Method and apparatus for partial encryption of data based on energy state

The partial encryption method addresses the inefficiencies of uniform encryption in UAM/AAM by adaptively adjusting encryption based on energy state, optimizing energy use and security in UAM/AAM environments.

WO2026142387A1PCT designated stage Publication Date: 2026-07-02HYUNDAI MOTOR CO LTD +2

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
HYUNDAI MOTOR CO LTD
Filing Date
2025-12-26
Publication Date
2026-07-02

AI Technical Summary

Technical Problem

Conventional data security technologies in UAM/AAM environments rely on uniform encryption methods, leading to inefficient energy consumption and potential operational limitations due to the aircraft's limited energy resources, without adequately considering data importance or energy status.

Method used

A partial encryption method that selectively encrypts data based on the energy state of the aircraft, determining the scope and priority of encryption to balance energy consumption and data protection levels.

Benefits of technology

This approach reduces computational load and energy consumption while maintaining data security, ensuring operational continuity and stability in energy-constrained environments.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure KR2025022928_02072026_PF_FP_ABST
    Figure KR2025022928_02072026_PF_FP_ABST
Patent Text Reader

Abstract

The present disclosure relates to a method and apparatus for energy state-based partial encryption, for efficiently securing data security in an environment in which energy resources are limited. The method according to an embodiment of the present disclosure: acquires data requiring security processing during a flight of an aircraft; and determines an energy state of the aircraft on the basis of the remaining battery capacity and expected energy consumption required for a flight to a destination. According to the determined energy state, encryption of all data or partial encryption of some of the data is selectively performed, and if the partial encryption is performed, a range to which encryption is to be applied is determined on the basis of the energy state. In addition, data to be encrypted is selected according to the priority of the data, and encryption is performed on all the selected data or some of the data according to whether the range to which encryption is to be applied is sufficient. Furthermore, data exposure is minimized by rearranging data to which encryption has not been applied, according to a predefined rule. According to the present disclosure, security-critical data may be preferentially protected even in a limited energy environment, and data processing efficiency and aircraft flight stability may be improved together by reducing energy consumption due to encryption operations.
Need to check novelty before this filing date? Find Prior Art

Description

Method and apparatus for partial encryption of data based on energy state

[0001] The present disclosure relates to data security technology, and more specifically, to a partial encryption method and apparatus that selectively perform full encryption or partial encryption on data requiring security processing based on the energy state of a gas, and adaptively control the range to which encryption is applied.

[0002] The following description merely provides background information related to the present embodiment and does not constitute prior art.

[0003] Urban Air Mobility (UAM) or Advanced Air Mobility (AAM) is a next-generation transportation system that utilizes aircraft, such as electric vertical take-off and landing (eVTOL) aircraft, to perform short-distance passenger or cargo transport within or between urban areas and adjacent regions. These UAM / AAM systems are designed to account for the characteristics of urban environments, such as noise, spatial constraints, and high population density, and are expected to include various communication devices, avionics, autonomous navigation capabilities, and real-time data integration with external systems to ensure safe and accurate flight at low altitudes.

[0004] As such, in UAM / AAM environments, various data are generated, collected, processed, and transmitted during the operation of aircraft, and sensitive information can be exchanged through communication between aircraft or between aircraft and ground control systems. Therefore, securing data security to protect aircraft and systems from cyber attacks, such as data leakage, alteration, or forgery, has emerged as a critical task. Generally, data security technology can be implemented by classifying data into multiple security grades based on its nature or sensitivity, and applying security policies or encryption techniques corresponding to each grade.

[0005] However, conventional data security technologies often rely on encryption or security processing methods based on uniform or fixed policies, which limits the ability to flexibly adjust security based on differences in data importance or sensitivity. This can lead to unnecessary computational loads or, conversely, problems where the required level of security is not sufficiently ensured.

[0006] Meanwhile, UAM / AAM aircraft have limited energy resources due to their reliance on electric batteries as their primary power source. Battery systems restrict payload capacity due to reduced range caused by increased weight, while computational loads generated during flight control, communication, navigation, onboard device operation, and data processing further exacerbate the aircraft's energy consumption. In particular, security operations such as data encryption can require significant computing resources, potentially impacting the aircraft's operational feasibility in power-constrained environments.

[0007] However, in conventional technologies, security functions such as data encryption are often performed independently of the airframe's energy status, and thus data processing methods that simultaneously consider security and energy efficiency have not been sufficiently presented. Accordingly, there is a continuously being raised need for technologies capable of performing security processing by comprehensively considering data importance and energy status in air mobility environments with limited energy resources, such as UAM / AAM.

[0008] The present disclosure aims to provide a technology that can efficiently secure data security in an AAM environment, even under the limited energy resources of the airframe.

[0009] Specifically, the present disclosure aims to provide a partial encryption method and apparatus capable of effectively achieving a balance between energy consumption and data protection levels by selectively performing encryption of the entire data or partial encryption of a part of the data, taking into account the energy state of the gas.

[0010] The problems that the present invention aims to solve are not limited to those mentioned above, and other unmentioned problems will be clearly understood by a person skilled in the art from the description below.

[0011] According to one aspect of the present disclosure, a method for performing partial encryption of data based on an energy state comprises: acquiring data requiring security processing during the operation of an aircraft; determining the energy state of the aircraft based on the remaining battery charge of the aircraft and the expected energy consumption required for operation to a destination; determining whether to perform full encryption or partial encryption on the data based on the energy state; determining the range to which encryption is to be applied based on the energy state when it is determined that partial encryption is to be performed; selecting the data with the highest priority among the data; determining whether the range to which encryption is to be applied is sufficient to encrypt the entire selected data; performing encryption on the entire selected data or a part of the selected data based on the result of the determination; and performing rearrangement on the data to which encryption is not applied.

[0012] According to another aspect of the present disclosure, an apparatus for performing partial encryption of data based on an energy state comprises: at least one memory for storing instructions; and at least one processor configured to execute said instructions, wherein the at least one processor acquires data requiring security processing during the operation of an aircraft, determines the energy state of the aircraft based on the remaining battery charge of the aircraft and the expected energy consumption required for operation to a destination, determines whether to perform full encryption or partial encryption on said data based on said energy state, and if it is determined that partial encryption is to be performed, determines the scope to which encryption is to be applied based on said energy state, selects the data with the highest priority among said data, determines whether the scope to which encryption is to be applied is sufficient to encrypt the entire selected data, and based on the result of said determination, performs encryption on the entire selected data or a part of the selected data, and performs rearrangement on the data to which encryption is not applied.

[0013] According to the embodiments of the present disclosure, even in situations where it is difficult to encrypt the entire data due to insufficient energy of the AAM airframe, minimum confidentiality and security can be secured by selectively encrypting only a portion of the data according to the importance or priority of the data.

[0014] Furthermore, compared to methods that encrypt the entire data, the amount of encryption computation can be reduced, thereby improving data processing speed and lowering energy consumption. Consequently, the operational continuity of the aircraft and the stability of the system can be maintained even in energy-constrained environments.

[0015] The effects of the present disclosure are not limited to those mentioned above, and other unmentioned effects will be clearly understood by a person skilled in the art from the description below.

[0016] Figure 1 is a diagram illustrating connectivity in a UAM / AAM environment.

[0017] Figure 2 is a diagram illustrating the network and system structure of a UAM / AAM airframe.

[0018] Figure 3 is a diagram illustrating a data link system for internal and external communication of a UAM / AAM airframe.

[0019] Figure 4 is a diagram illustrating the data flow of a UAM / AAM airframe based on connectivity and communication interfaces.

[0020] Figure 5 is a diagram illustrating the relationship between the UAM / AAM airframe, the attacker, and the external entity.

[0021] FIG. 6 is a flowchart illustrating a method for performing partial encryption of data according to energy state in an AAM airframe according to one embodiment of the present disclosure.

[0022] FIG. 7 is a block diagram schematically illustrating an exemplary computing device that can be used to implement a device for performing a method according to the present disclosure.

[0023] Some embodiments of the present disclosure are described in detail below with reference to exemplary drawings. It should be noted that in assigning reference numerals to the components of each drawing, the same components are given the same reference numeral whenever possible, even if they are shown in different drawings. Furthermore, in describing the present disclosure, if it is determined that a detailed description of related known components or functions could obscure the essence of the present disclosure, such detailed description is omitted.

[0024] In describing the components of the embodiments according to the present disclosure, symbols such as first, second, i), ii), a), b), etc., may be used. These symbols are intended only to distinguish the components from other components, and the essence, order, or sequence of the components is not limited by the symbols. When a part in the specification is described as 'comprising' or 'having' a component, this means that, unless explicitly stated otherwise, it does not exclude other components but may include additional components.

[0025] The detailed description set forth below, together with the accompanying drawings, is intended to describe exemplary embodiments of the present disclosure and is not intended to represent the only embodiment in which the present disclosure may be practiced.

[0026] Figure 1 is a diagram illustrating connectivity in a UAM / AAM environment.

[0027] Referring to Fig. 1, in order to provide not only safe and accurate flight operations but also broadband services on board, the UAM / AAM aerial vehicle communicates with vertiports, ground control systems (GCS), UAM traffic management (UTM), air traffic control (ATC), over-the-air (OTA) update servers, satellites, and other aircraft.

[0028] UAM / AAM aerial vehicles can be classified into CTOL (Conventional Take Off and Landing), STOL (Short Take Off and Landing), and VTOL (Vertical Take Off and Landing) depending on the length of the runway required for takeoff and landing. CTOL is a traditional type of aircraft that requires a long runway for takeoff and landing, whereas STOL requires a relatively short runway, and VTOL can take off and land without a runway.

[0029] eVTOL (Electric Vertical Take-off and Landing) is a new type of aircraft that can be used for UAM or AAM (Advanced Air Mobility) services in urban areas. eVTOLs are characterized by vertical take-off and landing capabilities, the electrification of lift and rotor drives, and automatic, semi-automatic, or remote control functions.

[0030] Applications of UAM / AAM services may include passenger transport (including air taxis), emergency purposes (e.g., rescue, first aid), leisure activities, and cargo transport services. Aircraft operated unmanned or via remote control for specific purposes, such as cargo transport, atmospheric research, or surveillance, may be classified as Unmanned Aircraft Systems (UAS).

[0031] eVTOLs can use various types of communication links, such as air traffic communication, ADS-B (Automatic Dependent Surveillance-Broadcast), V2V (Vehicle to Vehicle), GNSS (Global Navigation Satellite System), satellite communication, cellular connectivity, Wi-Fi, and C2 (Command and Control), to provide safe and accurate flight operations and broadband services on board.

[0032] Air traffic communication can be used to prevent collisions between aircraft and collisions between aircraft and obstacles within the control area, and to promote and maintain the smooth and orderly flow of air traffic.

[0033] ADS-B can be used for air traffic control purposes to broadcast aircraft location information to other aircraft and air traffic control using the VHF (Very High Frequency) band.

[0034] V2V (Vehicle to Vehicle) can be used for communication between aircraft to share information and prevent collisions using mobile networks (e.g., cellular networks).

[0035] GNSS can be a collective term for worldwide positioning, navigation, and time determination functions provided by one or more satellites. GNSS can be augmented by ground stations or geostationary satellites to improve integrity and positional accuracy.

[0036] Satellite communication can be used to provide broadband services on board an aircraft using satellite communication channels.

[0037] Cellular connectivity can be used to provide broadband services on board an aircraft and to provide C2 (Command and Control) communication using mobile network channels.

[0038] Wi-Fi can be used to provide broadband services on board aircraft via satellite communication or mobile networks.

[0039] C2 (Command and Control) can be used as a data link between a remotely-piloted aircraft and a remote pilot station for flight management.

[0040] Examples of various communication link types and use cases are shown in Table 1.

[0041] [Table 1]

[0042]

[0043] Figure 2 is a diagram illustrating the network and system structure of a UAM / AAM airframe.

[0044] The surface of the UAM / AAM airframe features various types of antennas for communicating with external entities. Inside the UAM / AAM airframe, there is a system structure connected to a data bus.

[0045] Referring to FIG. 2, the UAM / AAM airframe is equipped with various types of antennas on its surface to communicate with satellites, other UAM / AAM aircraft, air traffic control stations, maintenance computers, cellular networks, and GCS.

[0046] The internal systems of a UAM / AAM airframe may include a data bus, infotainment system, data link system, storage system, flight control system, autonomous sensors, propulsion system, emergency system, landing gear system, power management system, avionics system, safety manager terminal, and maintenance panel. The safety manager of the UAM / AAM airframe can monitor or access the airframe's systems.

[0047] Data buses can be used for onboard networks to transmit large amounts of data between various systems.

[0048] The infotainment system can be used to provide in-room entertainment services.

[0049] The data link system can be used to provide communication functions both inside and outside the UAM / AAM aircraft. The data link system is communicationally connected to the pilot terminal to transmit or receive various information.

[0050] The storage system can be used to manage various storage systems used in gases.

[0051] The flight control system can be used for flight control, connecting links, and operating mechanisms necessary to control the aircraft's direction during flight.

[0052] Autonomous sensors can be used for various cameras and sensors inside and outside the aircraft.

[0053] The propulsion system can be used to control aircraft components.

[0054] The emergency system can be used to provide safety features for passengers and emergency situations.

[0055] The landing gear system can be used for the takeoff and landing of an aircraft.

[0056] Power management systems can be used for power control of aircraft.

[0057] Avionics systems can consist of system integration, data logging, navigation assistance, and collision avoidance functions.

[0058] The maintenance panel can be used for the maintenance, diagnosis, and downloading of flight logs and software updates.

[0059] Figure 3 is a diagram illustrating a data link system for internal and external communication of a UAM / AAM airframe.

[0060] The data link system is an important component for providing communication functions in the airframe and consists of an internal communication subsystem and an external communication subsystem as shown in FIG. 3.

[0061] The gateway mediates internal and external communication.

[0062] For internal communication, CAN (Controller Area Network) and Ethernet can be used. For stable and low-speed communication, CAN can be used to transmit flight control data and aircraft status information to the FCS (Flight Control System). On the other hand, to transmit high-bandwidth data, Ethernet can be used for communication with the infotainment system.

[0063] For external communication, it may consist of a gateway and various modems such as cellular modems, C2 modems and satellite communication modems, GNSS data receivers, air traffic transceivers, and maintenance ports for diagnosing the aircraft's internal systems.

[0064] Figure 4 is a diagram illustrating the data flow of a UAM / AAM airframe based on connectivity and communication interfaces.

[0065] The data link system transmits multimedia data to aircraft passengers via internal Ethernet.

[0066] The data link system can exchange update packages and update report-related data with an OTA (Over The Air programming) server, exchange GNSS data and vehicle control / status commands with satellites, exchange flight information and aircraft identification information with Veriport / ATC, exchange requests and responses for diagnosis with maintenance engineers, exchange flight information with other vehicles, and exchange aircraft control commands and aircraft status information with the GCS (Ground Control System).

[0067] Figure 5 is a diagram illustrating the relationship between the UAM / AAM airframe, the attacker, and the external entity.

[0068] Referring to FIG. 5, an attacker can eavesdrop on communication data between a vehicle and an external entity. Consequently, UAM control commands, status information, update packages, etc., may be exposed. This can be used to obtain personal data or for further attacks. The vehicle may include a UAM / AAM airframe, vehicle, drone, robot, etc.

[0069] In the following specification, the term 'AAM' is used as a higher-level concept that includes 'UAM', and unless otherwise noted, it is understood to refer collectively to both.

[0070] The major security issues to consider in an AAM environment are as follows.

[0071] Cyber ​​Attacks: Unmanned aerial vehicles and network-based systems are vulnerable to cyber attacks such as data tampering, hacking, and abnormal control, so protection against them is necessary.

[0072] Safety of Unmanned Aerial Vehicles: Due to the nature of AAM aircraft operating in the air, preparations are required for safety issues in the event of problems such as system failure, sensor malfunction, communication loss, or communication errors.

[0073] Flight Control and Management: When multiple aircraft operate in an urban area, an integrated control and management system is required, including collision avoidance, flight trajectory management, and emergency response.

[0074] Privacy Protection: As location information and various personal data from UAM / AAM users may be collected, compliance with relevant regulations and a privacy protection system must be established. Here, a UAM / AAM user refers to an entity that directly utilizes UAM / AAM services or interacts with related systems. For example, this may include not only passengers on board the aircraft but also pilots (including remote pilots), flight managers, and users of ground control systems.

[0075] Physical Security: The aircraft itself and the ground base facilities supporting it need to be protected from physical attacks such as illegal intrusion, theft, and terrorism.

[0076] Infrastructure Security: As ground infrastructure for UAM / AAM operations can be exposed to cyber and physical attacks, security procedures and systems are required.

[0077] Compliance with laws and regulations: With the introduction of new air transport methods, appropriate laws and regulations, including safety and security regulations, need to be established.

[0078] Meanwhile, Advanced Air Mobility (AAM) relies heavily on data for navigation, communication, and overall system functions. Unlike ground vehicles, AAM operates in a three-dimensional airspace, so accurate and reliable data, including real-time updates on airspace conditions, weather information, and the locations of other aircraft, is required for safe and efficient operation. Therefore, ensuring data security is essential due to the unique characteristics and challenges of AAM.

[0079] In particular, for the safe operation of AAM aircraft, communication with external devices is essential during processes such as route planning, guidance, obstacle detection and avoidance, and navigation; therefore, ensuring data confidentiality and integrity during these processes is critical. Data confidentiality prevents unauthorized entities from accessing information, while integrity guarantees that data has not been tampered with or altered during transmission. Various security techniques can be employed to ensure this, which can be broadly categorized into encryption techniques and integrity verification techniques.

[0080] Encryption techniques to ensure data confidentiality include symmetric encryption, asymmetric encryption, and hybrid encryption.

[0081] Symmetric encryption is a method in which the sender and receiver perform encryption and decryption using the same key; it offers fast computation speeds and is efficient for processing large volumes of data. Symmetric encryption can be implemented in the form of block ciphers or stream ciphers. Representative symmetric block cipher algorithms include DES (Data Encryption Standard), AES (Advanced Encryption Standard), SEED, HIGHT (HIGh security and light weight HT), IDEA (International Data Encryption Algorithm), RC5, and ARIA, each of which differs in security strength and computational efficiency.

[0082] Among these, AES supports a 128-bit block size and 128 / 192 / 256-bit key lengths, and is widely adopted as an international standard due to its excellent security and efficiency. For example, a comparative analysis of processing speeds by symmetric block cipher algorithm and file size confirmed that AES-256 demonstrated superior processing speed compared to other block cipher methods such as SEED, DES, and 3DES under identical conditions (e.g., files ranging from 64MB to 3GB). This demonstrates that AES-family algorithms are particularly advantageous in environments where computational resources and energy are limited. However, symmetric encryption has limitations, such as security vulnerabilities in the key distribution process and the potential threat to the entire system if the key is exposed.

[0083] Asymmetric encryption is a method that uses a public key and a private key, and examples include RSA, ECC (Elliptic Curve Cryptography), and ElGamal. Asymmetric encryption has strengths in key exchange, sender authentication, and digital signatures. In particular, ECC can provide high security strength with shorter key lengths compared to RSA, making it advantageous in environments with limited computational resources. However, asymmetric encryption is unsuitable for encrypting large volumes of data due to its high computational complexity and slow speed.

[0084] Hybrid encryption is a method that combines the efficiency of symmetric encryption with the security of asymmetric encryption. Specifically, actual data is encrypted using a symmetric key such as AES, while the session key used is encrypted using an asymmetric key such as RSA or ECC and exchanged securely. This enables fast data processing and secure key exchange simultaneously, and it is a structure utilized in protocols such as SSL / TLS.

[0085] Verification techniques for ensuring data integrity include hash functions, Message Authentication Codes (MACs), and digital signatures. Hash functions generate a fixed-length hash value from input data to verify whether the data has been tampered with or forged; representative examples include SHA-256, SHA-512, and SHA-3. Message Authentication Codes simultaneously guarantee data integrity and sender authentication through an authentication tag generated using a secret key shared by the sender and receiver and the message. Digital signatures provide data integrity and sender authentication by having the sender generate an asymmetric key-based digital signature and the receiver verify it; representative examples include RSA signatures and ECDSA (Elliptic Curve Digital Signature Algorithm).

[0086] As encryption and integrity verification techniques possess distinct characteristics in terms of security strength, computational efficiency, and energy consumption, they must be appropriately selected and applied in environments with limited energy and computational resources, such as UAM / AAM aircraft, by comprehensively considering factors like data classification and response speed requirements. Furthermore, the data encryption and integrity verification processes incur additional computational load and energy consumption beyond the energy already used for conventional flight control and propulsion. Since AAM aircraft operate on limited battery-based energy resources, flight range and duration may fluctuate depending on the remaining energy status, and it may be necessary to change flight modes in certain cases. Therefore, it is essential to ensure a balance between security and energy efficiency by performing data security calculations while comprehensively considering the aircraft's energy status.

[0087] The present disclosure is based on the need to simultaneously ensure data security and energy efficiency in environments where energy sources are limited, such as in AAM airframes. In conventional technology, data encryption and energy management are performed separately, which has limitations in flexibly adjusting the encryption method according to the importance of the data or the energy status of the airframe. As a result, there have been problems such as unnecessary computation and power consumption, or conversely, insufficient assurance of the required level of security.

[0088] Accordingly, the present disclosure pre-classifies data processed during the operation of an aircraft according to importance or sensitivity, and determines whether to encrypt the entire aircraft or partially by comprehensively considering the energy state of the aircraft. When partial encryption is determined, the scope of data to be encrypted is dynamically set, and encryption processing is performed sequentially according to the priority of the data, thereby enabling more efficient utilization of limited resources. The priority of the data may be determined according to security grade or importance.

[0089] In this case, if the scope to which the encryption is applied does not include all of the data of a specific priority, encryption is performed only on a portion of the data that can identify an individual or is critical to security, and the exposure of the data is minimized by performing lightweight processing such as rearrangement or shuffling on the remaining data that is not encrypted.

[0090] Although the present disclosure is described with a focus on the AAM airframe environment, this is merely for convenience of explanation and can be flexibly applied to various application environments where energy management and data security are required simultaneously, such as electric vehicles, drones, and IoT devices.

[0091] The terms used in this specification may be interpreted as having the following meanings unless otherwise specified in the context.

[0092] As used in this specification, the term "data processed during the operation of an aircraft" is a concept encompassing all data generated, transmitted, stored, and analyzed during the operation of an aircraft, and includes, for example, (i) data generated by various sensors, (ii) data transmitted through communication with external entities such as base stations or control systems, (iii) data stored in onboard storage devices, and (iv) data analyzed by flight control modules or security modules.

[0093] As used herein, the term "encryption" refers to a process performed to ensure the confidentiality of data, and may be used to include not only the operation of encrypting all or part of the data but also the corresponding decryption operation. Such encryption processing may be included within the scope of the present invention regardless of whether it is performed at any stage, such as data transmission, reception, or storage.

[0094] As used in this specification, 'Energy Level' refers to a scale that quantitatively indicates the amount of available energy currently held by a gas. The energy level may be expressed on a scale in which, for example, based on the maximum capacity of the gas's battery or energy source, a fully charged state is set as the maximum level and a fully discharged or depleted state is set as the minimum level, and may be defined as, for example, a range from Level 0 to Level 10.

[0095] As used in this specification, 'Energy Status' refers to an indicator of an aircraft's operational capability determined by considering not only the current energy level but also the estimated energy consumption required for operation to a destination or landing point.

[0096] The energy consumption required for flight to the destination can be predicted based on the current flight phase and the remaining segment by securing power requirement models for the takeoff, climb, cruise, descent, and landing phases included in the flight plan, and may vary depending on weather conditions (e.g., wind direction, wind speed, air density, etc.) and airframe conditions (e.g., weight, propulsion system efficiency, battery characteristics, etc.).

[0097] In addition, considering that energy consumption characteristics may differ depending on the type of data being processed or the security level, the energy status may be determined differently depending on the data type or security level, even if the energy level is the same.

[0098] As used in this specification, the 'Encryption Range or Portion' refers to the proportion or range of the total data to which encryption processing is performed. The encryption range or portion may be set by considering at least one of the following factors that may affect energy consumption, such as the current energy level, the flight route to the destination, the type and frequency of functions to be used along the flight route, and weather or traffic, and may be dynamically adjusted according to the operating conditions of the aircraft.

[0099] As used in this specification, 'Data Type' refers to a category of all data required for the operation of an AAM aircraft, classified according to its nature or source.

[0100] For example, data processed during the operation of an AAM aircraft is classified into data types such as flight, control and traffic, environment, communication, passenger and reservation, legal and regulatory, security, and infrastructure. However, the above data types are merely examples to aid in understanding the present invention and may be defined in various ways depending on variations of the embodiments.

[0101] As used in this specification, 'Data Classification' refers to a security level classified according to importance and sensitivity based on data type. Here, importance refers to the degree of impact that the data has on the safety or efficiency of AAM aircraft operations, and sensitivity refers to the degree of risk that may arise in terms of information protection if the data is accessed, leaked, or altered without authorization.

[0102] Data classification can be defined, for example, by four security levels: Confidential (Level 4), Private (Level 3), Sensitive (Level 2), and Public (Level 1). In this case, Confidential data (Level 4) represents the highest security level, while Public data (Level 1) represents the lowest. However, this classification is merely an example, and depending on the importance of the data, it may be simplified to three or two security levels. For instance, three security levels can be defined as Confidential / Private / Public or Confidential / Sensitive / Public, while two security levels can be defined as Confidential / Public or Private / Public. Furthermore, Personal data does not merely have a hierarchical relationship in terms of importance compared to Confidential or Sensitive data; rather, it possesses an independent nature as personal information itself.

[0103] Confidential data is data requiring the highest level of security and may relate to types of flight and control data, such as aircraft attitude control data, flight path planning, and remote control commands with ground control centers.

[0104] Private data refers to personally identifiable information (PII), such as passenger names, contact information, reservation records, and payment accounts, and is primarily related to passenger and reservation data types.

[0105] Sensitive data is data for which security measures are recommended, and may include payment information, Energy Storage System (ESS) information, vertiport operation data, and flight logs, and may be related to environmental, infrastructure, and communication data types.

[0106] Public data refers to publicly accessible data, which includes flight information such as flight names, availability, departure and arrival locations, and flight times, and may be related to passenger and reservation data types or environmental data types.

[0107] Appropriate security objectives can be established according to each security level. For example, confidential data may require confidentiality, integrity, availability, non-repudiation, authentication, authorization, and accountability. Personal or sensitive data may require confidentiality, integrity, availability, authentication, and authorization. For public data, only integrity and availability may be considered as basic security objectives.

[0108] The security level of each data and the corresponding security objectives may be adjusted according to the system security policy or the judgment of the security manager.

[0109] In describing the embodiments of the present disclosure, it may be assumed that the type of encryption algorithm used to smoothly perform partial encryption processing, the key used for encryption and decryption, and the rearrangement (shuffle) rule are synchronized between the sender and the receiver. Such synchronization may be achieved, for example, by sharing the relevant information in advance or by including the relevant information in the data header during transmission and reception, but is not limited thereto.

[0110] Additionally, the term 'energy' as considered in this specification may include electrical energy or hydrogen energy for providing power to a gas or system, and may be understood as a concept that includes resource consumption related to computing power, such as computing resources used for data processing and security operations, e.g., a processor (CPU), memory (RAM), and storage devices.

[0111] The present disclosure may be applied to various mobility environments such as AAM, RAM, UAM, and connected cars; however, for the convenience of explanation, the following description focuses on the AAM environment. When applied to an AAM environment, the entity performing the encryption processing may be an AAM airframe, and data transmission and reception may take place between the AAM airframe and another AAM airframe, vertiport, base station, or control center.

[0112] In addition, the device performing encryption operations within the AAM airframe may be hardware such as a vehicle’s electronic control unit (ECU) or central control unit (CCU), and such hardware may be linked with other control modules of the airframe to perform energy state-based partial encryption processing according to the present invention.

[0113] FIG. 6 is a flowchart illustrating a method for performing partial encryption of data according to energy state in an AAM airframe according to one embodiment of the present disclosure.

[0114] A method according to one embodiment of the present disclosure may be performed by a security processing module or processor mounted on an AAM airframe. For example, the present method may be performed by one or more processors executed in a gateway, a data link system, or a security module linked thereto that processes data during the operation of the airframe. Additionally, the present method may be performed by a single processor, or implemented in a form where data classification, energy status determination, and encryption processing are performed in a distributed manner across different modules or processors.

[0115] Referring to FIG. 6, the method acquires data requiring security processing (S610). The data acquired here is data generated, received, transmitted, or stored during the operation of the AAM aircraft, and may include, for example, flight control data, aircraft status information, sensor data, communication data with an external control system, passenger-related data, or maintenance data. Such data may be processed as a single data unit, or may be processed in the form of multiple data sets or data streams.

[0116] The method determines the energy state based on the current energy level and estimated energy consumption of the airframe (S620). Here, the energy state does not simply refer to the remaining battery charge, but rather to an operational capability indicator determined by comprehensively considering the current remaining battery charge, the estimated energy consumption to the destination or landing point, the flight phase, and the condition of the airframe, as previously explained. For example, the energy state may be classified into Normal, Economy, Low Power, or Insufficient. However, this classification is merely an example for convenience of explanation and may be defined as more stages or continuous values ​​depending on variations of the embodiment.

[0117] According to one embodiment, the determination of the energy state (S620) may be performed periodically or in response to the occurrence of a specific event. For example, the determination of the energy state may be performed repeatedly in a preset time period, a data processing period, or a communication session unit, and may also be performed again when an event occurs, such as a sudden change in battery consumption, a change in weather conditions, an increase in communication traffic, or an increase in encryption processing load. Accordingly, the energy state may not be a fixed value during operation, but may be dynamically updated according to changes in the operating environment.

[0118] The method determines whether partial encryption is required based on the determined energy state (S630). For example, if the energy state is normal or energy saving, encryption of the entire data may be permitted; however, if the energy state is low power or lower, it may be preferable to apply partial encryption instead of full data encryption to reduce computational load and energy consumption. Conversely, even if the energy state is insufficient, full encryption may be enforced depending on the security class of the data or its relevance to operational safety. That is, depending on various modified embodiments, the determination of whether partial encryption is required may depend not only on the energy state but also on security policies, data characteristics, or administrator settings.

[0119] If it is determined that partial encryption is not required (No), the method does not perform steps S640 through S680, and instead determines the scope of the data to be encrypted to be the entire data and performs encryption on the entire data (S645). In this case, the entire data can be processed as a single encryption unit according to the security policy and energy status applicable at that time.

[0120] On the other hand, if it is determined that partial encryption is required (Yes), the method determines the scope to which encryption is applied (S640). Here, the 'scope to which encryption is applied' refers to the logical or functional scope of data for which encryption processing is permitted according to the current energy status and security policy. For example, the scope to which encryption is applied can be expressed as the maximum data size that can be encrypted, the number of data items that can be encrypted, or the computational resources available for encryption.

[0121] According to one embodiment, the scope to which encryption is applied may be implemented as an encryption portion representing the proportion of the data to which encryption is applied relative to the total data. For example, when energy is limited, a partial encryption policy may be applied, and by setting the encryption portion, it may be determined which portion of the data to encrypt. The encryption portion may be set to a ratio value such as, for example, 25%, 50%, 75%, etc., but this is merely an example for convenience of explanation and may be defined as a continuous value or an interval value.

[0122] In addition, the encryption rate (or the equivalent range to which encryption is applied) may be set by comprehensively considering (i) the current energy status and the flight path to the destination, (ii) the type and frequency of functions scheduled for use along the flight path, and (iii) external factors that may affect energy consumption, such as weather conditions and airspace traffic. Such settings may be performed by a predefined security policy, flight policy, or setting entity.

[0123] For example, if it is predicted that future energy consumption will increase due to strong winds or other factors during operation, the scope to which encryption is applied can be relatively reduced (e.g., by setting the encryption ratio to 25%) to reduce the load applied to encryption operations. Conversely, if energy is reduced more than expected during operation and a surplus of energy is secured, the scope to which encryption is applied can be expanded to apply encryption to a wider range of data. As such, according to the present embodiment, the scope to which encryption is applied is not a fixed value, but can function as a control variable that can be dynamically adjusted according to changes in energy status during operation.

[0124] The method selects the data with the highest priority among the data that has not yet been processed (S650). Here, the priority of the data refers to a criterion indicating the relative degree of importance that the data needs to be protected in terms of security, and is used to determine whether encryption processing is required preferentially compared to general data.

[0125] Data priority may be set so that data with a relatively higher security risk upon unauthorized access, leakage, or alteration—such as personal information, identifying information, sensitive information, or data requiring protection under security policies—is assigned a higher priority. However, these criteria are not limited to this and may be defined in various ways depending on the system's security policy or operational purpose.

[0126] Data priority can be classified into multiple priority levels, which can be defined in stages, such as high priority, medium priority, and low priority. When the scope of encryption application is limited, data with a relatively high priority may be selected first for encryption processing; accordingly, security-critical data can be protected preferentially even under limited energy and computational resources.

[0127] The priority of each data may be adjusted based not only on the security importance of the data but also on system security policies, flight regulations, or the judgment of the setting entity (e.g., security manager). Additionally, depending on variations of the embodiment, the priority of the data may be dynamically changed according to flight conditions, energy status, or the level of external threats.

[0128] The method determines whether the range to which the determined encryption is to be applied is sufficient to encrypt the entire selected data (S660).

[0129] For example, if the range to which encryption is applied is sufficient to encrypt the entire selected data, the method performs encryption on the entire selected data (S670).

[0130] On the other hand, if the range to which encryption is applied is insufficient to encrypt the entire selected data, the method performs encryption on only a portion of the selected data (S675).

[0131] According to one embodiment, when the energy state is very limited, for example, when the energy state is below a predefined threshold, partial encryption may be performed even within a single data item. In this case, even if the data item contains personal information, identification information, or sensitive information, selective encryption may be performed focusing on the parts that directly contribute to identifying an individual, rather than the entire data item.

[0132] For example, in the case of data items containing information that can identify an individual, such as names, phone numbers, addresses, or location favorites, encryption may be applied only to specific parts within the data item that possess identifiable qualities, such as characters, numbers, strings, tokens, or fields. In this case, for character-based data, alphabetic characters, specific strings, or identification code portions may be subject to encryption; thereby, the level of personal information protection can be ensured while maintaining the overall structure and semantic usability of the data item.

[0133] Meanwhile, for general data items, partial encryption may or may not be applied depending on the priority, security level, or encryption policy of the data items. That is, according to the present embodiment, partial encryption for data items included in the selected data may be performed differentially depending on the type of data item, security importance, and energy status.

[0134] Such partial encryption can be performed at the character level, string level, field level, or partial area level within the data item, depending on the format, structure, or representation method of the data item, and the specific method may vary depending on the security policy or operating environment.

[0135] The method determines whether there is a remaining range to be encrypted and whether there is data of the next priority that has not yet been processed (S680). If, as a result of the determination, there is a remaining range to be encrypted and there is data that has not been processed, the process returns to step S650 to select the data of the next priority and repeat the encryption process. Through this, data of the highest priority can be encrypted sequentially, even under limited energy and computational resources.

[0136] On the other hand, if there is no longer any range to be encrypted or no unprocessed data exists, the method performs rearrangement on the unencrypted parts of the data (S690). In this case, the rearrangement may be performed as an auxiliary protection measure to minimize the exposure of unencrypted plaintext data.

[0137] According to one embodiment, rearrangement may be performed using a data shuffle method that changes the order of data according to a pre-set rule. Here, data shuffle refers to a process that makes it difficult to directly interpret plaintext data by changing the arrangement order, position, or composition order of the data without encrypting the content of the data itself.

[0138] For example, in the case of string data, the order of characters or strings can be rearranged according to predefined rules, while in the case of record or field-based data, the array order of fields or the position of data blocks can be changed. Such rearrangement can prevent the immediate exposure of the meaning of plaintext data while maintaining the length, format, or overall structure of the data. However, these examples are for illustrative purposes only, and the specific method of rearrangement may vary depending on the data format and security policy.

[0139] Such data rearrangement can complementarily enhance data protection levels even under limited energy conditions by providing a certain level of obfuscation effect even for unencrypted data. Additionally, the rearrangement rules can be predefined or dynamically changed, and the data can be restored to its original order at the receiving end as needed.

[0140] Meanwhile, each step illustrated in FIG. 6 is not necessarily required to be performed in the illustrated order, and the energy state determination step (S620) may be performed repeatedly on a periodic or event-based basis to affect the method of execution or results of subsequent steps. For example, if the energy state changes during operation, the scope to which encryption is applied, the order of data selection, or the encryption processing method may be readjusted according to the newly determined energy state.

[0141] Additionally, depending on variations of the embodiment, some steps may be omitted or performed in parallel. For example, the step of determining the range to be encrypted (S640) and the step of selecting the data priority (S650) may be performed simultaneously according to a policy, but are not limited thereto.

[0142] FIG. 7 is a block diagram schematically illustrating an exemplary computing device that can be used to implement a device for performing a method according to the present disclosure.

[0143] Referring to FIG. 7, the computing device (70) may include some or all of memory (700), a processor (720), storage (740), an input / output interface (760), and a communication interface (780). The computing device (70) may be a stationary computing device such as a desktop computer or a server, as well as a mobile computing device such as a laptop computer, a smartphone, or a vehicle. The computing device (70) may be implemented as any specialized hardware accelerator capable of processing operations on an artificial intelligence model in an efficient manner. For example, the computing device (70) may include a graphic processing unit (GPU), a tensor processing unit (TPU), or a neural processing unit (NPU).

[0144] Memory (700) may store a program that enables the processor (720) to perform a method or operation according to various embodiments of the present disclosure. For example, the program may include a plurality of instructions executable by the processor (720), and the method illustrated in FIG. 6 may be performed by executing the plurality of instructions by the processor (720). Memory (700) may be a single memory or multiple memories. In this case, information required to perform a method or operation according to various embodiments of the present disclosure may be stored in a single memory or divided and stored in multiple memories. If memory (700) is composed of multiple memories, the multiple memories may be physically separated. Memory (700) may include at least one of volatile memory and non-volatile memory. Volatile memory includes Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), etc., and non-volatile memory includes flash memory, etc.

[0145] The processor (720) may include at least one core capable of executing at least one instruction. The processor (720) may execute instructions stored in memory (700). The processor (720) may be a single processor or multiple processors.

[0146] Storage (740) retains stored data even if the power supplied to the computing device (70) is cut off. For example, storage (740) may include non-volatile memory and may include storage media such as magnetic tape, optical disc, or magnetic disc. A program stored in storage (740) may be loaded into memory (700) before being executed by the processor (720). Storage (740) may store a file written in a programming language, and a program generated from the file by a compiler, etc., may be loaded into memory (700). Storage (740) may store data to be processed by the processor (720) and / or data processed by the processor (720).

[0147] The input / output interface (760) may include input devices such as a keyboard, mouse, touch display, microphone, etc., and output devices such as a display, speaker, etc. Through the input / output interface (760), the user can trigger the execution of a program by the processor (720) and / or check the processing results of the processor (720).

[0148] The communication interface (780) can provide access to internal and external networks. The computing device (70) can communicate with other devices through the communication interface (780).

[0149] Each component of the device or method according to the present invention may be implemented in hardware or software, or in a combination of hardware and software. Additionally, the function of each component may be implemented in software, and a microprocessor may be implemented to execute the function of the software corresponding to each component.

[0150] Various embodiments of the systems and techniques described herein may be realized as digital electronic circuits, integrated circuits, field programmable gate arrays (FPGAs), application-specific integrated circuits (ASICs), computer hardware, firmware, software, and / or combinations thereof. These various embodiments may include being implemented as one or more computer programs executable on a programmable system. A programmable system comprises a storage system, at least one input device, and at least one programmable processor (which may be a special-purpose processor or a general-purpose processor) coupled to receive data and instructions from and transmit data and instructions to at least one output device. Computer programs (which are also known as programs, software, software applications, or code) include instructions for the programmable processor and are stored on a "computer-readable recording medium."

[0151] Computer-readable recording media include all types of recording devices in which data that can be read by a computer system is stored. Such computer-readable recording media may be non-volatile or non-transitory media such as ROM, CD-ROM, magnetic tape, floppy disk, memory card, hard disk, magneto-optical disk, and storage device, and may also include transitory media such as data transmission media. Additionally, computer-readable recording media may be distributed across networked computer systems, and computer-readable code may be stored and executed in a distributed manner.

[0152] Although the flowcharts and timing diagrams in this specification describe each process as being executed sequentially, this is merely an illustrative explanation of the technical concept of one embodiment of the present disclosure. In other words, a person skilled in the art to which one embodiment of the present disclosure belongs may modify and adapt the flowcharts and timing diagrams in various ways, such as changing the order described in the flowcharts and timing diagrams or executing one or more of the processes in parallel, without departing from the essential characteristics of one embodiment of the present disclosure; therefore, the flowcharts and timing diagrams are not limited to a chronological order.

[0153] The above description is merely an illustrative explanation of the technical concept of the present embodiment, and a person skilled in the art to which the present embodiment belongs would be able to make various modifications and variations within the scope of the essential characteristics of the present embodiment. Accordingly, the present embodiments are intended to explain, not limit, the technical concept of the present embodiment, and the scope of the technical concept of the present embodiment is not limited by these embodiments. The scope of protection of the present embodiment shall be interpreted by the claims below, and all technical concepts within an equivalent scope shall be interpreted as being included within the scope of rights of the present embodiment.

[0154] CROSS-REFERENCE TO RELATED APPLICATION

[0155] This patent application claims priority to Korean patent application No. 10-2024-0199006 filed on December 27, 2024, the entire contents of which are incorporated into this patent application by reference.

Claims

1. A method for performing partial encryption of data based on energy state, The process of acquiring data requiring security processing during the operation of an aircraft; A process of determining the energy state of the said aircraft based on the remaining battery charge of the said aircraft and the estimated energy consumption required for operation to the destination; A process of determining whether to perform full encryption or partial encryption on the data based on the above energy state; A process of determining the range to which encryption is to be applied based on the energy state when it is determined that partial encryption is being performed; The process of selecting the data with the highest priority among the above data; A process of determining whether the range to which the above encryption is applied is sufficient to encrypt the entire selected data; A process of performing encryption on all or part of the selected data based on a judgment result; and The process of performing rearrangement on unencrypted data A method including 2. In Paragraph 1, The process of determining the above energy state is, A method characterized by being performed repeatedly according to a preset time period.

3. In Paragraph 1, The process of determining the above energy state is, A method characterized by being performed in response to the occurrence of a predefined event.

4. In Paragraph 1, The scope to which the above encryption is applied is, A method characterized by being determined by the ratio of data to which encryption is applied.

5. In Paragraph 1, The scope to which the above encryption is applied is, A method characterized by being determined by considering at least one of (i) current energy status, (ii) flight path and flight phase to destination, and (iii) external factors affecting energy consumption, such as weather conditions or airspace traffic.

6. In Paragraph 1, The priority of the above data is, A method characterized by setting data containing personal information, identifying information, or sensitive information to have a higher priority than general data.

7. In Paragraph 1, A method characterized by performing encryption only on some components among the data items included in the selected data that directly contribute to identifying an individual, when the scope to which the encryption is applied is insufficient to encrypt the entire selected data.

8. In Paragraph 1, A method further comprising the process of selecting the next priority data and repeating the encryption process when there is a remaining range to be encrypted and there is data to be not encrypted.

9. In Paragraph 1, The process of performing the above rearrangement is, A method characterized by including a data shuffle that changes the order of unencrypted data according to a predefined rule.

10. An apparatus for performing partial encryption of data based on energy state, At least one memory for storing instructions; and It includes at least one processor configured to execute the above instructions, The above-mentioned at least one processor is, Acquire data requiring security processing during the operation of the aircraft, and The energy state of the said aircraft is determined based on the remaining battery charge of the said aircraft and the estimated energy consumption required for operation to the destination, and Based on the above energy state, determine whether to perform full encryption or partial encryption on the data, and If it is determined that partial encryption is being performed, the range to which encryption is applied is determined based on the energy state, and Select the data with the highest priority among the above data, and It determines whether the range to which the above encryption is applied is sufficient to encrypt the entire selected data, and Based on the judgment result, encryption is performed on all or part of the selected data, and A device configured to perform rearrangement on unencrypted data.

11. In Paragraph 10, The above-mentioned at least one processor is, A device characterized by being configured to repeatedly determine the above energy state according to a preset time period.

12. In Paragraph 10, The above-mentioned at least one processor is, A device characterized by being configured to determine the energy state in response to the occurrence of a predefined event.

13. In Paragraph 10, The above-mentioned at least one processor is, A device characterized by being configured to determine the range to which the encryption is applied based on the ratio of the data to which the encryption is applied.

14. In Paragraph 10, The above-mentioned at least one processor is, A device characterized by being configured to determine the scope to which the above encryption is applied by considering at least one of (i) the current energy status, (ii) the flight path and flight phase to the destination, and (iii) external factors affecting energy consumption, such as weather conditions or airspace traffic.

15. In Paragraph 10, The above-mentioned at least one processor is, A device characterized by being configured to set the priority of said data such that data including personal information, identification information, or sensitive information has a higher priority than general data.

16. In Paragraph 10, The above-mentioned at least one processor is, A device characterized by being configured to perform encryption only on some components among the data items included in the selected data that directly contribute to identifying an individual, when the scope to which the encryption is applied is insufficient to encrypt the entire selected data.

17. In Paragraph 10, The above-mentioned at least one processor is, A device characterized by being configured to repeatedly perform encryption by selecting the next priority data when there is a remaining range to be encrypted and there is data to which encryption has not been applied.

18. In Paragraph 10, The above-mentioned at least one processor is, A device characterized by being configured to perform a data shuffle that changes the order of unencrypted data according to a predefined rule.