Purpose

The purpose of the S-63 Data Protection Scheme is to ensure that S-57 data, purchased for a specific user system, cannot be copied to or used on another user system.

The S-63 specification can be downloaded from the IHO website at the following location: http://www.iho.int/iho_pubs/IHO_Download.htm .

How does it work ?

Each S-63 data provider:

  • Starts from original, unencrypted S-57 cells.

  • Encrypts each of those cells with a cell-specific key (a random number). This key is only known by the data provider.

    Each of these encrypted cells can be freely distributed by the data provider to anyone. As long as you do not know the decryption key, the file is useless.

Each S-63 system (or EPS = ENC Processing System):

  • Should have a unique hardware ID (HW_ID). This hardware ID is created by the manufacturer of the system, and unknown to the buyer of the system.

  • Has a User Permit, which is an encrypted version of the HW_ID. As encryption key, the manufacturer of the system uses its manufacturer key (M_KEY). This M_KEY is the same for all the systems produced by that manufacturer.

When the owner of an S-63 system wants to buy S-63 data for a specific system:

  • The owner receives the User Permit from the system vendor.

  • The owner provides the User Permit to the data provider.

  • The data provider delivers the encrypted data and a decryption key that only works on that specific system.

    This is done by

    • Decrypting the User Permit, giving access to the HW_ID of the user’s system. All S-63 data providers have access to a list which contains the M_KEY of each manufacturer. This allows S-63 data providers to decrypt the User Permit.

    • Encrypting the cell-specific decryption key with the HW_ID of the EPS, and sending this to the customer. This is a file called the Cell Permit (PERMIT.txt or ENC.PMT file).

    • The client EPS can decrypt the Cell Permit using its HW_ID, giving it access to the original decryption key for that cell.

The result of this mechanism is that when you have multiple EPS’es:

  • Each of the EPS’es uses the same S-63 data.

  • Only the Cell Permits are different for each system, so each of the EPS’es has its own Cell Permit. This means you need to buy Cell Permits for each EPS.

S-63 protection with Luciad software

In a typical ECDIS scenario with Luciad software, there are different parties:

  • The S-63 manufacturer builds and sells ECDIS systems.

  • The S-63 data provider sells ECDIS data.

  • The customer buys and installs an ECDIS system from a manufacturer, and buys data from a data provider.

When using LuciadLightspeed, the S-63 manufacturer is Luciad (Hexagon Geospatial). This means we are responsible for enforcing the IHO S-63 regulations. We enforce the regulations through the LuciadLightspeed licensing system.

LuciadLightspeed also supports the case where someone else is the S-63 system manufacturer, and is in charge of the User Permits. See How to order S-63 data for more information on this.

Example scenario

  1. You are making a system that does ECDIS visualization with LuciadLightspeed. The system is considered an ECDIS system, or EPS.

    • Luciad chooses a HW_ID for the system, and makes a User Permit by encrypting this HW_ID with Luciad’s secret M_KEY.

    • Luciad gives you a license file. That license file contains the User Permit in the s63UserPermit property.

  2. You buy S-63 data from a data provider.

    • You send them the User Permit.

    • The data provider decrypts the HW_ID from the User Permit based on Luciad’s M_KEY.

    • The data provider generates Cell Permit files associated with this HW_ID. The Cell Permit contains decryption keys for individual cells (.000 files). These keys are themselves encrypted with the HW_ID.

    • The data provider sends you the S-63 cells and the Cell Permit file.

  3. You configure your system.

    • Install the correct LuciadLightspeed license and Cell Permit file. They must correspond.

  4. You run the system.

    • LuciadLightspeed verifies that the license is valid.

    • LuciadLightspeed extracts the User Permit from the license file, and decrypts the HW_ID from it.

    • LuciadLightspeed extracts the cell decryptions keys from the Cell Permit file using the HW_ID.

    • LuciadLightspeed decrypts S-63 cells using the decryption keys.

Terminology

EPS

ENC Processing System: a single system (hardware + software) for which S-63 data is purchased.

For example the ECDIS consoles in a single boat, where the boat is considered the EPS.

HW_ID

the unique hardware ID corresponding to an EPS, created by the manufacturer of the EPS. This HW_ID is hidden inside the EPS.

The HW_ID comes in two forms:

  • Raw form: a 5-digit decimal number, for example 06752

  • ASCII form: the same 5-digit decimal number, but each digit is represented as its ASCII value. So 0 becomes 30, 6 becomes 36, …​ . Example: 3036373532

Cell Permit

the decryption key for a specific cell.

The cell permit is provided by the S-63 data provider to its customer, and allows to decrypt a specific cell on a specific EPS.

The Cell Permits come in two different formats:

  • Basic Cell Permit: this is an ENC.PMT file

  • Meta Cell Permit: this is a PERMIT.txt file

User Permit

the encrypted version of the HW_ID that each user receives when buying an S-63 system. This permit should be send to the S-63 data provider when buying S-63 data.

The User Permit is an 28 digit number. The last 4 digits are the M_ID (manufacturer identifier). This means that you can identify the manufacturer of a system when you know the User Permit.

M_KEY

the manufacturer key. This key is unique to a manufacturer, and is used to encrypt the HW_ID resulting in the User Permit.

Each manufacturer only has a single M_KEY, which is used to encrypt the HW_ID of each system it produces.

M_ID

the manufacturer ID. A unique, 4 digit number, identifying the manufacturer.

The last 4 digits of the User Permit number match the M_ID of the manufacturer who created the User Permit.