FORM 2
THE PATENTS ACT 1970
[39 OF 1970]
&
THE PATENTS RULES, 2003
COMPLETE SPECIFICATION
[See section 10 and Rule 13]
TITLE: “SYSTEM AND METHOD FOR SECURED VEHICLE-TO-EVERYTHING
(V2X) COMMUNICATION”
Name and Address of the Applicants:
(1) MINDA CORPORATION LIMITED, of E-5/2, Chakan Industrial Area, Phase-III M.I.D.C. Nanekarwadi, Tal: Khed, Dist., Pune, Maharashtra, 410-501, India, [Nationality-Indian]; and
(2) REVA University an Indian university of Rukmini Knowledge Park, Yelahanka, Kattigenahalli, Bengaluru, Sathanur, Karnataka 560064 [Nationality-Indian]
The following specification particularly describes the invention and the manner in which it is to be performed.

TECHNICAL FIELD [001] The present disclosure generally relates to generally to performing a key encryption and cyber security for vehicular communications. More particularly, the present disclosure relates to a method and apparatus for establishing secure Vehicle-to-Everything (V2X) communication.
BACKGROUND [002] Communication capabilities in vehicles and transportation infrastructures is best addressed by V2X Communications. V2X communications mainly include vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), vehicle-to-pedestrian (V2P) and vehicle-to-network (V2N) communications. V2X communications can enhance the safety and efficiency of transportation systems. Although LTE based V2X communications have gained a lot of interest recently, there exist several challenges before the LTE network that can be massively exploited for V2X communications. Security is posing one of the impending challenges for LTE V2X communications.
[003] In a cellular based V2X communication, a communication may happen between the vehicle and the cell site. The communication from the vehicle is driven by the electronics control unit (ECU) located at the vehicle end. The communication at the cell site is driven by a cloud server. The cloud server is enabled with an electronic control unit having communication capability with the vehicle side ECU. The vehicle side ECU may be termed as the first ECU and ECU at the Cloud server side may be termed as a second ECU. The first ECU may request for encrypted master key from the second ECU. Accordingly, the second ECU may generate the encrypted master key and may store the encrypted master key in a firmware of the second ECU. Subsequently, a constant may be mutually pre-agreed between the first ECU and the second ECU for generating and communicating the master key between the two ECUs. As a result, a user may not have any access to a secured master key.
[004] However, even though, the constant is mutually agreed between the two ECUs and the master key is generated and stored in the firmware of the second ECU, a developer of the ECU firmware may have an access to the firmware of the second ECU. Accordingly, the master key may be accessed by the developer. As a result, the security in the V2X communication between the two ECUs is compromised.

[005] In view of above, there is a need for enhancing the security in the cellular based V2X communication to overcome security issues during communication between two ECUs.
[006] The information disclosed in this background of the disclosure section is only for enhancement of understanding of the general background of the invention and should not be taken as an acknowledgement or any form of suggestion that this information forms the prior art already known to a person skilled in the art.
SUMMARY [007] In an embodiment, the present disclosure discloses a method for establishing a secure communication between a first device and a second device. The method comprising transmitting a request for an encrypted master key to the second device along with a dynamic packet, wherein the dynamic packet comprises a dynamic key and a master key, and wherein the first device comprises an electronic device having associated telecommunication data. Further, the method comprises receiving the encrypted master key from the second device. Furthermore, the method comprises generating a hash value with a fixed bit length for the encrypted master key by applying a hash function on the dynamic key and splitting the fixed bit length hash value into a first part and a second part. Further, the method comprises generating a decrypted master key based on the received encrypted master key and the first part of the fixed bit length of the hash value. Thereafter, the method comprises encrypting the telecommunication data associated with the electronic device based at least on the decrypted master key. Finally, the method comprises transmitting the encrypted telecommunication data along with the decrypted master key to the second device for establishing the secure communication between the first device and the second device.
[008] In an embodiment, the present disclosure discloses a method for establishing a secure communication between a first device and a second device. The method comprises receiving a request for an encrypted master key from the first device along with a dynamic packet, wherein the dynamic packet comprises a dynamic key and a master key. Further, the method comprises generating a hash value with a fixed bit length for the master key by applying a hash function on the dynamic key and splitting the fixed bit length hash value into a first part and a second part. Thereafter, the method comprises generating the encrypted master key based on the received master key and the first part of the fixed bit length hash value. Finally, the method comprises transmitting the encrypted master key from the second device to the first device for establishing the secure communication between the first device and the second device.

[009] In an embodiment, the present disclosure discloses a first device for establishing a secure communication with a second device. The apparatus comprises a processor and a memory coupled to the processor. The processor is configured to transmit a request for an encrypted master key to the second device along with a dynamic packet, wherein the dynamic packet comprises a dynamic key and a master key, and wherein the first device comprises an electronic device having associated telecommunication data. Further, the processor is configured to receive the encrypted master key from the second device. Furthermore, the processor is configured to generate a hash value with a fixed bit length for the encrypted master key by applying a hash function on the dynamic key and splitting the fixed bit length hash value into a first part and a second part. Further, the processor is configured to generate a decrypted master key based on the received encrypted master key and the first part of the fixed bit length of the hash value. Thereafter, the processor is configured to encrypt the telecommunication data associated with the electronic device based at least on the decrypted master key. Finally, the processor is configured to transmit the encrypted telecommunication data along with the decrypted master key to the second device for establishing the secure communication between the first device and the second device.
[0010] In an embodiment, the present disclosure discloses a second device for establishing a secure communication with a first device. The apparatus comprises a processor and a memory coupled to the processor. The processor is configured to receive a request for an encrypted master key from the first device along with a dynamic packet, wherein the dynamic packet comprises a dynamic key and a master key. Further, processor is configured to generate a hash value with a fixed bit length for the master key by applying a hash function on the dynamic key and splitting the fixed bit length hash value into a first part and a second part. Thereafter, the processor is configured to generate the encrypted master key based on the received master key and the first part of the fixed bit length hash value. Finally, the processor is configured to transmit the encrypted master key from the second device to the first device for establishing the secure communication between the first device and the second device.
[0011] The foregoing summary is illustrative only and is not intended to be in any way limiting. In addition to the illustrative aspects, embodiments, and features described above, further aspects, embodiments, and features will become apparent by reference to the drawings and the following detailed description.

BRIEF DESCRIPTION OF THE ACCOMPANYING DRAWINGS [0012] The novel features and characteristics of the disclosure are set forth in the appended claims. The disclosure itself, however, as well as a preferred mode of use, further objectives, and advantages thereof, will best be understood by reference to the following detailed description of an illustrative embodiment when read in conjunction with the accompanying figures. One or more embodiments are now described, by way of example only, with reference to the accompanying figures wherein like reference numerals represent like elements and in which:
[0013] Figure 1 illustrates an exemplary communication system 100 comprising a first device 101 and a second device 103 for securely communicating with each other, in accordance with some embodiments of the present disclosure.
[0014] Figure 2A illustrates a detailed block diagram 200a of a first device 101 shown in Figure 1, in accordance with some embodiments of the present disclosure.
[0015] Figure 2B illustrates a detailed block diagram 200b of a second device 103 shown in Figure 1, in accordance with some embodiments of the present disclosure.
[0016] Figure 3A illustrates a block diagram 300a for hashing an input to generate a hash value, in accordance with some embodiments of the present disclosure.
[0017] Figure 3B illustrates a block diagram 300b for splitting hash value into two parts, in accordance with some embodiments of the present disclosure.
[0018] Figure 4A illustrates a block diagram 400a for encrypting a master key, in accordance with some embodiments of the present disclosure.
[0019] Figure 4B illustrates a block diagram 400b for splitting hash value into two parts, in accordance with some embodiments of the present disclosure.
[0020] Figure 4C illustrates a block diagram 400c for decrypting a master key, in accordance with some embodiments of the present disclosure.
[0021] Figure 5A illustrate a sequence diagram 500a for establishing a secure communication between a first device 101 and a second device 103, in accordance with some embodiments of the present disclosure.

[0022] Figure 5B shows a communication system 500b showing communication between the electronic device 501 and a plurality of cell towers, in accordance with some embodiments of the present disclosure.
[0023] Figure 6A shows a flowchart illustrating a method 600a for establishing a secure communication between a first device 101 and a second device 103, in accordance with some embodiments of the present disclosure.
[0024] Figure 6B shows a flowchart illustrating another method 600b for establishing a secure communication between a first device 101 and a second device 103, in accordance with another embodiments of the present disclosure.
[0025] It should be appreciated by those skilled in the art that any block diagram herein represents conceptual views of illustrative systems embodying the principles of the present subject matter. Similarly, it will be appreciated that any flow charts, flow diagrams, state transition diagrams, pseudo code, and the like represent various processes which may be represented in computer readable medium and executed by a computer or processor, whether or not such computer or processor is explicitly shown.
DETAILED DESCRIPTION [0026] In the present document, the word "exemplary" is used herein to mean "serving as an example, instance, or illustration." Any embodiment or implementation of the present subject matter described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.
[0027] While the disclosure is susceptible to various modifications and alternative forms, specific embodiment thereof has been shown by way of example in the drawings and will be described in detail below. It should be understood, however that it is not intended to limit the disclosure to the particular forms disclosed, but on the contrary, the disclosure is to cover all modifications, equivalents, and alternatives falling within the scope of the disclosure.
[0028] The terms “comprises”, “comprising”, or any other variations thereof, are intended to cover a non-exclusive inclusion, such that a setup, device, or method that comprises a list of components or steps does not include only those components or steps but may include other components or steps not expressly listed or inherent to such setup or device or method. In other

words, one or more elements in a system or apparatus proceeded by “comprises… a” does not, without more constraints, preclude the existence of other elements or additional elements in the system or apparatus.
[0029] The terms like “at least one” and “one or more” may be used interchangeably throughout the description. The terms like “a plurality of” and “multiple” may be used interchangeably throughout the description.
[0030] Figure 1 illustrates an exemplary communication system 100 comprising a first device 101 and a second device 103 for securely communicating with each other, in accordance with some embodiments of the present disclosure.
As illustrated in Figure 1, the exemplary communication system 100 may comprise the first device 101 and the second device 103. The first device 101 and the second device 103 may communicate with each other through a communication network 117. For example, the first device 101 may be an Electronic Control Unit (ECU) on vehicle side and the second device 103 may be a cloud server. The present disclosure is not limited thereto. In some embodiments, the second device 103 may be an ECU, a mobile device, a cloud server and the like. The ECU associated with the first device 101 may be a control device which is configured to control multiple systems of the vehicle. The communication network 117 may be implemented as one of the several types of networks, such as intranet or Local Area Network (LAN). The communication network 117 may either be a dedicated network or a shared network, which represents an association of several types of networks that use a variety of protocols, for example, Hypertext Transfer Protocols (HTTPs) or a Transmission Control Protocol (TCP) and a Transport Layer Security (TLS), a Wireless Application Protocol (WAP), etc. The cloud server may be provisioned by a cloud service provider. For instance, a cloud service provider may assign a virtual hardware which can be used by the user to run applications and store data. In other words, the cloud server may be a virtual server which may run on a cloud computing platform. The cloud server may allow users to access virtualized computing resources using Internet.
[0031] The first device 101 may comprise an interface 105, a memory 107, and a processor 109. Similarly, the second device 103 may comprise an interface 111, a memory 113, and a processor 115. The detailed diagrams of the first device 101 and the second device 103 are explained in Figures 2A and 2B, respectively.

[0032] Initially, the first device 101 may transmit a request along with a dynamic packet to the second device 103 for generating and sending an encrypted master key. Specifically, the first device 101 may include an electronic device (not shown in Figure 1) which generates the request to be sent to the second device 103. For example, the electronic device may be, without limitation, a Telematics Gateway Unit (TGU). The TGU may be an embedded system present on board of the vehicle and helps to connect the ECUs of the vehicle to the cloud servers. The TGU may comprise telecommunication data. In one embodiment, the telecommunication data may include, without limitation, telematics data associated with the electronic device/TGU. The present disclosure is not limited thereto.
[0033] As mentioned above, the first device 101 may transmit the request along with a dynamic packet to the second device 103. The dynamic packet may be generated by the electronic device/TGU associated with the first device 101. The dynamic packet may include, without limitation, a dynamic key and a master key. For example, the dynamic key (also termed as time varying signature) may be generated based on geographical location information of the electronic device/TGU and information related to one or more cells associated with the first device 101. The dynamic key may be stored in a local memory of the electronic device/TGU for decryption of the master key at a later stage. The dynamic key may be periodically updated based on real-time information related to the one or more cells associated with the first device 101. For example, the dynamic key may be generated for every 30 seconds. The present disclosure is not limited there to. The time period may be configurable and can be configured for any length of the time. The dynamic key may be generated for every 30 seconds based on one serving cell and one or more neighbouring cells information. If the dynamic key is not generated for said time, an old last dynamic key may be used until a new dynamic key is formed or generated. The one or more cells associated with the first device 101 may comprise the one serving cell and the one or more neighbouring cells. The information related to the one or more cells comprise cell identities which may pertain to the one or more cells. Each of the one or more cells may be associated with a Long Term Evolution (LTE) network (4G), a Wideband Code Division Multiple Access (W-CDMA) network (3G) or a Global system for Mobile (GSM) network (2G). The dynamic key may be generated
[0034] The master key may be derived from the electronic device/TGU based on information related to an International Mobile Equipment Identity (IMEI) number of the electronic device/TGU and date and time information of sending the dynamic packet to the second device
8

103. The first device 101 may send the master key and the dynamic key to the second device 103 for encrypting the master key and request the second device 103 to share the encrypted master key back to the first device 101.
[0035] The second device 103 may receive the request from the first device 101 along with the dynamic packet. After receiving the request, the second device 103 may generate a hash value with a fixed bit length for the master key by applying a hash function on the dynamic key. Specifically, the dynamic key or time varying signature may be provided as an input to a hash value generator. The hash value generator may apply a hash function by using a Secure Hash Algorithm (SHA) 256 and generate the fixed bit length (for example, 256 bit) hash value as shown in Figure 3A. The present disclosure is not limited only to use SHA 256 hashing algorithm, and any of the hashing algorithm may be used for applying the hash function. Similarly, it is understood that the bit length of the hash value in the present disclosure is shown to be 256 just for the exemplary purpose. However, the bit length of the hash value may be varied based on requirement. For example, the bit length may be 128 or 192 and the like. The SHA 256 algorithm may be a cryptographic hash function that converts an input of any length to 256 fixed bit length. The output of the conversion may be the hash value or hash.
[0036] After generating the hash value, the second device 103 may split the fixed bit length hash value into an equal parts e.g., a first part and a second part. Specifically, the generated hash value (for example 256 bit length hash value) is provided as an input to the hash value splitter as shown in Figure 3B. The hash value splitter may divide or split the 256 bit hash value into two equal parts. For example, the first part (P1) and the second part (P2). In one embodiment, the first part may be 128 bits and the second part may be 128 bits. The present disclosure is not limited thereto.
[0037] After splitting the hash value into two equal parts, the second device 103 may generate the encrypted master key based on the received master key and the first part (P1) of the fixed bit length hash value. For example, the master key, derived from the IMEI number associated with the electronic device/TGU, and date and time information of sending the dynamic packet to the second device 103, along with the first part (P1) of the fixed bit length hash value is provided as an input to the encryption engine as shown in Figure 4A. The encryption engine may use Advanced Encryption Standard (AES) 128 algorithm to generate the encrypted master key. The present disclosure is not limited only to user AES-128 algorithm, and any of the encryption algorithm may be used for generating the encrypted master key. The AES 128

algorithm may be a symmetric key algorithm which may use same key for encryption process and decryption process.
[0038] After generating the encrypted master key, the second device 103 may transmit the encrypted master to first device 101 for establishing the secure communication between the first device 101. Subsequently, the first device 101 may receive the encrypted master key from the second device 103 and may generate a hash value with a fixed bit length for the encrypted master key by applying a hash function using the previously stored dynamic key. The hash value generator may apply a hash function by using a Secure Hash Algorithm (SHA) 256 and generate the fixed bit length (for example, 256 bit) hash value as shown in Figure 3A. The present disclosure is not limited only to use SHA 256 hashing algorithm, and any of the hashing algorithm may be used for applying the hash function.
[0039] After generating the hash value, the first device 101 may split the fixed bit length hash value into an equal parts i.e., a first part and a second part. Specifically, the generated hash value (for example 256 bit length hash value) is provided as an input to the hash value splitter as shown in Figure 4B. The hash value splitter may divide or split the 256 bit hash value into two equal parts at the electronic device/TGU end. For example, the first part (P1) and the second part (P2). In one embodiment, the first part may be 128 bits and the second part may be 128 bits. The present disclosure is not limited thereto.
[0040] After splitting the hash value into two equal parts, the first device 101 may generate a decrypted master key based on the received encrypted master key and the first part (P1) of the fixed bit length of the hash value. For example, the encrypted master key (or unique master key) received from the second device 103 may be restored at the electronic device/TGU end. The encrypted master key and the first part (P1) of the fixed bit length is provided as an input to a decryption engine as shown in Figure 4C. The decryption engine may use Advanced Encryption Standard (AES) 128 algorithm to generate the decrypted master key at the TGU end. The present disclosure is not limited only to user AES-128 algorithm, and any of the decryption algorithm may be used for generating the decrypting master key.
[0041] After generating the decrypted master key, the first device 101 may encrypt the telecommunication data associated with the electronic device/TGU using the decrypted master key. In the next step, the telecommunication data may be encrypted using the decrypted master key. Specifically, the telematics data associated with the first device 101 may be encrypted

using the decrypted master key. Subsequently, the first device 101 may transmit the encrypted telecommunication data along with the decrypted master key to the second device 103. The encrypted telecommunication data may comprise encrypted telematics data associated with the electronic device/TGU of the first device 101.
[0042] In response, the second device 103 may receive the encrypted telecommunication data along with the decrypted master key. After receiving the encrypted telecommunication data along with the decrypted master key, the second device 103 may check for key authentication. For example, the second device may decrypt the telecommunication data using the decrypted master key and may store the decrypted telecommunication data in a database of the second device. Specifically, the second device may use decryption engine with AES 128 algorithm for decrypting encrypted telecommunication data. Accordingly, the secure communication may be established between the first device 101 and the second device 103.
[0043] Figure 2A illustrates a detailed block diagram 200a of a first device 101 shown in Figure 1, in accordance with some embodiments of the present disclosure.
[0044] In an embodiment, the first device 101 may include an interface 105, a memory 107, a Central Processing Unit (also referred as “CPUs” or “the one or more processors”) 109. In some embodiments, the memory 107 may be communicatively coupled to the one or more processors 109. The memory 107 stores instructions executable by the one or more processors 109. The one or more processors 109 may comprise at least one data processor for executing program components for executing user or system-generated requests. The one or more processors 109 may perform one or more functions of the first device 101 for establishing a secure communication with a second device 103. The memory 107 may store instructions, executable by the one or more processors 109, which on execution, may cause the one or more processors 109 to establish a secure communication with the second device 103. The interface 105 may be coupled with the one or more processors 109 through which information or data may be received from a second device 103. For example, the one or more processors 109 may communicate with the second device 103 as shown in Figure 1.
[0045] In an embodiment, the one or more processor 109 may include one or more modules or hardware units, for e.g., an transmitting unit 201, a receiving unit 203, a generating unit 205, a splitting unit 207, and an encrypting unit 209, but not limited thereto. In some embodiments, the one or more modules or units may be software modules which may be stored in the memory

107. The one or more modules or hardware units may be configured to perform the various operations of the present disclosure to establish a secure communication with the second device 103.
[0046] Figure 2B illustrates a detailed block diagram 200b of a second device 103 shown in Figure 1, in accordance with some embodiments of the present disclosure.
[0047] In an embodiment, the second device 103 may include an interface 111, a memory 113, a Central Processing Unit (also referred as “CPUs” or “the one or more processors”) 115. In some embodiments, the memory 113 may be communicatively coupled to the one or more processors. The memory 113 stores instructions executable by the one or more processors 115. The one or more processors 115 may comprise at least one data processor for executing program components for executing user or system-generated requests. The one or more processors 115 may perform one or more functions of the second device 103 for establishing a secure communication with the first device 101. The memory 113 may store instructions, executable by the one or more processors 115, which on execution, may cause the one or more processors 115 to establish a secure communication with the first device 101.
[0048] In an embodiment, the one or more processor 115 may include one or more modules or hardware units, for e.g., a receiving unit 211, a generating unit 213, a splitting unit 215, a transmitting unit 217, and a decrypting unit 219, but not limited thereto. In some embodiments, the one or more modules or units may be software modules which may be stored in the memory 113. The one or more modules or hardware units may be configured to perform the various operations of the present disclosure to establish a secure communication with the first device 101.
[0049] Figure 3A illustrates a block diagram 300a for hashing an input to generate a hash value, in accordance with some embodiments of the present disclosure. As shown in Figure 3A, an input, for example a dynamic key, is provided to a hash value generator 301. The hash value generator 301 by using a SHA algorithm applies a hash function to the input and may generate the fixed bit length hash value.
[0050] Figure 3B illustrates a block diagram 300b for splitting hash value into two parts, in accordance with some embodiments of the present disclosure. As shown in Figure 3B, the generated hash value (generated at the second device 103 end) is provided as an input to the

hash value splitter 303. The hash value splitter 303 may divide the hash value into two parts, for example, a First part (P1), and a second part (P2).
[0051] Figure 4A illustrates a block diagram 400a for encrypting a master key, in accordance with some embodiments of the present disclosure. As shown in Figure 4A, a master key, and the first part (P1) of the generated hash value is provided as an input to an encryption engine 401. The encryption engine 401 by using AES 128 algorithm may generate the encrypted master key 403.
[0052] Figure 4B illustrates a block diagram 400b for splitting hash value into two parts, in accordance with some embodiments of the present disclosure. As shown in Figure 4B, the hash value (generated at the first device 101 end) may be provided as an input to the hash value splitter 405. The hash value splitter 405 may split the hash value into a first part (P1) and a second part (P2).
[0053] Figure 4C illustrates a block diagram 400c for decrypting a master key, in accordance with some embodiments of the present disclosure. As shown in Figure 4C, the generated encrypted master key 403 along with the first part (P1) of the hash value is provided as an input to the decryption engine 407. The decryption engine 407 by using AES 128 algorithm may generate decrypted master key 409.
[0054] Figure 5A illustrate a sequence diagram 500a for establishing a secure communication between a first device 101 and a second device 103, in accordance with some embodiments of the present disclosure.
[0055] Initially, at step 1 (S1), the first device 101 may send a request along with a dynamic packet to the second device 103 for sending an encrypted master key 403. The dynamic packet may include a dynamic key and a master key. At step 2 (S2), the second device 103 may receive the request along with the dynamic packet from the first device 101 and generate a hash value (for example, 256 bits fixed length) for the master key using the dynamic key. The hashing algorithm may be used to generate the hash value for the master key. At step 3 (S3) the second device 103 may divide the hash value into two equal parts such as a first part (P1) and a second part (P2). At step 4 (S4), the second device may use master key received and the first part (P1) of the hash value to generate the encrypted master key 403. Specifically, the AES 128

symmetric encryption algorithm may be used to generate the encrypted master key 403 based on the inputs (for example, the master key and the first part of the hash value).
[0056] At step 5 (S5), the second device 103 may transmit the encrypted master key 403 to the first device. At step 6 (S6), the first device 101 may receive the encrypted master key 403. At step 7 (S7), the first device 101 may generate a hash value for the master key using previously stored dynamic key or time varying signature. The SHA 256 hashing algorithm may be used to generate the hash value using the input (for example, master key). At step 8 (S8), the first device 101 may divide the hash value into two equal parts. For example, the 256 bits fixed length may be divided into first part (P1) and second part (P2). At step 9 (S9), the first device 101 may decrypt the encrypted master key 403 using AES 128 algorithm. Specifically, the encrypted master key 403 and the first part (P1) of the fixed bit length hash value is provided as an input to the decryption engine and the decryption engine by using the AES 128 algorithm may generate the decrypted master key 409. The decrypted master key 409 may be used to decrypt the encrypted master key 403.
[0057] At step 10 (S10), the first device 101 may encrypt telecommunication data. At step 11 (S11), the first device 101 may transmit the encrypted telecommunication data along with the decrypted master key 409 to the second device 103. At step 12 (S12), the second device 103, may receive the encrypted telecommunication data along with the decrypted master key 409and may check for key authentication. At step 13 (S13), the second device 103 may decrypt the telecommunication data using the decrypted master key 409 and may store the telecommunication data in a database of the second device. Accordingly, secure communication between the first device 101 and the second device may be established.
[0058] Figure 5B shows a communication system 500b showing communication between the electronic device 501 and a plurality of cell towers, in accordance with some embodiments of the present disclosure.
[0059] As shown in Figure 5B, an electronic device 501 is communicating with the one or more cells, for example, a cell-1 served by a cell tower -1, a cell-2 served by a cell tower -2, a cell-3 served by a cell tower -3, and a cell-4 served by a cell tower -4. Each of the 1 to 4 cells may comprise physical cell identities. The physical cell identities provides the information of the one or more cells that whether the one or more cells are associated with a Long Term

Evolution (LTE) network (4G), a Wideband Code Division Multiple Access (W-CDMA) network (3G), or a Global system for Mobile (GSM) network (2G).
[0060] The electronic device 501 may be associated with the first device 101. In one embodiment, the electronic device 501 may be a Telematics Gateway Unit (TGU). The electronic device 501 may include an unique IMEI number. Among the one or more cells, the one cell may be a serving cell for the electronic device 501 and rest of the cells may be the neighbouring cells.
[0061] In some embodiments, the serving cell may be changed as the location of the electronic device changes. For example, the electronic device 501 may be associated with the ECU of the vehicle, and the cell– 1 is the serving cell for electronic device and other cells such as the cell-2, cell-3, and cell-4 may function as neighbouring cells. Similarly, when the location of the electronic device 501 is changed, the cell-2 may be the serving cell, and rest of the cells, such as cell-1, cell-3, and cell-4 may function as the neighbouring cells.
[0062] Figure 6A shows a flowchart illustrating a method 600a for establishing a secure communication between a first device 101 and a second device 103, in accordance with some embodiments of the present disclosure.
[0063] As illustrated in Figure 6, the method 600a may comprise one or more steps. The method 600a may be described in the general context of computer executable instructions. Generally, computer executable instructions can include routines, programs, objects, components, data structures, procedures, modules, and functions, which perform particular functions or implement particular abstract data types.
[0064] The order in which the method 600a is described is not intended to be construed as a limitation, and any number of the described method blocks can be combined in any order to implement the method. Additionally, individual blocks may be deleted from the methods without departing from the scope of the subject matter described herein. Furthermore, the method can be implemented in any suitable hardware, software, firmware, or combination thereof.
[0065] At block 602, the method 600a comprises the method comprises transmitting a request for an encrypted master key 403 to the second device 103 along with a dynamic packet, wherein the dynamic packet comprises a dynamic key and a master key, and wherein the first device

101 comprises an electronic device having associated telecommunication data. The operations of block 602 may be performed by the processor 109 (particularly by a transmitting unit 201) of Figure 2A.
[0066] At block 604, the method 600a comprises receiving the encrypted master key 403 from the second device 103. The operations of block 604 may be performed by the processor 109 (particularly, by the receiving unit 203) of Figure 2A.
[0067] At block 606, the method 600a comprises generating a hash value with a fixed bit length for the encrypted master key 403 by applying a hash function on the dynamic key and splitting the fixed bit length hash value into a first part and a second part. The operations of block 606 may be performed by the processor 109 (particularly, the generation of the hash value with the fixed bit length is performed by the generating unit 205, and splitting the fixed bit length hash value into a first part and a second part is performed by the splitting unit 207, respectively) of Figure 2A.
[0068] At block 608, the method 600a comprises generating a decrypted master key 409 based on the received encrypted master key 403 and the first part of the fixed bit length of the hash value. The operations of block 608 may be performed by the processor 109 (particularly, by the generating unit 205) of Figure 2A.
[0069] At block 610, the method 600a comprises encrypting the telecommunication data associated with the electronic device based at least on the decrypted master key 409. The operations of block 610 may be performed by the processor 109 (particularly, by the encrypting unit 209) of Figure 2A.
[0070] At block 612, the method 600a comprises transmitting the encrypted telecommunication data along with the decrypted master key 409 to the second device 103 for establishing the secure communication between the first device 101 and the second device 103. The operations of block 612 may be performed by the processor 109 (particularly, by the transmitting unit 201) of Figure 2A.
[0071] Figure 6B shows a flowchart illustrating another method 600b for establishing a secure communication between a first device 101 and a second device 103, in accordance with another embodiments of the present disclosure.

[0072] At block 614, the method 600b comprises receiving a request for an encrypted master key 403 from the first device 101 along with a dynamic packet, wherein the dynamic packet comprises a dynamic key and a master key. The operations of block 614 may be performed by the processor 115 (particularly, by the receiving unit 211) of Figure 2B.
[0073] At block 616, the method 600b comprises generating a hash value with a fixed bit length for the master key by applying a hash function on the dynamic key and splitting the fixed bit length hash value into a first part and a second part. The operations of block 616 may be performed by the processor 115 (particularly, generating a hash value with a fixed bit length is performed by the generating unit 213, and splitting the fixed bit length hash value into a first part and a second part is performed by splitting unit 215, respectively) of Figure 2B.
[0074] At block 618, the method 600b comprises generating the encrypted master key 403 based on the received master key and the first part of the fixed bit length hash value. The operations of block 618 may be performed by the processor 115 (particularly, by the generating unit 213) of Figure 2B.
[0075] At block 620, the method 600b comprises transmitting the encrypted master key 403 from the second device 103 to the first device for establishing the secure communication between the first device 101 and the second device 103. The operations of block 620 may be performed by the processor 115 (particularly, by the transmitting unit 217) of Figure 3.
[0076] In further steps, the method comprises receiving encrypted telecommunication data along with a decrypted master key 409 from the first device 101, wherein the encrypted telecommunication data comprises encrypted telematics data associated with a telematics Gateway Unit (TGU) of the first device 101. The said operation is performed by the processor 115 (particularly by the receiving unit 211).
[0077] In the next step, the method comprises decrypting the telecommunication data using the decrypted master key 409 and storing the decrypted telecommunication data in a database of the second device 103. The said operation is performed by the processor 115 (particularly by the decrypting unit 219).
ADVANTAGES OF THE INVENTION [0078] In the present disclosure, a master key is mutually used and agreed upon between the two devices. The master key ( i.e., encrypted master key) is securely generated in the second
17

device and shared with the TGU of the first device. Subsequently, the telematics data is sent to the second device. As a result, the master key may not be accessible to the other person or entity other than the first device and the second device, consequently, the present disclosure provides an enhanced security in cellular based communication between the first device (for example, a TGU) and the second device (for example, a cloud server).
[0079] In the present disclosure, the dynamic key is generated based on location information of TGU of the first device and nearby one or more cells information. The dynamic key is a time varying signature and it is updated for every 30 seconds. As a result, it is difficult to other entity to access the data communicated between the first device and the second device.
[0080] In the present disclosure, the dynamic key or time varying signature is a unique or different at every instant of time and after some distance is traversed. As a result, the tracking of the dynamic key by an intruder at any point of time is difficult. This enhances the security of cellular based V2X communication between the first device and the second device.
[0081] In the present disclosure, the encrypted master key is generated. The encrypted master key is an aggregation of unique IMEI number and epoch time which is a unique at all points of time and hence, this cannot be intercepted by any intruders for a given time. Accordingly, the present disclosure enhances the security of cellular based V2X communication between the first device and the second device.
[0082] The terms “including”, “comprising”, “having” and variations thereof mean “including but not limited to”, unless expressly specified otherwise. The enumerated listing of items does not imply that any or all of the items are mutually exclusive, unless expressly specified otherwise. The terms “a”, “an” and “the” mean “one or more”, unless expressly specified otherwise.
[0083] In alternative embodiments, certain operations may be performed in a different order, modified, or removed. Moreover, steps may be added to the above-described logic and still conform to the described embodiments. Further, operations described herein may occur sequentially or certain operations may be processed in parallel. Yet further, operations may be performed by a single processing unit or by distributed processing units.
[0084] Finally, the language used in the specification has been principally selected for readability and instructional purposes, and it may not have been selected to delineate or
18

circumscribe the inventive subject matter. It is therefore intended that the scope of the invention be limited not by this detailed description, but rather by any claims that issue on an application based here on. Accordingly, the disclosure of the embodiments of the invention is intended to be illustrative, but not limiting, of the scope of the invention, which is set forth in the following claims.

Referral Numerals:
Referral number Description
100 Exemplary communication system
101 First device
103 Second device
105 Interface associated with the first device
107 Memory associated with the first device
109 Processor associated with the first device
111 Interface associated with the second device
113 Memory associated with the second device
115 Processor associated with the second device
117 Communication network
201 Transmitting unit of the first device
203 Receiving unit of the first device
205 Generating unit of the first device
207 Splitting unit of the first device
209 Encrypting unit of the first device
211 Receiving unit of the second device
213 Generating unit of the second device
215 Splitting unit of the second device
217 Transmitting unit of the second device
219 Decrypting unit of the second device
301 Hash value generator at second device
303 Hash value splitter at second device
401 Encryption engine
403 Encrypted master key
19

405 Hash value splitter at first device
407 Decryption engine
409 Decrypted master key
501 Electronic device

We claim:
1. A method (600a) for establishing a secure communication between a first device (101) and
a second device (103), the method (600a) comprising:
transmitting (602), by the first device (10), a request for an encrypted master key (403) to the second device (103) along with a dynamic packet, wherein the dynamic packet comprises a dynamic key and a master key, and wherein the first device (101) comprises an electronic device (501) having associated telecommunication data;
receiving (604), by the first device (101), the encrypted master key (403) from the second device (103);
generating (606), by the first device (101), a hash value with a fixed bit length for the encrypted master key (403) by applying a hash function on the dynamic key, and splitting the fixed bit length hash value into a first part and a second part;
generating (608), by the first device (101), a decrypted master key (409) based on the received encrypted master key (403) and the first part of the fixed bit length of the hash value;
encrypting (610), by the first device (101), the telecommunication data associated with the electronic device based at least on the decrypted master key (409); and
transmitting (612), by the first device (101), the encrypted telecommunication data along with the decrypted master key (409) to the second device (103) for establishing the secure communication between the first device (101) and the second device (103).
2. The method (600a) as claimed in claim 1, further comprising:
generating the dynamic key based on geographical location information of the electronic device (501) associated with the first device (101) and information related to one or more cells associated with the first device (101), wherein the one or more cells associated with the first device (101)comprise one serving cell and at least one neighbouring cell; and
periodically updating the generated dynamic key based on real-time information related to the one or more cells associated with the first device (101).
3. The method (600a) as claimed in claim 2, wherein the information related to the one or more
cells comprises cell identities pertaining to the one or more cells, and wherein each of the one
or more cells is associated with a Long Term Evolution (LTE) network, a Wideband Code
Division Multiple Access (W-CDMA) network, or a Global system for Mobile (GSM)
network.

4. The method (600a) as claimed in claim 1, further comprising:
generating the master key based on information related to an International Mobile Equipment Identity (IMEI) number of the electronic device (501), and date and time information of sending the dynamic packet to the second device (103).
5. The method (600a) as claimed in claim 1, wherein the first device (101) is an Electronic Control Unit (ECU) on a vehicle side, wherein the electronic device (501) is a Telematics Gateway Unit (TGU) on the vehicle side, wherein the telecommunication data comprises telematics data associated with the TGU, and wherein the second device (103) is a Cloud Server.
6. A method (600b) for establishing a secure communication between a first device (101) and a second device (103), the method (600b) comprising:
receiving (614), by the second device (103), a request for an encrypted master key (403) from the first device (101) along with a dynamic packet, wherein the dynamic packet comprises a dynamic key and a master key;
generating (616), by the second device (103), a hash value with a fixed bit length for the master key by applying a hash function on the dynamic key and splitting the fixed bit length hash value into a first part and a second part;
generating (618), by the second device (103), the encrypted master key (403) based on the received master key and the first part of the fixed bit length hash value; and
transmitting (620), by the second device (103), the encrypted master key (403) from the second device to the first device (101) for establishing the secure communication between the first device (101) and the second device (103).
7. The method (600b) as claimed in claim 6, further comprising:
receiving, by the second device (103), encrypted telecommunication data along with a decrypted master key (409) from the first device (101), wherein the encrypted telecommunication data comprises encrypted telematics data associated with a telematics Gateway Unit (TGU) of the first device (101); and
decrypting, by the second device (103), the telecommunication data using the decrypted master key (409) and storing the decrypted telecommunication data in a database of the second device (103).

8. The method (600b) as claimed in claim 6, wherein the first device (101) is an Electronic Control Unit (ECU) on a vehicle side, and wherein the second device (103) is a Cloud Server.
9. A first device (101) for establishing a secure communication with a second device (103), the first device (101) comprising:
a processor (109);
a memory (107) coupled to the processor (109), wherein the processor (109) is configured to:
transmit a request for an encrypted master key (403) to the second device (103) along with a dynamic packet, wherein the dynamic packet comprises a dynamic key and a master key, and wherein the first device (101) comprises an electronic device (501) which comprises telecommunication data;
receive the encrypted master key (403) from the second device (103);
generate a hash value with a fixed bit length for the encrypted master key (403) by applying a hash function on the dynamic key, and splitting the fixed bit length hash value into a first part and a second part;
generate a decrypted master key (409) based on the received encrypted master key (403) and the first part of the fixed bit length hash value;
encrypt the telecommunication data associated with the electronic device based at least on the decrypted master key (409); and
transmit the encrypted telecommunication data along with the decrypted master key (409) to the second device (103) for establishing the secure communication between the first device (101) and the second device (103).
10. The first device (101) as claimed in claim 9, wherein the processor (109) is further
configured to:
generate the dynamic key based on geographical location information of the electronic device (501) of the first device (101) and information related to one or more cells associated with the first device (101), wherein the one or more cells associated with the first device (101) comprise one serving cell and at least one neighbouring cell; and
periodically update the generated dynamic key based on real-time information related to the one or more cells associated with the first device.

11. The first device (101) as claimed in claim 10, wherein the information related to the one or
more cells comprises cell identities pertaining to the one or more cells, and wherein each of the
one or more cells is associated with a Long Term Evolution (LTE) network, a Wideband Code
Division Multiple Access (W-CDMA) network, or a Global system for Mobile (GSM)
network.
12. The first device (101) as claimed in claim 9, wherein the processor (109) is further
configured to:
generate the master key based on information related to an International Mobile Equipment Identity (IMEI) number of the electronic device (501), and date and time information of sending the dynamic packet to the second device (103).
13. The first device (101) as claimed in claim 9, wherein the first device (101) is an Electronic Control Unit (ECU) on a vehicle side, wherein the electronic device (501) is a Telematics Gateway Unit (TGU) on the vehicle side, wherein the telecommunication data comprises telematics data associated with the TGU and wherein the second device (103) is a Cloud Server.
14. A second device (103) for establishing a secure communication with a first device (101), the second device (103) comprising:
a processor (115);
a memory (113) coupled to the processor (115), wherein the processor (115) is configured to:
receive a request for an encrypted master key (403) from the first device (101) along with a dynamic packet, wherein the dynamic packet comprises a dynamic key and a master key;
generate a hash value with a fixed bit length for the master key by applying a hash function on the dynamic key and splitting the fixed bit length hash value into a first part and a second part;
generate the encrypted master key (403) based on the received master key and the first part of the fixed bit length of the hash value; and
transmit the encrypted master key (403) from the second device (103) to the first device for establishing the secure communication between the first device (101) and the second device (103).

15. The second device (103) as claimed in claim 14, wherein the processor (115) is further
configured to:
receive encrypted telecommunication data along with a decrypted master key (409) from the first device (101), wherein the encrypted telecommunication data comprises encrypted telematics data associated telematics data associated with a Telematics Gateway Unit (TGU) of the first device (101); and
decrypt the telecommunication data using the decrypted master key (409) and storing the decrypted telecommunication data in a database of the second device (103).
16. The second device (103) as claimed in claim 14, wherein the first device (101) is an
Electronic Control Unit (ECU) on a vehicle side, and wherein the second device (103) is a
Cloud Server.