points within a distribution system of a selected information system,wherein said plurality of software modules provides a plurality of security functions including at least two of an antivirus module, a security log module, a payment processing module, a firewall module, a hardware security module, an intrusion detection/prevention module, and a network interface module, andwherein said security appliance is disposed within a single line replaceable unit for installation within the distribution system.
2. The security appliance of claim 1, wherein said network interface facilitates bi-directional communications between the selected information system and an external communication connection.
3. The security appliance of claim 2, wherein said external communication connection includes at least one of a secure wired communication connection, a secure wireless communication connection, a broadband communication connection, a cellular communication connection, and a Universal Serial Bus communication connection.
4. The security appliance of claim 2, wherein said external communication connection is configured to transmit secure data to a processing system that is remote from the selected information system.
5. The security appliance of claim 4, wherein said secure data is selected from a group consisting of credit card data, medical data, and data that is protected under applicable law.
6. The security appliance of claim 1, wherein said intrusion detection/prevention module is configured to identify unauthorized access to a wireless distribution system of the selected information system.
7. The security appliance of claim 1, wherein said hardware security module is accredited to at a security level of at least Federal Information Processing Standard (FIPS) Level 2.
8. The security appliance of claim 1, wherein the distribution system interfaces with said security appliance via a fiber communications medium.
9. The security appliance of claim 1, wherein the operating system comprises a Linux-based operating system.
10. The security appliance of claim 1, wherein the selected information system is installed aboard a passenger vehicle.
11. The security appliance of claim 1, further comprising a biometric authentication device for preventing unauthorized access to the selected information system, said biometric authentication device communicating with the distribution system of the selected information system.
12. The security appliance of claim 11, wherein said biometric authentication device is selected from a group consisting of a face scanner, a hand scanner, a fingerprint scanner, a retina scanner, and an iris scanner.
13. The security appliance of claim 11, wherein said biometric authentication device is associated with a crew panel system of the selected information system.
14. A vehicle information system suitable for installation aboard a passenger vehicle, comprising: a content source; anda distribution system for communicating with said content source and including the security appliance of claim 1.
15. An aircraft, comprising: a fuselage and a plurality of passenger seats arranged within the fuselage; anda vehicle information system, said vehicle information system coupled with said fuselage and comprising: a headend system that provides overall system control functions for said vehicle information system and that includes a content source;a user interface system that includes a user input system for selecting viewing content available from said content source and a content presentation system for presenting the selected viewing content; anda distribution system that distributes the selected viewing content throughout said vehicle information system and that includes the security appliance characterized by claim 1.
16. A method for providing network security for an information system, comprising: disposing a general purpose computer within a single line replaceable unit;installing the line replaceable unit within a distribution system of the information system; andenabling the general purpose computer to execute a plurality of software modules that are configured to interface with a plurality of access points within a distribution system of the information system, wherein the plurality of software modules provide a plurality of security functions including at least two of an antivirus module, a security log module, a payment processing module, a firewall module, a hardware security module, an intrusion detection/prevention module, and a network interface module.
17. The method of claim 16, wherein said enabling the general purpose computer includes enabling the network interface module to facilitate bi-directional communications between the information system and an external communication connection for transmitting secure data to a processing system that is remote from the information system.
18. The method of claim 16, wherein said enabling the general purpose computer includes enabling the intrusion detection/prevention module to configure a wireless distribution system of the information system to identify unauthorized access to the information system.
19. The method of claim 16, further comprising installing the information aboard a passenger vehicle.
20. The method of claim 16, further comprising installing a biometric authentication device for preventing unauthorized access to the information system, wherein said biometric authentication device communicates with the distribution system of the information system.
21. The security appliance of claim 20, wherein said installing a biometric authentication device comprises installing said biometric authentication device at a crew panel system of the information system.
22. A computer program product for providing network security for a selected information system, the computer program product being encoded on one or more non-transitory machine-readable storage media and being suitable for execution on a general purpose computer disposed within a single line replaceable unit for installation within a distribution system of the selected information system, comprising: instruction for activating at least one access point within the distribution system; andinstruction for executing a plurality of software modules that provides a plurality of security functions including at least two of an antivirus module, a security log module, a payment processing module, a firewall module, a hardware security module, an intrusion detection/prevention module, and a network interface module; andinstruction for monitoring signal activity between the selected information system and at least one portable media device via the at least one access point.
23. The computer program product of claim 22, wherein said instruction for executing includes instruction for enabling the network interface module to facilitate bi-directional communications between the selected information system and an external communication connection for transmitting secure data to a processing system that is remote from the selected information system.
24. The computer program product of claim 22, wherein said instruction for executing includes instruction for enabling the intrusion detection/prevention module to configure a wireless distribution system of the selected information system to identify unauthorized access to the selected information system.
25. The computer program product of claim 22, further comprising instruction for preventing unauthorized access to the selected information system via a biometric authentication device, wherein said biometric authentication device communicates with the distribution system of the selected information system.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority to U.S. provisional patent application, Ser. No. 61/186,330, filed Jun. 11, 2009. Priority to the provisional patent application is expressly claimed, and the disclosure of the provisional application is hereby incorporated herein by reference in its entirety and for all purposes.

US Referenced Citations (489)

Number	Name	Date	Kind
3037812	Monroe	Jun 1962	A
3717809	Laukien	Feb 1973	A
3795771	Gundersen et al.	Mar 1974	A
3980954	Whyte	Sep 1976	A
4163387	Schroeder	Aug 1979	A
4208740	Yin et al.	Jun 1980	A
4367488	Leventer et al.	Jan 1983	A
4428078	Kuo	Jan 1984	A
4583131	Dakin	Apr 1986	A
4584603	Harrison	Apr 1986	A
4647980	Steventon et al.	Mar 1987	A
4742544	Kupnicki et al.	May 1988	A
4774514	Hildebrandt et al.	Sep 1988	A
4835604	Kondo et al.	May 1989	A
4866515	Tagawa et al.	Sep 1989	A
4866704	Bergman	Sep 1989	A
4866732	Carey et al.	Sep 1989	A
4887152	Matsuzalci et al.	Dec 1989	A
4890104	Takanabe et al.	Dec 1989	A
4896209	Matsuzaki et al.	Jan 1990	A
4897714	Ichise et al.	Jan 1990	A
4939527	Lamberty et al.	Jul 1990	A
4958381	Toyoshima	Sep 1990	A
4975696	Salter, Jr. et al.	Dec 1990	A
5001642	Botzenhardt et al.	Mar 1991	A
5005183	Carey et al.	Apr 1991	A
5009384	Gerke	Apr 1991	A
5027124	Fitzsimmons et al.	Jun 1991	A
5034808	Murray	Jul 1991	A
5057835	Factor et al.	Oct 1991	A
5119104	Heller	Jun 1992	A
5123015	Brady, Jr. et al.	Jun 1992	A
5136304	Peters	Aug 1992	A
5142550	Tymes	Aug 1992	A
5144290	Honda et al.	Sep 1992	A
5144291	Nishizawa	Sep 1992	A
5151896	Bowman et al.	Sep 1992	A
5168272	Akashi et al.	Dec 1992	A
5177616	Riday	Jan 1993	A
5189671	Cheng	Feb 1993	A
5195183	Miller et al.	Mar 1993	A
5208590	Pitts	May 1993	A
5237659	Takats	Aug 1993	A
5243652	Teare et al.	Sep 1993	A
5247414	Mitchell et al.	Sep 1993	A
5276455	Fitzsimmons et al.	Jan 1994	A
5280498	Tymes et al.	Jan 1994	A
5283868	Baker et al.	Feb 1994	A
5289272	Rabowsky et al.	Feb 1994	A
5289378	Miller et al.	Feb 1994	A
5295089	Ambasz	Mar 1994	A
5301185	Cherry	Apr 1994	A
5305308	English et al.	Apr 1994	A
5305321	Crayford	Apr 1994	A
5311302	Berry et al.	May 1994	A
5311515	Henderson et al.	May 1994	A
5325131	Penney	Jun 1994	A
5343456	Maeda	Aug 1994	A
5383178	Unverrich	Jan 1995	A
5390326	Shah et al.	Feb 1995	A
5410754	Klotzbach et al.	Apr 1995	A
5424951	Nobe et al.	Jun 1995	A
5444762	Frey et al.	Aug 1995	A
5463656	Polivka et al.	Oct 1995	A
5469363	Saliga	Nov 1995	A
5481478	Palmieri et al.	Jan 1996	A
5493702	Crowley et al.	Feb 1996	A
5524272	Podowski et al.	Jun 1996	A
5543805	Thaniyavarn	Aug 1996	A
5555466	Scribner et al.	Sep 1996	A
5557656	Ray et al.	Sep 1996	A
5568484	Margis	Oct 1996	A
5579315	Lyu et al.	Nov 1996	A
5596647	Wakai et al.	Jan 1997	A
5610822	Murphy	Mar 1997	A
5617331	Wakai et al.	Apr 1997	A
5631629	Fooks et al.	May 1997	A
5640002	Ruppert et al.	Jun 1997	A
5666291	Scott et al.	Sep 1997	A
5678171	Toyoma et al.	Oct 1997	A
5701582	DeBey	Dec 1997	A
5706353	Arai et al.	Jan 1998	A
5709448	Jennings et al.	Jan 1998	A
5711014	Crowley et al.	Jan 1998	A
5745159	Wax et al.	Apr 1998	A
5751248	Thaniyavarn	May 1998	A
5760819	Sklar et al.	Jun 1998	A
5790175	Sklar et al.	Aug 1998	A
5790423	Lau et al.	Aug 1998	A
5790787	Scott et al.	Aug 1998	A
5801751	Sklar et al.	Sep 1998	A
5808660	Sekine et al.	Sep 1998	A
5812751	Ekrot et al.	Sep 1998	A
5831664	Wharton et al.	Nov 1998	A
5832380	Ray et al.	Nov 1998	A
5835127	Booth et al.	Nov 1998	A
5854591	Atkinson	Dec 1998	A
5857869	Parcel et al.	Jan 1999	A
5878345	Ray et al.	Mar 1999	A
5878346	Ray et al.	Mar 1999	A
5884166	Ray et al.	Mar 1999	A
5889268	Swartz	Mar 1999	A
5889775	Sawicz et al.	Mar 1999	A
5929895	Berry et al.	Jul 1999	A
5944803	Whitehouse	Aug 1999	A
5950129	Schmid et al.	Sep 1999	A
5953429	Wakai et al.	Sep 1999	A
5959596	McCarten et al.	Sep 1999	A
5960343	Ray et al.	Sep 1999	A
5966442	Sachdev	Oct 1999	A
5973722	Wakai et al.	Oct 1999	A
5990928	Sklar et al.	Nov 1999	A
6003008	Postrel et al.	Dec 1999	A
6014381	Troxel et al.	Jan 2000	A
6020848	Wallace et al.	Feb 2000	A
6047165	Wright et al.	Apr 2000	A
6058288	Reed et al.	May 2000	A
6078297	Kormanyos	Jun 2000	A
6078348	Klosterman et al.	Jun 2000	A
6108523	Wright et al.	Aug 2000	A
6108539	Ray et al.	Aug 2000	A
6129274	Suzuki	Oct 2000	A
6130727	Toyozumi	Oct 2000	A
6135549	Demick et al.	Oct 2000	A
6137377	Wallace et al.	Oct 2000	A
6151497	Yee et al.	Nov 2000	A
6154186	Smith et al.	Nov 2000	A
6160998	Wright et al.	Dec 2000	A
6163681	Wright et al.	Dec 2000	A
6167238	Wright	Dec 2000	A
6173159	Wright et al.	Jan 2001	B1
6177887	Jerome	Jan 2001	B1
6181990	Grabowsky et al.	Jan 2001	B1
6201797	Leuca et al.	Mar 2001	B1
6208307	Frisco et al.	Mar 2001	B1
6216065	Hall et al.	Apr 2001	B1
6249913	Galipeau et al.	Jun 2001	B1
6266664	Russell-Falla et al.	Jul 2001	B1
6271728	Wallace et al.	Aug 2001	B1
6278936	Jones	Aug 2001	B1
6285878	Lai	Sep 2001	B1
6286139	Decinque	Sep 2001	B1
6308045	Wright et al.	Oct 2001	B1
6321084	Horrer	Nov 2001	B1
6338045	Pappas	Jan 2002	B1
6345720	Redden et al.	Feb 2002	B1
6351247	Linstrom et al.	Feb 2002	B1
6356239	Carson	Mar 2002	B1
6370656	Olarig et al.	Apr 2002	B1
6377802	McKenna et al.	Apr 2002	B1
6390920	Infiesto et al.	May 2002	B1
6392692	Monroe	May 2002	B1
6400315	Adler et al.	Jun 2002	B1
6408180	McKenna et al.	Jun 2002	B1
6414644	Desargant et al.	Jul 2002	B1
6417803	de La Chapelle et al.	Jul 2002	B1
6424313	Navarro et al.	Jul 2002	B1
6483458	Carson	Nov 2002	B1
6484011	Thompson et al.	Nov 2002	B1
6487540	Smith et al.	Nov 2002	B1
6499027	Weinberger	Dec 2002	B1
6507279	Loof	Jan 2003	B2
6507952	Miller et al.	Jan 2003	B1
6519693	Debey	Feb 2003	B1
6522867	Wright et al.	Feb 2003	B1
6529706	Mitchell	Mar 2003	B1
6538656	Cheung et al.	Mar 2003	B1
6542086	Baumgartner et al.	Apr 2003	B2
6549754	Miller et al.	Apr 2003	B1
6559812	McCarten et al.	May 2003	B1
6570881	Wils et al.	May 2003	B1
6574338	Sachdev	Jun 2003	B1
6580402	Navarro et al.	Jun 2003	B2
6594471	Crowley et al.	Jul 2003	B1
6598227	Berry et al.	Jul 2003	B1
6600418	Francis et al.	Jul 2003	B2
6606056	Brogden	Aug 2003	B2
6609103	Kolls	Aug 2003	B1
6611537	Edens et al.	Aug 2003	B1
6618580	Parrott et al.	Sep 2003	B2
6622124	Kolls	Sep 2003	B1
6628235	Wight	Sep 2003	B2
6637484	Kraft	Oct 2003	B1
6643510	Taylor	Nov 2003	B2
6650898	Jochim et al.	Nov 2003	B2
6658595	Thamattoor	Dec 2003	B1
6661353	Gopen	Dec 2003	B1
6674339	Kormanyos	Jan 2004	B2
6674398	Murphy	Jan 2004	B2
6684240	Goddard	Jan 2004	B1
6693236	Gould et al.	Feb 2004	B1
6702604	Moscovitch	Mar 2004	B1
6703974	White et al.	Mar 2004	B2
6707346	Tillotson et al.	Mar 2004	B2
6708019	McLain et al.	Mar 2004	B2
6714163	Navarro et al.	Mar 2004	B2
6725035	Jochim et al.	Apr 2004	B2
6728535	Parkman	Apr 2004	B2
6731909	McLain et al.	May 2004	B2
6736315	Swartz	May 2004	B2
6741141	Kormanyos	May 2004	B2
6741841	Mitchell	May 2004	B1
6745010	Wright et al.	Jun 2004	B2
6747960	Tillotson	Jun 2004	B2
6748597	Frisco et al.	Jun 2004	B1
6757712	Bastian et al.	Jun 2004	B1
6771608	Tillotson	Aug 2004	B2
6775545	Wright et al.	Aug 2004	B2
6778825	Parkman	Aug 2004	B2
6782392	Weinberger et al.	Aug 2004	B1
6785526	McLain et al.	Aug 2004	B2
6788935	McKenna et al.	Sep 2004	B1
6796495	Stahl et al.	Sep 2004	B2
6807148	Eicher	Oct 2004	B1
6807538	Weinberger et al.	Oct 2004	B1
6810527	Conrad et al.	Oct 2004	B1
6813777	Weinberger et al.	Nov 2004	B1
6820221	Fleming	Nov 2004	B2
6844855	Carson	Jan 2005	B2
6847801	de La Chapelle et al.	Jan 2005	B2
6876905	Farley et al.	Apr 2005	B2
6885845	Crowley et al.	Apr 2005	B1
6885863	Parkman et al.	Apr 2005	B2
6885864	McKenna et al.	Apr 2005	B2
6889042	Rousseau et al.	May 2005	B2
6892052	Kotola et al.	May 2005	B2
6899390	Sanfrod et al.	May 2005	B2
6920611	Spaeth et al.	Jul 2005	B1
6937164	Thomson et al.	Aug 2005	B2
6938190	Okuda	Aug 2005	B2
6938258	Weinberger et al.	Aug 2005	B1
6940978	Parkman	Sep 2005	B2
6941111	McLain et al.	Sep 2005	B2
6946990	Monk	Sep 2005	B2
6947726	Rockwell	Sep 2005	B2
6947733	Tillotson	Sep 2005	B2
6959168	Parkman	Oct 2005	B2
6963304	Murphy	Nov 2005	B2
6965851	Tillotson	Nov 2005	B2
6971608	Harrington et al.	Dec 2005	B2
6973479	Brady, Jr. et al.	Dec 2005	B2
6974076	Siegel	Dec 2005	B1
6975587	Adamski et al.	Dec 2005	B1
6975616	Stephenson et al.	Dec 2005	B2
6983312	O'Neil	Jan 2006	B1
6985588	Glick et al.	Jan 2006	B1
6985942	D'Annunzio et al.	Jan 2006	B2
6990338	Miller et al.	Jan 2006	B2
6993288	de La Chapelle et al.	Jan 2006	B2
7003293	D'Annunzio	Feb 2006	B2
7023996	Stephenson et al.	Apr 2006	B2
7036889	Sanfrod et al.	May 2006	B2
7039827	Meyer et al.	May 2006	B2
7054593	de La Chapelle et al.	May 2006	B2
7062268	McKenna	Jun 2006	B2
7068615	Niesen	Jun 2006	B2
7072634	Tillotson	Jul 2006	B2
7085563	Parkman	Aug 2006	B2
7086081	Martinez et al.	Aug 2006	B2
7099665	Taylor	Aug 2006	B2
7100187	Pierzga et al.	Aug 2006	B2
7107062	Cruz et al.	Sep 2006	B2
7113780	McKenna et al.	Sep 2006	B2
7120389	de La Chapelle et al.	Oct 2006	B2
7123199	Rotta	Oct 2006	B2
7124426	Tsuria et al.	Oct 2006	B1
7136621	de La Chapelle et al.	Nov 2006	B2
7139258	Tillotson	Nov 2006	B2
7155168	McLain et al.	Dec 2006	B2
7161788	Richie et al.	Jan 2007	B2
7162235	Gilbert	Jan 2007	B1
7171197	Miller et al.	Jan 2007	B2
7177638	Funderburk et al.	Feb 2007	B2
7187690	Taylor	Mar 2007	B2
7187927	Mitchell	Mar 2007	B1
7233958	Weng et al.	Jun 2007	B2
7250915	Nelson	Jul 2007	B2
7269761	Yi	Sep 2007	B2
7274336	Carson	Sep 2007	B2
7280825	Keen et al.	Oct 2007	B2
7286503	Clarke et al.	Oct 2007	B1
7299013	Rotta et al.	Nov 2007	B2
7302226	Stephenson	Nov 2007	B2
7321383	Monagahn et al.	Jan 2008	B2
7328012	Ziarno et al.	Feb 2008	B2
7330151	Monk et al.	Feb 2008	B1
7343157	Mitchell	Mar 2008	B1
7359700	Swensen et al.	Apr 2008	B2
7362262	Murphy	Apr 2008	B2
7382327	Nelson	Jun 2008	B2
7400858	Crowley et al.	Jul 2008	B2
7406309	Usher et al.	Jul 2008	B2
7414573	Murphy	Aug 2008	B2
7437125	McLain et al.	Oct 2008	B2
7450901	Parkman	Nov 2008	B2
7454202	de La Chappelle	Nov 2008	B2
7454203	Levitan	Nov 2008	B2
7460866	Salkini et al.	Dec 2008	B2
7483696	Mitchell	Jan 2009	B1
7486927	Kallio et al.	Feb 2009	B2
7496361	Mitchell et al.	Feb 2009	B1
7508342	Nelson	Mar 2009	B2
7690012	Luehrs	Mar 2010	B2
7904244	Sugla	Mar 2011	B2
20010025377	Hinderks	Sep 2001	A1
20020013150	McKenna et al.	Jan 2002	A1
20020045444	User et al.	Apr 2002	A1
20020045484	Eck et al.	Apr 2002	A1
20020046406	Chelehmal et al.	Apr 2002	A1
20020058478	de La Chapelle et al.	May 2002	A1
20020059363	Katz et al.	May 2002	A1
20020059614	Lipsanen et al.	May 2002	A1
20020065698	Schick	May 2002	A1
20020065711	Fujisawa et al.	May 2002	A1
20020069293	Natalio	Jun 2002	A1
20020087992	Bengeult et al.	Jul 2002	A1
20020094829	Ritter	Jul 2002	A1
20020095680	Davidson	Jul 2002	A1
20020136540	Adams et al.	Sep 2002	A1
20020152432	Fleming	Oct 2002	A1
20020152446	Fleming	Oct 2002	A1
20020152470	Hammond	Oct 2002	A1
20020162113	Hunter	Oct 2002	A1
20020164960	Slaughter et al.	Nov 2002	A1
20020169706	Chandra et al.	Nov 2002	A1
20020170060	Lyman	Nov 2002	A1
20020178451	Ficco	Nov 2002	A1
20020184555	Wong et al.	Dec 2002	A1
20020197990	Jochim et al.	Dec 2002	A1
20030003899	Tashiro et al.	Jan 2003	A1
20030008652	Jochim et al.	Jan 2003	A1
20030020991	Chang	Jan 2003	A1
20030043760	Taylor	Mar 2003	A1
20030047647	Poblete	Mar 2003	A1
20030055975	Nelson et al.	Mar 2003	A1
20030060190	Mallart	Mar 2003	A1
20030067542	Monroe	Apr 2003	A1
20030069015	Brinkley et al.	Apr 2003	A1
20030069990	D'Annunzio et al.	Apr 2003	A1
20030077308	Rosen	Apr 2003	A1
20030084130	D'Annunzio	May 2003	A1
20030084451	Pierzga et al.	May 2003	A1
20030085818	Renton et al.	May 2003	A1
20030087672	Kattukaran et al.	May 2003	A1
20030093798	Rogerson	May 2003	A1
20030107248	Sanford et al.	Jun 2003	A1
20030126614	Staiger	Jul 2003	A1
20030130769	Farley et al.	Jul 2003	A1
20030140345	Fisk et al.	Jul 2003	A1
20030148736	Wright et al.	Aug 2003	A1
20030158958	Chiu	Aug 2003	A1
20030160710	Baumgartner et al.	Aug 2003	A1
20030161411	McCorkle et al.	Aug 2003	A1
20030169563	Adams	Sep 2003	A1
20030184449	Baumgartner et al.	Oct 2003	A1
20030200482	Sullivan	Oct 2003	A1
20030217363	Brady, Jr. et al.	Nov 2003	A1
20030233469	Knowlson et al.	Dec 2003	A1
20030233658	Keen et al.	Dec 2003	A1
20030237016	Johnson et al.	Dec 2003	A1
20040001303	Doblar et al.	Jan 2004	A1
20040034816	Richard	Feb 2004	A1
20040054923	Seago et al.	Mar 2004	A1
20040077308	Sanford et al.	Apr 2004	A1
20040078821	Frisco et al.	Apr 2004	A1
20040088412	John et al.	May 2004	A1
20040098745	Marston et al.	May 2004	A1
20040108963	Clymer et al.	Jun 2004	A1
20040111523	Hall et al.	Jun 2004	A1
20040123322	Erkocevic et al.	Jun 2004	A1
20040128688	Seo	Jul 2004	A1
20040133634	Luke et al.	Jul 2004	A1
20040139467	Rogerson et al.	Jul 2004	A1
20040142658	McKenna et al.	Jul 2004	A1
20040147243	McKenna	Jul 2004	A1
20040158863	McLain	Aug 2004	A1
20040162928	Benson	Aug 2004	A1
20040167967	Bastian et al.	Aug 2004	A1
20040183346	Sanford et al.	Sep 2004	A1
20040192339	Wilson et al.	Sep 2004	A1
20040198346	Swensen et al.	Oct 2004	A1
20040235469	Krug	Nov 2004	A1
20040252965	Moreno et al.	Dec 2004	A1
20040252966	Holloway et al.	Dec 2004	A1
20040253951	Chang et al.	Dec 2004	A1
20050021602	Noel et al.	Jan 2005	A1
20050026608	Kallio et al.	Feb 2005	A1
20050027787	Kuhn et al.	Feb 2005	A1
20050039208	Veeck et al.	Feb 2005	A1
20050044564	Stopniewicz et al.	Feb 2005	A1
20050067530	Schafer, Jr. et al.	Mar 2005	A1
20050102322	Bagley et al.	May 2005	A1
20050114894	Hoerl	May 2005	A1
20050132407	Boyer et al.	Jun 2005	A1
20050136917	Taylor	Jun 2005	A1
20050138654	Minne	Jun 2005	A1
20050149684	Sankaran et al.	Jul 2005	A1
20050171653	Taylor	Aug 2005	A1
20050176368	Young et al.	Aug 2005	A1
20050177763	Stoler	Aug 2005	A1
20050181723	Miller et al.	Aug 2005	A1
20050187677	Walker	Aug 2005	A1
20050193257	Stoler	Sep 2005	A1
20050202785	Meyer	Sep 2005	A1
20050215249	Little et al.	Sep 2005	A1
20050216938	Brady et al.	Sep 2005	A1
20050239261	Tai et al.	Oct 2005	A1
20050251798	Fraley	Nov 2005	A1
20050256616	Rhoads	Nov 2005	A1
20050268319	Brady, Jr.	Dec 2005	A1
20050268320	Smith	Dec 2005	A1
20050270373	Trela	Dec 2005	A1
20050273823	Brady, Jr. et al.	Dec 2005	A1
20050278753	Brady, Jr. et al.	Dec 2005	A1
20050278754	Bleacher et al.	Dec 2005	A1
20050281223	D'Annunzio	Dec 2005	A1
20060006287	Ferguson et al.	Jan 2006	A1
20060008256	Khedouri et al.	Jan 2006	A1
20060010438	Brady, Jr. et al.	Jan 2006	A1
20060030311	Cruz et al.	Feb 2006	A1
20060032979	Mitchell et al.	Feb 2006	A1
20060040612	Min	Feb 2006	A1
20060040660	Cruz et al.	Feb 2006	A1
20060048196	Yau	Mar 2006	A1
20060088001	Reitmann et al.	Apr 2006	A1
20060107295	Margis et al.	May 2006	A1
20060128303	Schedivy	Jun 2006	A1
20060143662	Easterling et al.	Jun 2006	A1
20060154601	Tewalt et al.	Jul 2006	A1
20060174285	Brady, Jr. et al.	Aug 2006	A1
20060183450	Cameron	Aug 2006	A1
20060187959	Kawaguchi et al.	Aug 2006	A1
20060197750	Kerr	Sep 2006	A1
20060212909	Girard et al.	Sep 2006	A1
20060217121	Soliman et al.	Sep 2006	A1
20060234700	Funderburk et al.	Oct 2006	A1
20060250947	Allen	Nov 2006	A1
20060264173	Gilbert	Nov 2006	A1
20060270373	So	Nov 2006	A1
20060270470	de La Chapelle et al.	Nov 2006	A1
20060276127	Cruz et al.	Dec 2006	A1
20060277589	Margis et al.	Dec 2006	A1
20060291803	Watson et al.	Dec 2006	A1
20060293190	Watson et al.	Dec 2006	A1
20070021117	McKenna et al.	Jan 2007	A1
20070022018	Suryanarayana et al.	Jan 2007	A1
20070025240	Snide	Feb 2007	A1
20070026795	de La Chapelle	Feb 2007	A1
20070042772	Salkini et al.	Feb 2007	A1
20070044126	Mitchell	Feb 2007	A1
20070060133	Spitzer et al.	Mar 2007	A1
20070077998	Petrisor	Apr 2007	A1
20070112487	Avery	May 2007	A1
20070115938	Conzachi et al.	May 2007	A1
20070130599	Monroe	Jun 2007	A1
20070155381	Alberth et al.	Jul 2007	A1
20070155421	Alberth et al.	Jul 2007	A1
20070185977	Sato et al.	Aug 2007	A1
20070202802	Kallio et al.	Aug 2007	A1
20070213009	Higashida et al.	Sep 2007	A1
20070258417	Harvey et al.	Nov 2007	A1
20070298741	Harnist et al.	Dec 2007	A1
20080004016	Smee et al.	Jan 2008	A1
20080023600	Perlman	Jan 2008	A1
20080040756	Perlman	Feb 2008	A1
20080084882	Eruchimovitch	Apr 2008	A1
20080085691	Harvey et al.	Apr 2008	A1
20080090567	Gilbert	Apr 2008	A1
20080124054	Bonar	May 2008	A1
20080125112	Clarke et al.	May 2008	A1
20080127278	Bonar	May 2008	A1
20080130539	Lauer et al.	Jun 2008	A1
20080132212	Lemond et al.	Jun 2008	A1
20080133705	Lemond et al.	Jun 2008	A1
20080141314	Lemond et al.	Jun 2008	A1
20080181169	Lauer et al.	Jul 2008	A1
20080182573	Lauer et al.	Jul 2008	A1
20080255722	McClellan	Oct 2008	A1
20080274734	Kostanic et al.	Nov 2008	A1
20080299965	Lagerman	Dec 2008	A1
20080305762	Malosh	Dec 2008	A1
20090007193	Correa et al.	Jan 2009	A1
20090010200	Lauer et al.	Jan 2009	A1
20090042651	Prabhu et al.	Feb 2009	A1
20090077595	Sizelove et al.	Mar 2009	A1
20090083805	Sizelove et al.	Mar 2009	A1
20090094635	Aslin et al.	Apr 2009	A1
20100306773	Lee et al.	Dec 2010	A1
20100318794	Dierickx	Dec 2010	A1

Foreign Referenced Citations (34)

Number	Date	Country
1462552	Dec 2003	CN
ZL200520103236.4	Dec 2006	CN
0 277 014	Aug 1988	EP
0 767 594	Sep 1997	EP
0 890 907	Jan 1999	EP
0 930 513	Jul 1999	EP
1 078 852	Feb 2001	EP
1 134 658	Jun 2002	EP
1 217 833	Jun 2002	EP
1 217 833	Apr 2004	EP
1 458 590	Jun 2005	EP
2 235 800	Mar 1991	GB
58-46485	Mar 1983	JP
62-238693	Oct 1987	JP
2002-77084	Mar 2002	JP
2004-343744	Dec 2004	JP
2005-508098	Mar 2005	JP
2006-527540	Nov 2006	JP
WO 9931821	Jun 1999	WO
WO 0215582	Feb 2002	WO
WO 02084971	Oct 2002	WO
WO 03024110	Mar 2003	WO
WO 03032503	Apr 2003	WO
WO 03050000	Jun 2003	WO
WO 03024085	Aug 2003	WO
WO 2004003696	Jan 2004	WO
WO 2004008277	Jan 2004	WO
WO 2005086865	Sep 2005	WO
WO 2005125207	Dec 2005	WO
WO 2006052941	May 2006	WO
WO 2006062641	Jun 2006	WO
WO 2006065381	Jun 2006	WO
WO 2007035739	Mar 2007	WO
WO 2007050164	May 2007	WO

Non-Patent Literature Citations (11)

Entry
Online Citation: Pentar Avionics: “Jetlan AS200 Advanced Airborne Computer” (Sep. 2002) XP002293451; http://www.pentar.com/PDF/DD-AS100.pdf (retrieved on Aug. 23, 2004) 2 pgs.
EP, Office Action, EP Application No. 08 830 787.1, Dec. 9, 2011.
Y.F. Chen, et al., “Personalized Multimedia Services Using a Mobile Service Platform”, IEEE 2002, pp. 918-925.
S. Gratschew, et al., “A Multimedia Messaging Platform for Content Delivering”, IEEE 2003, pp. 431-435.
A. Ibenthal, et al.,“Multimedia im Fahrzeug: Dienste und Technik”, Fernseh und Kino-Technik 54, Jahrgang Nr. Mar. 2000, pp. 100-105.
Kartalopoulos S V: “Consumer Communications in the Next Generation Access Network” Consumer Communications and Networking Conference, 2004. CCNC 2004. First IEEE Las Vegas, NV, USA Jan. 5-8, 2004, Piscataway, NJ (Jan. 5, 2004), pp. 273-278.
Farries, M. et al: “Optical Branching Devices for Avionic Passive Optical Network” Avionics, Fiber-Optics and Photonics Technology Conference, 2007 IEEE, IEEE, PI, Oct. 1, 2007, pp. 76-77.
CN, Office Action, Appl. No. 200880107132.7, Jul. 22, 2011.
JP, Office Action, Japanese Application No. 2009-523977, Jul. 17, 2012.
CN, 200880117151.8 Office Action with English Translation, Aug. 24, 2012.
JP, 2010-527121 Office Action with English Translation, Jul. 12, 2012.

Related Publications (1)

	Number	Date	Country
	20100318794 A1	Dec 2010	US

Provisional Applications (1)

	Number	Date	Country
	61186330	Jun 2009	US

System and method for providing security aboard a moving platform

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

Agents

CPC

US Classifications

Field of Search

US

International Classifications

Term Extension

Abstract