Purpose
The purpose of the S-63 Data Protection Scheme is to ensure that S-57 data, purchased for a specific user system, cannot be copied to or used on another user system.
The S-63 specification can be downloaded from the IHO website at the following location: http://www.iho.int/iho_pubs/IHO_Download.htm .
How does it work ?
Each S-63 data provider:
-
Starts from original, unencrypted S-57 cells.
-
Encrypts each of those cells with a cell-specific key (a random number). This key is only known by the data provider.
Each of these encrypted cells can be freely distributed by the data provider to anyone. As long as you do not know the decryption key, the file is useless.
Each S-63 system (or EPS = ENC Processing System):
-
Should have a unique hardware ID (
HW_ID
). This hardware ID is created by the manufacturer of the system, and unknown to the buyer of the system. -
Has a User Permit, which is an encrypted version of the
HW_ID
. As encryption key, the manufacturer of the system uses its manufacturer key (M_KEY
). ThisM_KEY
is the same for all the systems produced by that manufacturer.
When the owner of an S-63 system wants to buy S-63 data for a specific system:
-
The owner receives the User Permit from the system vendor.
-
The owner provides the User Permit to the data provider.
-
The data provider delivers the encrypted data and a decryption key that only works on that specific system.
This is done by
-
Decrypting the User Permit, giving access to the
HW_ID
of the user’s system. All S-63 data providers have access to a list which contains theM_KEY
of each manufacturer. This allows S-63 data providers to decrypt the User Permit. -
Encrypting the cell-specific decryption key with the
HW_ID
of the EPS, and sending this to the customer. This is a file called the Cell Permit (PERMIT.txt
orENC.PMT
file). -
The client EPS can decrypt the Cell Permit using its
HW_ID
, giving it access to the original decryption key for that cell.
-
The result of this mechanism is that when you have multiple EPS’es:
|
S-63 protection with Luciad software
In a typical ECDIS scenario with Luciad software, there are different parties:
-
The S-63 manufacturer builds and sells ECDIS systems.
-
The S-63 data provider sells ECDIS data.
-
The customer buys and installs an ECDIS system from a manufacturer, and buys data from a data provider.
When using LuciadLightspeed, the S-63 manufacturer is Luciad (Hexagon Geospatial). This means we are responsible for enforcing the IHO S-63 regulations. We enforce the regulations through the LuciadLightspeed licensing system.
LuciadLightspeed also supports the case where someone else is the S-63 system manufacturer, and is in charge of the User Permits. See How to order S-63 data for more information on this. |
Example scenario
-
You are making a system that does ECDIS visualization with LuciadLightspeed. The system is considered an ECDIS system, or EPS.
-
Luciad chooses a
HW_ID
for the system, and makes a User Permit by encrypting thisHW_ID
with Luciad’s secretM_KEY
. -
Luciad gives you a license file. That license file contains the User Permit in the
s63UserPermit
property.
-
-
You buy S-63 data from a data provider.
-
You send them the User Permit.
-
The data provider decrypts the
HW_ID
from the User Permit based on Luciad’sM_KEY
. -
The data provider generates Cell Permit files associated with this
HW_ID
. The Cell Permit contains decryption keys for individual cells (.000 files). These keys are themselves encrypted with theHW_ID
. -
The data provider sends you the S-63 cells and the Cell Permit file.
-
-
You configure your system.
-
Install the correct LuciadLightspeed license and Cell Permit file. They must correspond.
-
-
You run the system.
-
LuciadLightspeed verifies that the license is valid.
-
LuciadLightspeed extracts the User Permit from the license file, and decrypts the
HW_ID
from it. -
LuciadLightspeed extracts the cell decryptions keys from the Cell Permit file using the
HW_ID
. -
LuciadLightspeed decrypts S-63 cells using the decryption keys.
-
Terminology
- EPS
-
ENC Processing System: a single system (hardware + software) for which S-63 data is purchased.
For example the ECDIS consoles in a single boat, where the boat is considered the EPS.
- HW_ID
-
the unique hardware ID corresponding to an EPS, created by the manufacturer of the EPS. This
HW_ID
is hidden inside the EPS.The HW_ID comes in two forms:
-
Raw form: a 5-digit decimal number, for example
06752
-
ASCII form: the same 5-digit decimal number, but each digit is represented as its ASCII value. So
0
becomes30
,6
becomes36
, …​ . Example:3036373532
-
- Cell Permit
-
the decryption key for a specific cell.
The cell permit is provided by the S-63 data provider to its customer, and allows to decrypt a specific cell on a specific EPS.
The Cell Permits come in two different formats:
-
Basic Cell Permit: this is an
ENC.PMT
file -
Meta Cell Permit: this is a
PERMIT.txt
file
-
- User Permit
-
the encrypted version of the
HW_ID
that each user receives when buying an S-63 system. This permit should be send to the S-63 data provider when buying S-63 data.The User Permit is an 28 digit number. The last 4 digits are the
M_ID
(manufacturer identifier). This means that you can identify the manufacturer of a system when you know the User Permit. - M_KEY
-
the manufacturer key. This key is unique to a manufacturer, and is used to encrypt the
HW_ID
resulting in the User Permit.Each manufacturer only has a single
M_KEY
, which is used to encrypt theHW_ID
of each system it produces. - M_ID
-
the manufacturer ID. A unique, 4 digit number, identifying the manufacturer.
The last 4 digits of the User Permit number match the
M_ID
of the manufacturer who created the User Permit.