An aircraft operating state reliable reporting system and method
By constructing a hardware-level isolated security processing unit within the UAV's onboard terminal for digital signatures, and combining this with signature verification by ground monitoring stations, the security risks of broadcast identification mechanisms are resolved. This enables reliable broadcasting of UAV messages, ensuring the authenticity and integrity of information and supporting highly reliable low-altitude surveillance.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- TSINGHUA UNIVERSITY
- Filing Date
- 2026-04-24
- Publication Date
- 2026-07-14
AI Technical Summary
Existing broadcast-based drone identification mechanisms lack identity authentication and data integrity protection, making them vulnerable to deception, interference, or spoofing attacks. This leads to security risks such as identity impersonation, location spoofing, and message replay, making it difficult to support the needs of highly reliable low-altitude surveillance.
A trusted execution environment is built within the onboard terminal of the drone. The drone's unique private key and signature logic are deployed in a hardware-isolated secure processing unit. Digital signatures are used to ensure the authenticity and integrity of the message content, and the public key of the ground monitoring station is used for verification, realizing a dual authentication mechanism of internal verification and external signature verification.
Effectively intercept the risk of non-cooperative drones reporting false locations, ensure the credibility of broadcast information, prevent identity forgery and location spoofing, and support the construction of a highly reliable low-altitude surveillance system.
Smart Images

Figure CN122392357A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of low-altitude flight control, and in particular to a reliable system and method for broadcasting the operational status of aircraft. Background Technology
[0002] In the field of low-altitude flight control, relevant standards clearly require that "light and small unmanned aerial vehicles (UAVs) conducting flight activities should proactively report identification information to the integrated regulatory service platform via the network," and stipulate that "broadcast remote identification should use Wi-Fi beacons or Bluetooth broadcast protocols to send messages." Furthermore, relevant departments have issued the "Minimum Performance Requirements for the Operation Identification of Civil Micro, Light, and Small Unmanned Aerial Vehicles," which standardizes the use of a fixed 25-byte structure for each type of broadcast operation identification message and stipulates that the dynamic message update frequency should not be less than once per second. The promulgation of these relevant standards has established a technical baseline for low-altitude flight supervision.
[0003] However, broadcast-based operation identification mechanisms have security flaws in open air environments. Because broadcast messages lack integrated authentication or data integrity protection mechanisms, they are highly vulnerable to deception, interference, or spoofing attacks. Attackers can easily forge basic ID messages and location vector messages, allowing malicious drones to impersonate legitimate drones and infiltrate legitimate fleets; or tamper with location and altitude information to breach electronic fences and enter no-fly zones; or launch message replay attacks that lead to misjudgments by the monitoring system, making it difficult to support high-reliability monitoring requirements. Summary of the Invention
[0004] In view of the above-mentioned technical problems, the present invention provides a reliable broadcasting system and method for aircraft operating status, which aims to overcome the above problems or at least partially solve the above problems.
[0005] The first aspect of this invention provides a reliable aircraft operational status broadcasting system, comprising: The first drone is used to verify the message content, digitally sign the verified message content using a private key to obtain a first digital signature result, and broadcast a first message, wherein the first message contains the first digital signature result and the identifier of the first drone. A ground monitoring station is used to receive the first message, obtain the public key of the first drone based on the identifier of the first drone in the first message, and use the public key of the first drone to verify the first digital signature result in the received first message to obtain the first trusted verification result of the first message of the first drone.
[0006] A second aspect of the present invention provides a reliable method for broadcasting the operational status of an aircraft, the method comprising: Verify the message content; use the private key to digitally sign the verified message content to obtain the first digital signature result; Broadcast a first message, wherein the first message contains the first digital signature result and the identifier of the first drone.
[0007] A third aspect of the present invention also provides a reliable method for broadcasting the operational status of an aircraft, the method comprising: Upon receiving a first message, the system obtains the public key of the first drone based on the identifier of the first drone in the first message, and uses the public key of the first drone to verify the first digital signature result in the received first message, thereby obtaining the first trusted verification result of the first message of the first drone.
[0008] In the aircraft operational status trusted broadcasting system proposed in this invention, after generating message content, the first UAV performs internal verification of the generated message content. Upon successful verification, the first UAV reads its private key and uses it to digitally sign the verified message content, obtaining a first digital signature result. The first UAV then broadcasts a first message containing the first digital signature result and its identifier. Upon receiving the first message, the ground monitoring station can obtain the first UAV's public key based on its identifier and use it to verify the first digital signature result in the first message, obtaining a first trusted verification result for the first message. This confirms whether the first message originates from a legally registered UAV and whether it has been tampered with during transmission. Thus, without significantly increasing communication overhead and while maintaining compatibility with relevant Remote ID protocols, this system utilizes a dual authentication mechanism of internal verification and external signature verification. By leveraging the internal verification function of the first UAV, it verifies the message content generated by the UAV, initially intercepting the risk of non-cooperative UAVs reporting false locations from the source. Ground monitoring stations externally verify the digital signature results in broadcast messages to determine whether there are risks such as forgery, tampering, or replay during the transmission of broadcast information over the air, thus ensuring the credibility of broadcast information. This ensures the authenticity, integrity, and non-repudiation of UAV broadcast messages, avoids malicious behaviors such as aircraft identity forgery, location spoofing, and message replay, and supports the construction of a highly reliable low-altitude monitoring system. Attached Figure Description
[0009] To more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments of the present invention will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0010] Figure 1 This is a structural block diagram of a reliable aircraft operation status broadcasting system according to an embodiment of the present invention; Figure 2 This is a schematic diagram illustrating the design of a trusted identity recognition module in a low-altitude aircraft according to an embodiment of the present invention; Figure 3 This is a flowchart of the steps of a reliable broadcasting method for the operational status of an aircraft provided in an embodiment of the present invention; Figure 4 This is a flowchart of a reliable broadcasting method for the operational status of an aircraft provided in another embodiment of the present invention; Figure 5 This is a schematic diagram of an electronic device according to an embodiment of the present invention. Detailed Implementation
[0011] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some, not all, of the embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
[0012] To address the aforementioned issues with current broadcast-based Remote ID mechanisms, such as the lack of authentication and data integrity protection, this invention proposes a trusted broadcasting system for aircraft operational status. This system constructs a trusted execution environment within the UAV's onboard terminal, deploying the UAV's unique private key and signature logic within a hardware-isolated secure processing unit. This ensures that the private key cannot be extracted even if the UAV's operating system is compromised or privileges are escalated. Within the secure processing unit, the device's private key is invoked to digitally sign the verified message content, generating an unforgeable digital signature result, which is then broadcast. This digital signature method resolves the security risks of broadcast-based operational identification information being easily forged and impersonated over the air interface. The ground monitoring station uses the UAV's public key to perform signature verification to confirm that the message originates from a legitimately registered UAV and has not been tampered with during transmission. Thus, through the dual authentication mechanism of internal verification and external signature verification proposed in this invention, the system can utilize the verification function within the security processing unit to verify the content of messages generated by the UAV, initially intercepting the risk of non-cooperative UAVs reporting false locations at the source. At the receiving end, the ground monitoring station performs external signature verification on the digital signature result in the broadcast message to determine whether there are risks such as forgery, tampering, or replay during the air interface transmission of the broadcast information, ensuring the credibility of the broadcast information.
[0013] Please refer to Figure 1 , Figure 1 This is a structural block diagram of a reliable aircraft operational status broadcasting system according to an embodiment of the present invention. Figure 1 As shown, the reliable aircraft operation status broadcasting system provided in this embodiment includes at least a first UAV and a ground monitoring station.
[0014] The first drone is used to verify the message content, digitally sign the verified message content using a private key to obtain a first digital signature result, and broadcast a first message, wherein the first message contains the first digital signature result and the identifier of the first drone.
[0015] In this embodiment, the aircraft is a low-altitude aircraft, referring to an aircraft that operates within low-altitude airspace and primarily engages in various flight activities such as carrying passengers, cargo, or performing operations. Generally, low-altitude airspace in a broad sense usually refers to airspace below 1000 meters above the ground or water surface, and in areas with complex terrain or special needs, it can extend to within 3000 meters; in addition, airspace where mainstream operations are limited to 300 meters or 120 meters or below can also be considered low-altitude airspace. In this embodiment, low-altitude aircraft include unmanned aerial vehicles (UAVs).
[0016] The first drone can be any type of drone. During flight, the first drone needs to dynamically generate message content and broadcast the message using the Wi-Fi beacon broadcast protocol. However, the current message frame structure is vulnerable to forgery and tampering under open air interfaces, and there is also a security risk of non-cooperative drones reporting false locations. To fill this security gap, this embodiment uses data verification and data signature methods to achieve reliable identification of this information.
[0017] Specifically, to ensure the authenticity of the data, after the first drone generates its message content, a data consistency check is performed inside the first drone to verify the authenticity of the data. That is, the first drone verifies the message content. After the message content is verified, it indicates that the current message content is authentic, and then it enters the digital signature stage.
[0018] During the digital signature phase, the first drone reads its own private key and uses it to digitally sign the verified message content, obtaining a first digital signature result. Afterward, the first drone can broadcast a first message, for example, in WiFi beacon broadcast mode. This first message includes the first digital signature result and the drone's identifier.
[0019] A ground monitoring station is used to receive the first message, obtain the public key of the first drone based on the identifier of the first drone in the first message, and use the public key of the first drone to verify the first digital signature result in the received first message to obtain the first trusted verification result of the first message of the first drone.
[0020] In this embodiment, the ground monitoring station is the monitoring terminal for the UAV. The ground monitoring station can receive the first message broadcast by the first UAV and extract the UAV's identifier and first digital signature result from the first message. Based on the UAV's identifier, the ground monitoring station can obtain the UAV's public key and use it to verify the first digital signature result, obtaining a first trust verification result for the first message to confirm whether the first message originates from a legally registered UAV and has not been tampered with during air interface transmission. The public key of the first UAV is a public key that matches the UAV's private key.
[0021] If the first trusted verification result of the first message from the first drone indicates that the first digital signature result has been successfully verified, it can be confirmed that the first message originates from a legally registered drone and has not been tampered with during air interface transmission. If the first trusted verification result of the first message from the first drone indicates that the first digital signature result has failed to be verified, it can be confirmed that the first message originates from an illegally registered drone, and / or that the first message has been tampered with during air interface transmission. If the ground monitoring station cannot obtain the public key of the first drone, it can be determined that the first drone is not a legally registered drone. In this case, the first drone can be marked as not having undergone security authentication, and a first trusted verification result indicating that the first digital signature result verification has failed will be obtained.
[0022] In this embodiment, the first UAV first performs internal verification on the generated message content. Using its private key, the first UAV digitally signs the internally verified message content, generating a digital signature result, which is then broadcast. This digital signature method addresses the security risks of forgery and identity impersonation of broadcast operation identification information over the air interface. The ground monitoring station uses the UAV's public key to perform signature verification to confirm whether the message originates from a legitimately registered UAV and has not been tampered with during transmission. Thus, this embodiment, based on a dual authentication mechanism of internal verification and external signature verification, utilizes the internal verification function of the first UAV to verify the message content generated by the UAV, initially intercepting the risk of non-cooperative UAVs reporting false locations. The ground monitoring station performs external signature verification on the digital signature result in the broadcast message to determine whether the broadcast information has been forged, tampered with, or replayed during air interface transmission, ensuring the credibility of the broadcast information. This ensures the authenticity, integrity, and non-repudiation of the UAV broadcast message, avoiding malicious behaviors such as aircraft identity forgery, location spoofing, and message replay, supporting the construction of a highly reliable low-altitude surveillance system.
[0023] In conjunction with the above embodiments, in one implementation, the present invention also provides a reliable aircraft operation status broadcasting system. In this reliable aircraft operation status broadcasting system, the first UAV has a first security processing unit; the first security processing unit operates independently of the operating system of the first UAV and is hardware-level isolated from the system-on-a-chip of the first UAV.
[0024] In this embodiment, the first security processing unit operates independently of the operating system of the first UAV and is hardware-isolated from the system-on-a-chip of the first UAV. That is, the first security processing unit is a security processing unit within the first UAV. It is a trusted physically isolated region built based on system-on-a-chip hardware isolation technology, operating independently of the UAV's general-purpose operating system. It possesses protected memory space, independent logical computing capabilities, and a physically unreadable key storage area, and is at least used to implement pre-verification of message content and secure, controlled access to the device's private key.
[0025] The first drone verifies the message content of the first drone through the first security processing unit.
[0026] In this embodiment, to ensure the authenticity of the data, after the first UAV generates the message content, a data consistency check is performed inside the first security processing unit to verify the authenticity of the data. That is, the first security processing unit verifies the message content of the first UAV. After the message content is verified, it indicates that the current message content is authentic, and then enters the digital signature stage.
[0027] The first drone reads its private key from the key storage area within the first security processing unit through the first security processing unit, and uses the first drone's private key to digitally sign the verified message content.
[0028] In this embodiment, during the digital signature stage, the first security processing unit reads the private key of the first drone from the key storage area within the first security processing unit, and uses the private key of the first drone to digitally sign the verified message content to obtain the first digital signature result.
[0029] In one example, the first security processing unit may employ digital signature methods, including but not limited to SM2 and DSA, to digitally sign the verified message content. The security of the signing process is ensured by hardware-level isolation protection provided by the first security processing unit, resulting in a first digital signature result. The unique private key corresponding to the first UAV is stored internally within the first secure storage unit (i.e., in the key storage area within the first security processing unit), and cannot be read or retrieved by an external operating system. Using the private key of the first UAV deployed within the first security processing unit, the first security processing unit performs a signature operation on the verified identification information (i.e., the verified message content) in an isolated memory area, obtaining the first digital signature result.
[0030] In this embodiment, a trusted execution environment is constructed within the onboard terminal of the drone. The drone's unique private key and signing logic are deployed in a hardware-isolated secure processing unit environment. This ensures that the private key cannot be extracted even if the drone's operating system is cracked or privileges are escalated. Within the secure processing unit, the device's private key is invoked, and the private key of the first drone is used to digitally sign the internally verified message content, obtaining a first digital signature result. A first message containing the first digital signature result and the identifier of the first drone is then broadcast externally. The first secure processing unit operates independently of the first drone's operating system and is hardware-isolated from the drone's system-on-a-chip. In other words, the first secure processing unit is a trusted physically isolated area built based on system-on-a-chip hardware isolation technology, operating independently of the drone's general-purpose operating system. It possesses protected memory space, independent logical computing capabilities, and a physically unreadable key storage area, at least for pre-verifying message content and securely controlled access to the device's private key. Because the first security processing unit provides hardware-level isolation and memory protection, it ensures that the private key of the first drone is never exposed to the main operating system or application layer. Even if the firmware of the first drone is reverse-engineered or the system is privileged, attackers will not be able to extract the key or forge a valid signature.
[0031] In conjunction with the above embodiments, in one implementation, the present invention also provides a reliable aircraft operation status broadcasting system, which further includes a second unmanned aerial vehicle (UAV).
[0032] The second drone receives the first message, obtains the public key of the first drone based on the identifier of the first drone in the first message, and uses the public key of the first drone to verify the first digital signature result in the first message to obtain the second trusted verification result of the first message of the first drone.
[0033] In this embodiment, after the first UAV broadcasts the first message, other UAVs in the airspace, besides the ground monitoring station, can also receive the first message broadcast by the first UAV. The second UAV is any UAV other than the first UAV. The second UAV receives the first message from the first UAV and extracts the identifier and first digital signature result of the first UAV from the first message. Then, the second security processing unit of the second UAV can obtain the public key of the first UAV from the cloud based on the identifier of the first UAV, and use the public key of the first UAV to verify the first digital signature result, obtaining a second trust verification result of the first message, to confirm whether the first message originates from a legally registered UAV and has not been tampered with during air interface transmission. The second security processing unit is a security processing unit within the second UAV.
[0034] The second UAV adjusts its flight strategy based on the second credibility verification result of the first message from the first UAV.
[0035] In this embodiment, after the second drone obtains the second trusted verification result of the first message from the first drone, it can adjust its flight strategy based on this second trusted verification result. If the second trusted verification result indicates that the first digital signature result has been successfully verified, the second drone can confirm that the first message originated from a legally registered drone and has not been tampered with during air interface transmission. In this case, the second drone can adjust its flight strategy based on the first message, such as performing flight path planning. If the second trusted verification result indicates that the first digital signature result has failed to be verified, it can be confirmed that the first message originated from an illegally registered drone, and / or that the first message was tampered with during air interface transmission. In this case, the second drone can adjust its flight strategy based on the first message, such as controlling the second drone to perform emergency avoidance. If the second drone cannot obtain the public key of the first drone, it can be determined that the first drone is not a legally registered drone. In this case, the first drone can be marked as not having undergone security authentication, and a second trusted verification result indicating that the first digital signature result verification failed will be obtained.
[0036] In conjunction with any of the above embodiments, the present invention also provides a reliable broadcasting system for aircraft operating status. In this reliable broadcasting system for aircraft operating status, the ground monitoring station obtains the current location of the first UAV, uses the identifier of the first UAV and the current location of the first UAV as the first message content of the ground monitoring station, and uses the private key of the ground monitoring station to digitally sign the first message content of the ground monitoring station to obtain a second digital signature result.
[0037] In this embodiment, the second drone is any drone other than the first drone. Considering that the drone is in a high-speed moving state, the broadcast sources of nearby drones change significantly, and since the second drone may not be able to connect to the cloud in real time, it cannot obtain all the public key information of nearby drones in real time (e.g., the second drone cannot obtain the public keys corresponding to the multiple nearby first drones in real time) for signature verification, which leads to misjudgment of the first message of the first drone.
[0038] Based on this, this embodiment uses a ground monitoring station to distribute information related to the trusted verification results to multiple second UAVs within the airspace. Specifically, the ground monitoring station can obtain the current location of the first UAV and use at least the identifier and current location of the first UAV as the content of the ground monitoring station's first message. The ground monitoring station then uses its private key to digitally sign the content of the first message, obtaining a second digital signature result.
[0039] If the verification of the first digital signature result of the first message of the first UAV fails, the ground monitoring station will send a second message containing the second digital signature result and the identifier of the ground monitoring station to multiple second UAVs.
[0040] In this embodiment, when the first trusted verification result of the first message indicates that the verification of the first digital signature result failed (i.e., the ground monitoring station determines that the first message comes from an illegally registered drone (i.e., from a high-risk drone), and / or the first message is tampered with during air interface transmission), the ground monitoring station generates a second message and sends the second message to multiple second drones (i.e., other drones in the airspace besides the first drone). The second message includes at least: the second digital signature result and the identifier of the ground monitoring station.
[0041] In this embodiment, the ground monitoring station can feed back the verification results to other second UAVs in the airspace in real time, making up for the shortcoming that the mobile terminal cannot obtain all public keys in real time, realizing the improvement from single-machine trust to airspace collaborative management, and improving the regulatory efficiency and obstacle avoidance safety in complex low-altitude environments.
[0042] In conjunction with any of the above embodiments, in one implementation, the present invention also provides a reliable broadcasting system for aircraft operational status. In this system, each of the plurality of second UAVs reads the public key of a ground monitoring station and uses the public key of the ground monitoring station to verify the second digital signature result in the second message of the ground monitoring station.
[0043] In this embodiment, the second UAV has a second security processing unit, and multiple second UAVs can receive a second message sent by a ground monitoring station. Each second UAV can extract the second digital signature result and the identifier of the ground monitoring station from the second message. The second security processing unit within the second UAV can read the public key of the ground monitoring station from its key storage area based on the identifier of the ground monitoring station. The second security processing unit can then use the public key of the ground monitoring station to verify the second digital signature result in the second message, confirming whether the verification was successful. In addition to storing the private key of its own UAV, each UAV's security processing unit also pre-stores the public key of the ground monitoring station in its key storage area.
[0044] If the second digital signature result in the second message of the ground monitoring station is successfully verified, each of the plurality of second UAVs marks the first UAV as an untrusted UAV, and performs flight path avoidance on the first UAV according to the current position of the first UAV in the second message of the ground monitoring station.
[0045] In this embodiment, if the second digital signature result is successfully verified, the second security processing unit indicates that the second message has not been tampered with and obtains the identifier and current location of the first drone. At this time, the second drone can record information about the first drone (such as recording the identifier of the first drone), mark the first drone as an untrusted drone, and perform flight path avoidance on the first drone based on its current location. After marking the first drone as an untrusted drone, the second drone can reduce the confidence level of received messages broadcast by the first drone and subsequently perform relevant processing on the received broadcast messages based on the confidence level (such as adjusting the flight strategy based on the broadcast messages).
[0046] If the verification of the second digital signature fails, the second security processing unit indicates that the second message has been tampered with. In this case, the second security processing unit can discard the second message and not accept it.
[0047] In conjunction with any of the above embodiments, in one implementation, the present invention also provides a reliable aircraft operation status broadcasting system. In this reliable aircraft operation status broadcasting system, the first UAV sends a registration request carrying the identifier of the first UAV to the ground monitoring station; the ground monitoring station allocates a public key to the first UAV based on the registration request and stores the correspondence between the identifier of the first UAV and the public key of the first UAV.
[0048] In this embodiment, the first UAV can send a registration request carrying the identifier of the first UAV to the ground monitoring station. Based on the registration request, the ground monitoring station allocates a public key to the first UAV and stores the correspondence between the identifier of the first UAV and the public key of the first UAV.
[0049] The ground monitoring station obtains the public key of the first UAV based on the identifier of the first UAV; the ground monitoring station updates the validity of the public key of the first UAV based on the first trust verification result of the first message of the first UAV.
[0050] In this embodiment, the ground monitoring station can obtain the public key of the first drone based on the identifier of the first drone in the first message, and update the validity of the public key of the first drone based on the obtained first trusted verification result. Specifically, if the first trusted verification result indicates that the first digital signature result has been successfully verified, the ground monitoring station can mark the public key of the first drone as valid; if the first trusted verification result indicates that the first digital signature result has failed to be verified, the ground monitoring station can mark the public key of the first drone as invalid. This allows the station to update the certificate revocation list and update the trusted drone devices when the drone becomes invalid due to violations or other behaviors.
[0051] In one optional implementation, the ground monitoring station includes a cloud-based public key management platform. Specifically, the public key management platform is responsible for verifying the legitimacy of drone manufacturers and terminal devices, and storing the correspondence between the device public key generated during the drone registration phase and the drone's identifier. In one optional example, the drone's identifier is its unique product identification code. The public key management platform can provide public key query services to the ground monitoring station through a public key query interface or offline distribution, allowing the ground monitoring station to obtain the authentic drone public key.
[0052] Specifically, during the drone registration phase, the first drone can send a registration request carrying its identifier to the public key management platform. The public key management platform can then assign a public key to the first drone based on this registration request, and the assigned public key corresponds to the first drone's private key. The platform also stores the mapping between the first drone's identifier and its public key.
[0053] In this embodiment, the ground monitoring station can send a public key request carrying the identifier of the first UAV to the public key management platform. Upon receiving the public key request, the public key management platform finds the public key of the first UAV corresponding to the identifier of the first UAV based on the identifier of the first UAV in the public key request and the correspondence between the UAV public key and the UAV identifier stored in the public key management platform, and returns the public key of the first UAV to the ground monitoring station.
[0054] In this embodiment, after receiving the first trusted verification result of the first message, the ground monitoring station can send the first trusted verification result to the public key management platform. The public key management platform can update the validity of the public key of the first UAV based on the first trusted verification result. Specifically, if the first trusted verification result indicates that the first digital signature result has been successfully verified, the public key management platform can mark the public key of the first UAV as valid; if the first trusted verification result indicates that the first digital signature result has failed to be verified, the public key management platform can mark the public key of the first UAV as invalid. This allows the platform to update the certificate revocation list and update the trusted UAV devices when the UAV becomes invalid due to violations or other behaviors.
[0055] In one optional example, the public key management platform can mark the identifier of the drone corresponding to the digital signature result as untrusted if the trusted verification result indicates that the digital signature result verification has failed. If the number of times an identifier of a drone is marked as untrusted reaches a preset number (such as 3 times), the public key management platform can mark the public key corresponding to the identifier of the drone as invalid based on the identifier of the drone.
[0056] In conjunction with any of the above embodiments, in one implementation, the present invention also provides a reliable aircraft operational status broadcasting system. In this system, the GPS module or BeiDou receiver module within the first UAV locates the first UAV to obtain its reported location, which is then used as the message content of the first UAV.
[0057] In this embodiment, the operating system within the first UAV includes a GPS module or a BeiDou receiver module. The first UAV can perform real-time positioning through the GPS module or the BeiDou receiver module to obtain the real-time location information of the first UAV, which serves as the location to be reported by the first UAV. The location to be reported by the first UAV is one of the message contents of the first UAV.
[0058] The independent positioning unit inside the first drone locates the first drone and obtains its reference position.
[0059] In this embodiment, the first UAV has a built-in independent positioning unit. For example, the first security processing unit has a built-in independent positioning unit that can obtain spatiotemporal reference information: the first UAV is positioned by the independent positioning unit to obtain the reference position of the first UAV.
[0060] The first drone uses its reference position to verify the location to be reported; if the location to be reported by the first drone matches the reference position, the first drone determines that the location to be reported has been verified.
[0061] In this embodiment, to prevent the flight control system of the first UAV from reporting false positions, the first UAV can perform pre-verification (internal verification) of the flight status in the message content based on its independent logical computing capabilities. Specifically, the first security processing unit can use the reference position of the first UAV to verify the position to be reported by the first UAV. If the position to be reported by the first UAV matches the reference position of the first UAV, the first security processing unit determines that the position to be reported by the first UAV has passed verification, indicating that the message content of the first UAV has passed verification.
[0062] If the location to be reported by the first UAV does not match its reference location, the first security processing unit determines that the verification of the location to be reported by the first UAV has failed, indicating that the verification of the message content of the first UAV has failed. At this point, the location to be reported is intercepted and the abnormal information is recorded. In an optional embodiment, if the verification of the location to be reported by the first UAV fails, the reference location of the first UAV can be used as the message content of the first UAV.
[0063] In a specific example, the first security processing unit verifies the reported location of the first UAV using the reference position of the first UAV as follows: The first security processing unit compares the reference position of the first UAV with the reported location of the first UAV. If the deviation between the reference position and the reported location of the first UAV is within a preset deviation range, the reported location of the first UAV is determined to be credible, the reported location of the first UAV matches the reference position of the first UAV, the reported location of the first UAV is verified, and the subsequent digital signature and broadcasting steps are allowed. If the deviation between the reference position and the reported location of the first UAV exceeds the preset deviation range, the reported location of the first UAV is determined to be untrustworthy, the reported location of the first UAV does not match the reference position of the first UAV.
[0064] In an optional embodiment, if the first security processing unit does not have a built-in independent positioning unit, the first security processing unit can calculate the current position information of the first UAV by receiving the original navigation message sent by the Global Navigation Satellite System (GNSS), and then use the current position information of the first UAV to verify the position to be reported by the first UAV. If the position to be reported by the first UAV matches the reference position of the first UAV, it is determined that the position to be reported by the first UAV has been verified.
[0065] In another optional embodiment, if the first security processing unit does not have a built-in independent positioning unit, internal verification can be achieved through physical constraint priors and dynamic constraints. Specifically, the real-time location information of the first UAV obtained by the GPS module or Beidou receiving module during a preset time period can be used as the reported location of the first UAV. It is then determined whether the reported location of the first UAV exhibits a change that violates physical laws, such as a jump in position. If the reported location of the first UAV exhibits a change that violates physical laws, the reported location verification is deemed unsuccessful. If the reported location of the first UAV does not exhibit a change that violates physical laws, the reported location verification is deemed successful.
[0066] In conjunction with any of the above embodiments, in one implementation, the present invention also provides a reliable broadcasting system for aircraft operating status. In this system, the message content of the first UAV further includes the flight speed and flight attitude to be reported by the first UAV; the first UAV binds its verified reported location with its identifier, the flight speed and flight attitude to be reported, a timestamp, and the operator's identity identifier to obtain a first message containing the first digital signature result and the identifier of the first UAV.
[0067] In this embodiment, the first UAV can bind its verified, reported location to be reported with its identifier, its reported flight speed and attitude, a timestamp, and the operator's identity to obtain a first message. For example, the first UAV can use a first security processing unit to bind its verified, reported location to be reported with its identifier, its reported flight speed and attitude, a timestamp, and the operator's identity to obtain a first message. It is understood that flight speed and attitude are flight status information. This embodiment can obtain the dynamic behavioral characteristics of the first UAV based on its flight status information, forming an identifiable and traceable flight behavior fingerprint.
[0068] In one example, the verified location to be reported can be bound to the identifier of the first UAV, the flight speed and attitude to be reported by the first UAV, as well as the timestamp and the operator's identity to obtain the verified message content; then, the verified message content is signed by the private key of the first UAV to obtain the first digital signature result, ensuring that the identity cannot be forged; the first security processing unit performs structured encapsulation of the verified message content and embeds the first digital signature result by extending fields to prevent data from being tampered with or forged, and generates the first message with a broadcast frame structure to ensure the unforgeability and non-repudiation of the broadcast data.
[0069] If the first trusted verification result of the first message of the first UAV indicates that the first digital signature result has been successfully verified, the ground monitoring station compares the timestamp in the first message of the first UAV with the current timestamp. If the time difference between the timestamp in the first message of the first UAV and the current timestamp exceeds a preset duration, the first message of the first UAV is determined to be an old message and the first message of the first UAV is discarded.
[0070] In this embodiment, when the ground monitoring station determines that the first trusted verification result of the first message of the first UAV indicates that the first digital signature result has been successfully verified, it compares the timestamp in the first message of the first UAV with the current timestamp. If the time difference between the timestamp in the first message of the first UAV and the current timestamp exceeds a preset duration, it determines that the first message of the first UAV is an old message and discards the first message of the first UAV.
[0071] If the time difference between the timestamp in the first message of the first UAV and the current timestamp does not exceed the preset duration, the ground monitoring station updates the flight trajectory of the first UAV based on the first message and provides the updated flight trajectory of the first UAV to other ground monitoring stations.
[0072] In this embodiment, if the first trusted verification result of the first message of the first UAV indicates that the first digital signature result has been successfully verified and the time difference between the timestamp in the first message of the first UAV and the current timestamp does not exceed a preset duration, the ground monitoring station confirms that the first message originates from a legally registered UAV and has not been tampered with during air interface transmission. At this time, the flight trajectory of the first UAV can be updated based on the first message, and the updated flight trajectory of the first UAV can be provided to other ground monitoring stations that the first UAV passes through during flight, so as to share the real-time flight trajectory of the first UAV.
[0073] In conjunction with any of the above embodiments, in one embodiment, the first security processing unit may further perform internal verification on the flight speed to be reported by the first UAV in the message content of the first UAV based on prior physical constraints. If it is determined that the flight speed to be reported by the first UAV exceeds a reasonable range, it can be determined that the flight speed to be reported by the first UAV has changed in violation of physical laws, and the verification of the flight speed to be reported by the first UAV fails; if the flight speed to be reported by the first UAV does not change in violation of physical laws, the verification of the flight speed to be reported by the first UAV passes. The first security processing unit binds the verified reporting position of the first UAV with the identifier of the first UAV, the verified reporting flight speed and reporting flight attitude of the first UAV, as well as the timestamp and the operator's identity identifier to obtain the first message.
[0074] In conjunction with any of the above embodiments, in one implementation, the present invention also provides a reliable aircraft operational status broadcasting system. In this reliable aircraft operational status broadcasting system, the ground monitoring station receives messages sent by multiple second unmanned aerial vehicles (UAVs) and identifies untrusted second UAVs.
[0075] In this embodiment, the second drone also verifies the message content of the second drone based on its own internal second security processing unit, reads the private key of the second drone from the key storage area in the second security processing unit, and uses the private key of the second drone to digitally sign the verified message content of the second drone to obtain a fourth digital signature result; the second drone broadcasts a message containing the fourth digital signature result and the identifier of the second drone.
[0076] The ground monitoring station can receive messages broadcast by multiple second UAVs. Based on the identifier of each second UAV, it obtains the public key of each second UAV and uses the public key of each second UAV to verify the fourth digital signature result in the message sent by the corresponding second UAV. This yields the third trust verification result of the message sent by each second UAV. If the third trust verification result indicates that the verification of the fourth digital signature result has failed, the ground monitoring station marks the second UAV as an untrusted UAV. In other words, the second UAV is an untrusted UAV, thus identifying the untrusted second UAV from among the multiple second UAVs.
[0077] The ground monitoring station obtains the current location of the untrusted second drone, uses the identifier of the untrusted second drone and its current location as the content of the ground monitoring station's second message, and digitally signs the content of the second message using the ground monitoring station's private key to obtain a third digital signature result; the ground monitoring station broadcasts a third message containing the third digital signature result and the identifier of the ground monitoring station.
[0078] In this embodiment, the ground monitoring station can obtain the current location of the untrusted second drone, and use at least the identifier and current location of the untrusted second drone as the content of its second message. The ground monitoring station then uses its private key to digitally sign the content of the second message, obtaining a third digital signature result. Afterwards, the ground monitoring station broadcasts a third message, which includes the third digital signature result and the identifier of the ground monitoring station. In one example, the ground monitoring station can broadcast this third message in WiFi beacon broadcast mode, allowing all drones in the airspace (including the first drone) to receive it.
[0079] The first UAV reads the public key of the ground monitoring station and uses the public key of the ground monitoring station to verify the third digital signature result in the third message of the ground monitoring station.
[0080] In this embodiment, the first UAV can receive a third message broadcast by the ground monitoring station and extract the third digital signature result and the identifier of the ground monitoring station from the third message. The first UAV can read the public key of the ground monitoring station and then use the public key of the ground monitoring station to verify the third digital signature result in the third message to confirm whether the third digital signature result has been successfully verified.
[0081] In an optional example, the first UAV can read the public key of the ground monitoring station from the key storage area within the first security processing unit based on the identifier of the ground monitoring station, and then use the public key of the ground monitoring station to verify the third digital signature result in the third message to confirm whether the third digital signature result has been successfully verified.
[0082] If the third digital signature result in the third message of the ground monitoring station is successfully verified, the first UAV marks the untrusted second UAV as an untrusted UAV, and performs route avoidance on the untrusted second UAV according to the current position of the untrusted second UAV in the third message of the ground monitoring station.
[0083] In this embodiment, if the third digital signature result is successfully verified, the first UAV (such as the first security processing unit) indicates that the third message has not been tampered with, and obtains the identifier and current location of the untrusted second UAV. At this time, the first UAV can record the information of the untrusted second UAV (such as recording the identifier), mark the untrusted second UAV as an untrusted UAV, and perform flight path avoidance based on the current location of the untrusted second UAV. After marking the untrusted second UAV as an untrusted UAV, the first UAV can reduce the confidence level of received messages broadcast by the untrusted second UAV and subsequently perform relevant processing on the received broadcast messages based on the confidence level (such as adjusting the flight strategy based on the broadcast messages).
[0084] If the verification of the third digital signature result fails, it indicates that the third message has been tampered with. In this case, the first security processing unit can discard the third message and not accept it.
[0085] In this embodiment, the security processing unit in any UAV can perform internal verification and digital signature on the dynamic message content (including but not limited to key fields such as identifier, latitude and longitude, altitude, speed, and timestamp) that it needs to broadcast, and can also verify the digital signature results in the messages broadcast by the ground monitoring station, thereby realizing low-altitude trusted identity construction and remote verification based on a trusted execution environment.
[0086] In one embodiment, such as Figure 2 As shown, Figure 2 This is a schematic diagram illustrating the design of a trusted identity recognition module in a low-altitude aircraft according to an embodiment of the present invention. Figure 2 In this system, the trusted identity recognition module is integrated within any UAV. Its core feature lies in the construction of a trusted execution environment (i.e., a secure processing unit) independent of the UAV's operating system, through system-on-a-chip (SoC) hardware isolation technology. This environment is used to perform high-level identity verification and data signature tasks. As an airborne terminal with integrated communication network centralized management capabilities, the trusted identity recognition module enables trusted authentication of UAV identity information and can also handle some data processing.
[0087] Figure 2The trusted identity recognition module mainly includes functions such as flight fingerprinting, positioning processing, status verification, trusted identity, data encapsulation, and status broadcasting. Among these, status verification, trusted identity, and data encapsulation are functions of the security processing unit, while flight fingerprinting, positioning processing, and status broadcasting are functions of the UAV's operating system, independent of the security processing unit. The flight fingerprinting function obtains the UAV's dynamic behavioral characteristics based on the aircraft's status data, such as speed and attitude, forming an identifiable and traceable flight behavior fingerprint. The positioning processing function utilizes the GPS or BeiDou receiver module integrated into the operating system hardware to acquire the UAV's latitude, longitude, and altitude information in real time, providing a high-precision spatiotemporal reference for flight trajectory tracking and position verification. All of this information is sent to the security processing unit for aggregation. In the trusted execution environment, the status verification function first verifies the authenticity of the incoming data using the aforementioned internal verification methods. The trusted identity function binds multi-dimensional information such as the drone's identifier (e.g., unique product identification code), flight behavior fingerprint, and operator identity, and generates a trusted identity identifier through drone private key signing to ensure that the identity cannot be forged. The data encapsulation function gathers multi-source status information such as trusted identity, location data, and timestamps, performs structured encapsulation within the secure processing unit, and attaches a digital signature to prevent data tampering or forgery, and generates a broadcast frame structure. Finally, the status broadcast function broadcasts the drone's real-time status information via Wi-Fi or Bluetooth module.
[0088] In other words, the core of the trusted identity recognition module is to divide the execution environment into trusted areas through hardware isolation technology, including functional modules such as state verification, trusted identity, and data encapsulation. Trusted identity-related functions, such as private key storage, signature calculation, and state verification, are all completed in physically isolated areas to ensure the reliability of the calculation results.
[0089] In one embodiment, in conjunction with any of the above embodiments, the function of the UAV is to generate and broadcast trusted data, with the main steps completed within an internally integrated trusted execution environment. The UAV can receive operational data from the flight control system, access its private key in the isolated area of the secure processing unit, and digitally sign the verified identity information, verified flight data, timestamps, etc., generating an unforgeable and tamper-proof secure payload, which is then broadcast. The data content signed by the UAV includes the UAV's static identification information and dynamic operational status information, specifically including a basic ID message (containing the UAV's identifier), a position vector message (including the UAV's real-time latitude, longitude, altitude, speed, timestamp, etc.), a system message (including information from the control terminal of the UAV, such as the operator's identity), and an operational description message (optional, including remarks such as flight purpose, flight mission, flight route, etc.).
[0090] In one embodiment, the ground monitoring station can continuously monitor the operation identification broadcast signal in an open air interface environment, parse the broadcast content, and perform signature verification. The ground monitoring station verifies the legality of the drone's broadcast signature by obtaining the drone's unique public key from the public key management platform. Drones that fail to verify the signature, illegally intrude, or exhibit abnormal behavior can be recorded, and irrefutable evidence of violation (i.e., a second message) can be generated. Simultaneously, the ground monitoring station can broadcast the identity of any violating drone in the airspace to other drones in the airspace, alerting them to verify their identity or avoid the drone's path. Specifically, the ground monitoring station receives Wi-Fi beacon frames and can extract the operation identification information and corresponding digital signature results from the broadcast fields based on the Wi-Fi beacon frames. The operation identification information includes, but is not limited to: the drone's identifier, latitude and longitude, altitude, speed, timestamp, and the drone's operator. The ground monitoring station can access the public key management platform in the cloud platform based on the identifier in the message to obtain the signature algorithm public key bound to the drone during registration.
[0091] In one embodiment, the focus is on using WiFi for status broadcasting, where the broadcast of UAV operational identification information is achieved through the WiFi beacon broadcast protocol. Based on the existing frame structure design, a digital signature field is added to the trusted broadcast, and the complete broadcast frame structure is shown in Table 1.
[0092] Table 1. Structure of Reliable Broadcast Operation Identification Information Frames in Wi-Fi Beacon Mode
[0093] The meanings or values of each field in a Wi-Fi beacon frame are as follows: Element ID: Fixed value of 221; Len: Represents the total length of all fields from the OUI / CID field to the end of the beacon frame; OUI / CID: Fixed value of 16387004; Vend Type: Fixed value of 13. Message Counter: Message counter, value range 0-255; Runtime Identification Information: The first byte is fixed value of 25, the second byte is the number of messages N in the packaged message, with a maximum of 10, and starting from the third byte, it contains the header and content of each message, with a total length of 25 bytes per message. Digital Signature (i.e., digital signature result): The digital signature field is usually 64 bytes long, and the signature algorithm includes, but is not limited to, SM2, DSA, etc.
[0094] Currently, the mandatory content of broadcast operation identification messages includes a basic ID message, a location vector message, and a system message, while the operation description message is optional. Therefore, taking the longest message as an example, the message length of trusted broadcast operation identification information is approximately 173 bytes. Regarding the information update rate, the broadcast operation identification information is broadcast at least once every three seconds for static messages (including the basic ID message) and at least once every one second for dynamic messages (including the location vector message).
[0095] In one embodiment, the aircraft operation status trusted broadcasting system consists of a public key management platform, a drone, and a ground monitoring station. The public key management platform is responsible for public key distribution; the drone is responsible for trusted broadcasting of operation identification information (e.g., building a trusted execution environment within the drone's onboard terminal, isolating and storing the device's unique private key and signature algorithm logic within a secure processing unit; within the secure processing unit, the device's private key is invoked to perform digital signatures on the verified operation status, dynamic timestamp, unique product identification code, flight fingerprint, etc., generating unforgeable secure extended fields); and the ground monitoring station is responsible for air interface monitoring and signature verification (e.g., the ground monitoring station uses the public key to perform signature verification and anti-replay verification, and sends information on violating targets to other drones to achieve security early warning), thus constructing a closed-loop identity management system.
[0096] In summary, the reliable aircraft operation status broadcasting system proposed in this invention has at least the following significant beneficial effects: First, it achieves high-confidence, trusted identity construction through hardware and software collaboration: By deploying the private key signing logic in a hardware-isolated secure processing unit environment, it ensures that the private key cannot be extracted even if the drone's operating system is cracked or privileges are escalated, and securely binds information such as the device's unique serial number and the operator's identity. Through digital signatures, it addresses the security risks of broadcast operation identification information being easily forged and impersonated over the air.
[0097] Secondly, a dual authentication mechanism of internal verification and external signature verification has been established: the system utilizes the status verification function within the security processing unit to compare the flight control reported data with the built-in independent positioning unit or physical constraint model in real time, initially intercepting the risk of non-cooperative drones reporting false positions at the source. At the receiving end, the ground monitoring station verifies the digital signature in the broadcast information to determine whether there are risks of forgery, tampering, or replay during airborne transmission, ensuring the credibility of the broadcast information. Simultaneously, the ground station can provide real-time feedback of the verification results to other drones in the airspace, compensating for the limitation of mobile devices not being able to obtain all public keys in real time. This achieves an improvement from single-drone trust to airspace collaborative management, enhancing monitoring efficiency and obstacle avoidance security in complex low-altitude environments.
[0098] Third, it balances the security of broadcast information with protocol compatibility: The patent ensures that the private key never leaves the hardware isolation area of the secure processing unit, guaranteeing trustworthiness, while adding a secure extension field to the broadcast protocol to achieve data broadcasting. This solution does not change the core process of existing UAV operation identification broadcasting, has low additional communication overhead and compatibility with existing industry standards, and is easy to promote and apply on a large scale.
[0099] Based on the same inventive concept, one embodiment of the present invention provides a reliable method for broadcasting the operational status of an aircraft. (Reference) Figure 3 , Figure 3 This is a flowchart illustrating the steps of a reliable broadcasting method for the operational status of an aircraft, provided in an embodiment of the present invention. Figure 3 As shown, the reliable broadcasting method for the operational status of an aircraft includes the following steps S11 and S12: Step S11: Verify the message content; use the private key to digitally sign the verified message content to obtain the first digital signature result; Step S12: Broadcast a first message, wherein the first message contains the first digital signature result and the identifier of the first drone.
[0100] Optionally, the first drone has a first security processing unit; the first security processing unit operates independently of the first drone's operating system and is hardware-isolated from the first drone's system-on-a-chip; the above step S11 specifically includes: The first security processing unit verifies the message content of the first UAV. The first security processing unit reads the private key of the first drone from the key storage area within the first security processing unit, and uses the private key of the first drone to digitally sign the verified message content.
[0101] Optionally, the method further includes: The first UAV is located by using a GPS module or a Beidou receiver module to obtain the location to be reported by the first UAV, which is then used as the message content of the first UAV. The first UAV is located using an independent positioning unit to obtain its reference position. The location to be reported by the first drone is verified using the reference position of the first drone. If the location to be reported by the first UAV matches the reference location of the first UAV, the location to be reported by the first UAV is determined to be verified.
[0102] Optionally, the message content of the first UAV may also include the flight speed and flight attitude to be reported by the first UAV; the method further includes: The verified location to be reported of the first UAV is bound to the identifier of the first UAV, the flight speed and flight attitude to be reported of the first UAV, as well as the timestamp and the operator's identity, to obtain a first message containing the first digital signature result and the identifier of the first UAV.
[0103] Optionally, the method further includes: Read the public key of the ground monitoring station and use the public key of the ground monitoring station to verify the third digital signature result in the third message of the ground monitoring station; If the third digital signature result in the third message of the ground monitoring station is successfully verified, the untrusted second drone is marked as an untrusted drone, and the untrusted second drone is guided to avoid the flight path based on the current position of the untrusted second drone in the third message of the ground monitoring station.
[0104] Based on the same inventive concept, an embodiment of the present invention also provides a method for reliable broadcasting of aircraft operational status. (See reference) Figure 4 , Figure 4 This is a flowchart illustrating the steps of a reliable broadcasting method for aircraft operational status provided in another embodiment of the present invention. Figure 4 As shown, the reliable broadcasting method for the operating status of the aircraft includes the following steps S21: Step S21: Receive the first message, obtain the public key of the first drone based on the identifier of the first drone in the first message, and use the public key of the first drone to verify the first digital signature result in the received first message to obtain the first trusted verification result of the first message of the first drone.
[0105] Optionally, the method further includes: Obtain the current location of the first UAV, use the identifier of the first UAV and the current location of the first UAV as the first message content of the ground monitoring station, and use the private key of the ground monitoring station to digitally sign the first message content of the ground monitoring station to obtain a second digital signature result. If the first trusted verification result of the first message of the first UAV indicates that the verification of the first digital signature result has failed, a second message containing the second digital signature result and the identifier of the ground monitoring station will be sent to multiple second UAVs.
[0106] Optionally, the method further includes: Receive a registration request sent by the first drone, carrying the identifier of the first drone; Based on the registration request, a public key is assigned to the first drone, and the correspondence between the identifier of the first drone and the public key of the first drone is stored; Obtain the public key of the first drone based on its identifier; The validity of the public key of the first drone is updated based on the first trust verification result of the first message of the first drone.
[0107] Optionally, the method further includes: If the first trusted verification result of the first message of the first drone indicates that the first digital signature result is successfully verified, the timestamp in the first message of the first drone is compared with the current timestamp. If the time difference between the timestamp in the first message of the first drone and the current timestamp exceeds a preset duration, the first message of the first drone is determined to be an old message and the first message of the first drone is discarded. If the time difference between the timestamp in the first message of the first UAV and the current timestamp does not exceed the preset duration, the flight trajectory of the first UAV is updated based on the first message, and the updated flight trajectory of the first UAV is provided to other ground monitoring stations.
[0108] Optionally, the method further includes: Receive messages from multiple second drones and identify untrusted second drones; Obtain the current location of the untrusted second drone, use the identifier of the untrusted second drone and the current location of the untrusted second drone as the second message content of the ground monitoring station, and use the private key of the ground monitoring station to digitally sign the second message content of the ground monitoring station to obtain a third digital signature result; The broadcast includes a third message containing the third digital signature result and the identifier of the ground monitoring station.
[0109] Based on the same inventive concept, an embodiment of the present invention also provides a reliable broadcasting method for aircraft operational status. The reliable broadcasting method for aircraft operational status includes: Receive the first message, obtain the public key of the first drone based on the identifier of the first drone in the first message, and use the public key of the first drone to verify the first digital signature result in the first message to obtain the second trust verification result of the first drone's first message; Based on the second credibility verification result of the first message from the first UAV, the flight strategy of the second UAV is adjusted.
[0110] Optionally, the method further includes: Read the public key of the ground monitoring station, and use the public key of the ground monitoring station to verify the second digital signature result in the second message of the ground monitoring station; If the second digital signature result in the second message of the ground monitoring station is successfully verified, the first UAV is marked as an untrusted UAV, and the first UAV is guided to avoid a flight path based on the current position of the first UAV in the second message of the ground monitoring station.
[0111] It should be noted that, for the sake of simplicity, the method embodiments are all described as a series of actions. However, those skilled in the art should understand that the embodiments of the present invention are not limited to the described order of actions, because according to the embodiments of the present invention, some steps can be performed in other orders or simultaneously. Furthermore, those skilled in the art should also understand that the embodiments described in the specification are preferred embodiments, and the actions involved are not necessarily essential to the embodiments of the present invention.
[0112] The terms "first," "second," etc., used in the specification and claims of this invention are used to distinguish similar objects and are not used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate so that embodiments of the invention can be implemented in orders other than those illustrated or described herein. Furthermore, in the specification and claims, "and / or" indicates at least one of the connected objects, and the character " / " generally indicates that the preceding and following objects are in an "or" relationship.
[0113] The reliable aircraft operation status broadcasting system in this embodiment of the invention can be a device, or a component, integrated circuit, or chip in a terminal. The device can be a mobile electronic device or a non-mobile electronic device. For example, mobile electronic devices can be mobile phones, tablets, laptops, PDAs, in-vehicle electronic devices, wearable devices, ultra-mobile personal computers (UMPCs), netbooks, or personal digital assistants (PDAs), etc., while non-mobile electronic devices can be servers, network-attached storage (NAS), personal computers (PCs), televisions (TVs), ATMs, or self-service machines, etc. This embodiment of the invention does not impose specific limitations.
[0114] The reliable aircraft operation status broadcasting system in this embodiment of the invention can be a device with an operating system. This operating system can be Android, iOS, or other possible operating systems; this embodiment of the invention does not impose specific limitations.
[0115] Based on the same inventive concept, another embodiment of the present invention provides an electronic device, such as... Figure 5 As shown, Figure 5 This is a schematic diagram of an electronic device according to an embodiment of the present invention. The electronic device includes a memory, a processor, and a program or instructions stored in the memory and executable on the processor. When the program or instructions are executed by the processor, they implement the steps in the reliable broadcasting method for aircraft operating status described in any of the above embodiments of the present invention.
[0116] It should be noted that the electronic devices in the embodiments of the present invention include the mobile electronic devices and non-mobile electronic devices described above.
[0117] As the method embodiments are basically similar to the system embodiments, the description is relatively simple, and relevant parts can be found in the description of the system embodiments.
[0118] It should be noted that, in this document, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitations, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes that element. Furthermore, it should be noted that the scope of the methods and apparatuses in the embodiments of the present invention is not limited to performing functions in the order shown or discussed, but may also include performing functions substantially simultaneously or in the reverse order, depending on the functions involved. For example, the described methods may be performed in a different order than described, and various steps may be added, omitted, or combined. Additionally, features described with reference to certain examples may be combined in other examples.
[0119] Through the above description of the embodiments, those skilled in the art can clearly understand that the methods of the above embodiments can be implemented by means of software plus necessary general-purpose hardware platforms. Of course, they can also be implemented by hardware, but in many cases the former is a better implementation method. Based on this understanding, the technical solution of the present invention, or the part that contributes to the prior art, can be embodied in the form of a software product. This computer software product is stored in a storage medium (such as ROM / RAM, magnetic disk, optical disk) and includes several instructions to cause a terminal (which may be a mobile phone, computer, server, air conditioner, or network device, etc.) to execute the methods described in the various embodiments of the present invention.
[0120] The embodiments of the present invention have been described above with reference to the accompanying drawings. However, the present invention is not limited to the specific embodiments described above. The specific embodiments described above are merely illustrative and not restrictive. Those skilled in the art can make many other forms under the guidance of the present invention without departing from the spirit and scope of the claims, and all of these forms are within the protection scope of the present invention.
Claims
1. A reliable broadcasting system for aircraft operational status, characterized in that, include: The first drone is used to verify the message content and uses a private key to digitally sign the verified message content to obtain the first digital signature result. Broadcast a first message, wherein the first message contains the first digital signature result and the identifier of the first drone; A ground monitoring station is used to receive the first message, obtain the public key of the first drone based on the identifier of the first drone in the first message, and use the public key of the first drone to verify the first digital signature result in the received first message to obtain the first trusted verification result of the first message of the first drone.
2. The reliable aircraft operation status broadcasting system according to claim 1, characterized in that, The system also includes: a second unmanned aerial vehicle; The second drone receives the first message, obtains the public key of the first drone based on the identifier of the first drone in the first message, and uses the public key of the first drone to verify the first digital signature result in the first message to obtain the second trust verification result of the first message of the first drone. The second UAV adjusts its flight strategy based on the second credibility verification result of the first message from the first UAV.
3. The reliable aircraft operation status broadcasting system according to claim 1, characterized in that, The ground monitoring station obtains the current location of the first UAV, uses the identifier of the first UAV and the current location of the first UAV as the first message content of the ground monitoring station, and uses the private key of the ground monitoring station to digitally sign the first message content of the ground monitoring station to obtain a second digital signature result. If the verification of the first digital signature result of the first message of the first UAV fails, the ground monitoring station will send a second message containing the second digital signature result and the identifier of the ground monitoring station to multiple second UAVs.
4. The reliable aircraft operation status broadcasting system according to claim 3, characterized in that, Each of the plurality of second UAVs reads the public key of the ground monitoring station and uses the public key of the ground monitoring station to verify the second digital signature result in the second message of the ground monitoring station; If the second digital signature result in the second message of the ground monitoring station is successfully verified, each of the plurality of second UAVs marks the first UAV as an untrusted UAV, and performs flight path avoidance on the first UAV according to the current position of the first UAV in the second message of the ground monitoring station.
5. The reliable aircraft operation status broadcasting system according to claim 1, characterized in that, The first UAV sends a registration request carrying the identifier of the first UAV to the ground monitoring station; The ground monitoring station assigns a public key to the first UAV based on the registration request and stores the correspondence between the identifier of the first UAV and the public key of the first UAV. The ground monitoring station obtains the public key of the first UAV based on the identifier of the first UAV; The ground monitoring station updates the validity of the public key of the first UAV based on the first trust verification result of the first message of the first UAV.
6. The reliable aircraft operation status broadcasting system according to claim 1, characterized in that, The GPS module or Beidou receiver module inside the first UAV locates the first UAV and obtains the location to be reported by the first UAV, which is used as the message content of the first UAV. The independent positioning unit inside the first drone locates the first drone and obtains the reference position of the first drone; The first drone uses its reference position to verify the location to be reported. If the location to be reported by the first drone matches the reference location of the first drone, the first drone determines that the location to be reported by the first drone has been verified.
7. The reliable aircraft operation status broadcasting system according to claim 6, characterized in that, The message content of the first UAV also includes the flight speed and flight attitude to be reported by the first UAV; The first drone binds the verified location to be reported by the first drone with the identifier of the first drone, the flight speed and flight attitude to be reported by the first drone, as well as the timestamp and the operator's identity to obtain a first message containing the first digital signature result and the identifier of the first drone. If the first trusted verification result of the first message of the first UAV is successfully verified, the ground monitoring station compares the timestamp in the first message of the first UAV with the current timestamp. If the time difference between the timestamp in the first message of the first UAV and the current timestamp exceeds a preset time, the first message of the first UAV is determined to be an old message and the first message of the first UAV is discarded. If the time difference between the timestamp in the first message of the first UAV and the current timestamp does not exceed the preset duration, the ground monitoring station updates the flight trajectory of the first UAV based on the first message and provides the updated flight trajectory of the first UAV to other ground monitoring stations.
8. The reliable aircraft operation status broadcasting system according to claim 1, characterized in that, The ground monitoring station receives messages from multiple second drones and identifies untrusted second drones; The ground monitoring station obtains the current location of the untrusted second drone, uses the identifier of the untrusted second drone and its current location as the content of the ground monitoring station's second message, and digitally signs the content of the second message using the ground monitoring station's private key to obtain a third digital signature result; the ground monitoring station broadcasts a third message containing the third digital signature result and the identifier of the ground monitoring station. The first UAV reads the public key of the ground monitoring station and uses the public key of the ground monitoring station to verify the third digital signature result in the third message of the ground monitoring station; If the third digital signature result in the third message of the ground monitoring station is successfully verified, the first UAV marks the untrusted second UAV as an untrusted UAV, and performs route avoidance on the untrusted second UAV according to the current position of the untrusted second UAV in the third message of the ground monitoring station.
9. A reliable method for broadcasting the operational status of an aircraft, characterized in that, The method includes: Verify the message content; use the private key to digitally sign the verified message content to obtain the first digital signature result; Broadcast a first message, wherein the first message contains the first digital signature result and the identifier of the first drone.
10. A reliable method for broadcasting the operational status of an aircraft, characterized in that, The method includes: Upon receiving a first message, the system obtains the public key of the first drone based on the identifier of the first drone in the first message, and uses the public key of the first drone to verify the first digital signature result in the received first message, thereby obtaining the first trusted verification result of the first message of the first drone.