A method for protecting unique product identification codes of unmanned aerial vehicles
By integrating a security module onto the drone and employing the SM9 algorithm for two-way authentication and dynamic key negotiation, the risks of drone identity verification failure and key management are resolved. This achieves multi-dimensional security protection of drone identity and legitimate device access, making it suitable for drone identity verification and security management in low-altitude economic environments.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- EASTCOMPEACE TECH
- Filing Date
- 2026-02-13
- Publication Date
- 2026-06-09
AI Technical Summary
The lack of authentication mechanisms, invalid identity verification, and key management risks in the current drone security management system pose security risks, especially the problem that the drone's unique product identification code is easily tampered with, forged, and the key is leaked.
By integrating a security module into the drone production stage, an SM9 private key binding relationship is established. The SM9 algorithm is used for two-way authentication and dynamic key negotiation. Combined with hardware-level security design, the uniqueness of the drone's identity and the security of its transmission are ensured, including closed-loop operation of the key within the module, FUSE write protection, and isolation of the key security zone.
It achieves multi-dimensional security protection for drone identity, prevents identification code tampering and key leakage, ensures legitimate equipment access to airspace, reduces the risk of illegal flight, is compatible with GB42590 standard and reduces reliance on high-cost components, and supports high-density operation requirements.
Smart Images

Figure CN122179151A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of drone safety management technology, specifically to a method for protecting the unique product identification code of a drone, applicable to drone identity verification and safety management scenarios in low-altitude economic environments. Background Technology
[0002] With the rapid development of the low-altitude economy and the continuous expansion of drone application scenarios, the unique product identification code, as the core basis for identity verification and security management, is becoming increasingly critical for security during broadcasting and reporting processes. Currently, drone security management suffers from the following technical deficiencies: Lack of authentication mechanism: Although the existing standards require drones to be registered with a unique product identification code, the protection method is not clearly defined, which makes the identification code easy to be tampered with and forged, and illegal drones can impersonate legitimate ones to access the airspace; Identity verification failure: The lack of an identity verification mechanism based on a unified certificate system between the drone terminal and the regulatory platform makes it difficult to confirm the authenticity and non-repudiation of the identification code source; Key management risks: Long-term use of fixed keys can easily lead to leakage, and traditional protection methods cannot meet dynamic security requirements.
[0003] The aforementioned technical deficiencies pose safety risks to low-altitude traffic order, necessitating a drone identity authentication solution that combines security and practicality. Summary of the Invention
[0004] To address the shortcomings of existing technologies, this invention provides a method for protecting the unique product identification code of unmanned aerial vehicles (UAVs), thereby solving problems such as the lack of authentication mechanisms, failure of identity verification, and key management risks in traditional UAV security management.
[0005] The present invention achieves the above objectives through the following technical solutions: A method for protecting the unique product identification code of a drone includes: Registration steps: During the drone manufacturing stage, the drone manufacturer submits a unique product identification code registration application to the industry regulatory authority and integrates a security module on the edge of the drone; after the registration is approved, the digital identity security management platform distributes the unique product identification code to the security module integrated in the drone through a secure channel, and establishes a binding relationship between the code and the SM9 private key of the security module to achieve a one-to-one correspondence between the unique identity of each drone and the key. Issuance steps: The industry regulatory authority reviews, approves, and authorizes the production and manufacturing of security modules, and manages the issuance of SM9 keys. Qualified security module manufacturers can apply for the issuance of SM9 private keys and produce security modules. Signature steps: When the drone needs to broadcast or report its unique product identification code during flight, the drone main control module of the main control module sends message M to the security module. The security module performs SM9 national cryptographic signature operation internally and generates SM9 signature pair. The security module packages the message to be signed M, signature pair, timestamp, system parameter identifier and master public key digest into a signature data packet. Verification steps: After receiving the signed data packet, the receiving end parses the signed data packet to obtain the data packet to be verified M, SEID, SM9 system parameter identifier, SM9 signature pair, and timestamp. Then, it verifies the consistency of the system parameters. By using the SEID parsed by the SM9 verification engine as the SM9 identity public key, the verification data block M and the timestamp are repackaged into a verification data block. This data block is used as the original verification data. The matching SM9 system parameter identifier and SM9 identity public key are called to perform standard SM9 verification operation on the SM9 signature pair in the data packet. At the same time, the validity of the timestamp is verified, forming a multi-dimensional security protection for the unique product identification code of the drone. Two-way authentication steps: Two-way authentication is performed between the drone terminal and the digital identity authentication platform; Linked protection steps: The security module synchronizes the two-way authentication results to the main control module. Only when the authentication is successful will the main control module grant takeoff permission to the flight control system, thereby ensuring that only drone equipment with a legal and unique product identification code can be used normally.
[0006] According to the present invention, a method for protecting the unique product identification code of a drone is provided. In the two-way authentication step, a random number, an authentication counter, and an SM9 signature are generated by the drone terminal device and sent to a digital identity authentication platform. After receiving the information, the digital identity authentication platform verifies it and sends back a signature response after the verification is successful. Thus, the two parties complete mutual identity verification and negotiate a dynamic application key, which is used for the encryption of the transmission of the unique product identification code.
[0007] According to the present invention, a method for protecting the unique product identification code of a drone, in the two-way authentication step, the two-way identity authentication and dynamic key negotiation of the drone based on the SM9 algorithm specifically includes the following steps: Security module side steps: In response to the unique product identification code writing command, generate a random number R1 and initialize the auto-incrementing authentication counter; Collect SEID and timestamp, and call the preset SM9 private key d_ID to perform SM9 signature on the combined data [SEID+R1+counter+timestamp] to generate S1; Send an authentication request packet containing [SEID + R1 + counter + timestamp + S1 + system parameter identifier + master public key digest] to the digital identity authentication platform; Platform-side steps: Parse the request packet and perform multi-dimensional validation, including: SM9 signature verification is performed by retrieving system parameters based on SEID. Timeliness verification for timestamp differences ≤ 5 minutes; The first request is verified when the counter value is 1; After successful verification, a random number R2 is generated. The platform's SM9 private key is then used to sign the combined data [Platform ID + R2 + R1 + Counter + Product Identification Code Hash Value] to generate S2. Return a reverse authentication packet containing [Platform ID + R2 + Counter + S2 + System Parameter Identifier + Master Public Key Digest] to the security module; The security module generates a session key K based on R1, R2, and the counter using the SM9 key negotiation algorithm; Both parties established an SM4 encrypted channel to complete the secure transmission and binding of product identification codes.
[0008] According to the present invention, a method for protecting the unique product identification code of a drone, the security module adopts a hardware-level security design, including: Key operations are completed in a closed loop within the security module, and the SM9 private key d_ID is never exported. It features FUSE write protection, key security zone isolation, and anti-tampering and anti-replication characteristics; The read-only storage area is pre-configured with SEID, platform ID, system parameter identifier, and signature master public key digest.
[0009] According to the present invention, a method for protecting the unique product identification code of a drone includes the following process for generating the session key K: The security module verifies the authenticity of the SM9 signature of the platform ID in the reverse authentication packet; Verify the consistency between the counter value and the sent value; Based on R1, R2 and the counter values, the SM9 key negotiation algorithm is executed to generate a 16-byte session key; Store the key K in the module's read-only key security area and never export it.
[0010] Secure transmission of product identification codes includes: The digital identity authentication platform distributes encrypted identification codes through an SM4-CBC encrypted channel; After the security module is decrypted, an SM3 hash comparison is performed to verify integrity. After successful verification, the identification code is written to the read-only storage area and bound to the SEID and SM9 private key d_ID; Return a successful write confirmation packet with SM4 encryption and SM9 signature to the digital identity authentication platform.
[0011] According to the present invention, a method for protecting the unique product identification code of a drone, in the registration step, the generation of the unique product identification code of the terminal includes at least the following data elements: Manufacturer ID, which is used to uniquely identify the manufacturer of the security module; SEID, or Security Module Identifier, is used to uniquely identify the security module currently integrated into the drone, and also serves as the SM9 public key ID; Unique Product Identifier for Drones: This serves as a unique identifier for drones, used to confirm and identify their identity during broadcasting and reporting processes; The drone flight controller serial number is used to uniquely identify the drone flight controller motherboard; Drone manufacturer logo, used to identify the manufacturer of the drone; Based on multiple data elements, the digital identity security management platform establishes a binding relationship between the central master key and the SM9 private key of the security module. The central master key serves as the root key for generating the SM9 private keys of each security module, ensuring that each drone has an independent private key corresponding to its unique product identification code.
[0012] According to the present invention, a method for protecting the unique product identification code of a drone is provided. In the signing step, after receiving the SM9 signature request instruction, the SM9 key management module in the security module calls the pre-allocated SM9 user private key from the key security area inside the security module according to the user identifier ID, i.e., the terminal identifier code. The SM9 user private key is generated by the SM9 key generation center based on the root key and the user identifier. The security module starts the SM9 signature algorithm engine, takes the data block to be signed as input, uses the called SM9 user private key to perform the signature operation, and generates a signature value S9 that conforms to the 64-byte standard RAW format. The signature value contains 32 bytes of r parameters and 32 bytes of s parameters. The security module reads a 2-byte SM9 system parameter identifier and a 12-byte master public key digest from its internal parameter area, and packages these parameters together with the user identifier ID, unique product identification code, timestamp, and signature value S9 to form an initial data packet; During the signing process, when the drone needs to broadcast or report its unique product identification code during flight, the main control module sends the aforementioned message M to the security module. The security module internally performs SM9 national cryptographic signature calculation to generate a compliant SM9 signature pair (96 bytes). The security module packages the message M to be signed, the signature pair, the timestamp, the system parameter identifier, and the master public key digest into a signature data packet. The signature data packet is encapsulated in accordance with the format specified in GB42590 standard. The following identification items are added to the fourth byte of the data identifier: algorithm identifier (identifying the algorithm type), identifier (security module unique identifier SEID), digital signature, timestamp, and parameter identifier. The drone's communication module is then used to broadcast or report the operation identification data with the signature value to achieve secure transmission and verification of the drone's unique product identification code.
[0013] After receiving the signed data packet sent by the UAV, the data receiving module of the receiving end parses the data packet to be verified, and obtains the data packet M, SEID, SM9 system parameter identifier, SM9 signature pair and timestamp; The SM9 signature verification engine uses the parsed SEID as the SM9 identity public key, repackages the signature-enabled data block M with the timestamp into a signature verification data block, uses this data block as the original verification data, calls the matching SM9 system parameters and the identity public key, and performs standard SM9 signature verification operation on the SM9 signature pair in the data packet. Simultaneously verifying the validity of the timestamp forms a multi-dimensional security protection for the drone's unique product identification code.
[0014] According to the method for protecting the unique product identification code of a drone provided by the present invention, a security module is integrated into the drone hardware system during the drone manufacturing stage, and the following pre-configuration operations are performed within the security module: Pre-store unique device identification information, including at least a 4-byte user ID and a 20-byte unique product identification code; The key materials required for the SM9 algorithm include at least the SM9 user private key, the SM9 system parameter identifier, and the corresponding master and public key digest; Configure the heartbeat signal generation mechanism and set the trigger conditions for automatically reporting the heartbeat signal upon first activation and power-on. When the drone completes production assembly and is powered on for the first time, the safety module detects the power-on event and automatically performs the following operations: Generate a heartbeat signal packet containing device status information, the heartbeat signal packet including at least: 4-byte user ID, 20-byte unique product identifier, 4-byte device status identifier, 2-byte timestamp, and 2-byte SM9 system parameter identifier; The heartbeat signal packet is encrypted and transmitted to the authentication interface module of the digital identity management platform via the drone communication module.
[0015] According to the method for protecting the unique product identification code of a drone provided by the present invention, the digital identity management platform performs the following processing flow after receiving the heartbeat signal packet: Analyze the heartbeat signal packet to verify that the device status indicates it is in its initial activation state; Call the parameter management module to obtain the complete system parameters corresponding to the SM9 system parameter identifier; Based on the user's identifier ID, the corresponding SM9 user public key can be queried from the key management system or dynamically generated. Verifying the integrity and authenticity of the heartbeat signal packet includes at least the following: Verify that the timestamp is within the valid time window; Verify the digital signature of the heartbeat signal packet using the SM9 user public key; Once verification is successful, the key issuance process is triggered: Generate a dynamic application key K specific to the drone, which is generated through the SM9 key negotiation algorithm or a preset key derivation rule; Generate a key issuance response packet containing the dynamic application key K. The response packet structure includes at least the following: 4-byte platform identifier, 16-byte dynamic application key K, 2-byte authentication counter, 4-byte key validity period identifier, 2-byte SM9 system parameter identifier, and 64-byte SM9 signature pair; The key issuance response packet is encrypted and transmitted to the drone security module, and the encryption method is symmetrical with the heartbeat signal packet transmission protocol.
[0016] According to the method for protecting the unique product identification code of a drone provided by the present invention, the drone security module performs the following operations after receiving the key signing response packet: The SM9 system parameter identifier in the verification response packet is consistent with the local preset value; Verify the validity of the signature value using a pre-configured SM9 user private key; After successful verification, the dynamic application key K is stored in the key security area of the security module; Send a key activation success signal to the main control module, and the main control module will grant access to the core functional modules of the UAV accordingly. The digital identity management platform associates and stores the dynamic application key K, user ID, device unique identifier, and key validity period in an encrypted database, thus completing the key issuance closed loop. If any verification step fails, the following exception handling procedure will be executed: The security module records the failure type; Restrict access to the core functional modules of drones; The communication module reports anomaly logs to the digital identity management platform. The log content should include at least the failure type, timestamp, and device identification information. After receiving abnormal logs, the digital identity management platform will trigger a manual intervention process or an automatic retry mechanism according to preset rules.
[0017] Therefore, compared with the existing technology, the UAV unique product identification code protection method proposed in this invention has the following beneficial effects: 1. This invention, based on the SM9 identifier cryptography algorithm, constructs a two-way authentication system that breaks through the dependence of traditional X.509 certificate systems on CA institutions. It achieves identity verification through direct mutual signature verification between the terminal and the platform. This mechanism eliminates the need for issuing and managing digital certificates, simplifying the certificate lifecycle management process. Furthermore, by leveraging the "identity is public key" characteristic of the SM9 algorithm, it ensures that each drone terminal possesses a unique and unforgeable identity identifier, fundamentally solving the security risks of identification code tampering and misuse.
[0018] 2. During the transmission of the identification code, this invention constructs a three-layer protection mechanism covering data integrity, algorithm consistency, signature authenticity, and time validity: SM9 system parameter comparison: verifying algorithm version consistency and preventing algorithm downgrade attacks; SM9 public key verification: confirms that the identification code was generated by a legitimate terminal; Timestamp verification: to prevent replay attacks.
[0019] This system uses multi-dimensional cross-verification to reduce the success rate of attacks that forge or tamper with identification codes to near zero, significantly improving airspace management security.
[0020] 3. This invention adopts a "one-time key" dynamic key update mechanism, generating an independent 16-byte application key for each two-way authentication. Combined with the physical-level storage of the security module (FUSE write protection, key security zone isolation), it effectively avoids the risk of leakage caused by long-term use of fixed keys.
[0021] 4. This invention binds the two-way authentication result to the drone's flight function. Terminals that fail authentication cannot unlock the flight control system and can directly control the main control module's permissions through hardware pins. This eliminates the vulnerability in traditional solutions where "functions can still be bypassed after authentication," ensuring that only legitimate devices can access the airspace. In batch application scenarios such as logistics delivery and power line inspection, this mechanism can reduce the risk of illegal flights.
[0022] 5. The bidirectional authentication interface designed in this invention is compatible with the GB42590 standard message format (196-byte limit) and supports batch synchronous authentication of drones. Actual testing shows that a single platform can process authentication requests from over 500 drones in parallel, reducing response latency and meeting the needs of high-density operations. Furthermore, the interface adopts a modular design, allowing for rapid adaptation to drone hardware from different manufacturers, thus reducing industry integration costs.
[0023] 6. While meeting the requirements of regulations such as the Civil Aviation Administration of China's "Rules for the Safety Management of Civil Unmanned Aerial Vehicle Operations," this invention avoids the compliance risks of relying on imported encryption technologies by leveraging the domestically produced nature of the SM9 algorithm (certified by the State Cryptography Administration). Compared to traditional solutions, this invention reduces reliance on high-cost components such as CA certificates and Hardware Security Modules (HSMs), thereby lowering the security cost per drone.
[0024] The present invention will now be described in further detail with reference to the accompanying drawings and specific embodiments. Attached Figure Description
[0025] Figure 1 This is a flowchart of an embodiment of a method for protecting the unique product identification code of a drone according to the present invention.
[0026] Figure 2 This is a schematic diagram of the platform side and the edge side in an embodiment of the method for protecting the unique product identification code of a drone according to the present invention.
[0027] Figure 3 This is a schematic diagram of an embodiment of the method for protecting the unique product identification code of a drone according to the present invention.
[0028] Figure 4 This is a schematic diagram of the process for issuing a unique product identification code in an embodiment of the present invention's method for protecting a drone's unique product identification code.
[0029] Figure 5 This is a schematic diagram illustrating the principle of forming a signature data packet in an embodiment of a method for protecting the unique product identification code of a drone according to the present invention. Detailed Implementation
[0030] To make the objectives, technical solutions, and advantages of this invention clearer, the technical solutions of this invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some, not all, of the embodiments of this invention. All other embodiments obtained by those skilled in the art based on the embodiments of this invention without creative effort are within the scope of protection of this invention.
[0031] In this document, the term "embodiment" means that a particular feature, structure, or characteristic described in connection with an embodiment may be included in at least one embodiment of this application. The appearance of this phrase in various places throughout the specification does not necessarily refer to the same embodiment, nor is it a separate or alternative embodiment mutually exclusive with other embodiments. It will be explicitly and implicitly understood by those skilled in the art that the embodiments described herein can be combined with other embodiments.
[0032] First, in this embodiment, as Figure 2As shown, a certified security chip is used as a security module (i.e., a digital identity security carrier). During the drone production and assembly stage, it is integrated into the drone's main control board through standardized hardware interfaces (such as I2C / SPI / serial port) to provide a hardware foundation for subsequent functions such as certificate storage and signature calculation.
[0033] Before a drone leaves the factory, the drone manufacturer registers a unique product identification code with the regulatory authorities, and the trusted digital identity management platform writes it into the security module to bind the security module to the drone's flight control system.
[0034] See Figures 1 to 5 This embodiment provides a method for protecting the unique product identification code of a drone, including: Registration steps: During the drone manufacturing stage, the drone manufacturer submits a unique product identification code registration application to the industry regulatory authority and integrates a security module on the edge of the drone; after the registration is approved, the digital identity security management platform distributes the unique product identification code to the security module integrated in the drone through a secure channel, and establishes a binding relationship between the code and the SM9 private key of the security module to achieve a one-to-one correspondence between the unique identity of each drone and the key. Issuance Steps: The industry regulatory authority reviews, approves, and authorizes the production and manufacturing of security modules, and manages the issuance of SM9 keys. Qualified security module manufacturers can apply for the issuance of SM9 private keys and produce security modules (pre-installed with SM9 private keys). This process is the security module issuance process, and the specific procedures are as follows: Security module manufacturers submit a unique security module identifier (SEID) to the industry regulatory authority to apply for the issuance of user private keys d_ID; The digital identity security management platform (SM9-KGC key generation center) uses the unique identifier of the security module provided by the manufacturer (as the core identity ID), combined with the SM9 signature master private key Ks pre-generated and securely stored by the platform and the system public parameter params, according to the fixed formula of SM9 national standard d_ID = (Ks + H1(ID, params)). - ¹ × P1, derive and generate a unique SM9 user private key d_ID for each security module; Security module manufacturers produce security modules in a controlled factory environment and securely write the user's private key d_ID into the security module. The private key is never exported and is stored and processed entirely within the module. Core pre-defined items: SEID (SM9 public key ID), SM9 private key d_ID, platform identity identifier (platform SM9 public key ID), complete SM9 signature master public key Ppub-s (not digest), SM9 system parameter identifier, complete SM9 system parameter params; the master public key Ppub-s is permanently written into the key security area and can only be read for signature verification, and cannot be modified / exported.
[0035] Signature Steps: When the drone needs to broadcast or report its unique product identification code during flight, the drone main control module of the main control module sends the aforementioned message M to the security module. The security module internally performs SM9 national cryptographic signature calculation to generate a compliant SM9 signature pair (96 bytes). The security module packages the message to be signed M, the signature pair, the timestamp, the system parameter identifier, and the master public key digest into a signature data packet. The fourth byte of the data identifier adds the following identifier items: algorithm identifier (identifying the algorithm type), identifier (security module unique identifier SEID), digital signature, timestamp, and parameter identifier. Table 1: Encoding Format of the Fourth Byte
[0036] As shown in Table 1, the value of the aforementioned identifier is added to the 4th byte of the data packet, and the data is integrated and packaged into an immutable signed data packet. The data format is shown in Table 2, thus completing the signing process.
[0037] Table 2: Data Items and Encoding Value Requirements
[0038] Verification steps: After receiving the signature data packet, the receiving end parses the signature data packet to obtain the data packet to be verified M, SEID, SM9 system parameter identifier, SM9 signature pair, and timestamp; it verifies the consistency of system parameters by using the SEID parsed by the SM9 verification engine as the SM9 identity public key, repackaging the verification data block M with the timestamp into a verification data block, using this data block as the original verification data, and calling the matching SM9 system parameter identifier and SM9 identity public key to perform standard SM9 verification operation on the SM9 signature pair in the data packet; at the same time, it verifies the validity of the timestamp, forming a multi-dimensional security protection for the drone's unique product identification code; Two-way authentication steps: Two-way authentication is performed between the drone terminal and the digital identity authentication platform; Linked protection steps: The security module synchronizes the two-way authentication results to the main control module. Only when the authentication is successful will the main control module grant takeoff permission to the flight control system, thereby ensuring that only drone equipment with a legal and unique product identification code can be used normally.
[0039] In the two-way authentication process, a random number, an authentication counter, and an SM9 signature are generated by the drone terminal device and sent to the digital identity authentication platform. After receiving this information, the digital identity authentication platform verifies it and sends a signature response after successful verification. Thus, both parties complete mutual identity verification and negotiate a dynamic application key, which is used for the encryption of the transmission of the unique product identification code.
[0040] The two-way authentication process, specifically the drone two-way identity authentication and dynamic key negotiation based on the SM9 algorithm, includes the following steps: Security module side steps: In response to the unique product identification code writing command, generate a random number R1 and initialize the auto-incrementing authentication counter; Collect SEID and timestamp, and call the preset SM9 private key d_ID to perform SM9 signature on the combined data [SEID+R1+counter+timestamp] to generate S1; Send an authentication request packet containing [SEID + R1 + counter + timestamp + S1 + system parameter identifier + master public key digest] to the digital identity authentication platform; Platform-side steps: Parse the request packet and perform multi-dimensional validation, including: SM9 signature verification is performed by retrieving system parameters based on SEID. Timeliness verification for timestamp differences ≤ 5 minutes; The first request is verified when the counter value is 1; After successful verification, a random number R2 is generated. The platform's SM9 private key is then used to sign the combined data [Platform ID + R2 + R1 + Counter + Product Identification Code Hash Value] to generate S2. Return a reverse authentication packet to the security module, containing the platform ID, R2, counter, S2, system parameter identifier, and master public key digest; The security module generates a session key K based on R1, R2, and the counter using the SM9 key negotiation algorithm; Both parties established an SM4 encrypted channel to complete the secure transmission and binding of product identification codes.
[0041] The security module employs a hardware-level security design, including: Key operations are completed in a closed loop within the security module, and the SM9 private key d_ID is never exported. It features FUSE write protection, key security zone isolation, and anti-tampering and anti-replication characteristics; The read-only storage area is pre-configured with SEID, platform ID, system parameter identifier, and signature master public key digest.
[0042] The process of generating the session key K includes: The security module verifies the authenticity of the SM9 signature of the platform ID in the reverse authentication packet; Verify the consistency between the counter value and the sent value; Based on R1, R2 and the counter values, the SM9 key negotiation algorithm is executed to generate a 16-byte session key; Store the key K in the module's read-only key security area and never export it.
[0043] Secure transmission of product identification codes includes: The digital identity authentication platform distributes encrypted identification codes through an SM4-CBC encrypted channel; After the security module is decrypted, an SM3 hash comparison is performed to verify integrity. After successful verification, the identification code is written to the read-only storage area and bound to the SEID and SM9 private key d_ID; Return a successful write confirmation packet with SM4 encryption and SM9 signature to the digital identity authentication platform.
[0044] Specifically, the following steps are included: Safety module side (factory preset, no manual intervention): Core pre-defined items: Security module unique identifier (SEID, as SM9 public key ID), SM9 user private key d_ID (issued by the competent authority KGC, never exported), platform identity identifier (competent authority digital identity management platform ID, as platform SM9 public key ID), SM9 system parameter identifier, signature master public key digest (SM3 hash generated). Hardware capabilities: Supports SM9 signature / verification and SM4 encryption / decryption, and features FUSE write protection, key security zone isolation, and anti-tampering and anti-revision characteristics. All key operations are completed in a closed loop within the module.
[0045] Platform side (Digital Identity Security Management Platform of the competent authority / SM9-KGC): The following have been filed and are stored: Security Module SEID (consistent with the one submitted by the vendor during the application), SM9 signature master private key Ks, complete SM9 system parameters params, and signature master public key Ppub-s; Prepared: Unique product identification code for the drone (approved by the drone manufacturer, possessing uniqueness and immutability); The complete process includes the following steps: Step 1: The security module initiates a two-way authentication request (triggered in a controlled drone production environment). After the drone manufacturer completes the integration of the security module with the drone hardware, it sends a "unique product identification code write start command" to the security module through the production line control system. After the security module responds, it performs the following operations: Generate a cryptographic random number R1 and initialize an auto-incrementing authentication counter (initial value = 1, automatically incremented after each authentication to prevent duplicate requests). Retrieve the SEID (Core Identity ID) from the internal read-only storage area and collect the UTC standard timestamp; The module performs closed-loop SM9 signing: it calls the preset SM9 private key d_ID to generate a signature pair S1 for the data block to be signed, which consists of SEID+R1+authentication counter+timestamp, according to the national cryptographic standard SM9. The SEID, R1, authentication counter, timestamp, SM9 signature, S1, SM9 system parameter identifier, and master public key digest are packaged into an authentication request packet and sent to the competent authority KGC platform.
[0046] Step 2: The platform verifies the legitimacy of the security module's identity. After receiving the authentication request packet, the platform performs multi-dimensional verification to ensure that the request originates from a compliant and secure module. Parse the request packet, extract the SEID and SM9 system parameter identifier, and retrieve the complete local SM9 system parameter params based on the parameter identifier; Using SEID as the SM9 public key ID, combined with params and the signature master public key Ppub-s, the SM9 signature is subjected to standard signature verification operation on S1 to verify the authenticity of the signature (confirming that it is generated by the private key corresponding to the compliant SEID). Timeliness verification: Compare the timestamp with the platform's current UTC time; the difference must be ≤5 minutes (to prevent replay attacks). Counter verification: Confirm authentication counter value = 1 (first request, no history, to prevent duplicate binding); If all checks pass, proceed to the next step; if any check fails, terminate the process, report the security module identity anomaly to the drone manufacturer, and record the SEID, failure type, and timestamp in the traceability log.
[0047] Step 3: The platform initiates reverse authentication and key negotiation. After the platform completes the security module authentication, it simultaneously initiates reverse authentication (allowing the security module to verify the platform's identity) and prepares for key negotiation. Generate a cryptographic random number R2 on the platform side; Retrieve the platform identity identifier (SM9 public key ID), call the platform SM9 private key, and generate an SM9 signature pair S2 from the hash value of the platform identity identifier + R2 + R1 + authentication counter + unique product identification code SM3; The package includes platform identity identifier, R2, authentication counter, SM9 signature pair S2, SM9 system parameter identifier, master public key digest for reverse authentication, and key negotiation packet, which is then sent back to the security module.
[0048] Step 4: Security module verifies platform identity and negotiates session key. After receiving the reverse authentication packet, the security module completes platform identity verification and key generation within a closed loop: Parse the core information in the packet and extract the platform identity identifier, R2, and SM9 signature pair S2; Triple verification: Algorithm consistency: Compare the SM9 system parameter identifiers with the local preset values (to prevent algorithm downgrade attacks); Identity Authenticity: Using the platform's identity identifier as the SM9 public key ID, combined with local SM9 system parameters, a signature verification operation is performed on S2 (to confirm that the platform is a legitimate KGC). Data integrity: Verify that the authentication counter value is consistent with the value sent by itself (to prevent tampering); After successful verification, based on R1, R2, and the authentication counter, a session key K (16 bytes) is generated using the SM9 key negotiation algorithm and stored in the module key security area (read-only, never exported). If the verification fails, the process will be terminated, an "identity forgery" error log will be reported to the platform, and subsequent operations will be prohibited.
[0049] Step 5: Establish SM4 encrypted channel + Securely write unique product identification code Encrypted channel initialization: Both parties simultaneously enable SM4 symmetric encryption (CBC mode), using session key K as the encryption key; Encrypted transmission of identification code: The platform encrypts the drone's unique product identification code and sends it to the security module through the SM4 encryption channel; Intra-module decryption verification: The security module performs SM4 decryption internally and verifies the integrity of the identification code by comparing the SM3 hash (it must match the hash value issued by the platform). Secure write binding: After successful verification, the unique product identification code is written to the read-only storage area of the secure module and strongly associated with SEID and SM9 private key d_ID; Closed-loop confirmation: The security module sends a write success confirmation packet (SM4 encryption + SM9 signature) to the platform. After receiving the packet, the platform updates the traceability ledger and completes the full-link binding of SEID-SM9 private key-unique product identification code.
[0050] During the registration process, the generation of the terminal's unique product identification code includes at least the following data elements: Manufacturer ID, which is used to uniquely identify the manufacturer of the security module; SEID, or Security Module Identifier, is used to uniquely identify the security module currently integrated into the drone, and also serves as the SM9 public key ID; Unique Product Identifier for Drones: This serves as a unique identifier for drones, used to confirm and identify their identity during broadcasting and reporting processes; The drone flight controller serial number is used to uniquely identify the drone flight controller motherboard; Drone manufacturer logo, used to identify the manufacturer of the drone; Based on multiple data elements, the digital identity security management platform establishes a binding relationship between the central master key and the SM9 private key of the security module. The central master key serves as the root key for generating the SM9 private keys of each security module, ensuring that each drone has an independent private key corresponding to its unique product identification code.
[0051] During the flight of a drone, in accordance with the requirements of the national standard GB42590, it is necessary to broadcast / report the current operation identification information. This information includes the drone's unique product identification code, which is used to identify the drone's identity. This embodiment proposes to add a digital signature during the operation identification broadcast / reporting process based on the SM9 asymmetric encryption algorithm to ensure the security and immutability of the operation identification information (unique product identification code).
[0052] Specifically, when a drone needs to broadcast / report a unique product identification code, the main control module triggers an instruction to read the unique product identification code from the security module via the internal bus; The main control module packages the unique product identification code, timestamp, and drone terminal identifier (as the user identifier ID for SM9 signing) into a data block to be signed, and sends it to the security module via the SPI interface, along with an SM9 signature request command.
[0053] Upon receiving an SM9 signature request instruction, the SM9 key management module in the security module retrieves a pre-allocated SM9 private key from the key security area within the security module. This private key is generated by the SM9 key generation center based on the root key and SEID identifier, ensuring that each drone terminal has a unique private key. The security module starts the SM9 signature algorithm engine. When the drone needs to broadcast or report its unique product identification code during flight, the main control module sends the aforementioned message M to the security module. The security module performs SM9 national cryptographic signature operation internally to generate a compliant SM9 signature pair (96 bytes). The security module packages the message M to be signed, the signature pair, the timestamp, the system parameter identifier, and the master public key digest into a signature data packet. The signature data packet is encapsulated in accordance with the format specified in GB42590 standard. The following identification items are added to the fourth byte of the data identifier: algorithm identifier (identifying the algorithm type), identifier (security module unique identifier SEID), digital signature, timestamp, and parameter identifier. The drone's communication module is then used to broadcast or report the operation identification data with the signature value to achieve secure transmission and verification of the drone's unique product identification code.
[0054] In this embodiment, after the data receiving module of the receiving end (digital identity management platform or authorized supervision device) receives the signature data packet sent by the drone, it parses the data packet to obtain the signature data packet M to be verified, SEID, SM9 system parameter identifier, SM9 signature pair and timestamp; The SM9 signature verification engine uses the parsed SEID as the SM9 identity public key, repackages the signature-enabled data block M with the timestamp into a signature verification data block, uses this data block as the original verification data, calls the matching SM9 system parameters and the identity public key, and performs standard SM9 signature verification operation on the SM9 signature pair in the data packet. Simultaneously verifying the validity of the timestamp forms a multi-dimensional security protection for the drone's unique product identification code; During the drone manufacturing phase, a security module (SE / eSE) with independent security computing capabilities is integrated into the drone hardware system, and the following pre-configuration operations are performed within the security module: Pre-store unique device identification information, including but not limited to a 4-byte user ID (composed of a manufacturer's abbreviation and a short device serial number) and a 20-byte unique product identification code (including manufacturer code, product model code and serial number). Pre-configured key materials required for the SM9 algorithm, including but not limited to SM9 user private keys, SM9 system parameter identifiers and corresponding master and public key digests; Configure a heartbeat signal generation mechanism and set the trigger conditions for automatically reporting a heartbeat signal upon first activation and power-on.
[0055] In this embodiment, when the drone completes production assembly and is powered on for the first time, the safety module detects the power-on event and automatically performs the following operations: Generate a heartbeat signal packet containing device status information, the signal packet including at least: 4-byte user identifier ID; A unique 20-byte product identifier; 4-byte device status identifier (initial activation status); 2-byte timestamp (records the time the heartbeat was generated); 2-byte SM9 system parameter identifier.
[0056] The heartbeat signal packet is encrypted and transmitted to the authentication interface module of the digital identity management platform through the drone's communication module. The encryption method uses a pre-set temporary communication key or a symmetric encryption algorithm.
[0057] In this embodiment, after receiving the heartbeat signal packet, the digital identity management platform performs the following processing flow: Analyze the heartbeat signal packet to verify that the device status indicates it is in its initial activation state; Call the parameter management module to obtain the complete system parameters corresponding to the SM9 system parameter identifier; Based on the user's identifier ID, the corresponding SM9 user public key can be queried from the key management system or dynamically generated. Verify the integrity and authenticity of the heartbeat signal packets, including but not limited to: Verify that the timestamp is within the valid time window (e.g., ±30 seconds). Verify the digital signature of the heartbeat signal packet (if included) using the SM9 user public key; Once verification is successful, the key issuance process is triggered: Generate a dynamic application key K (16 bytes) specific to the drone. This key is generated through the SM9 key negotiation algorithm or a preset key derivation rule. Generate a key issuance response packet containing the dynamic application key K. The response packet structure must include at least: 4-byte platform identifier; 16-byte dynamic application key K; 2-byte authentication counter (initial value is 1); 4-byte key validity period identifier; 2-byte SM9 system parameter identifier; A 64-byte SM9 signature pair (for the signature of the above data block); The key issuance response packet is encrypted and transmitted to the drone security module, and the encryption method is symmetrical with the heartbeat signal packet transmission protocol.
[0058] In this embodiment, the UAV security module performs the following operations after receiving the key signing response packet: The SM9 system parameter identifier in the verification response packet is consistent with the local preset value; Verify the validity of the signature value using a pre-configured SM9 user private key; After successful verification, the dynamic application key K is stored in the key security area of the security module; Send a "key activation successful" signal to the main control module, and the main control module will grant access to the core functional modules of the drone accordingly; The digital identity management platform associates and stores the dynamic application key K, user ID, device unique identifier, and key validity period in an encrypted database, completing the key issuance closed loop.
[0059] If any verification step fails, the following exception handling procedure will be executed: The security module records the failure type (such as parameter mismatch, signature verification failure, timestamp expiration). Restrict access to the core functional modules of drones; The communication module reports anomaly logs to the digital identity management platform. The log content includes the failure type, timestamp, and device identification information. After receiving abnormal logs, the digital identity management platform will trigger a manual intervention process or an automatic retry mechanism according to preset rules.
[0060] In summary, this invention addresses the full lifecycle security protection needs of the unique product identification code for drones by proposing an innovative solution based on the SM9 identifier cryptography algorithm. Through a four-layer technical architecture of "certificate-free identity verification, dynamic secure transmission, mandatory functional linkage, and hardware-level key protection," it systematically solves the core pain points of traditional solutions, such as identity forgery, data tampering, and functional disconnection, achieving a high degree of unity between security, compliance, and practicality.
[0061] Based on the "identity as public key" characteristic of the SM9 algorithm, a data block to be signed is constructed by binding the drone's unique product identification code (20 bytes, including manufacturer code, product model, and serial number) with key information such as timestamp and user ID. This block is then encrypted using a standard SM9 signature pair (64 bytes). Combined with parameter identifiers and the master public key digest, a compact 196-byte data packet is formed. This satisfies the message length limit of the GB42590 standard and ensures the authenticity and non-repudiation of the identification code through a four-layer protection system (data integrity verification, algorithm consistency comparison, signature authenticity verification, and timestamp replay protection). This completely eliminates the reliance on traditional CA certificates and simplifies the identity management process.
[0062] The design incorporates a direct two-way authentication process between the security module and the digital identity authentication platform: the terminal security module generates an authentication request containing a random number, an authentication counter, and an SM9 signature. Upon successful verification by the platform, a signature response is sent back, and both parties simultaneously complete mutual identity verification and negotiate a dynamic application key. This key is dedicated to encrypting subsequent identification code transmission. By combining a "one-time pad" mechanism with the security module's physical-level storage (private key area isolation, closed execution of signature operations), the risk of fixed key leakage is effectively mitigated. Simultaneously, it eliminates intermediate steps, providing an end-to-end dedicated secure channel for identification code transmission.
[0063] The two-way authentication result is deeply integrated with the drone's flight function: the security module synchronizes the authentication status (strongly correlated with the identification code) to the main control module via a dedicated hardware pin. Only when authentication is successful will the main control module unlock the flight control system's takeoff permission; if authentication fails, the flight function is directly blocked. This mechanism strengthens the effectiveness of the identification code's identity binding from the source of use, eliminates the vulnerability that "functions can still be bypassed after authentication is successful," and provides underlying technical protection for low-altitude safety management.
[0064] The security module employs a partitioned storage design, independently storing the SM9 user's private key (used for identification code signing) in a "private key area." The entire signature operation is performed within the module in a closed loop, without outputting any intermediate data. This achieves physical-level isolation protection throughout the entire process from key generation and storage to use. Combined with a dynamic key update mechanism, the cost of forging or tampering with the identification code increases exponentially, significantly raising the security threshold for airspace management.
[0065] This invention, through the innovative application of the SM9 algorithm and system-level safety design, achieves the technical effects of reducing the cost of drone identification and rights confirmation and lowering the airspace conflict rate, while meeting the requirements of regulations such as the Civil Aviation Administration's "Rules for the Safety Management of Civil Unmanned Aerial Vehicle Operations". It can be quickly adapted to batch application scenarios such as logistics, inspection, and surveying, and provides a replicable and scalable safety solution for the large-scale development of the low-altitude economy industry, with significant economic benefits and social value.
[0066] The technical features of the above embodiments can be combined in any way. For the sake of brevity, not all possible combinations of the technical features in the above embodiments are described. However, as long as there is no contradiction in the combination of these technical features, they should be considered to be within the scope of this specification.
[0067] The above embodiments are merely preferred embodiments of the present invention and should not be construed as limiting the scope of protection of the present invention. Any non-substantial changes and substitutions made by those skilled in the art based on the present invention shall fall within the scope of protection claimed by the present invention.
Claims
1. A method for protecting the unique product identification code of a drone, characterized in that, include: Registration steps: During the drone manufacturing stage, drone manufacturers submit a unique product identification code registration application to the industry regulatory authority and integrate a security module on the edge of the drone. After the filing review is approved, the digital identity security management platform will send the unique product identification code to the security module integrated with the drone through a secure channel, and establish a binding relationship with the SM9 private key of the security module to achieve a one-to-one correspondence between the unique identity of each drone and the key. Issuance steps: The industry regulatory authority reviews, approves, and authorizes the production and manufacturing of security modules, and manages the issuance of SM9 keys. Qualified security module manufacturers can apply for the issuance of SM9 private keys and produce security modules. Signature steps: When the drone needs to broadcast or report its unique product identification code during flight, the drone main control module of the main control module sends message M to the security module. The security module performs SM9 national cryptographic signature operation internally and generates SM9 signature pair. The security module packages the message to be signed M, signature pair, timestamp, system parameter identifier and master public key digest into a signature data packet. Verification steps: After receiving the signed data packet, the receiving end parses the signed data packet to obtain the data packet to be verified M, SEID, SM9 system parameter identifier, SM9 signature pair, and timestamp. Then, it verifies the consistency of the system parameters. By using the SEID parsed by the SM9 verification engine as the SM9 identity public key, the verification data block M and the timestamp are repackaged into a verification data block. This data block is used as the original verification data. The matching SM9 system parameter identifier and SM9 identity public key are called to perform standard SM9 verification operation on the SM9 signature pair in the data packet. At the same time, the validity of the timestamp is verified, forming a multi-dimensional security protection for the unique product identification code of the drone. Two-way authentication steps: Two-way authentication is performed between the drone terminal and the digital identity authentication platform; Linked protection steps: The security module synchronizes the two-way authentication results to the main control module. Only when the authentication is successful will the main control module grant takeoff permission to the flight control system, thereby ensuring that only drone equipment with a legal and unique product identification code can be used normally.
2. The method according to claim 1, characterized in that, The two-way authentication process, specifically the drone two-way identity authentication and dynamic key negotiation based on the SM9 algorithm, includes the following steps: Security module side steps: In response to the unique product identification code writing command, generate a random number R1 and initialize the auto-incrementing authentication counter; Collect SEID and timestamp, and call the preset SM9 private key d_ID to perform SM9 signature on the combined data [SEID+R1+counter+timestamp] to generate S1; Send an authentication request packet containing [SEID + R1 + counter + timestamp + S1 + system parameter identifier + master public key digest] to the digital identity authentication platform; Platform-side steps: Parse the request packet and perform multi-dimensional validation, including: SM9 signature verification is performed by retrieving system parameters based on SEID. Timeliness verification for timestamp differences ≤ 5 minutes; The first request is verified when the counter value is 1; After successful verification, a random number R2 is generated. The platform's SM9 private key is then used to sign the combined data [Platform ID + R2 + R1 + Counter + Product Identification Code Hash Value] to generate S2. Return a reverse authentication packet containing [Platform ID + R2 + Counter + S2 + System Parameter Identifier + Master Public Key Digest] to the security module; The security module generates a session key K based on R1, R2, and the counter using the SM9 key negotiation algorithm; Both parties established an SM4 encrypted channel to complete the secure transmission and binding of product identification codes.
3. The method according to claim 2, characterized in that, The security module employs a hardware-level security design, including: Key operations are completed in a closed loop within the security module, and the SM9 private key d_ID is never exported. It features FUSE write protection, key security zone isolation, and anti-tampering and anti-replication characteristics; The read-only storage area is pre-configured with SEID, platform ID, system parameter identifier, and signature master public key digest.
4. The method according to claim 2, characterized in that, The process of generating the session key K includes: The security module verifies the authenticity of the SM9 signature of the platform ID in the reverse authentication packet; Verify the consistency between the counter value and the sent value; Based on R1, R2 and the counter values, the SM9 key negotiation algorithm is executed to generate a 16-byte session key; Store the key K in the module's read-only key security area and never export it; Secure transmission of product identification codes includes: The digital identity authentication platform distributes encrypted identification codes through an SM4-CBC encrypted channel; After the security module is decrypted, an SM3 hash comparison is performed to verify integrity. After successful verification, the identification code is written to the read-only storage area and bound to the SEID and SM9 private key d_ID; Return a successful write confirmation packet with SM4 encryption and SM9 signature to the digital identity authentication platform.
5. The method according to claim 1, characterized in that, During the registration process, the generation of the terminal's unique product identification code includes at least the following data elements: Manufacturer ID, which is used to uniquely identify the manufacturer of the security module; SEID, or Security Module Identifier, is used to uniquely identify the security module currently integrated into the drone, and also serves as the SM9 public key ID; Unique Product Identifier for Drones: This serves as a unique identifier for drones, used to confirm and identify their identity during broadcasting and reporting processes; The drone flight controller serial number is used to uniquely identify the drone flight controller motherboard; Drone manufacturer logo, used to identify the manufacturer of the drone; Based on multiple data elements, the digital identity security management platform establishes a binding relationship between the central master key and the SM9 private key of the security module. The central master key serves as the root key for generating the SM9 private keys of each security module, ensuring that each drone has an independent private key corresponding to its unique product identification code.
6. The method according to claim 1, characterized in that: During the signing process, when the drone needs to broadcast or report its unique product identification code during flight, the main control module sends the aforementioned message M to the security module. The security module internally performs SM9 national cryptographic signature calculation to generate a compliant SM9 signature pair. The security module packages the message M to be signed, the signature pair, the timestamp, the system parameter identifier, and the master public key digest into a signature data packet. The signature data packet is encapsulated in accordance with the format specified in GB42590 standard, and identification items are added to the fourth byte of data identifier: algorithm identifier, identifier, digital signature, timestamp, and parameter identifier; and the operation identification data with signature value is broadcast or reported to the outside world through the drone's communication module to achieve secure transmission and verification of the drone's unique product identification code.
7. The method according to claim 6, characterized in that: After receiving the signed data packet sent by the UAV, the data receiving module of the receiving end parses the data packet to be verified, and obtains the data packet M, SEID, SM9 system parameter identifier, SM9 signature pair and timestamp; The SM9 signature verification engine uses the parsed SEID as the SM9 identity public key, repackages the signature-enabled data block M with the timestamp into a signature verification data block, uses this data block as the original verification data, calls the matching SM9 system parameters and the identity public key, and performs standard SM9 signature verification operation on the SM9 signature pair in the data packet. Simultaneously verifying the validity of the timestamp forms a multi-dimensional security protection for the drone's unique product identification code.
8. The method according to any one of claims 1 to 7, characterized in that: During the drone manufacturing phase, the safety module is integrated into the drone hardware system, and the following pre-configuration operations are performed within the safety module: Pre-store unique device identification information, including at least a 4-byte user ID and a 20-byte unique product identification code; The key materials required for the SM9 algorithm include at least the SM9 user private key, the SM9 system parameter identifier, and the corresponding master and public key digest; Configure the heartbeat signal generation mechanism and set the trigger conditions for automatically reporting the heartbeat signal upon first activation and power-on. When the drone completes production assembly and is powered on for the first time, the safety module detects the power-on event and automatically performs the following operations: Generate a heartbeat signal packet containing device status information, the heartbeat signal packet including at least: 4-byte user ID, 20-byte unique product identifier, 4-byte device status identifier, 2-byte timestamp, and 2-byte SM9 system parameter identifier; The heartbeat signal packet is encrypted and transmitted to the authentication interface module of the digital identity management platform via the drone communication module.
9. The method according to claim 8, characterized in that, After receiving the heartbeat signal packet, the digital identity management platform performs the following processing steps: Analyze the heartbeat signal packet to verify that the device status indicates it is in its initial activation state; Call the parameter management module to obtain the complete system parameters corresponding to the SM9 system parameter identifier; Based on the user's identifier ID, the corresponding SM9 user public key can be queried from the key management system or dynamically generated. Verifying the integrity and authenticity of the heartbeat signal packet includes at least the following: Verify that the timestamp is within the valid time window; Verify the digital signature of the heartbeat signal packet using the SM9 user public key; Once verification is successful, the key issuance process is triggered: Generate a dynamic application key K specific to the drone, which is generated through the SM9 key negotiation algorithm or a preset key derivation rule; Generate a key issuance response packet containing the dynamic application key K. The response packet structure includes at least the following: 4-byte platform identifier, 16-byte dynamic application key K, 2-byte authentication counter, 4-byte key validity period identifier, 2-byte SM9 system parameter identifier, and 64-byte SM9 signature pair; The key issuance response packet is encrypted and transmitted to the drone security module, and the encryption method is symmetrical with the heartbeat signal packet transmission protocol.
10. The method according to claim 9, characterized in that, After receiving the key signing response packet, the drone security module performs the following operations: The SM9 system parameter identifier in the verification response packet is consistent with the local preset value; Verify the validity of the signature value using a pre-configured SM9 user private key; After successful verification, the dynamic application key K is stored in the key security area of the security module; Send a key activation success signal to the main control module, and the main control module will grant access to the core functional modules of the UAV accordingly. The digital identity management platform associates and stores the dynamic application key K, user ID, device unique identifier, and key validity period in an encrypted database, thus completing the key issuance closed loop. If any verification step fails, the following exception handling procedure will be executed: The security module records the failure type; Restrict access to the core functional modules of drones; The communication module reports anomaly logs to the digital identity management platform. The log content should include at least the failure type, timestamp, and device identification information. After receiving abnormal logs, the digital identity management platform will trigger a manual intervention process or an automatic retry mechanism according to preset rules.