1. Field of the Invention
The present invention relates to a system and method for secure distribution of digital data to end users"" media for use by the end users. More particularly, the present invention relates to systems and methods for distributing geographic data to end users for use in their navigation systems.
2. Description of Related Art
There are various different types of devices for which end users are required to obtain digital data. One type of device for which end users are required to obtain digital data is a navigation system. Navigation systems for use on land have become available in a variety of forms and provide for a variety of useful features. One exemplary type of navigation system uses (1) a geographic database that contains data representing features in a geographic area or region, (2) a navigation application program, (3) appropriate computer hardware, such as a microprocessor and memory, and, optionally, (4) a positioning system. The geographic database portion of the navigation system includes information about the positions of roads and intersections in or related to a specific geographic regional area, and may also include information about attributes, such as one-way streets and turn restrictions, as well as about street addresses, alternative routes, hotels, restaurants, museums, stadiums, offices, automobile dealerships, auto repair shops, etc.
The positioning system may employ any of several well-known technologies to determine or approximate one""s physical location in a geographic regional area. For example, the positioning system may employ a GPS-type system (global positioning system), a xe2x80x9cdead reckoningxe2x80x9d-type system, or combinations of these, or other systems, all of which are well-known in the art.
The navigation application program portion of the navigation system is typically a software program that uses data from the geographic database and the positioning system (when employed). The navigation application program may provide the user with a graphical display (e.g. a xe2x80x9cmapxe2x80x9d) of his specific location in the geographic area. In addition, the navigation application program may also provide the user with specific directions to locations in the geographic area from wherever he is located.
The geographic data used by a navigation system may be stored locally with the navigation system in the vehicle, or, alternatively, the geographic data may be located remotely and downloaded to the navigation application programs, as needed, via a wireless communications system or other suitable communications channel. An advantage associated with having the geographic data stored locally with the navigation system is that a large amount of data is continuously available to the navigation system, thereby avoiding the costs associated with installing and maintaining a communications infrastructure that affords the necessary bandwidth needed to provide the data from a remote site. On the other hand, a consideration associated with storing geographic data locally with the navigation system is the need to update the data on a regular basis.
Accordingly, there is a need for a system and method for the distribution of new and updated geographic data to users of navigation systems.
Another consideration associated with providing geographic data for navigation systems is the need to safeguard the data from unlicensed uses, e.g., illegal copying. The collection of geographic data can be a relatively time-consuming and expensive process. Therefore, although is desirable to make it easy for users of navigation systems to obtain new and updated geographic data, it is also desired to provide security measures that prevent unlicensed uses.
As mentioned above, there are various different types of devices for which end users are required to obtain digital data. Other devices include music players (e.g., audio CD players, MP3 players, as well as players that support other formats), video game consoles, DVD players, and computers. The considerations relating to safeguarding of geographic data from unlicensed uses also applies to data provided for these other types of devices.
The present invention provides a navigation system with decryption functions. The navigation system may include a GPS receiver for receiving location coordinates, and a display or other means for presenting map information to a user. The navigation system may further include a processor arranged to execute a number of software routines. One such routine may be executable by the processor for using the geographic data to convert the location coordinates into map information and for causing to the map information to be presented via the means for presenting.
The navigation system may be an in-vehicle navigation system, which may be installed within the dashboard of a vehicle for instance. Alternatively, the navigation system may be a battery-powered handheld unit. Still alternatively, the navigation system may take other forms.
In an exemplary embodiment, the navigation system may be arranged to receive a set of information from a portable data storage medium, such as a flash memory card for instance. The set of information may include (i) an authorization key and (ii) geographic data. The authorization key may define verification information, such as an indication of an entity authorized to access the geographic data and an indication of an entity authorized to hold the geographic data. The geographic data may be divided into at least a first portion and a second portion. The first portion may comprise critical information, such as decompression parameters, indexes and other global parameters, that enables access to the second portion, so as to allow the navigation system to provide navigation services for a user.
On the data storage medium, the first portion of the geographic data may be encrypted, and the authorization key may be encrypted, while the second portion may remain unencrypted. Therefore, the navigation system may receive from the data storage medium (i) the encrypted first portion, (ii) the unencrypted second portion, and (iii) the encrypted authorization key. Further, the decryption key required for decryption of the encrypted first portion could be stored as part of the authorization key. In this way, the navigation system would need to be able to decrypt the authorization key in order to gain access to the first portion of the database and in turn to the database as a whole.
In an exemplary embodiment, the navigation system may include a number of software routines executable by the processor for (i) decrypting the encrypted authorization key so as to uncover the verification information and the decryption key, (ii) using the verification information to validate use of the database, and (iii) in response to successful validation, decrypting the encrypted first portion and then causing the processor to execute the routine mentioned above for using the geographic data to convert location coordinates into map information.
The process of using the verification information to validate use of the database may involve comparing at least a portion of verification information to an identification code associated with the data storage medium or with the navigation system itself. In this way, the navigation system can determine whether the data storage medium is authorized to hold the database and/or whether the navigation system itself is authorized to use the database.
In another embodiment, the navigation system may further include a port for communication with a remote entity via a wireless telecommunications network (such as a cellular telephone system, for instance) or other suitable link. With this arrangement, the navigation system may obtain from the data storage medium the encrypted first portion of the database and the unencrypted second portion of the database. In turn, the navigation system may be programmed to contact the remote entity via the wireless network and to request the authorization key. The remote entity may then send the encrypted authorization key to the navigation system via the wireless network. From that point on, the navigation system may operate as indicated above for instance.
According to further aspects, the present invention relates to an article of manufacture containing a secured data product. In an exemplary embodiment, the article includes a medium and a data product stored on the medium. The data product may include an encrypted first portion and an unencrypted second portion. The first portion may comprise critical data that enables use of the data product including both the first portion and the second portion for an intended purpose. For instance, the critical data may comprise indexes or pointers into the second portion, the critical data may comprise parameters indicative of how a machine can decompress the second portion, or the critical data may comprise other global parameters relating to the data product as a whole.
The encrypted first portion of the data product can itself include a first part (e.g., an authentication key) that is encrypted using public key encryption and a second part (e.g., the critical data from the database) that is encrypted using symmetric key encryption. Advantageously, the symmetric key for decrypting the second part may be contained in encrypted form in the first part. With this exemplary arrangement, the first part must be decrypted in order to uncover the symmetric key that is needed to decrypt the second part, and to thereby obtain access to the data product as a whole.
The data product may, for example, be a geographic database, which may be intended for use by a navigation system (such as in-vehicle navigation systems, handheld (portable) navigation systems, or general purpose computing devices equipped with navigation system functionality, for instance). Alternatively, the data product may take other forms, such as, for instance, digitized songs or videos (e.g., movies) intended for use by music or video players, or games intended for use by video game consoles. Other examples are possible as well.
The article may take the form of a flash memory card, a PC card (e.g., PCMCIA card), or the like, which may include (i) a housing, (ii) a storage segment holding a set of information, and (iii) an interface extending from the housing for coupling the storage segment with a machine (such as a navigation system, for instance). The storage segment may comprise a non-volatile storage medium, such as flash memory.
Preferably, the article has dimensions and storage capacity that conform with industry standards and that are sufficient to store a data product for the intended purpose. Thus, for instance, the article may have dimensions and an interface that conform with PCMCIA standards. Alternatively, for instance, the article may have dimensions and an interface that conform with SDA standards.
The set of information may include an encrypted authorization key and a set of data. Further, the encrypted authorization key can be decrypted using of a first decryption key so as to reveal a plaintext (i.e., non-encrypted) authorization key that defines verification information indicative of an entity authorized to hold the set of data. The machine may then (i) obtain the encrypted authorization key from the storage segment via the interface, (ii) use the first decryption key to decrypt the encrypted authorization key, (iii) uncover the verification information, and (iv) use the verification information to determine that the portable data storage medium is the entity authorized to hold the set of data.
The information indicative of the entity authorized to hold the set of data may comprise an identification code of a data storage medium. The machine may then compare the identification code with an identification code of the portable data storage medium on which the data product is stored so as to determine that the portable data storage medium is the entity authorized to hold the data.
Further or alternatively, the information indicative of the entity authorized to hold the set of data may comprise an identification code of an entity authorized to access the data. A machine may then compare the identification code with its own identification code so as to determine whether it is the entity authorized to access the data.