In an earlier post, we discussed that Registered Flight Module on a drone is responsible for validating a permission artifact before taking off. In this post, we will be looking at the various checks that the RFM should perform in order to validate a Permission Artifact obtained from Digital Sky. For reference, will be using this sample test permission artifact downloaded from iDronePort NPNT Test Tool.

<UAPermission lastUpdated="" ttl="" txnId="" permissionArtifactId="">
   <Permission>
     <Owner operatorId="">
       <Pilot uaplNo="" validTo=""/>
     </Owner>
     <FlightDetails>
       <UADetails uinNo="UIN-0000"/>
       <FlightPurpose shortDesc="Survey" frequency=""/>
       <PayloadDetails payloadWeight="0.5" payloadDetails="RGB Camera"/>
       <FlightParameters flightStartTime="2019-11-09T16:19:35+05:30" flightEndTime="2019-11-09T17:19:35+05:30" frequenciesUsed="">
         <Coordinates>
           <Coordinate latitude="22.144760059668457" longitude="79.00388717651366"/>
           <Coordinate latitude="22.142216057820903" longitude="79.00096893310547"/>
           <Coordinate latitude="22.14253406056565" longitude="79.00474548339842"/>
           <Coordinate latitude="22.144760059668457" longitude="79.00388717651366"/>
         </Coordinates>
       </FlightParameters>
     </FlightDetails>
   </Permission>
 <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><Reference><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>y1h7rIhBbT5vGi4JS3wjN2Qd+QublYf1VxHRNvwLNF0=</DigestValue></Reference></SignedInfo><SignatureValue>YDdma02/e6RDznvjLa+1i1LSIFRyCnaKMGrwT1Ai+G54NxpL1e4fY76VzcnBdpGLkMo5bdfScet4Y8znIirM7fnT6UYE6RoeuIC4+sMnrtJe5z3t4XGw4z+fQVJz/WE4KHmO+pmnIqBIAcbm2Hrfs3VSzrEzz09DShLNbqsb6tHJtWePqn/pd14VzH+gVEbNRdjR/dCsWySgNNns6YbdkgZ7RbZStNzsqLRU5+spGHrGlLy4InAMgKzyhbeN8IA8hwXrrNtEfSvD8ZB7ULo1B7ssA0LRKs1R0qFOE6qxkfnqQz3sVWEfZOhKSWVq7szWlDeT09RXyXiPZiHob/xsGg==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIEdzCCA1+gAwIBAgIUNRGVDfGhq8Oxr1JyC1QuDaPMJmswDQYJKoZIhvcNAQEFBQAwgcoxCzAJBgNVBAYTAklOMQswCQYDVQQIDAJLQTESMBAGA1UEBwwJQmVuZ2FsdXJ1MSkwJwYDVQQKDCBBbGdvcGl4ZWwgVGVjaG5vbG9naWVzIFB2dC4gTHRkLjEeMBwGA1UECwwVaURyb25lUG9ydCBEUyBSZXBsaWNhMSgwJgYDVQQDDB9hbGdvcGl4ZWwtaWRyb25lcG9ydC1kcy1yZXBsaWNhMSUwIwYJKoZIhvcNAQkBFhZjb250YWN0QGFsZ29waXhlbC50ZWNoMB4XDTE5MDMxNDA5NDY1NFoXDTIwMDMxMzA5NDY1NFowgcoxCzAJBgNVBAYTAklOMQswCQYDVQQIDAJLQTESMBAGA1UEBwwJQmVuZ2FsdXJ1MSkwJwYDVQQKDCBBbGdvcGl4ZWwgVGVjaG5vbG9naWVzIFB2dC4gTHRkLjEeMBwGA1UECwwVaURyb25lUG9ydCBEUyBSZXBsaWNhMSgwJgYDVQQDDB9hbGdvcGl4ZWwtaWRyb25lcG9ydC1kcy1yZXBsaWNhMSUwIwYJKoZIhvcNAQkBFhZjb250YWN0QGFsZ29waXhlbC50ZWNoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0aHtTg/NPvWwksUY4kYbkatfmliGrUe30C3eDy0GFLpTqHQV+g4wkWovqfu3tvd0FMjlRdbPOI6gGBcG9yIA5tTXUcVEDwCi50TuiIAN4QINWzS6I+cvCqIwEZk3Yih64MRjPHoUrm4zyr0ihMU/XjDqG7cu2QNY/gBX+LD86qcQRcV+7wq/7OW+aWq1bZFiI9pMraHWhrMvj3kthjDT4RbeYNE9JjHIePMmH7hSi67rQLingQ8+ccK7P7bc+Yfj34FBxZIh0m0NPZO/nsgL1ZqqheV+WtY9eZs71CZK8hSJXTMEw5EaXaZMF7i5LjJnU09PHVXwoBHZ1FpqQyUZQIDAQABo1MwUTAdBgNVHQ4EFgQUAT2SZyZlEFy53FeRG4+vhFa1bsEwHwYDVR0jBBgwFoAUAT2SZyZlEFy53FeRG4+vhFa1bsEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAKRMAJH5Gyo1N2+ZDKuk3RIH+nKdSndD6nJRlAp2F3cW+RrAHPzpQVIgBHWXY95vY4rXG50JqJ+Vq485i/7MNOSCduFEwJK7K5fRTaSm8tPUwfowdcr5t4SEwZyYwmq3TZl8LZ+E0AJVHhfjio7Mmg1ruMDiOOy1d9EG9+/9WB3rKHjYL/wXr7WXhANz6w7tkxESkMPXjPY8Pxwj9H9wZonn+yOW+jgf1/+WGHqpH7VBsUfD1TEc8ygWX9iQUOD7pWtZ/VF1ETY9QzQhZb+1lHQyOLhWg55utmjGrFpbUM24SaiN88deMxd0lOp50tpYR8EbLuPH4LuHWvlgMKbepFw==</X509Certificate></X509Data></KeyInfo></Signature></UAPermission>

Time-bound Verification

The time bounds are specified within the FlightParameters tag

<FlightParameters flightStartTime="2019-11-09T16:19:35+05:30" flightEndTime="2019-11-09T17:19:35+05:30" frequenciesUsed="">

The RFM should verify that the take-off time is after flightStartTime and before flightEndTime.

Geo-fence Verification

The geo-fence parameters are specified within the Coordinates tag.

<Coordinates>
   <Coordinate latitude="22.144760059668457" longitude="79.00388717651366"/>
   <Coordinate latitude="22.142216057820903" longitude="79.00096893310547"/>
   <Coordinate latitude="22.14253406056565" longitude="79.00474548339842"/>
   <Coordinate latitude="22.144760059668457" longitude="79.00388717651366"/>
</Coordinates>                         

The RFM should verify that the take-off coordinates lie within the geo-fence bounds.

Signature Verification

The signature is contained within the Signature tag.

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><Reference><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>y1h7rIhBbT5vGi4JS3wjN2Qd+QublYf1VxHRNvwLNF0=</DigestValue></Reference></SignedInfo><SignatureValue>YDdma02/e6RDznvjLa+1i1LSIFRyCnaKMGrwT1Ai+G54NxpL1e4fY76VzcnBdpGLkMo5bdfScet4Y8znIirM7fnT6UYE6RoeuIC4+sMnrtJe5z3t4XGw4z+fQVJz/WE4KHmO+pmnIqBIAcbm2Hrfs3VSzrEzz09DShLNbqsb6tHJtWePqn/pd14VzH+gVEbNRdjR/dCsWySgNNns6YbdkgZ7RbZStNzsqLRU5+spGHrGlLy4InAMgKzyhbeN8IA8hwXrrNtEfSvD8ZB7ULo1B7ssA0LRKs1R0qFOE6qxkfnqQz3sVWEfZOhKSWVq7szWlDeT09RXyXiPZiHob/xsGg==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIEdzCCA1+gAwIBAgIUNRGVDfGhq8Oxr1JyC1QuDaPMJmswDQYJKoZIhvcNAQEFBQAwgcoxCzAJBgNVBAYTAklOMQswCQYDVQQIDAJLQTESMBAGA1UEBwwJQmVuZ2FsdXJ1MSkwJwYDVQQKDCBBbGdvcGl4ZWwgVGVjaG5vbG9naWVzIFB2dC4gTHRkLjEeMBwGA1UECwwVaURyb25lUG9ydCBEUyBSZXBsaWNhMSgwJgYDVQQDDB9hbGdvcGl4ZWwtaWRyb25lcG9ydC1kcy1yZXBsaWNhMSUwIwYJKoZIhvcNAQkBFhZjb250YWN0QGFsZ29waXhlbC50ZWNoMB4XDTE5MDMxNDA5NDY1NFoXDTIwMDMxMzA5NDY1NFowgcoxCzAJBgNVBAYTAklOMQswCQYDVQQIDAJLQTESMBAGA1UEBwwJQmVuZ2FsdXJ1MSkwJwYDVQQKDCBBbGdvcGl4ZWwgVGVjaG5vbG9naWVzIFB2dC4gTHRkLjEeMBwGA1UECwwVaURyb25lUG9ydCBEUyBSZXBsaWNhMSgwJgYDVQQDDB9hbGdvcGl4ZWwtaWRyb25lcG9ydC1kcy1yZXBsaWNhMSUwIwYJKoZIhvcNAQkBFhZjb250YWN0QGFsZ29waXhlbC50ZWNoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0aHtTg/NPvWwksUY4kYbkatfmliGrUe30C3eDy0GFLpTqHQV+g4wkWovqfu3tvd0FMjlRdbPOI6gGBcG9yIA5tTXUcVEDwCi50TuiIAN4QINWzS6I+cvCqIwEZk3Yih64MRjPHoUrm4zyr0ihMU/XjDqG7cu2QNY/gBX+LD86qcQRcV+7wq/7OW+aWq1bZFiI9pMraHWhrMvj3kthjDT4RbeYNE9JjHIePMmH7hSi67rQLingQ8+ccK7P7bc+Yfj34FBxZIh0m0NPZO/nsgL1ZqqheV+WtY9eZs71CZK8hSJXTMEw5EaXaZMF7i5LjJnU09PHVXwoBHZ1FpqQyUZQIDAQABo1MwUTAdBgNVHQ4EFgQUAT2SZyZlEFy53FeRG4+vhFa1bsEwHwYDVR0jBBgwFoAUAT2SZyZlEFy53FeRG4+vhFa1bsEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAKRMAJH5Gyo1N2+ZDKuk3RIH+nKdSndD6nJRlAp2F3cW+RrAHPzpQVIgBHWXY95vY4rXG50JqJ+Vq485i/7MNOSCduFEwJK7K5fRTaSm8tPUwfowdcr5t4SEwZyYwmq3TZl8LZ+E0AJVHhfjio7Mmg1ruMDiOOy1d9EG9+/9WB3rKHjYL/wXr7WXhANz6w7tkxESkMPXjPY8Pxwj9H9wZonn+yOW+jgf1/+WGHqpH7VBsUfD1TEc8ygWX9iQUOD7pWtZ/VF1ETY9QzQhZb+1lHQyOLhWg55utmjGrFpbUM24SaiN88deMxd0lOp50tpYR8EbLuPH4LuHWvlgMKbepFw==</X509Certificate></X509Data></KeyInfo></Signature>

The permission artifact is signed using the XMLDSig algorithm. The SignedInfo parameter contains information about the canonicalization method, the signature method and transform used while signing the document. The RFM should verify that the DigestValue and SignatureValue match the expected values as per the XMLDSig algorithm. The signing certificate is available within the X509Certificate tag which contains the public key to be used for verification. During development, this online tool can help in doing a quick check if the permission certificate that you have with you has a valid signature – https://tools.chilkat.io/xmlDsigVerify.cshtml.

The above mentioned checks are the only mandatory checks as of now as per the official NPNT Test Tool made available by DGCA. Apart from the above mentioned checks, there are a few additional checks that the drone manufacturer can implement for more secure verification.

Optional Checks

These checks are optional right now. A manufacturer can implement them to provide for a more secure and future-proof implementation.

  • Operator Id: Operator Id of the entity operating the drone should match the operatorId parameter in Owner tag.
  • UIN: The UIN of the drone is specified within the uinNo parameter in the UADetails tag. The RFM should verify that the UIN matches the UIN stored within the RFM.
  • Certificate: Certificate present within the X509Certificate tag should match the official signing certificate of DGCA.