ELECTRONIC DEVICE FOR PROVIDING BIDIRECTIONAL KEY AGREEMENT PROTOCOL AND OPERATING METHOD THEREOF

PRIORITY APPLICATION

This application claims the benefit of Korean Patent Application No. 10-2022-0105656, filed on Aug. 23, 2022, in the Korean Intellectual Property Office, the disclosure of which is incorporated herein by reference in its entirety.

FIELD OF THE INVENTION

The example embodiments relate to an electronic device for providing one or more protocols that enable not only a user but also an unmanned aerial vehicle to request a key agreement first while satisfying forward unlinkability between the user and the unmanned aerial vehicle in the Internet of drones (IoD) environment, and a method operating the same.

DISCUSSION OF THE RELATED ART

An unmanned aerial vehicle (UAV) (e.g., a drone) is a powered vehicle that can be operated remotely or automatically by using a GPS device without a pilot on board, and the scope of use is expanding not only for military purposes, but also in various fields such as video shooting, delivery service, pesticide spraying, intelligent traffic management, and 3D map information acquisition. Such a UAV may be connected to a terminal of a user (e.g., a manager) in a bidirectional communication method to transmit/receive predetermined information or commands.

In the IoD environment, the key agreement protocol is to exchange a key that allows a user and a UAV to communicate with each other through a server, and in this process, if information of the user and the drone is exposed, privacy may be infringed. Therefore, there is effort with regard to existing key agreement protocols to protect the privacy of the user by generating an anonymous ID to replace the user's ID. However, even if an anonymous ID is used, if the anonymous ID is exposed, there is a concern that the actual user can be traced based on the time and a place where the anonymous ID was used.

Further, when a UAV flying in the air first detects an accident, the UAV should be able to deliver relevant information to a user first, but only the user can make a request first, so there is a problem that a UAV cannot make a request even if the accident was discovered.

SUMMARY OF THE INVENTION

Accordingly, the present invention is directed to an electronic device for providing bidirectional key agreement protocol and operating method thereof that substantially obviates one or more problems due to limitations and disadvantages of the related art.

An aspect provides a technology to provide a protocol that allows not only a user but also a UAV to make a key agreement request first, while satisfying forward unlinkability between the user and the UAV in the IoD environment. The technical tasks to be achieved by the present disclosure are not limited to the technical tasks described above, and other technical tasks may be inferred from following example embodiments.

Additional features and advantages of the invention will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.

According to an aspect, there is provided a method of operating an electronic device, including obtaining at least one of an ID of a user, a first anonymous ID of the user corresponding to the ID of the user and a first temporary authentication value of the user, from a user terminal, obtaining at least one of an ID of an unmanned aerial vehicle (UAV), a first anonymous ID of the UAV corresponding to the ID of the UAV and a first temporary authentication value of the UAV, from the UAV, and in response to a key agreement request of the user terminal or a key agreement request of the UAV, intermediating key agreement between the UAV and the user terminal based on first information including information obtained from the user terminal and second information including information obtained from the UAV.

According to an example embodiment, the key agreement request of the UAV may correspond to transmitting the first anonymous ID of the UAV from the UAV to the user terminal, and the key agreement request of the user terminal may correspond to transmitting the first anonymous ID of the user terminal from the user terminal to the UAV.

According to an example embodiment, the intermediating key agreement between the UAV and the user terminal, in response to the key agreement request of the user terminal or the key agreement request of the UAV, may include sharing a same message authentication code (MAC) key and a same session key between the user terminal and the UAV, based on the first information and the second information.

According to an example embodiment, the first anonymous ID of the user and the first temporary authentication value of the user may be randomly generated regardless of the ID of the user.

According to an example embodiment, the first information may include at least one of the ID of the user, the first anonymous ID of the user, the first temporary authentication value of the user, a second anonymous ID different from the first anonymous ID of the user, a second temporary authentication value different from the first temporary authentication value of the user and a random number value of the user.

According to an example embodiment, the first anonymous ID of the UAV and the first temporary authentication value of the UAV may be randomly generated regardless of the ID of the UAV.

According to an example embodiment, the second information may include at least one of the ID of the UAV, the first anonymous ID of the UAV, the first temporary authentication value of the UAV, a second anonymous ID different from the first anonymous ID of the UAV, a second temporary authentication value different from the first temporary authentication value of the UAV and a random number value of the UAV.

According to an aspect, there is provided a method of operating a user terminal, including from a UAV requesting key agreement, obtaining a first anonymous ID of the UAV corresponding an ID of the UAV, identifying at least one of an ID of a user that is input from the user, a first anonymous ID of the user corresponding to the ID of the user, and a first temporary authentication value of the user, generating an encryption key and a first MAC key by using the first temporary authentication value, generating a second anonymous ID different from the first anonymous ID of the user and a second temporary authentication value different from the first temporary authentication value of the user, and generating a same second MAC key and a same session key shared between the user terminal and the UAV based on at least one piece of information related to the user and at least one piece of information related to the UAV.

According to an aspect, there is provided a method of operating a UAV, including obtaining a first anonymous ID of a user terminal corresponding to an ID of the user terminal from the user terminal requesting key agreement, identifying at least one of an ID of the UAV, a first anonymous ID of the UAV corresponding to the ID of the UAV, and a first temporary authentication value of the UAV, generating an encryption key and a first MAC key using the first temporary authentication value, generating a second anonymous ID different from the first anonymous ID of the UAV and a second temporary authentication value different from the first temporary authentication value of the UAV, and generating a same second MAC key and a same session key shared between the user terminal and the UAV based on at least one piece of information related to the user terminal and at least one piece of information related to the UAV.

According to an aspect, there is provided an electronic device, including a communication device, a memory for storing at least one instruction, and a controller that is configured to obtain at least one of an ID of a user, a first anonymous ID of the user corresponding to the ID of the user and a first temporary authentication value of the user, from a user terminal, obtain at least one of an ID of an unmanned aerial vehicle (UAV), a first anonymous ID of the UAV corresponding to the ID of the UAV and a first temporary authentication value of the UAV, from the UAV, and in response to a key agreement request of the user terminal or a key agreement request of the UAV, intermediate key agreement between the UAV and the user terminal based on first information including information obtained from the user terminal and second information including information obtained from the UAV.

Additional aspects of example embodiments will be set forth in part in the description that follows and, in part, will be apparent from the description, or may be learned by practice of the disclosure.

According to example embodiments, when performing key agreement protocol in the IoD environment, it is possible to guarantee strong anonymity that protects not only a user ID but also an anonymous ID from being exposed. Further, if a UAV is hijacked or a user's device is lost, even if the user or the UAV's secret key is exposed, past anonymous IDs cannot be known, so the forward unlinkability between the UAV and the user may be satisfied. Further, if an anonymous ID is generated every time, there is no relation between generated anonymous IDs, so the forward unlinkability between the UAV and the user may be satisfied. Further, even if an anonymous ID is exposed, the real user cannot be traced through the time and a place where the anonymous ID is used, so the forward unlinkability between the UAV and the user may be satisfied. In addition, not only the user but also the drone can make a key agreement request first, so that the occurrence of an incident or accident may be quickly dealt with.

The effect of the example embodiments are not limited to the above-described effects, and other effects not described would be clearly understood by those skilled in the art from the description of the claims.

It is to be understood that both the foregoing general description and the following detailed description are examples and explanatory and are intended to provide further explanation of the invention as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS

These and/or other aspects, features, and advantages of the invention will become apparent and more readily appreciated from the following description of example embodiments, taken in conjunction with the accompanying drawings of which:

FIG. 1 is a block diagram of a system for providing a key agreement protocol according to an example embodiment;

FIG. 2 is a diagram for describing a process of registering a user in a server according to an example embodiment;

FIG. 3 is a diagram for explaining a process of registering a UAV in a server according to an example embodiment;

FIGS. 4A and 4B are diagrams for explaining a key agreement procedure between a user terminal and a UAV at a request of the UAV according to an example embodiment;

FIGS. 5A and 5B are diagrams for explaining a key agreement procedure between a user terminal and a UAV at a request from the user terminal according to an example embodiment;

FIG. 6 is a flowchart illustrating a method of operating an electronic device according to an example embodiment;

FIG. 7 is a flowchart illustrating a method of operating a user terminal according to an example embodiment;

FIG. 8 is a flowchart illustrating a method of operating a UAV according to an example embodiment; and

FIG. 9 is a block diagram of an electronic device according to an example embodiment.

DETAILED DESCRIPTION

Reference will now be made in detail to the embodiments of the present invention, examples of which are illustrated in the accompanying drawings.

Terms used in the example embodiments are selected from currently widely used general terms when possible while considering the functions in the present disclosure. However, the terms may vary depending on the intention or precedent of a person skilled in the art, the emergence of new technology, and the like. Further, in certain cases, there are also terms arbitrarily selected by the applicant, and in the cases, the meaning will be described in detail in the corresponding descriptions. Therefore, the terms used in the present disclosure should be defined based on the meaning of the terms and the contents of the present disclosure, rather than the simple names of the terms.

Throughout the specification, when a part is described as “comprising or including” a component, it does not exclude another component but may further include another component unless otherwise stated. Furthermore, terms such as “ . . . unit,” “ . . . group,” and “ . . . module” described in the specification mean a unit that processes at least one function or operation, which may be implemented as hardware, software, or a combination thereof.

Expression “at least one of a, b and c” described throughout the specification may include “a alone,” “b alone,” “c alone,” “a and b,” “a and c,” “b and c” or “all of a, b and c.”

Hereinafter, example embodiments of the present disclosure will be described in detail with reference to the accompanying drawings so that those of ordinary skill in the art to which the present disclosure pertains may easily implement them. However, the present disclosure may be implemented in multiple different forms and is not limited to the example embodiments described herein.

Hereinafter, example embodiments of the present disclosure will be described in detail with reference to the accompanying drawings.

FIG. 1 is a block diagram of a system for providing a key agreement protocol according to an example embodiment.

According to various example embodiments, a system in the IoD environment that provides a bidirectional key agreement protocol may include a server 120 supporting a key agreement protocol for bidirectional communication between a user terminal 110 and a UAV 130.

The server 120 may perform various control functions related to a key agreement protocol between the user terminal 110 and the UAV 130. The key agreement protocol may indicate having security during communication with a method in which, in general, two entities (e.g., the user terminal 110 and the UAV 130) exchange a symmetric key and encrypt a message by using the corresponding key. Further, the key agreement protocol in the IoD environment may indicate exchanging a key that allows the user terminal 110 and the UAV 130 to communicate with each other through the server 120.

In various example embodiments, the server 120 may use at least one of a symmetric key encryption system, a public key encryption system, a hash function, a message authentication code (MAC), and fuzzy extraction using biometric information. For example, the server 120 may provide a user with strong anonymity and forward unlinkability by using a symmetric key, a hash function and a MAC instead of using the existing hash function and XOR operation.

The user terminal 110 is a device that has mobility and includes a predetermined communication module. For example, the user terminal 110 may correspond to any one of a mobile phone, a smartphone, a portable console, a navigation system, a laptop computer and a tablet. The user terminal 110 may be referred to as a user equipment (UE), a mobile station, a terminal, a station (STA), a user device, a portable electronic device, or the like. In another example embodiment, the user terminal 110 may correspond to a device having a fixed location.

The user terminal 110 may be a device for transmitting a control command to the UAV 130 or receiving predetermined information (e.g., image information) from the UAV 130. The control command may correspond, for example, information for controlling the operation or mobility of the UAV 130.

The UAV 130 may be a device that performs a designated function while a pilot is not on board, and may correspond to a UAV having mobility. For example, the UAV 130 may fly while changing the direction or the altitude in order to perform a designated function. For example, the UAV 130 may fly under the control of the communication-connected server 120 or the user terminal 110 and selectively collect predetermined information. Alternatively, the UAV 130 may autonomously fly, obtain image information, detect whether there is a danger based on the relevant information, and provide the relevant information to the server 120 or the user terminal 110 in the adjacent location.

Hereinafter, operations between the user terminal 110, the server 120 and the UAV 130 will be described in detail.

FIG. 2 is a diagram for describing a process of registering a user in a server according to an example embodiment.

Referring to FIG. 2, a user terminal 210 may be, for example, a smartphone as a device used by the user. In operation S201, the user may input ID U_iand password pw_iinto the user terminal 210. In operation S202, the user terminal 210 may randomly generate anonymous ID PU_iand temporary authentication value α_i.

In operation S203, the user terminal 210 may encrypt (v_i) the generated anonymous ID and temporary authentication value corresponding to Equation 1 below by using the hashed values of the ID and the password as keys, and store the generated anonymous ID and temporary authentication value. Specifically, a hash function operation may be performed by using a preset hash algorithm (e.g., SHA256, and SHA512) to concatenate ID U_iand password pw_ias an input value, a secret value (key) of a symmetric key encryption such as advanced encryption standard (AES) and academy research institute agency (ARIA) may be generated based on the operation result, and using this, anonymous ID PU_iand temporary authentication value α_imay be encrypted. The same procedure may be applied with respect to E_Hindicated in many of equations described herein.

v
_i
=E
_H(U
_i
_∥pw
_i
₎(PU_i∥α_i) [Equation 1]

In operation S204, the user terminal 210 may transmit the ID, the generated anonymous ID and the temporary authentication value to a server 230. In operation S205, the server 230 may store the ID, the anonymous ID and the temporary authentication value of the user in the database. In this case, the server 230 may store the received anonymous ID in a past anonymous ID and a current anonymous ID, and the server 230 may store the received temporary authentication value in a past authentication value and a current authentication value. For example, the server 230 may store received anonymous ID 1 in past anonymous ID 1 and current anonymous ID 1. Thereafter, when the anonymous ID is updated to anonymous ID 2, the server 230 may update the current anonymous ID to anonymous ID 2 and store the past anonymous ID as anonymous ID 1.

FIG. 3 is a diagram for explaining a process of registering a UAV in a server according to an example embodiment.

Referring to FIG. 3, a UAV 310 may include, for example, a device such as a drone. In operation S301, the UAV 310 may randomly generate anonymous ID PD_iand temporary authentication value β_j. In operation S302, the UAV 310 may store ID D_i, an anonymous ID and a temporary authentication value of the UAV. In operation S303, the UAV 310 may transmit the ID, the anonymous ID and the temporary authentication value of the UAV to a server 330.

In operation S304, the server 330 may store the received ID, the anonymous ID and the temporary authentication value of the UAV. In this case, the server 330 may store the received anonymous ID in the past anonymous ID and the current anonymous ID, and may store the received temporary authentication value in the past authentication value and the current authentication value. For example, the server 330 may store received anonymous ID 1 as past anonymous ID 1 and current anonymous ID 1. Thereafter, if the anonymous ID is updated to anonymous ID 2, the server 330 may update the current anonymous ID to anonymous ID 2 and store the past anonymous ID as anonymous ID 1.

FIGS. 4A and 4B are diagrams for explaining a key agreement procedure between a user terminal and a UAV at a request of the UAV according to an example embodiment. In FIGS. 4A and 4B, a server 430 may store and register information about a user terminal 410 and a UAV 450 according to FIGS. 2 and 3.

In operation S401, the UAV 450 may transmit first anonymous ID PD_iof the UAV to the user terminal 410.

In operation S402, the user terminal 410 may identify ID U_iand password pw_iinput by the user. In operation S403, the user terminal 410 may decrypt (D_H) the user's first anonymous ID and the first temporary authentication value based on Equation 2 using the identified information.

PU
_i∥α_i=D_H(U_i_∥pw_j₎(v_i) [Equation 2]

In operation S404, the user terminal 410 may generate encryption key ek_ibased on below Equation 3 by using the temporary authentication value, and may generate MAC key mk_ibased on below Equation 4. Specifically, by using a preset hash algorithm (e.g., SHA256), encryption key ek_imay be generated by using a value obtained by concatenating temporary authentication value α_iand 0 as an input value. Alternatively, by using a preset hash algorithm (e.g., SHA256), MAC key mk_imay be generated by using a value obtained by concatenating temporary authentication value α_iand 1 as an input value. The same procedures may be applied with respect to ek_iand mk_iindicated in many of equations described herein.

ek
_i
=H(α_i∥0) [Equation 3]

mk
_i
=H(α_i∥1) [Equation 4]

In operation S405, the user terminal 410 may generate random number value ru_i, new second anonymous ID PU_i′ different from the first anonymous ID, and new second temporary authentication value α_i′ different from the first temporary authentication value.

In operation S406, the user terminal 410 encrypts the ID, the newly generated second anonymous ID, the newly generated second temporary authentication value, the first anonymous ID of the UAV, and the random number value, by using the encryption key based on Equation 5 below. Specifically, by using ek_igenerated through Equation 3 as a secret value (i.e., an encryption key and a decryption key), an ID, a newly generated second anonymous ID, a newly generated second temporary authentication value, a first anonymous ID of the UAV, and a random number value may be encrypted with a symmetric key. The same procedures may be applied with respect to E_ek_iindicated in many of equations described herein.

c
_i
=E
_ek
_i(U_i∥PU_i′∥α_i′∥PD_j∥ru_i) [Equation 5]

In operation S407, the user terminal 410 may derive first value τ_iby calculating cipher text c_ibased on Equation 6 below by using MAC key mk_itogether with the user's first anonymous ID and the server ID. Specifically, authentication value τ_imay be generated by using MAC key mk_igenerated through Equation 4 along with cipher text c_i, the user's firsts anonymous ID and the server ID. Thereafter, using the MAC key, whether authentication value τ_iis a legitimate message may be authenticated. The same procedure may be applied with respect to operation using the MAC key indicated in many of equations described herein.

τ_i=Mac_mk_i(PU_i∥S∥c_i) [Equation 6]

In operation S408, the user terminal 410 may transmit the user's first anonymous ID, the server ID, the cipher text and the first value to the server 430.

In operation S409, the server 430 may identify the user's ID, the past authentication value, and the current authentication value by using the user's first anonymous ID. In operation S411, the server 430 may generate an encryption key between the user and the server using the current authentication value or the past authentication value based on Equation 7 below, or may generate a MAC key based on Equation 8 below. The contents described in relation to Equation 3 and Equation 4 may be applied.

ek
_i
=H(α_i∥0) [Equation 7]

mk
_i
=H(α_i∥1) [Equation 8]

In operation S412, the server 430 may decrypt the received cipher text with the encryption key. In operation S413, the server 430 may authenticate the received first value using the MAC key. In operation S414, when the first value is authenticated, the server 430 may identify the ID, the past authentication value, and the current authentication value of the UAV by using the decrypted anonymous ID of the UAV. In operation S415, the server 430 may generate an encryption key between the UAV and the server based on Equation 9 by using the identified past authentication value or the current authentication value, and may generate a MAC key based on Equation 10. The contents described in relation to Equation 3 and Equation 4 may be applied.

ek
_j
=H(β_j∥0) [Equation 9]

mk
_j
=H(β_j∥1) [Equation 10]

In operation S416, the server 430 may encrypt the user's first anonymous PU_iand user-generated random number value ru_iwith the generated encryption key based on Equation 11. The contents described in relation to Equation 5 may be applied.

c
_j
=E
_ek
_j(PU_i∥ru_i) [Equation 11]

In operation S417, the server 430 may derive a second value by calculating cipher text c_jbased on Equation 12 by using the MAC key together with the server ID and the first anonymous ID of the drone. The contents described in relation to Equation 6 may be applied.

τ_j=Mac_mk_j(S∥PD_j∥c_j) [Equation 12]

In operation S418, the server 430 may transmit server ID S, the drone's first anonymous ID PD_j, cipher text c_jand second value τ_jto the UAV 450.

In operation S419, the UAV 450 may generate an encryption key based on Equation 13 by using the authentication value of the UAV, and may generate a MAC key based on Equation 14. The contents described in relation to Equation 3 and Equation 4 may be applied.

ek
_j
=H(β_j∥0) [Equation 13]

mk
_j
=H(β_j∥1) [Equation 14]

In operation S421, the UAV 450 may decrypt the cipher text received from the server 430 using the generated encryption key. In operation S422, the UAV 450 may authenticate the received second value using the MAC key. In operation S423, the UAV 450 may generate a random number value, a new second anonymous ID and a new second temporary authentication value. In operation S424, the UAV 450 may encrypt generated second anonymous ID PD_j′, second temporary authentication value β_j′, random number value rd_jand random number value ru_igenerated by the user terminal 410, based on Equation 15. The contents described in relation to Equation 5 may be applied.

d
_j
=E
_ek
_j(PD_j′∥β_j′∥ru_j∥rd_j) [Equation 15]

In operation S425, the UAV 450 may derive a third value by calculating generated cipher text d_jbased on Equation 16 by using the MAC key together with first anonymous ID PD_jof the drone and ID S of the server. The contents described in relation to Equation 6 may be applied.

∈_j=Mac_mk_j(PD_j∥S∥d_j) [Equation 16]

In operation S426, the UAV 450 may transmit the drone's first anonymous ID PD_j, server ID S, cipher text d_jand third value ∈_jto the server 430.

In operation S427, the server 430 may decrypt the received cipher text using the encryption key of the UAV. In operation S428, the server 430 may authenticate the third value using the MAC key. In operation S429, the server 430 may operate encryption based on Equation 17 using the user's encryption key ek_i. The contents described in relation to Equation 5 may be applied.

d
_i
=E
_ek
_i(PD_j∥ru_i∥rd_j) [Equation 17]

In operation S431, the server 430 may derive fourth value ∈_jby calculating cipher text d_ibased on Equation 18 by using the MAC key. The contents described in relation to Equation 6 may be applied.

∈_f=Mac_mk_j(S∥PU_i∥d_i) [Equation 18]

In operation S432, the server 430 may store the user's ID U_i, the user's past first anonymous ID PU_i, the user's current second anonymous ID PU_i′, the user's past first temporary authentication value α_i, and the user's current second temporary authentication value α_i′, as in Equation 19.

U
_i
,PU
_i
^o
=PU
_i
,PU
_l
^m
=PU
_i′,α_i^o=α_i,α_iⁿ=α_i′ [Equation 19]

In operation S433, the server 430 may store ID D_jof the UAV, past first anonymous ID PD_jof the UAV, current second anonymous ID PD_i′ of the UAV, first past temporary authentication value β_jof the UAV and current second temporary authentication value β_j′ of the UAV, as in Equation 20.

D
_j
,PD
_j
^o
=PD
_j
,PD
_j
ⁿ
=PD
_j′,β_j^o=β_j,β_jⁿ=β_j′ [Equation 20]

In operation S434, the server 430 may transmit the ID of the server, the first anonymous ID of the user, the cipher text and the fourth value to the user terminal 410.

In operation S435, the user terminal 410 may decrypt the received cipher text using the user's encryption key. In operation S436, the user terminal 410 may authenticate the received fourth value using the MAC key.

In operation S437, the user terminal 410 may generate a MAC key based on Equation 21 by using first anonymous ID PU_iand random number value ru_iof the user, and first anonymous ID PD_iand random number value rd_jof the UAV, and the user terminal 410 may generate a session key based on Equation 22. The contents described in relation to Equation 3 and Equation 4 may be applied.

mk
_i,j
=H(PU_i∥PD_j∥ru_i∥rd_j∥0) [Equation 21]

sk
_i,j
=H(PU_i∥PD_j∥ru_i∥rd_j∥1) [Equation 22]

In operation S438, the user terminal 410 may derive fifth value δ_i,jby calculating the user's first anonymous ID PU_iand the drone's first anonymous ID PD_jbased on Equation 23 by using the MAC key. The contents described in relation to Equation 6 may be applied.

δ_i,j=Mac_mk_i,j(PU_i∥PD_j∥0) [Equation 23]

In operation S439, the user terminal 410 may encrypt the user's second anonymous ID PU_i′ and second temporary authentication value α_i′ based on Equation 24 and then store. The contents described in relation to Equation 1 may be applied.

$\begin{matrix} ? = ? (P ?  ?) & [Equation 24] \end{matrix}$

$? indicates text missing or illegible when filed$

In operation S441, the user terminal 410 may transmit the first anonymous ID of the user, the first anonymous ID of the drone and the fifth value to the UAV 450.

In operation S442, the UAV 450 may generate a MAC key based on Equation 25 by using anonymous IDs and random number values, and may generate a session key based on Equation 26. In this case, the MAC key and the session key generated based on Equation 25 and Equation 26 may be the same as the MAC key and the session key generated based on Equation 21 and Equation 22. Therefore, the user terminal and the UAV may share the same MAC key and the same session key. The contents described in relation to Equation 3 and Equation 4 may be applied.

mk
_i,j
=H(PU_i∥PD_j∥ru_i∥rd_j∥0) [Equation 25]

sk
_i,j
=H(PU_i∥PD_j∥ru_i∥rd_j∥1) [Equation 26]

In operation S443, the UAV 450 may authenticate the fifth value received from the user terminal. Thereafter, the UAV 450 may store an ID of the UAV, current second anonymous ID PD_i′ of the UAV and current second temporary authentication value β_i′.

According to the request of the UAV, the key agreement protocol may be performed through operations of FIGS. 2, 3, 4A and 4B described above.

FIGS. 5A and 5B are diagrams for explaining a key agreement procedure between a user terminal and a UAV at a request from the user terminal according to an example embodiment. In FIGS. 5A and 5B, a server 530 may store and register information about a user terminal 510 and a UAV 550 according to FIGS. 2 and 3.

Unlike the sequence of the UAV, the user terminal, the server, the UAV, the server, the user terminal and the UAV in FIGS. 4A and 4B, referring to FIGS. 5A and 5B, a sequence of the user terminal, the UAV, the server, the user terminal, the server, the UAV and the user terminal may proceed. The descriptions with regard to FIGS. 4A and 4B and descriptions with regard to FIGS. 5A and 5B may have the same meaning.

The contents described in the equations of FIGS. 4A and 4B may also be applied to the process of calculating the equations of FIGS. 5A and 5B.

In operation S501, the user terminal 510 may decrypt an anonymous ID and an authentication value by using a user's ID and password, and may generate an encryption key and a MAC key. In operation S502, the user terminal 510 may transmit the user's first anonymous ID to the UAV 550.

In operation S503, the UAV 550 may generate an encryption key based on Equation 27 by using first temporary authentication value β_j, and may generate a MAC key based on Equation 28.

ek
_j
=H(β_j∥0) [Equation 27]

mk
_j
=H(β_j∥1) [Equation 28]

In operation S504, the UAV 550 may generate random number value rd_j, new second anonymous ID PD_j′ and second temporary authentication value β_i′. In operation S505, the UAV 550 may encrypt ID D_jof the UAV, second temporary authentication value PD_j′, second temporary authentication value β_j′, the users first anonymous ID PU_iand random number value rd_j, based on Equation 29.

c
_j
=E
_ek
_j(D_j∥PD_j′∥β_j′∥PU_i∥rd_j) [Equation 29]

In operation S506, the UAV 550 may derive first value r_jby calculating cipher text e_jbased on Equation 30 by using MAC key mk_jtogether with first anonymous ID PD_jof the UAV and ID S of the server.

r
_j=Mac_mk_j(PD_j∥S∥c_j) [Equation 30]

In operation S507, the UAV 550 may transmit first anonymous ID PD_jof the UAV, ID S of the server, cipher text e_jand first value r_jto the server 530.

In operation S508, the server 530 may identify the ID of the UAV, the past first temporary authentication value and the current second temporary authentication value, by using the first anonymous ID of the UAV.

In operation S509, the server 530 may generate an encryption key and a MAC key between the UAV and the server, using the past first temporary authentication value or the current second temporary authentication value. In operation S511, the server 530 may decrypt the received cipher text e_jusing the generated encryption key. In operation S512, the server 530 may authenticate received first value r_jby using the generated MAC key.

In operation S513, when the first value is authenticated, by using decrypted first anonymous ID PU_iof the user, the server 530 may identify user ID U_i, past first temporary authentication value PU_iand current second temporary authentication value PU_i′.

In operation S514, the server 530 may generate an encryption key and a MAC key between the user and the server by using first temporary authentication value PU_iand second temporary authentication value PU_i′.

In operation S515, the server 530 may encrypt first anonymous ID PD_jof the UAV and random number value rd_jgenerated by the UAV based on Equation 31 by using the generated encryption key.

c
_i
=E
_ck
_i(PD_j∥rd_j) [Equation 31]

In operation S516, the server 530 may derive second value τ_iby calculating cipher text c_ibased on Equation 32 by using MAC key mk_itogether with server ID S and the user's first anonymous ID PU_i.

τ_i=Mac_mk_i(S∥PU_i∥c_i) [Equation 32]

In operation S517, the server 530 may transmit server ID S, the user's first anonymous ID PU_i, cipher text c_iand second value τ_ito the user terminal 510.

In operation S518, the user terminal 510 may decrypt received cipher text c_iby using the encryption key. In operation S519, the user terminal 510 may authenticate received second value τ_iby using the MAC key. In operation S521, the user terminal 510 may generate random number value ru_i, second anonymous ID PU_i′ of the user, and second temporary authentication value α_i′.

In operation S522, the user terminal 510 may encrypt random number values ru_iand rd_j, the users second anonymous ID PU_i′, and second temporary authentication value α_i′ based on Equation 33.

d
_i
=E
_ck
_i(PU_i′∥α_i′∥ru_i∥rd_j) [Equation 33]

In operation S523, the user terminal 510 may derive third value e_iby calculating cipher text d_ibased on Equation 34 by using MAC key mk_itogether with the user's first anonymous ID PU_iand server ID S.

e
_i=Mac_mk_i(PU_i∥S∥d_i) [Equation 34]

In operation S524, the user terminal 510 may transmit the user's first anonymous ID PU_i, server ID S, cipher text d_iand third value e_ito the server 530.

In operation S525, the server 530 may decrypt the received cipher text by using the user's encryption key. In operation S526, the server 530 may authenticate the received third value by using the MAC key.

In operation S527, the server 530 may encrypt the user's first anonymous ID PU_iand random number values ru_iand rd_jbased on Equation 35 by using the encryption key of the UAV.

d
_j
=E
_ek
_j(PU_i∥ru_i∥rd_j) [Equation 35]

In operation S528, the server 530 may derive fourth value e_jby calculating cipher text d_jbased on Equation 36 using the MAC key together with the server ID and the first anonymous ID of the UAV.

e
_j=Mac_mk_j(S∥PD_j∥d_j) [Equation 36]

In operation S529, the server 530 may store the user's ID U_i, the user's past first anonymous ID PU_i, the user's current second anonymous ID PU_i′, the user's past first temporary authentication value α_iand the user's current second temporary authentication value α_i′ as in Equation 37. Further, the server 530 may store ID D_jof the UAV, past first anonymous ID PD_jof the UAV, second anonymous ID PD_j′ of the UAV, first temporary authentication value β_iof the UAV, and current second temporary authentication value β_i′ of the UAV as in Equation 37.

Store (U_i,PU_i^o=PU_i,PU_iⁿ=PU_i′,

α_i^o=α_i,α_iⁿ=α_i′)

and (D_j,PD_j^o=PD_j,PD_nⁿ=PD_j′,

β_j^o=β_j,β_jⁿ=β_j′) [Equation 37]

In operation S531, the server 530 may transmit first anonymous ID PD_jof the UAV, server ID S, cipher text d_jand fourth value e_jto the UAV 550.

In operation S532, the UAV 550 may decrypt the received cipher text using the encryption key of the UAV. In operation S533, the UAV 550 may authenticate the received fourth value by using the MAC key.

In operation S534, the UAV 550 may generate a MAC key based on Equation 38 by using first anonymous ID PD_jand random number value rd_jof the UAV, and first anonymous ID PU_iand random number value ru_iof the user, and may generate a session key based on Equation 39.

$\begin{matrix} {mk}_{i, j} = H ({PU}_{i}  {PD}_{j}  {ru}_{i}  {rd}_{j}  0) & [Equation 38] \end{matrix}$

$\begin{matrix} {sk}_{i, j} = H ({PU}_{i}  {PD}_{j}  {ru}_{i}  r d_{j}  1) & [Equation 39] \end{matrix}$

In operation S535, the UAV 550 may derive fifth value δ_i,jby calculation based on Equation 40 by using the MAC key together with the user's first anonymous ID PU_iand the UAV's first anonymous ID PD_i.

δ_i,j=Mac_mk_i,j(PU_i∥PD_j∥0) [Equation 40]

The UAV 550 may store ID D_jof the UAV, second anonymous ID PD_j′ of the UAV, and second temporary authentication value β_j′. In operation S536, the UAV 550 may transmit the user's first anonymous ID PU_i, first anonymous ID PD_jof the UAV and fifth value (δ_i,j) to the user terminal 510.

In operation S537, the user terminal 510 may generate a MAC key based on Equation 41 by using the first anonymous ID of the UAV, the first anonymous ID of the user and random number values, and may generate a session key based on Equation 42. In this case, the MAC key and the session key generated based on Equation 41 and Equation 42 may be the same as the MAC key and the session key generated based on Equation 38 and Equation 39. Therefore, the user terminal and the UAV may share the same MAC key and the same session key.

$\begin{matrix} {mk}_{i, j} = H ({PU}_{i}  {PD}_{j}  {ru}_{i}  r d_{j}  0) & [Equation 41] \end{matrix}$

$\begin{matrix} {sk}_{i, j} = H ({PU}_{i}  {PD}_{j}  {ru}_{i}  r d_{j}  1) & [Equation 42] \end{matrix}$

In operation S538, the user terminal 510 may authenticate the fifth value by using the MAC key, and thereafter, the user's second anonymous ID and the second temporary authentication value may be encrypted based on Equation 43 and then store.

v
_i
=E
_H(U
_i
_∥pw
_i
₎(PU_i′∥α_i′) [Equation 43]

According to the user's request, the key agreement protocol may be performed through operations with regard to FIGS. 2, 3, 5A and 5B described above.

FIG. 6 is a flowchart illustrating a method of operating an electronic device according to an example embodiment. For reference, the electronic device may be a device included in the aforementioned server, and the above description may also be applied to FIG. 6.

Referring to FIG. 6, through the process of registering the user described in FIG. 2 to the server, in operation S610, the electronic device may obtain at least one of the user's ID, the user's first anonymous ID corresponding to the user's ID and the user's first temporary authentication value from the user terminal.

Through the process of registering the UAV described in FIG. 3 to the server, in operation S620, the electronic device may obtain from the UAV at least one of an ID of the UAV, a first anonymous ID of the UAV corresponding to the ID of the UAV, and a first temporary authentication value of the UAV.

As described with regard to FIGS. 4A, 4B, 5A and 5B, the electronic device may intermediate a key agreement procedure between the user terminal and the UAV.

In operation S630, in response to a key agreement request of the user terminal or a key agreement request of the UAV, the electronic device may intermediate the key agreement between the UAV and the user terminal based on first information including information obtained from the user terminal and second information including information obtained from the UAV.

In this case, the key agreement request of the UAV may correspond to transmitting the first anonymous ID of the UAV from the UAV to the user terminal as described with regard to FIGS. 4A and 4B. Further, the key agreement request of the user terminal may correspond to transmitting the first anonymous ID of the user terminal from the user terminal to the UAV as illustrated in FIGS. 5A and 5B.

Further, according to the key agreement between the UAV and the user terminal, the user terminal and the UAV may share the same MAC key and the same session key.

In this case, the first anonymous ID and the first temporary authentication value of the user may be randomly generated regardless of the user's ID, and the first anonymous ID and the first temporary authentication value of the UAV may also be randomly generated regardless of the ID of the UAV.

Further, the first information may include at least one of the user's ID, the user's first anonymous ID, the user's first temporary authentication value, a second anonymous ID different from the user's first anonymous ID, a second temporary authentication value different from the user's first temporary authentication value, and a random number value of the user.

Further, the second information may include at least one of the ID of the UAV, the first anonymous ID of the UAV, the first temporary authentication value of the UAV, a second anonymous ID different from the first anonymous ID of the UAV, a second temporary authentication value different from the first temporary authentication value of the UAV, and a random number value of the UAV.

FIG. 7 is a flowchart illustrating a method of operating a user terminal according to an example embodiment. The contents described with regard to FIGS. 4A and 4B may be applied to FIG. 7, and for details, please refer to the above description.

Referring to FIG. 7, in operation S710, the user terminal may obtain a first anonymous ID of a UAV corresponding to an ID of the UAV from the UAV requesting key agreement. In operation S720, the user terminal may identify at least one of the user's ID that is input from the user, the user's first anonymous ID corresponding to the user's ID, and the user's first temporary authentication value. In operation S730, the user terminal may generate an encryption key and a first MAC key by using the first temporary authentication value. In operation S740, the user terminal may generate a second anonymous ID different from the first anonymous ID of the user and a second temporary authentication value different from the first temporary authentication value of the user. In operation S750, the user terminal may generate the same second MAC key and the same session key shared between the user terminal and the UAV based on at least one piece of information related to the user and at least one piece of information related to the UAV.

FIG. 8 is a flowchart illustrating a method of operating a UAV according to an example embodiment. The contents described with regard to FIGS. 5A and 5B may be applied to FIG. 8, and for details, please refer to the above description.

Referring to FIG. 8, in operation S810, the UAV may obtain a first anonymous ID of a user terminal corresponding to an ID of the user terminal from the user terminal requesting key agreement. In operation S820, the UAV may identify at least one of an ID of the UAV, a first anonymous ID of the UAV corresponding to the ID of the UAV, and a first temporary authentication value of the UAV. In operation S830, the UAV may generate an encryption key and a first MAC key by using the first temporary authentication value. In operation S840, the UAV may generate a second anonymous ID different from the first anonymous ID of the UAV and a second temporary authentication value different from the first temporary authentication value of the UAV. In operation S850, the UAV may generate the same second MAC key and the same session key shared between the user terminal and the UAV based on at least one piece of information related to the user terminal and at least one piece of information related to the UAV.

FIG. 9 is a block diagram of an electronic device according to an example embodiment.

According to the example embodiment, an electronic device 900 may include a communication device 910, a memory 920 and a controller 930. FIG. 9 illustrates only components related to the example embodiment of the electronic device 900. Therefore, it may be understood by those of ordinary skill in the art related to the present disclosure that other general-purpose components may be further included in addition to the components illustrated in FIG. 9. With regard to the electronic device 900, the above-described contents may be applied and thus, a description of overlapping content will be omitted.

The communication device 910 may be a device that performs wired/wireless communication, and the memory 920 may be a device that stores at least one instruction. The controller 930 may control the overall operation of the electronic device 900 and process data and signals. The controller 930 may be composed of at least one hardware unit. Further, the controller 930 may operate by one or more software modules generated by executing program codes stored in the memory 920. The controller 930 may execute a program code stored in the memory 920 to control the overall operation of the electronic device 900 and process data and signals.

The controller 930 may obtain at least one of an ID of a user, a first anonymous ID of the user corresponding to the ID of the user and a first temporary authentication value of the user, from a user terminal, obtain at least one of an ID of an unmanned aerial vehicle (UAV), a first anonymous ID of the UAV corresponding to the ID of the UAV and a first temporary authentication value of the UAV, from the UAV, and in response to a key agreement request of the user terminal or a key agreement request of the UAV, intermediate key agreement between the UAV and the user terminal based on information related to the user terminal and information related to the UAV.

The above-described electronic device or terminal may include a controller, a memory (e.g., a non-transitory memory) for storing and executing program data, a permanent storage such as a disk drive, a communication port for communicating with an external device, and a user interface device. In addition to this, it can be understood by those of ordinary skill in the art related to the present disclosure that other general-purpose components may be further included. The controller may control the overall operation of the electronic device and process data and signals. The controller may be configured with at least one hardware unit. Further, a controller may be operated by one or more software modules that are generated by executing a program code stored in a memory. The controller may execute program code stored in the memory to control the overall operation of the electronic device and process data and signals. Methods implemented as software modules or algorithms may be stored in a computer-readable recording medium as computer-readable codes or program instructions executable on the controller. Here, the computer-readable recording medium includes a magnetic storage medium (e.g., ROMs, RAMs, floppy disks and hard disks) and an optically readable medium (e.g., CD-ROMs and DVDs). The computer-readable recording medium may be distributed among network-connected computer systems, so that the computer-readable codes may be stored and executed in a distributed manner. The medium may be readable by a computer, stored in a memory, and executed on a processer.

The example embodiments may be represented by functional block elements and various processing steps. The functional blocks may be implemented in any number of hardware and/or software configurations that perform specific functions. For example, an example embodiment may adopt integrated circuit configurations, such as memory, processing, logic and look-up table, that may execute various functions by the control of one or more microcontrollers or other control devices. Similar to that elements may be implemented as software programming or software elements, the example embodiments may be implemented in a programming or scripting language such as C, C++, Java, assembler, etc., including various algorithms implemented as a combination of data structures, processes, routines, or other programming constructs. Functional aspects may be implemented in an algorithm running on one or more controllers. Further, the example embodiments may adopt the existing art for electronic environment setting, signal processing, and/or data processing. Terms such as “mechanism,” “element,” “means” and “configuration” may be used broadly and are not limited to mechanical and physical elements. The terms may include the meaning of a series of routines of software in association with a controller or the like.

The above-described example embodiments are merely examples, and other embodiments may be implemented within the scope of the claims to be described later. It will be apparent to those skilled in the art that various modifications and variations can be made in the electronic device for providing bidirectional key agreement protocol and operating method thereof of the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention cover the modifications and variations of this invention provided they come within the scope of the appended claims and their equivalents.

ELECTRONIC DEVICE FOR PROVIDING BIDIRECTIONAL KEY AGREEMENT PROTOCOL AND OPERATING METHOD THEREOF

Information

Publication Number

Date Filed

Date Published

Inventors

Original Assignees

CPC

International Classifications

Abstract

Description

Claims

Priority Claims (1)