Technical Field of the Invention

The present invention relates to a method and a device for encrypting information. Prior Art

The cryptography or encryption of information is now a common practice in various sectors, for example in cases where there are exchanges of confidential information between senders and recipients, without it being decrypted and understood by third parties, who may still be able to intercept the confidential information exchanged between authorised parties.

Various encryption methods have been proposed so far, such as asymmetric key encryption methods using a pair of keys (public key and private key). As is well known, in asymmetric key encryption, senders disclose to recipients a public key by which the information exchanged is encrypted, while recipients each own a private key, which is kept secret. The private key is the only one that can decrypt the piece of information encrypted by the public key.

It should be taken into account that public and private keys generally have a limited duration. For example, when managing accesses and transactions in the banking sector, users can have at their disposal a so-called “OTP (One Time Password) key”, which cyclically generates different numerical codes that can be authenticated by their banks so they can validate the access and/or the execution of the operations.

It is therefore necessary to continuously generate a public key, which must be deployed to all possible recipients and each recipient must be able to generate at least one private key by which to further decrypt or encrypt the information exchanged with other recipients.

A possible solution to these needs has been proposed, for example, in the patent application no. ITVI20090009A1, which describes a method for generating single-use authentication passwords, specifically OTP passwords, by using a global navigation system, namely a system of the GNSS (Global Navigation Satellite System) type. The cryptography proposed by this document involves the generation of OTP keys calculated by a device owned by a user, based on the user's position, the time measurement and other characteristic parameters. The generation of keys by the device is however computationally heavy, since several data and parameters have to be processed.

The structure of a navigation signal comprising advanced authentication mechanisms is depicted in document EP3349044A1, where multiple encryption keys are used to increase the robustness of the navigation message so that third parties cannot threaten the integrity of the user-level navigation system.

Summary of the Invention

This being stated, an object of the present invention is to propose a method for encrypting information and a device for performing said method for encrypting information, which allow to eliminate, or anyway limit, the computational cost for generating single-use keys.

Another object of the present invention is to propose a method for encrypting information and a device for performing said method for encrypting information that is independent of the location of the user who owns the device.

These objects are achieved by the present invention thanks to a method for encrypting information according to claim 1 and to a device according to claim 12. Further peculiar characteristics of the present invention are set forth in the respective dependent claims.

One method for encrypting information involves the use of an encryption device that comprises a logical control unit capable of carrying out the following steps:

(a) receiving a piece of information to be encrypted;

(b) receiving at least one first encryption key;

(c) encrypting the piece of information received with the at least one first encryption key.

According to the present invention, the at least one first encryption key is provided to the encryption device through at least one radionavigation signal.

As discussed below, the first source may be an element inside the encryption device (a sensor, a memory, etc.) or an element outside the same, capable of transmitting the piece of information to the encryption device.

According to an aspect of the present invention, the method comprises a step of transmitting said encrypted piece of information during step c) through a signal, preferably wireless, of a nature different from the radionavigation signal received in step b).

Advantageously, the logical control unit of the device, which carries out the steps of the method according to the present description, can send encrypted messages to another device, whose logical control unit has carried out at least step b) of the present method, without the need to generate one or more encryption keys through particularly complex and computationally heavy algorithms.

Still advantageously, only another device, which has received the same radionavigation signal received during step b), will be able to decode the signal transmitted by the device during the transmission step and correctly interpret the piece of information.

It should be noted that the transmitting step does not involve sending navigation signals, but can be carried out through known medium- short-range data transmission techniques, as happens for example in a WSN (Wireless Sensor Network) sensors. In such type of networks, the sensors communicate with each other by means of short- distance radio-frequency techniques, for example by using ISM (Industrial, Scientific and Medical) bands.

The first encryption key is then received and extracted directly from the radionavigation signal, without the need of having to generate the first encryption key, by resorting to complex and computationally heavy algorithms.

The radio navigation signal is received by a GNSS receiver of the encryption device and is provided by a global navigation satellite system.

In particular, the radionavigation signal comprises a navigation message and the first encryption key is obtained directly from the navigation message. The navigation message may be based on any protocol adopted by the global navigation satellite system, such as the TESLA protocol or other protocols used for the global navigation satellite systems.

The first encryption key can be obtained, for example, from at least one MACK (Message Authentication Code and Key) key contained in the navigation message.

It is therefore evident that the first encryption key is independent of the position of the encryption device or in any case of the position of the GNSS receiver receiving it, nor depends on other parameters which overload the encryption key generation algorithms. The global navigation satellite system can be, for example, the Galileo system. In this case, the navigation message is for example the Open Service - Navigation Message Authentication (OS-NMA) message, which is transmitted inside the Integrity Navigation Message I/NAV on the El-B channel (with carrier frequency at 1575.42 MHz).

In a possible embodiment of the method according to the invention, the logical control unit of the encryption device can carry out a further step of encrypting said piece of information by at least one second encryption key, which is different from the first encryption key received in step (b). The second key, for example used for asymmetric cryptography, could be stored inside the device equipped with the control unit and not change over time, unlike the first key.

In another embodiment of the method according to the invention, the logical control unit of the encryption device can carry out a further step of encrypting said piece of information by at least one third encryption key, which is different from the first encryption key received in step (b) and from the second encryption key.

According to an aspect of the present invention, during step a) a first signal other than the radionavigation signal received during step b) is received. Said first signal comprises said piece of information. In other words, said first signal is generated by a first source other than a second source generating the radionavigation signal, generally an orbiting artificial satellite. Depending on the embodiment, the first source of the piece of information may be inside or outside the same device comprising the logical control unit configured to perform the encryption method according to the present invention.

Preferably, therefore, the control unit receives from a first source the piece of information to be encrypted, from a second source (different from the first source) the encryption key through a radionavigation signal, encrypts the piece of information through such key and sends it to a device different from the second source (and typically also from the first source), which in turn is able to receive the encryption key from the second source. The radionavigation signal is therefore mainly used for the generation of the encryption key.

The invention further relates to a device for encrypting information, in which the device comprises a logical control unit programmed to receive at least one first encryption key and perform an encryption method according to the present invention. Said logical control unit is in direct or indirect communication with a first source for receiving from said first source a first signal containing the piece of information to be encrypted and then transmitted by means of the encryption method. Said first source may be internal or external to the device comprising the logical control unit. In other words, the control unit can receive the piece of information from an element outside the device in which it is placed, or from an element inside it, for example the piece of information can contain data collected by sensors placed on the device equipped with the control unit, such as thermometers, accelerometers, heart beat meters, etc. or data stored inside a memory of the same device.

The device comprises a GNSS receiver to receive the radio navigation signal. The GNSS receiver may be configured to generate at least one second encryption key that is different from the first encryption key.

The device further comprises at least one communication module for communicating with at least one other device of the same type. The communication module may be configured to generate at least one third encryption key which is different from the first encryption key and the second encryption key.

The communication module is configured to send signals, preferably wireless signals, of a nature different from the radionavigation signal received from the GNSS receiver. In particular, the communication module is configured to transmit a signal of a nature different from the radionavigation signal received from the GNSS receiver. Said transmitted signal contains the piece of information encrypted by at least said first encryption key.

Preferably, the communication module comprises an RF circuit, operatively connected to said logical control unit and configured to transmit radio waves belonging for example to the ISM bands.

As discussed, the piece of information is preferably exchanged between elements of a system that comprises at least two devices having a control unit capable of carrying out step (b) of the method discussed above, and wherein at least one of these devices is equipped with a control unit capable of also carrying out steps (a) and (c).

Brief Description of the Drawings

Further characteristics and advantages of the present invention will be apparent from the following description, made with reference to the accompanying drawing by way of non-limiting example, in which Figure 1 is a view schematically illustrating the method and the devices according to the invention.

Detailed Description

The diagram of Figure 1 shows a global navigation satellite system comprising the satellites Si, S2, ···, Si, ..., S _m which transmit GNSS-type signals in which navigation messages are incorporated. By way of example, the global navigation satellite system represented here is the Galileo system which transmits, among others, I/NAV navigation messages on the El-B Open Service channel. Anyway, the system may be any other global navigation satellite system that implements a Navigation Message Authentication service similar to that of the Galileo system.

Navigation messages are received by the devices Di, D _{2, ...} . D _j , ..., D _n or, more precisely, by the respective control units Gi, G2, ..., G _j , ..., G _n that incorporate receivers of GNSS signals.

Each control unit Gi-G _n , when it receives a I/NAV navigation message, extracts from the navigation message at least one first encryption key, for example a first key of the MACK (Message Authentication Code and Key) type, by which it can encrypt a piece of information to be exchanged with the devices Di-D _n .

Each control unit Gi-G _n can possibly carry out a further encryption of the piece of information by a second encryption key different from the first encryption key, before transmitting it to the other devices Di-D _n .

The encrypted piece of information W can thus be exchanged between the devices Di- D _n , which are the only ones that can decrypt the piece of information, since they have received the same first encryption key extracted from the navigation message I/NAV transmitted by the global navigation satellite system Si-S _m .

The exchange of the encrypted piece of information W between the devices Di-D _n is carried out via the respective communication modules Ci, C ₂ , ···, C _j , ..., C _n . Also in this case, each communication module Ci-C _n can possibly carry out a further encryption of the piece of information by a third encryption key different from the first and second encryption keys, before transmitting it to the other devices Di-D _n in order to further increase the security level of the encrypted piece of information W, which is exchanged between the devices Di-D _n .

Some possible applications in which the invention can advantageously find use are for example the encryption of the communication between IoT (Internet of Things) sensors with logical units Gi-G _n in which a GNSS chipset is built-in, which implements the Galileo's Open Service Navigation Message Authentication service. Examples of these applications are:

- use of “wearable” sensors in open construction sites (e.g. motorways, bridges, public infrastructure): this allows the use of position information also for insurance paperwork (both of accident and premium setting);

- uses of “wearable” sensors for personal use (e.g. pedometers, cardio- frequency meter, etc.): this allows the secure exchange of information (protecting privacy) between the “wearable” device and the data collection device (e.g. smartphones, tablets or the like).

The invention can also be applied in network synchronisation via GNSS receivers, for example in the encryption of the data exchange necessary for network synchronisation via GNSS receivers which implement the Galileo's Open Service Authentication service and methods such as, for example, the “Common View” and derivatives thereof (e.g. Linked Common View, Multi-Path Linked Common View, ...) or the simple “Time Difference”. Examples of network synchronisation applications relate to critical infrastructures such as:

- electrical networks;

- telecommunications networks;

- financial trading networks.

Lurther applications that may use this invention relate to the cooperative vehicle navigation and vehicle wireless networks where information exchange requires robustness and privacy.

Other possible applications may relate to the protection of data exchanged for relative navigation between in-formation flying satellites, in which the receivers used to calculate the position implement the Galileo's Open Service Authentication service.