WO2011102164A1 - Navigation system - Google Patents

Navigation system Download PDF

Info

Publication number
WO2011102164A1
WO2011102164A1 PCT/JP2011/050610 JP2011050610W WO2011102164A1 WO 2011102164 A1 WO2011102164 A1 WO 2011102164A1 JP 2011050610 W JP2011050610 W JP 2011050610W WO 2011102164 A1 WO2011102164 A1 WO 2011102164A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
updating
map
navigation
unit
Prior art date
Application number
PCT/JP2011/050610
Other languages
French (fr)
Inventor
Hiroyoshi Masuda
Kensuke Takeuchi
Norihisa Fujikawa
Koichi Iwatsuki
Yoshihiro Tanabe
Original Assignee
Aisin Aw Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aisin Aw Co., Ltd. filed Critical Aisin Aw Co., Ltd.
Publication of WO2011102164A1 publication Critical patent/WO2011102164A1/en

Links

Classifications

    • GPHYSICS
    • G01MEASURING; TESTING
    • G01CMEASURING DISTANCES, LEVELS OR BEARINGS; SURVEYING; NAVIGATION; GYROSCOPIC INSTRUMENTS; PHOTOGRAMMETRY OR VIDEOGRAMMETRY
    • G01C21/00Navigation; Navigational instruments not provided for in groups G01C1/00 - G01C19/00
    • G01C21/38Electronic maps specially adapted for navigation; Updating thereof
    • G01C21/3863Structures of map data
    • G01C21/387Organisation of map data, e.g. version management or database structures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Definitions

  • JP-A-2008- 175648 also discloses that a hash value is created from the map information, and verification of this electronic signature is passed when this hash value and decrypted data match each other, but the verification of this electronic signature is not passed when this hash value and the decrypted data do not match each other. Accordingly, not only when a malicious third person adds an electronic signature to the map data with a secret key that is different from the secret key possessed by the information distribution center, but also when the third person tampers the map data without changing the electronic signature, tampering of the map data is detected by not passing the verification of the electronic signature when the hash value created from the map data and decryption data do not match each other. Thus, it is possible to assure information security of the map data.
  • the navigation unit includes an update decryption key for decrypting the updating security data that is encrypted with the update encryption key and recorded in the recording medium
  • the contents of the updating security data can be seen for the first time when the recording medium is connected to the navigation unit, and this improves the security.
  • One way to specifically embody this is to employ a structure such that the navigation unit includes an update decryption key for decrypting data encrypted with the update encryption key, and when data obtained by decrypting the medium identification information included in the updating security data with the update decryption key and the medium identification information recorded in the management area of the recording medium are compared with each other and match each other, use of map data in the recording medium is allowed.
  • the navigation unit may include a navigation encryption key, and transfer to the recording medium data obtained by encrypting the medium identification information read from the recording medium with the navigation encryption key and records the data therein as navigation security data.
  • This structure enables to identify the recording medium connected to the navigation unit by the medium identification information. If this identified recording medium is used in a legitimate manner, the identified recording medium is connected to a specific updating unit when used.
  • the updating unit may include a navigation decryption key for decrypting data encrypted with the navigation encryption key, decrypt the medium identification information included in the navigation security data with the navigation decryption key and read the decrypted medium identification information, and encrypt the read medium identification information with the update encryption key to be used for the updating security data.
  • the navigation system illustrated in FIG 1 is a car navigation system, and is made up of a navigation unit (hereinafter simply abbreviated to "navi unit") 1 mounted in an automobile, a recording medium 4 which is an SD card (more specifically, an SD memory card or SDHC memory card) in this embodiment, and an updating unit 7 which is generally a personal computer with a communication function (hereinafter simply abbreviated to "personal computer”).
  • Map data used in the navi unit 1 are recorded in the SD card 4, and the SD card 4 is inserted in the navi unit 1 when the car navigation is used.
  • the map data recorded in the SD card 4 are updatable.
  • navi unit 1 In the navi unit 1, initially there are registered, as data related to security, a navigation encryption key which is an encryption key for encrypting data in this navi unit 1, and an update decryption key for decrypting the encrypted data in the updating unit 7.
  • the updating unit 7 there are registered an update encryption key which is an encryption key for encrypting data in this updating unit 7 and a navigation decryption key for decrypting data encrypted in the navi unit 1 by activating a predetenriined program for building the updating unit on the computer as a mother unit of the updating unit 7.
  • the relation between the corresponding encryption key and decryption key is substantially the same as the relation between a secret key and a public key which are publicly known, and data encrypted with the encryption key can be decrypted only with the corresponding decryption key. Further, it is practically impossible to create the corresponding decryption key from the encryption key and create the corresponding encryption key from the decryption key.
  • the updating unit 7 accesses the SD card 4 and receives the navigation security data recorded in the SD card 4 (#16). Since the navigation security data are encrypted with the navigation encryption key, these navigation security data are decrypted with the navigation decryption key registered in the updating unit 7, and the medium identification information is taken out therefrom (#17). Updating security data are generated including the taken out medium identification information, the map security data (the hash value of the map data) generated in advance or map security processing data obtained by processing the map security data (a hash value of the map security data in this embodiment), and an attribute value (for example, map creation date) of the stored map data, and encrypted with the update encryption key (#18).
  • the map security data the hash value of the map data
  • map security processing data obtained by processing the map security data
  • an attribute value for example, map creation date
  • FIG 2 is a functional block diagram illustrating main functions of the navi unit 1.
  • the navi unit 1 is basically made up of a car navigation main part 1 A and an SD management controller IB as a recording medium management controller connected to the car navigation main unit 1 A.
  • GPS Globalstar
  • the input output devices include a speaker 94 and a monitor 95 for giving route guidance or the like to the driver, and further an operation device such as a touch panel
  • main functional units built by hardware or software (program) or by both are a GPS position information obtaining unit 12, a traveling direction information obtaining unit 13, a map data processing unit 14, a map matching unit 15, a traveling distance calculating unit 16, and a navigation information processing unit.
  • a map database which is a target of search and extraction of map data by the map data processing unit 14 is built in the SD card 4 inserted in the navi unit 1.
  • the GPS position information obtaining unit 12 has a function to obtain vehicle position information representing the position of the vehicle by GPS positioning.
  • a signal from a GPS satellite received in the GPS receiver 91 can be analyzed to obtain the current position (coordinate positions: latitude and longitude) of the vehicle.
  • the traveling direction information obtaining unit 13 has a function to obtain traveling direction information representing a traveling direction of the vehicle by a direction change amount and a moving distance of the vehicle.
  • the traveling direction information obtaining unit 13 is connected to the direction sensor 92 and the distance sensor 93.
  • the distance sensor 93 is for detecting the vehicle speed and the traveling distance of the vehicle, and based on a signal of this sensor, the total traveling distance is calculated by the traveling distance calculating unit 16.
  • the navigation information processing unit 17 obtains the map data from the SD card 4 based on the vehicle on-road position as the vehicle position determined by the map matching unit 15 and displays the image of a map on a display screen of the monitor 6, and displays a vehicle position mark representing the current position and traveling direction of the vehicle in a superposed manner on the image of the map.
  • the navigation information processing unit 17 performs a route search from a predetermined place of departure to a destination based on the map data, and gives route guidance to the driver using one or both of the monitor 95 and the speaker 94 based on the found route from the place of departure to the destination and the vehicle position.
  • the touch panel 96 functioning as an operation device is attached to the monitor 95, but operation switches and/or operation buttons other than the touch panel may be added as operation devices.
  • the updating right information processing unit 23 generates navi-unit-side updating right information by adding a map updating due date generated based on the updating right information obtained from the SD card, and the like, and takes out necessary data from this updating right information.
  • the map updating due date calculating unit 24 calculates a due date with respect to updating of the map data in the inserted SD card 4.
  • the map updating due date calculating unit 24 compares the first-used medium identification information with the medium identification information of the SD card 4, and sets different map updating due dates for the SD card 4 having the medium identification information recorded as the first-used medium identification information and for other SD cards 4.
  • an updating due date of three years is given to the SD card 4 having the medium identification information recorded as the first-used medium identification information, and an updating due date of two years is given to the other SD cards 4.
  • the map data recorded in the SD card 4 is too old, this can cause various problems such as a difficulty of map updating using differences.
  • the map updating due date calculating unit 24 refers to the updating final due date, and does not give the updating due date to the SD card 4 which has passed the updating final due date.
  • the updating final due date is set with reference to the time of recording the map data in the SD card 4.
  • the navigation security data generating unit 25 generates the navigation security data by combining security data for detecting the SD card 4 in which unauthorized map updating is performed with the updating unit 7.
  • the navigation security data include at least the medium identification information (CID) read from the management area of the SD card 4 and information of the map updating due date.
  • the encryption processing unit 26 includes the navigation encryption key as an encryption key for encrypting data here and the update decryption key for decrypting the encrypted data in the updating unit 7.
  • a hash calculating unit 27 calculates the hash value of the map data of the inserted SD card 4.
  • the structure of the SD card 4 is substantially the same as an SD card which is a commercially available flash memory with a security function, and is capable of exchanging data with the updating unit 7 and the navi unit 1 via an SD interface 40.
  • the SD card includes, as basic components, a CPU 41, a management memory 42 in which the medium identification information and the like are recorded, and a flash memory 44 which is a data area in which data can be recorded in a rewritable manner via a memory interface 43.
  • the SD card also includes a password lock processing unit 55 and a CID management unit 56 as functional units achieved by a program or the like mounted for this navigation system.
  • the updating security data generating unit 74 creates the updating security data by grouping the medium identification information read from the navigation security data recorded in the inserted SD card, the map creation date or the date of creating the updating map data from the difference data, and a hash value calculated again by the hash calculating unit from the map security data generated by the map security data generating unit 73.
  • the updating security data are encrypted with the update encryption key by the encryption processing unit 76, and sent to the SD card 4.
  • the encryption processing unit 76 also includes the navigation decryption key for decrypting data encrypted with the navigation encryption key in the encryption processing unit 26 of the navi unit 1. Accordingly, the updating unit 7 is capable of reading the navigation security data encrypted with the navigation encryption key from the SD card 4 and decrypting the read navigation security data.
  • the structure of the updating right information illustrated in FIG 5 A differs between when being recorded in the SD card 4 and when being transferred thereafter to the navi unit 1 and recorded therein. Specifically, the updating right information in the SD card 4 has a map data version and an updating final due date. On the other hand, in the updating right information in the navi unit 1, the medium identification information (CID) and the map updating due date calculated in the map updating due date calculating unit 24 of the navi unit 1 are further added.
  • CID medium identification information
  • the map data illustrated in FIG 5C are set up finally in the updating unit 7, and have a map data version and a map creation date as attribute values of map data together with the plurality of map sub-data 1, and so on sectioned by a map section number.
  • the map security data illustrated in FIG 5D are generated in the updating unit 7, and include hash values of map sub-data calculated respectively for the plurality of map sub-data sectioned by the map section number as a map sub-data hash value 1, and so on.
  • the map security data are transferred from the updating unit 7 to the SD card 4 together with the map data.
  • the updating security data illustrated in FIG 5E are generated in the updating unit 7, and include the medium identification information read from the navigation security data recorded in the SD card 4, and hash values of the map security data which are second-level hash values obtained by further hash-calculating a plurality of map sub-data hash values included in the map security data.
  • the updating security data are encrypted with the update encryption key and transferred to the inserted SD card 4.
  • FIG 6 is a diagram schematically illustrating data exchange between the navi unit 1 and the SD card 4 when the navi unit 1 is mounted in an automobile and the SD card 4 is inserted for the first time.
  • the navi unit 1 performs lock confirmation with respect to the SD card 4 (#30). Upon reception of lock information indicating that the password lock is functioning from the SD card 4 (#31), the navi unit 1 sends a password (#32). When the password is sent from the navi unit 1, data access to the SD card 4 is permitted (#33). When data access is permitted, the navi unit 1 requests the medium identification information (CID) recorded in the management area from the SD card 4 (#34). Upon reception of the medium identification information (CID) (#35), the navi unit 1 records the information temporarily in the memory 22 (#36).
  • CID medium identification information
  • the updating due date of three years is given to the SD card 4 that is the first one for this navi unit, and the updating due date of two years is given to the SD card 4 that is the second or later one.
  • the map updating due date calculating unit 24 checks the updating final due date included in the updating right information (RR), and does not give the updating due date to the SD card 4 which has passed the updating final due date.
  • the updating right information processing unit 23 creates the updating right information (RR) having the data structure illustrated in FIG 5, and records the created information in the memory 22 (#40).
  • the navigation security data generating unit 25 groups the medium identification information (CID) read from the management memory 42 as the management area of the inserted SD card 4, the on-vehicle device ID (NID) inherent to this navi unit 1, the traveling distance (Km) obtained from the car navigation main unit 1A, the map updating information (RT) calculated in advance, and the map database s version (MV) included in the updating right information (RR) to thereby create the navigation security data (NS) (#44), and records the created data in the memory 22 (#45). Further, the navigation security data (NS) is encrypted using the navigation encryption key by the encryption processing unit 26 (#46), sent to the SD card 4 (#47), and recorded in the flash memory 44 as the data area (#48).
  • CID medium identification information
  • NID on-vehicle device ID
  • Km traveling distance
  • RT map updating information
  • MV map database s version
  • RR map database s version
  • the navigation security data (NS) is encrypted using the navigation encryption key by the encryption processing unit 26 (
  • the initial processing of the navi unit 1 and the SD card 4 is completed.
  • the SD management controller IB repeats processing of accessing the SD card 4, reading necessary map data from the SD card 4, and giving the read data to the car navigation main unit 1A, as requested by the car navigation main unit 1 A.
  • the map data for updating are sent to the SD card 4 (#69).
  • the hash calculating unit 75 calculates the hash value (MH) of the map data (#70).
  • the map data has a large data volume and is structured in a divided manner, and thus hash values of the respective map sub-data are calculated, and the map security data (MS) are generated (#71). Further, the hash values of the respective map sub-data included in the map security data (MS) are used together to perform a hash operation, thereby calculating an integrated hash value (#72).
  • This integrated hash value serves as the map security processing data obtained by processing the map security data, which is one mode of the present invention.
  • the updating security data generating unit 74 generates the updating security data (RS) by grouping the integrated hash value, the creation date of the map data, and the medium identification information taken out from the decrypted navigation security data, and the like (#73).
  • the generated updating security data are encrypted with the update encryption key (#74).
  • the encrypted updating security data are sent to the SD card 4 together with the previously generated map security data (#75, #76), and are recorded in the flash memory 44 as the data area of the SD card 4 (#77).
  • the navi unit 1 When this SD card 4 is inserted first in the navi unit 1, the password lock function is released, and the updating right information is already deleted.
  • the navi unit 1 requests the medium identification information (CID) recorded in the management memory 42 as the management area from the SD card 4 (#80), and obtains the medium identification information recorded in the management memory 42 in the SD card 4 (#81). Further, the navi unit 1 requests the updating security data (RS) recorded in the flash memory 44 of the SD card 4 (#82), and obtains the updating security data (#83).
  • the updating security data (RS) are decrypted using the update decryption key (#84).
  • the updating security data include the medium identification information
  • matching between the SD card 4 and the map data updated in the updating unit 7 is checked by comparing this medium identification information with the previously obtained medium identification information (#85).
  • the map creation date (MD) included in the updating security data received currently is compared with the map updating due date recorded in the navigation unit 1, so as to check matching therebetween (#86).
  • the SD card 4 itself can be regarded as a valid one.
  • map security data (RS) are requested from the SD card 4 (#87), and the map security data are received (#88). Further, the map data are requested (#89) and the map data are received (#90).
  • the received map data practically the hash values of the respective map sub-data sectioned by the predetermined section number are calculated by the hash calculating unit 27 (#91). Further, the hash calculation of the group of hash values obtained by this calculation is performed integrally so as to calculate an integrated hash value.
  • This integrated hash value and the hash value included in the previously received map security data are compared with each other (#92).
  • the hash values match each other, it is assured that the map data downloaded and created in the updating unit 7 match the map data recorded in the SD card 4 inserted currently.
  • the navigation security data generating unit 25 generates navigation security data including latest data (#93).
  • the initial processing is completed.
  • the SD management controller IB accesses the SD card 4 in response to the request from the car navigation main unit 1A to read the necessary map data from the SD card 4, and processing provided to the car navigation main unit 1 A is repeated.
  • map data updating with high security can be achieved. Specifically, the following patterns are conceivable.
  • the password lock function is employed for preventing data access to the SD card (one type of recording medium) 4 before the SD card 4 is used in the navi unit 1.
  • another lock function particularly a lock function suitable for the recording medium to be used.
  • the password lock function is released after the updating right information is deleted from the data area, a release of the password lock function before the deletion is not excluded from the scope of the present invention.
  • a navigation system in which the password lock function is removed is also within the scope of the present invention.
  • the navi unit designates a predetermined period from the time of reading the updating right information as the map updating due date with respect to this updating right information.
  • a timing other than the time of reading the updating right information may also be employed as the timing as a starting point of the map updating due date.
  • this timing for example, there is timing of inserting the recording medium in the navi unit, timing when the traveling distance of the vehicle exceeds a predetermined distance, timing when the recording medium in which map data are recorded is manufactured, or timing of shipping.
  • the two different encryption key systems are employed between the navi unit 1 and the updating unit 7.
  • the present invention is not limited to this.
  • Employing an encryption system with a single common key is also included in the present invention.
  • the map data are constituted of the plurality of sub-data
  • the map security processing data used for the updating security data are hash values calculated further from the plurality of hash values generated from the respective sub-data.
  • one-level hash calculated data that is, the map security data may be used as they are.
  • map creation date is employed as a unique attribute value of the map data for updating included in the updating security data
  • another unique attribute value such as a map creation history code may be employed.
  • the navigation system of the present invention may be applied not only to a car navigation system mounted in a vehicle but also to various navigation systems, such as a portable navigation system, in which updatable map data are recorded in an attachable/detachable recording medium and used.

Abstract

In a navigation system, an updating unit includes an update encryption key. The updating unit transfers map data for updating to a recording medium and records the updating map data therein, transfers to the recording medium a hash value generated from at least a part of the map data for updating and records the hash value therein as map security data, and transfers to the recording medium data obtained by encrypting with the update encryption key medium identification information and the map security data or map security processing data obtained by processing the map security data and records the data therein as updating security data.

Description

DESCRIPTION NAVIGATION SYSTEM
1. Field of the Invention
[0001] The present invention relates to a navigation system having a navigation unit operating using map data, a recording medium attachable to and detachable from the navigation unit, and an updating unit performing data transmission with the recording medium for updating map data recorded in the recording medium. 2. Description of the Related Art
[0002] In recent years, navigation units in which map data are stored in a recording medium such as a flash memory of which capacity is increasing, particularly car navigation units mounted in an automobile are appearing. Further, road situations are changing constantly due to construction of new roads, urban development, and the like. Accordingly, it is desired that map data used in a navigation unit be updated constantly. For this updating, since the recording medium such as a flash memory as described above is attachable to and detachable from the navigation unit, a structure to update the map data recorded in such a recording medium does not require removal of the navigation unit or the memory of the navigation unit from the automobile and thus facilitates updating. However, generally, data recorded in the recording medium such as a flash memory can be copied easily, which allows an unauthorized act such that a user receives an illegal recording medium which is illegally copied from a legitimate recording medium purchased by another user, and updates the map data used in a navigation unit of this user.
[0003] There has been proposed a map data updating system preventing unauthorized acts through illegal copying of a recording medium as described above (see, for example, Japanese Patent Application Publication No. JP-A-2005-331579 (paragraphs [0002] to [0010], FIG 1). In this map data updating system, map data for updating distributed from a map data distribution center (hereinafter simply referred to as a center) are written in a recording medium, and this recording medium is used to update map data in an on- vehicle navigation apparatus. In the system, a unique individual ID assigned to the navigation apparatus as attribute data is added to the map data for updating written in the recording medium. The navigation apparatus is provided with a determining unit determining whether the individual ED assigned to the navigation apparatus and the individual ID added to the map data for updating match each other, and a prohibiting unit prohibiting use of the map data for updating written in the recording medium when the detennining unit determines that the individual IDs do not match each other.
Since the unique individual ID assigned to the navigation apparatus is added as attribute data in the recording medium, the determining unit detennines whether the individual ED assigned to the navigation apparatus and the individual ED recorded in the recording medium match or not when the recording medium is used in the navigation apparatus. When the individual Ds do not match, the prohibiting unit prohibits use of the map data for updating written in this recording medium. This is intended to prevent unauthorized use of map data for updating.
[0004] Further, there has been known a security technology such that, for assuring security of map data for updating in a navigation apparatus using a recording medium, such as DVD, that is writeable at user level, the navigation apparatus extracts an electronic signature added to map information distributed from a map information distribution center, uses a plurality of public keys in the order of priority for use to verify this electronic signature sequentially, and determines this map information as valid information distributed from the map information distribution center when the electronic signature passes the verification (see, for example, Japanese Patent Application Publication No. JP-A-2008- 175648 (paragraphs [0002] to [0025], FIG 1, FIG 6, FIG 7)). Moreover, Japanese Patent Application Publication No. JP-A-2008- 175648 also discloses that a hash value is created from the map information, and verification of this electronic signature is passed when this hash value and decrypted data match each other, but the verification of this electronic signature is not passed when this hash value and the decrypted data do not match each other. Accordingly, not only when a malicious third person adds an electronic signature to the map data with a secret key that is different from the secret key possessed by the information distribution center, but also when the third person tampers the map data without changing the electronic signature, tampering of the map data is detected by not passing the verification of the electronic signature when the hash value created from the map data and decryption data do not match each other. Thus, it is possible to assure information security of the map data.
SUMMARY OF THE INVENTION [0005] In the map data updating system according to Japanese Patent Application
Publication No. JP-A-2005-331579, when the individual ID assigned to the navigation apparatus is read in advance from the navigation apparatus or the recording medium used in this apparatus, and if this user writes the individual ED of his/her navigation apparatus, which is read in advance as the individual ED, in the recording medium in which illegally copied map data are recorded, this recording medium is recognized as legitimate. Therefore, an unauthorized act with the map data for updating can be performed relatively easily.
[0006] In the form in which, as disclosed in Japanese Patent Application Publication No. JP-A-2008-175648, the map information distribution center calculates a hash value, encrypts and attaches the hash value to the map data, and distributes the data to each user, use of the hash value for verifying the validity of the map data is certainly effective. However, in a structure such that a recording medium in which map data used in a navigation unit are recorded is one such as a memory card that is attachable to and detachable from a navigation unit, and updating of map data is performed through an updating unit that is built by activating a program in a general-purpose personal computer possessed by the user, there is a high possibility that a third person downloads the map data to a personal computer or the like by spoofing or the like, and sneaks through the security function with the hash value, thereby performing illegal copying or tampering of the map data. [0007] In view of the above-described situation, it is an object of the present invention to improve security related to map data in a navigation system having a recording medium, such as a flash memory card, which is rewriteable, and attachable to and detachable from a navigation unit, and an updating unit which downloads map data for updating from a map data distribution center via a communication line.
[0008] For achieving the above-described object, in a navigation system having a navigation unit operating using map data, a recording medium attachable to and detachable from the navigation unit, and an updating unit capable of performing data transmission with the recording medium, in which the recording medium has a rewritable data area in which the map data are recorded and a non-rewritable management area in which medium identification information is recorded, and the updating unit performs data transmission with the recording medium in order to update the map data recorded in the recording medium, the updating unit includes an update encryption key, the updating unit transfers map data for updating to the recording medium and records the map data therein, and the updating unit transfers to the recording medium a hash value generated from at least a part of the map data for updating and records the hash value therein as map security data, and transfers to the recording medium data obtained by encrypting with the update encryption key the map security data or map security processing data obtained by processing the map security data and the recording medium identification information and records the data therein as updating security data.
[0009] In this structure, not only the hash value obtained from the map data for updating downloaded to the updating unit is recorded as the map security data in the recording medium in which the map data are recorded, but also data obtained by grouping and encrypting the medium identification information as inherent information of this recording medium and the aforementioned hash value or data obtained by further processing this hash value are recorded as the updating security data. Accordingly, first, it is possible to recognize the validity of the map data by the map security data. Further, by the updating security data with enhanced security by encryption, it is possible to check the validity of the map data and the recording medium when this recording medium is connected to the navigation unit.
[0010] At this time, when the navigation unit includes an update decryption key for decrypting the updating security data that is encrypted with the update encryption key and recorded in the recording medium, the contents of the updating security data can be seen for the first time when the recording medium is connected to the navigation unit, and this improves the security. One way to specifically embody this is to employ a structure such that the navigation unit includes an update decryption key for decrypting data encrypted with the update encryption key, and when data obtained by decrypting the medium identification information included in the updating security data with the update decryption key and the medium identification information recorded in the management area of the recording medium are compared with each other and match each other, use of map data in the recording medium is allowed.
[0011] As one preferred embodiment of the present invention, the navigation unit may include a navigation encryption key, and transfer to the recording medium data obtained by encrypting the medium identification information read from the recording medium with the navigation encryption key and records the data therein as navigation security data. This structure enables to identify the recording medium connected to the navigation unit by the medium identification information. If this identified recording medium is used in a legitimate manner, the identified recording medium is connected to a specific updating unit when used. Therefore, for assuring higher security, preferably, the updating unit may include a navigation decryption key for decrypting data encrypted with the navigation encryption key, decrypt the medium identification information included in the navigation security data with the navigation decryption key and read the decrypted medium identification information, and encrypt the read medium identification information with the update encryption key to be used for the updating security data.
[0012] Calculating a hash value from a large volume of data such as map data imposes a high calculation load. Accordingly, in another preferred embodiment, the map data for updating may be constituted of a plurality of sub-data, and the map security processing data may be obtained by encrypting with the update encryption key a hash value further calculated from a plurality of hash values generated from the sub-data.
[0013] In order to uniquely relate the navigation unit with the updating unit, it is preferable that an inherent value usable as unique data be used as the security data recorded in the recording medium as a medium for transmitting data therebetween. As one embodiment for achieving this object, it is proposed that the updating security data further include data obtained by encrypting a unique attribute value (difference creation date and time or map creation date) of the map data for updating with the update encryption key.
[0014] Even with updating map data which are downloaded to the updating unit via a legitimate route and recorded in a recording medium, there is still a possibility of rewriting the updating map data thereafter, or an unauthorized act of writing the data to another recording medium may happen. In order to address such problems, the present invention proposes that the navigation unit compares a hash value obtained by decrypting the updating security data with a hash value generated from the map data recorded in the data area of the recording medium in a manner of allowing comparison with the hash value of the updating security data, and when the hash values match each other, use of the map data is allowed. In this structure, through verification of the hash values, matching between the recording medium specified by the updating security data and the map data recorded in this recording medium can be checked.
BRIEF DESCRIPTION OF THE DRAWINGS
[0015] FIG 1 is a schematic diagram illustrating a basic structure and flows of data of a navigation system according to the present invention;
FIG 2 is a functional block diagram illustrating functions of a navigation unit constituting the navigation system according to the present invention;
FIG 3 is a functional block diagram illustrating functions of a recording medium constituting the navigation system according to the present invention;
FIG 4 is a functional block diagram illustrating functions of an updating unit constituting the navigation system according to the present invention;
FIG 5 A to FIG 5E are data structure diagrams of updating right information transferred from the recording medium to the navigation system;
FIG 6 is a diagram schematically illustrating data exchange between the navi unit and an SD card at the time of first use;
FIG 7 is a diagram schematically illustrating data exchange between the SD card and the updating unit at the time of updating map data; and
FIG 8 is a diagram schematically illustrating data exchange between the navi unit and the SD card at the time other than the first use.
DETAILED DESCRIPTION OF THE EMBODIMENTS
[0016] Hereinafter, an embodiment of a navigation system according to the present invention will be described using the drawings. The navigation system illustrated in FIG 1 is a car navigation system, and is made up of a navigation unit (hereinafter simply abbreviated to "navi unit") 1 mounted in an automobile, a recording medium 4 which is an SD card (more specifically, an SD memory card or SDHC memory card) in this embodiment, and an updating unit 7 which is generally a personal computer with a communication function (hereinafter simply abbreviated to "personal computer"). Map data used in the navi unit 1 are recorded in the SD card 4, and the SD card 4 is inserted in the navi unit 1 when the car navigation is used. The map data recorded in the SD card 4 are updatable. Updating the map data is performed such that map data for updating or map difference data (hereinafter, the both will be simply referred to as map data except when distinction therebetween is particularly necessary) are downloaded to the updating unit (personal computer) 7 via a WAN such as the Internet from a map center which handles the map data, and the map data in the SD card 4 are rewritten by latest data through this updating unit 7. When an automobile equipped with the navi unit 1 is purchased, or when only the navi unit 1 is purchased separately, the SD card 4 in which latest map data are recorded comes with this navi unit 1. [0017] As basic flows of data of the navigation system according to the present invention, flows of data will be described below using FIG 1 for the case where the map data of the SD card 4 used in the navi unit 1 are updated by the updating unit 7 and are used in the navi unit 1 again. This SD card 4 includes, as memory areas, a rewritable data area and a non-rewritable management area in which medium identification information (here, CID (Card Identification register) is used) is recorded. The map data are recorded in the data area. Further, updating right information including updating final due date as information related to the right of updating the recorded map data, and so on is also written in the data area.
[0018] In the navi unit 1, initially there are registered, as data related to security, a navigation encryption key which is an encryption key for encrypting data in this navi unit 1, and an update decryption key for decrypting the encrypted data in the updating unit 7. In the updating unit 7, there are registered an update encryption key which is an encryption key for encrypting data in this updating unit 7 and a navigation decryption key for decrypting data encrypted in the navi unit 1 by activating a predetenriined program for building the updating unit on the computer as a mother unit of the updating unit 7. The relation between the corresponding encryption key and decryption key here is substantially the same as the relation between a secret key and a public key which are publicly known, and data encrypted with the encryption key can be decrypted only with the corresponding decryption key. Further, it is practically impossible to create the corresponding decryption key from the encryption key and create the corresponding encryption key from the decryption key.
[0019] First, in the stage that the SD card 4 is inserted in the navi unit 1, the medium identification information is sent from the SD card 4 to the navi unit 1 (#11), and then the navi unit 1 generates navigation security data including the received medium identification information and records the generated data in its memory (#12). The navigation security data are encrypted with the navigation encryption key. Thereafter, the navigation security data are sent to the SD card 4 and recorded in the data area of the SD card 4 (#13). [0020] When the map data recorded in the data area of the SD card 4 are updated, the SD card 4 needs be removed from the navi unit 1 and inserted in the updating unit 7, which is a personal computer in which predetermined program software is installed. The updating unit 7 downloads map data for updating from the center in advance, and stores the data in a memory (#14). Further, map security data including a hash value calculated from the stored map data are generated (#15).
[0021] When the SD card 4 is inserted, the updating unit 7 accesses the SD card 4 and receives the navigation security data recorded in the SD card 4 (#16). Since the navigation security data are encrypted with the navigation encryption key, these navigation security data are decrypted with the navigation decryption key registered in the updating unit 7, and the medium identification information is taken out therefrom (#17). Updating security data are generated including the taken out medium identification information, the map security data (the hash value of the map data) generated in advance or map security processing data obtained by processing the map security data (a hash value of the map security data in this embodiment), and an attribute value (for example, map creation date) of the stored map data, and encrypted with the update encryption key (#18). In order to create a unique relation in terms of security between the inserted SD card 4 and the map data to be transferred to the SD card 4 for updating the map, first the map security data are sent to the SD card 4 and recorded in the data area of the SD card 4 (#19). Further, the encrypted updating security data are also sent to the SD card 4 and recorded in the data area of the SD card 4 (#20). Finally (any time after the SD card 4 is inserted), the map data for updating are sent to the SD card 4 and recorded in the data area of the SD card 4, thereby completing map updating (#21).
[0022] The updating security data recorded in the SD card 4 in which map updating is completed are sent to the navi unit 1 when the SD card 4 is inserted in the navi unit 1 (#22) and decrypted with the update decryption key, and the medium identification information is read therefrom (#23). The read medium identification information is compared with the medium identification information obtained directly by accessing the management area of the SD card 4 by the navi unit 1 (#24), and thereby the identity of the SD card 4 updated in the updating unit 7 and the SD card 4 currently inserted in this navi unit 1 can be checked.
[0023] Next, details of the above-described navigation system will be described.
FIG 2 is a functional block diagram illustrating main functions of the navi unit 1. The navi unit 1 is basically made up of a car navigation main part 1 A and an SD management controller IB as a recording medium management controller connected to the car navigation main unit 1 A.
[0024] The car navigation main unit 1A is connected to various car navigation sensors and input/output devices via an I/O interface 11, similarly to a general car navigation apparatus. The car navigation sensors include a global positioning system
(GPS) receiver 91 receiving a GPS signal from a GPS satellite, a direction sensor 92 detecting a traveling direction of the vehicle or a change in the traveling direction, a distance sensor 93 detecting a vehicle speed and a moving distance of the vehicle, and so on. The input output devices include a speaker 94 and a monitor 95 for giving route guidance or the like to the driver, and further an operation device such as a touch panel
96.
[0025] In the car navigation main unit 1A, main functional units built by hardware or software (program) or by both are a GPS position information obtaining unit 12, a traveling direction information obtaining unit 13, a map data processing unit 14, a map matching unit 15, a traveling distance calculating unit 16, and a navigation information processing unit. A map database which is a target of search and extraction of map data by the map data processing unit 14 is built in the SD card 4 inserted in the navi unit 1.
[0026] The GPS position information obtaining unit 12 has a function to obtain vehicle position information representing the position of the vehicle by GPS positioning. In the GPS position information obtaining unit 12, a signal from a GPS satellite received in the GPS receiver 91 can be analyzed to obtain the current position (coordinate positions: latitude and longitude) of the vehicle. The traveling direction information obtaining unit 13 has a function to obtain traveling direction information representing a traveling direction of the vehicle by a direction change amount and a moving distance of the vehicle. For this purpose, the traveling direction information obtaining unit 13 is connected to the direction sensor 92 and the distance sensor 93. The distance sensor 93 is for detecting the vehicle speed and the traveling distance of the vehicle, and based on a signal of this sensor, the total traveling distance is calculated by the traveling distance calculating unit 16. The map matching unit 15 has a function to obtain map data in the vicinity of the vehicle position from the SD card 4, and perform publicly known map matching based on the obtained map data. By this map matching, there is performed a search for a shortest position from the current position of the vehicle on a road shown in map information by the vehicle position information outputted from the GPS position information obtaining unit 12 and/or the traveling direction information outputted from the traveling direction information obtaining unit 13. The found position is a vehicle on-road position, and this vehicle on-road position is displayed in a superposed manner on the road map on the monitor 6. The navigation information processing unit 17 creates navigation functions such as displaying the vehicle position, a route search from a place of departure to a destination, route guidance to a destination, and destination search. For example, the navigation information processing unit 17 obtains the map data from the SD card 4 based on the vehicle on-road position as the vehicle position determined by the map matching unit 15 and displays the image of a map on a display screen of the monitor 6, and displays a vehicle position mark representing the current position and traveling direction of the vehicle in a superposed manner on the image of the map. The navigation information processing unit 17 performs a route search from a predetermined place of departure to a destination based on the map data, and gives route guidance to the driver using one or both of the monitor 95 and the speaker 94 based on the found route from the place of departure to the destination and the vehicle position. The touch panel 96 functioning as an operation device is attached to the monitor 95, but operation switches and/or operation buttons other than the touch panel may be added as operation devices.
[0027] Main functional units of the SD management controller IB connected to the car navigation main unit 1 A via their respective communication interfaces 10, 20 are an SD host module 21, a security data memory 22, an updating right information processing unit 23, a map updating due date calculating unit 24, a navigation security data generating unit 25, and an encryption processing unit 26.
[0028] The SD host module 21 performs data exchange with the SD card 4. The security memory 22 is for recording information, such as an on-vehicle device ID, which is originally inherent to the navi unit 1, and data related to security obtained from the SD card 4, such as the medium identification information (CID). The medium identification information of the SD card 4 that is the first target of data access by the navi unit 1 is recorded in the memory as first-used medium identification information. That is, the first-used medium identification information is the medium identification information of the SD card 4 inserted for the first time in the navi unit 1 that is unused. The updating right information processing unit 23 generates navi-unit-side updating right information by adding a map updating due date generated based on the updating right information obtained from the SD card, and the like, and takes out necessary data from this updating right information. The map updating due date calculating unit 24 calculates a due date with respect to updating of the map data in the inserted SD card 4. Here, the map updating due date calculating unit 24 compares the first-used medium identification information with the medium identification information of the SD card 4, and sets different map updating due dates for the SD card 4 having the medium identification information recorded as the first-used medium identification information and for other SD cards 4. Specifically, an updating due date of three years is given to the SD card 4 having the medium identification information recorded as the first-used medium identification information, and an updating due date of two years is given to the other SD cards 4. When the map data recorded in the SD card 4 is too old, this can cause various problems such as a difficulty of map updating using differences. Thus, when the map updating due date is set, the map updating due date calculating unit 24 refers to the updating final due date, and does not give the updating due date to the SD card 4 which has passed the updating final due date. For example, the updating final due date is set with reference to the time of recording the map data in the SD card 4.
[0029] The navigation security data generating unit 25 generates the navigation security data by combining security data for detecting the SD card 4 in which unauthorized map updating is performed with the updating unit 7. The navigation security data include at least the medium identification information (CID) read from the management area of the SD card 4 and information of the map updating due date. The encryption processing unit 26 includes the navigation encryption key as an encryption key for encrypting data here and the update decryption key for decrypting the encrypted data in the updating unit 7. A hash calculating unit 27 calculates the hash value of the map data of the inserted SD card 4.
[0030] As illustrated in FIG 3, the structure of the SD card 4 is substantially the same as an SD card which is a commercially available flash memory with a security function, and is capable of exchanging data with the updating unit 7 and the navi unit 1 via an SD interface 40. The SD card includes, as basic components, a CPU 41, a management memory 42 in which the medium identification information and the like are recorded, and a flash memory 44 which is a data area in which data can be recorded in a rewritable manner via a memory interface 43. Further, the SD card also includes a password lock processing unit 55 and a CID management unit 56 as functional units achieved by a program or the like mounted for this navigation system.
[0031] The password lock processing unit 55 performs a password lock function of this SD card 4. This password lock is released after a password check is performed when the SD card is inserted for the first time in the navi unit 1, and thereafter data access is permitted without the password. The CED management unit 56 reads the medium identification information (generally a code called CID) recorded in the management memory 42 as requested, and sends the read information to the requester.
[0032] As illustrated in FIG 4, in a personal computer capable of connecting to a WAN (the Internet) via a WAN interface and also capable of exchanging data with the SD card via an SD interface 71, functional units required in the updating unit 7 are built by executing a program which achieves functions required in this navigation system. The functional units include a map data processing unit 72, a map security data generating unit 73, an updating security data generating unit 74, a hash calculating unit 75, and an encryption processing unit 76.
[0033] The map data processing unit 72 processes map data for updating (including map data attribute values such as a map data version and a map creation date) which are downloaded from the center, and updates the map data of the inserted SD card 4. Generally, the map data for updating are downloaded as difference data, and thus only data parts to be updated in the map data are rewritten using the difference data. The map data are sectioned into a plurality of map sub-data for facilitating handling. In order to allow usage as an identification code of map data to be transferred to the inserted SD card 4, the map security data generating unit 73 groups hash values obtained respectively from the map sub-data by the hash calculating unit to make the map security data. The updating security data generating unit 74 creates the updating security data by grouping the medium identification information read from the navigation security data recorded in the inserted SD card, the map creation date or the date of creating the updating map data from the difference data, and a hash value calculated again by the hash calculating unit from the map security data generated by the map security data generating unit 73. The updating security data are encrypted with the update encryption key by the encryption processing unit 76, and sent to the SD card 4. The encryption processing unit 76 also includes the navigation decryption key for decrypting data encrypted with the navigation encryption key in the encryption processing unit 26 of the navi unit 1. Accordingly, the updating unit 7 is capable of reading the navigation security data encrypted with the navigation encryption key from the SD card 4 and decrypting the read navigation security data.
[0034] In the navigation system structured as described above, when the map data are transferred between the navi unit 1 and the SD card 4 and the updating unit 7, various information or data are exchanged for the purpose of security. FIG 5A to FIG 5E illustrate an overview of data structures of such data and information.
[0035] The structure of the updating right information illustrated in FIG 5 A differs between when being recorded in the SD card 4 and when being transferred thereafter to the navi unit 1 and recorded therein. Specifically, the updating right information in the SD card 4 has a map data version and an updating final due date. On the other hand, in the updating right information in the navi unit 1, the medium identification information (CID) and the map updating due date calculated in the map updating due date calculating unit 24 of the navi unit 1 are further added.
The navigation security data illustrated in FIG 5B are generated in the navi unit 1, and have the medium identification information, the on-vehicle device ED, the traveling distance, the map updating due date, and the map data version. The navigation security data are encrypted with the navigation encryption key and transferred from the navi unit 1 to the SD card 4.
[0036] The map data illustrated in FIG 5C are set up finally in the updating unit 7, and have a map data version and a map creation date as attribute values of map data together with the plurality of map sub-data 1, and so on sectioned by a map section number.
The map security data illustrated in FIG 5D are generated in the updating unit 7, and include hash values of map sub-data calculated respectively for the plurality of map sub-data sectioned by the map section number as a map sub-data hash value 1, and so on. The map security data are transferred from the updating unit 7 to the SD card 4 together with the map data. The updating security data illustrated in FIG 5E are generated in the updating unit 7, and include the medium identification information read from the navigation security data recorded in the SD card 4, and hash values of the map security data which are second-level hash values obtained by further hash-calculating a plurality of map sub-data hash values included in the map security data. The updating security data are encrypted with the update encryption key and transferred to the inserted SD card 4.
[0037] Next, procedures of data exchange in this navigation system will be described. FIG 6 is a diagram schematically illustrating data exchange between the navi unit 1 and the SD card 4 when the navi unit 1 is mounted in an automobile and the SD card 4 is inserted for the first time.
First, the navi unit 1 performs lock confirmation with respect to the SD card 4 (#30). Upon reception of lock information indicating that the password lock is functioning from the SD card 4 (#31), the navi unit 1 sends a password (#32). When the password is sent from the navi unit 1, data access to the SD card 4 is permitted (#33). When data access is permitted, the navi unit 1 requests the medium identification information (CID) recorded in the management area from the SD card 4 (#34). Upon reception of the medium identification information (CID) (#35), the navi unit 1 records the information temporarily in the memory 22 (#36). Further, the navi unit 1 requests the updating right information (RR) (#37), and upon reception of the updating right information (RR) (#38), the map updating due date calculating unit 24 calculates the map updating due date based on the updating information (RR) (#39). In this embodiment, on the condition that the updating right information (RR) is recorded in the SD card 4, the map updating due date calculating unit 24 designates a predetermined period from the time of reading this updating right information (RR) as the map updating due date for this updating right information (RR). Here, as described above, the map updating due date calculating unit 24 gives a different map updating due date depending on whether it is the SD card 4 that is the first target of data access by the navi unit 1 or not. Specifically, the updating due date of three years is given to the SD card 4 that is the first one for this navi unit, and the updating due date of two years is given to the SD card 4 that is the second or later one. At this time, the map updating due date calculating unit 24 checks the updating final due date included in the updating right information (RR), and does not give the updating due date to the SD card 4 which has passed the updating final due date. Next, based on data recorded in the memory 22, the updating right information processing unit 23 creates the updating right information (RR) having the data structure illustrated in FIG 5, and records the created information in the memory 22 (#40). When the re-creation and recording of the updating right information (RR) are completed, completion of the updating right information recording is notified to the SD card 4 (#41), and accordingly, the updating information management unit 52 deletes the updating right information recorded in the flash memory 44 (#42). Subsequently, the password lock processing unit 55 releases the password lock function (#43).
[0038] In the navi unit 1, the navigation security data generating unit 25 groups the medium identification information (CID) read from the management memory 42 as the management area of the inserted SD card 4, the on-vehicle device ID (NID) inherent to this navi unit 1, the traveling distance (Km) obtained from the car navigation main unit 1A, the map updating information (RT) calculated in advance, and the map databases version (MV) included in the updating right information (RR) to thereby create the navigation security data (NS) (#44), and records the created data in the memory 22 (#45). Further, the navigation security data (NS) is encrypted using the navigation encryption key by the encryption processing unit 26 (#46), sent to the SD card 4 (#47), and recorded in the flash memory 44 as the data area (#48).
[0039] Thus, the initial processing of the navi unit 1 and the SD card 4 is completed. During car navigation processing, the SD management controller IB repeats processing of accessing the SD card 4, reading necessary map data from the SD card 4, and giving the read data to the car navigation main unit 1A, as requested by the car navigation main unit 1 A.
[0040] Next, flows of data exchange between the SD card and the updating unit during updating of map data will be described using a diagram of FIG 7.
First, the updating unit 7 downloads map data in advance (#61), and stores the downloaded data in the memory as map data for updating (#62). At this time, the map data before being updated exist in the updating unit 7. When the downloaded map data are difference data, the difference data are used here to update the existing map data to the latest data. In this state, when the SD card 4 as a target of update is inserted in the updating unit 7, the updating unit 7 requests the navigation security data which the SD card 4 received from the navi unit 1 and recorded (#63). The received navigation security data are stored temporarily in the memory (#64). The navigation security data are decrypted using the navigation decryption key (#65). The medium identification information (CDD) is taken out from the navigation security data decrypted in this manner, and is temporarily stored in the memory of the updating unit 7 (#66). Moreover, the map updating due date is taken out from the decrypted navigation security data (#67) and compared with the creation date and time of the stored map data for updating so as to check whether the creation date and time have passed the map updating due date, or a check is made regarding the map updating due date depending on other set conditions (#68).
[0041] When the check regarding the map updating due date is passed, the map data for updating are sent to the SD card 4 (#69). In the updating unit 7, the hash calculating unit 75 calculates the hash value (MH) of the map data (#70). Normally, the map data has a large data volume and is structured in a divided manner, and thus hash values of the respective map sub-data are calculated, and the map security data (MS) are generated (#71). Further, the hash values of the respective map sub-data included in the map security data (MS) are used together to perform a hash operation, thereby calculating an integrated hash value (#72). This integrated hash value serves as the map security processing data obtained by processing the map security data, which is one mode of the present invention. The updating security data generating unit 74 generates the updating security data (RS) by grouping the integrated hash value, the creation date of the map data, and the medium identification information taken out from the decrypted navigation security data, and the like (#73). The generated updating security data are encrypted with the update encryption key (#74). The encrypted updating security data are sent to the SD card 4 together with the previously generated map security data (#75, #76), and are recorded in the flash memory 44 as the data area of the SD card 4 (#77).
[0042] Next, flows of data exchange when the SD card 4, in which the initial map data are updated via the updating unit, is used in the navi unit 1 will be described using a diagram of FIG 8.
When this SD card 4 is inserted first in the navi unit 1, the password lock function is released, and the updating right information is already deleted. When the SD card 4 is inserted in the navi unit 1, the navi unit 1 requests the medium identification information (CID) recorded in the management memory 42 as the management area from the SD card 4 (#80), and obtains the medium identification information recorded in the management memory 42 in the SD card 4 (#81). Further, the navi unit 1 requests the updating security data (RS) recorded in the flash memory 44 of the SD card 4 (#82), and obtains the updating security data (#83). The updating security data (RS) are decrypted using the update decryption key (#84). Since the updating security data include the medium identification information, matching between the SD card 4 and the map data updated in the updating unit 7 is checked by comparing this medium identification information with the previously obtained medium identification information (#85). When there is no problem in matching of the medium identification information, the map creation date (MD) included in the updating security data received currently is compared with the map updating due date recorded in the navigation unit 1, so as to check matching therebetween (#86). When there is no problem in this matching, the SD card 4 itself can be regarded as a valid one.
[0043] Next, in order to check the validity of the map data themselves (for example, to check whether the map data are not illegally copied) recorded in the SD card 4, first the map security data (RS) are requested from the SD card 4 (#87), and the map security data are received (#88). Further, the map data are requested (#89) and the map data are received (#90). The received map data, practically the hash values of the respective map sub-data sectioned by the predetermined section number are calculated by the hash calculating unit 27 (#91). Further, the hash calculation of the group of hash values obtained by this calculation is performed integrally so as to calculate an integrated hash value. This integrated hash value and the hash value included in the previously received map security data (the integrated hash value calculated by the updating unit 7) are compared with each other (#92). When the hash values match each other, it is assured that the map data downloaded and created in the updating unit 7 match the map data recorded in the SD card 4 inserted currently. Thus, the validity of the SD card 4 including the map data is recognized. Further, when the navigation security data include data with a value that changes as the vehicle is operated, such as the traveling distance, the navigation security data generating unit 25 generates navigation security data including latest data (#93). Thus, the initial processing is completed. When car navigation processing is performed, the SD management controller IB accesses the SD card 4 in response to the request from the car navigation main unit 1A to read the necessary map data from the SD card 4, and processing provided to the car navigation main unit 1 A is repeated.
[0044] By including the structure as described above, map data updating with high security can be achieved. Specifically, the following patterns are conceivable.
(1) When there is an attempt to dead-copy the entire map data from a new SD card 4, the password lock function works and data access is permitted only with the dedicated navi unit 1. Therefore, such dead-copying of map data is not possible. After the password lock is released, the updating right data are deleted, and thus it is not possible to illegally obtain the updating right of map data.
(2) After the password lock function is released by inserting the SD card 4 in the navi unit 1, when there is an attempt to use another SD card 4 to which the aforementioned SD card 4 is dead-copied entirely, the illegal copy can be recognized from that the medium identification information of the navigation security data does not match the medium identification information (recorded in the management memory) inherent to the SD card, and use of the illegal copy can thereby be prohibited.
(3) When an SD card 4 in which part of the map data is modified or illegally copied is inserted, use of this SD card can be prohibited by calculating the hash value of the map data as described above when the navi unit 1 is activated, and comparing this calculation value with the hash value included in the navigation security data.
(4) When there is an attempt to perform map updating of an SD card 4 of which map updating due date has expired, by backdating the updating unit, the map updating due date included in the navigation security data is compared with the map creation date as an attribute value of the map data for updating to check matching therebetween, and the unauthorized clock setting of the updating unit can thereby be detected. Rewriting of the map updating due date of the navigation security data is impossible because the navigation security data are encrypted with the navigation encryption key. Further, when the navigation security data of another SD card 4 of which map updating due date has not expired yet are copied entirely, even if map updating is succeeded in the updating unit 7, the medium identification information of the navigation security data is written during this updating, and hence this unauthorized act can be detected in the navi unit 1 by comparing the medium identification information of the updating security data thereof with the medium identification information read from the management memory 42 of the SD card 4.
(5) When the program for this navigation system installed in the updating unit 7 is cracked, and the functional unit such as the above-described updating due date check is avoided by a patch, such an unauthorized act can be detected by comparing the map creation date included in the updating security data with the map updating due date by the navi unit. Vulnerability of the encryption system in this navigation system due to cracking of the program installed in the updating unit 7 is avoided by employing two different encryption key systems so that codes encrypted with the navigation encryption key of the navi unit 1 can only be decrypted with the navigation decryption key of the updating unit 7, and codes encrypted with the update encryption key of the updating unit 7 can only be decrypted with the update decryption key of the navi unit 1.
[Other Embodiments]
(1) In the above-described embodiment, the password lock function is employed for preventing data access to the SD card (one type of recording medium) 4 before the SD card 4 is used in the navi unit 1. However, it is possible to employ another lock function, particularly a lock function suitable for the recording medium to be used. Although the password lock function is released after the updating right information is deleted from the data area, a release of the password lock function before the deletion is not excluded from the scope of the present invention. Further, a navigation system in which the password lock function is removed is also within the scope of the present invention.
(2) When a certain degree of vulnerability can be tolerated, a system in which the updating right information read from the data area of the SD card (one type of recording medium) 4 is not recorded in the memory of the navi unit is possible also within the scope of the present invention.
(3) It is also possible in the scope of the present invention to omit recording of the medium identification information of the recording medium that is the first target of data access for the navi unit as the first-used medium identification information in the memory of the navi unit. Further, depending on the field of application, it is not always necessary that the recording medium having the medium identification information recorded as the first-used medium identification information has a different map updating due date from those of other recording media.
(4) In the above-described example, the navi unit designates a predetermined period from the time of reading the updating right information as the map updating due date with respect to this updating right information. However, a timing other than the time of reading the updating right information may also be employed as the timing as a starting point of the map updating due date. As this timing, for example, there is timing of inserting the recording medium in the navi unit, timing when the traveling distance of the vehicle exceeds a predetermined distance, timing when the recording medium in which map data are recorded is manufactured, or timing of shipping.
(5) As an embodiment most suitable for strengthening the security, the two different encryption key systems are employed between the navi unit 1 and the updating unit 7. However, the present invention is not limited to this. Employing an encryption system with a single common key is also included in the present invention.
(6) In the above-described embodiment, the map data are constituted of the plurality of sub-data, and the map security processing data used for the updating security data are hash values calculated further from the plurality of hash values generated from the respective sub-data. However, without performing such a two-level hash calculation, one-level hash calculated data, that is, the map security data may be used as they are.
(7) Although the map creation date is employed as a unique attribute value of the map data for updating included in the updating security data, another unique attribute value such as a map creation history code may be employed.
(8) The capability of the CPU system incorporated in the SD card (one type of recording medium) 4 is increasing every year, and thus it is possible within the scope of the present invention to build on the SD card side the management function of update information, the hash calculation function, the encryption function, and so on that are built in the navi unit 1 and the updating unit 7 in the above-described navigation system.
[0045] The navigation system of the present invention may be applied not only to a car navigation system mounted in a vehicle but also to various navigation systems, such as a portable navigation system, in which updatable map data are recorded in an attachable/detachable recording medium and used.

Claims

1. A navigation system having a navigation unit operating using map data, a recording medium attachable to and detachable from the navigation unit, and an updating unit capable of performing data transmission with the recording medium, in which the recording medium has a rewritable data area in which the map data are recorded and a non-rewritable management area in which medium identification information is recorded, and the updating unit performs data transmission with the recording medium in order to update the map data recorded in the recording medium, the navigation system characterized in that
the updating unit includes an update encryption key,
the updating unit transfers map data for updating to the recording medium and records the map data therein, and
the updating unit transfers a hash value generated from at least a part of the map data for updating to the recording medium and records the hash value therein as map security data, and transfers to the recording medium data obtained by encrypting with the update encryption key the map security data or map security processing data obtained by processing the map security data and the recording medium identification information and records the data therein as updating security data.
2. The navigation system according to claim 1, wherein
the navigation unit includes a navigation encryption key, and transfers to the recording medium data obtained by encrypting the medium identification information read from the recording medium with the navigation encryption key and records the data therein as navigation security data.
3. The navigation system according to claim 2, wherein
the updating unit includes a navigation decryption key for decrypting data encrypted with the navigation encryption key, decrypts the medium identification information included in the navigation security data with the navigation decryption key and reads the decrypted medium identification information, and encrypts the read medium identification information with the update encryption key to be used for the updating security data.
4. The navigation system according to claim 1, wherein
the map data for updating are constituted of a plurality of sub-data, and the map security processing data are obtained by encrypting with the update encryption key a hash value further calculated from a plurality of hash values generated from the sub-data.
5. The navigation system according to claim 1 or 2, wherein
the updating security data further include data obtained by encrypting a unique attribute value of the map data for updating with the update encryption key.
6. The navigation system according to any one of claims 1 to 5, wherein the navigation unit includes an update decryption key for decrypting data encrypted with the update encryption key, and when data obtained by decrypting the medium identification information included in the updating security data with the update decryption key and the medium identification information recorded in the management area of the recording medium are compared with each other and match each other, use of map data in the recording medium is allowed.
7. The navigation system according to any one of claims 1 to 6, wherein the navigation unit compares a hash value obtained by decrypting the updating security data with a hash value generated from the map data recorded in the data area of the recording medium in a manner of allowing comparison with the hash value of the updating security data, and when the hash values match each other, use of the map data is allowed.
PCT/JP2011/050610 2010-02-19 2011-01-07 Navigation system WO2011102164A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JPJP2010-035319 2010-02-19
JP2010035319A JP5348502B2 (en) 2010-02-19 2010-02-19 Navigation system

Publications (1)

Publication Number Publication Date
WO2011102164A1 true WO2011102164A1 (en) 2011-08-25

Family

ID=43927862

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2011/050610 WO2011102164A1 (en) 2010-02-19 2011-01-07 Navigation system

Country Status (2)

Country Link
JP (1) JP5348502B2 (en)
WO (1) WO2011102164A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9141372B1 (en) * 2014-06-20 2015-09-22 GM Global Technology Operations LLC Secure and interruptible transfer of a map update package to a navigation device
CN109073395A (en) * 2016-04-21 2018-12-21 微软技术许可有限责任公司 Map downloading based on user position in future
WO2021170718A3 (en) * 2020-02-25 2021-12-09 Tomtom Global Content B.V. Digital map data with enhanced functional safety

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020087263A1 (en) * 2000-12-28 2002-07-04 Wiener Christopher R. Voice-controlled navigation device utilizing wireless data transmission for obtaining maps and real-time overlay information
US20030084313A1 (en) * 2001-10-23 2003-05-01 Toyota Jidosha Kabushiki Kaisha Map data processing method, map data processing device, storage medium, and on-board map data processing device
US20050210249A1 (en) * 2004-03-22 2005-09-22 Samsung Electronics Co., Ltd. Apparatus and method for moving and copying rights objects between device and portable storage device
JP2005331579A (en) 2004-05-18 2005-12-02 Denso Corp Map data updating system
WO2008088063A1 (en) * 2007-01-17 2008-07-24 Aisin Aw Co., Ltd. Navigation apparatus and information distribution system
US7613917B1 (en) * 2000-09-18 2009-11-03 Navteq North America, Llc Method and system for mass distribution of geographic data for navigation systems
EP2113860A1 (en) * 2007-02-23 2009-11-04 Panasonic Corporation Right information moving method, content player, and semiconductor device

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004139442A (en) * 2002-10-18 2004-05-13 Toyota Motor Corp Information terminal device, its operation control method, specified information storage program, storage medium storing the same, certain information changing program, terminal operation program, storage medium storing the same, and center
JP4722945B2 (en) * 2005-12-26 2011-07-13 三菱電機株式会社 Content distribution system, terminal and server

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7613917B1 (en) * 2000-09-18 2009-11-03 Navteq North America, Llc Method and system for mass distribution of geographic data for navigation systems
US20020087263A1 (en) * 2000-12-28 2002-07-04 Wiener Christopher R. Voice-controlled navigation device utilizing wireless data transmission for obtaining maps and real-time overlay information
US20030084313A1 (en) * 2001-10-23 2003-05-01 Toyota Jidosha Kabushiki Kaisha Map data processing method, map data processing device, storage medium, and on-board map data processing device
US20050210249A1 (en) * 2004-03-22 2005-09-22 Samsung Electronics Co., Ltd. Apparatus and method for moving and copying rights objects between device and portable storage device
JP2005331579A (en) 2004-05-18 2005-12-02 Denso Corp Map data updating system
WO2008088063A1 (en) * 2007-01-17 2008-07-24 Aisin Aw Co., Ltd. Navigation apparatus and information distribution system
JP2008175648A (en) 2007-01-17 2008-07-31 Aisin Aw Co Ltd Navigation device, navigation method, information delivery system, and information delivery method
EP2113860A1 (en) * 2007-02-23 2009-11-04 Panasonic Corporation Right information moving method, content player, and semiconductor device

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9141372B1 (en) * 2014-06-20 2015-09-22 GM Global Technology Operations LLC Secure and interruptible transfer of a map update package to a navigation device
CN109073395A (en) * 2016-04-21 2018-12-21 微软技术许可有限责任公司 Map downloading based on user position in future
CN109073395B (en) * 2016-04-21 2022-04-12 微软技术许可有限责任公司 Map download based on user future location
WO2021170718A3 (en) * 2020-02-25 2021-12-09 Tomtom Global Content B.V. Digital map data with enhanced functional safety

Also Published As

Publication number Publication date
JP2011169824A (en) 2011-09-01
JP5348502B2 (en) 2013-11-20

Similar Documents

Publication Publication Date Title
JP4633747B2 (en) Information distribution system and information distribution method
JP6813595B2 (en) How to verify the content and location of traffic signs
US9641541B2 (en) Data processing apparatus
JP4372791B2 (en) Information storage device
US8683606B2 (en) Navigation system
JP5631322B2 (en) Information processing terminal, confidential information access control method, program, recording medium, and integrated circuit
US20060184531A1 (en) Navigation system for accessing navigation data stored in an access-protected manner
JP2020016665A (en) Data utilization device, data utilization program, and data storage device
WO2017038888A1 (en) Map information managing system
JP2012224239A (en) Authentication system, and authentication method
JP2013026964A (en) Information update device for vehicle and information update method for vehicle
JP5348502B2 (en) Navigation system
JP4850520B2 (en) In-vehicle device, revocation management device, and revocation management system
US11537640B2 (en) Map output device, map output system, and computer-readable storage medium including program
JP7232793B2 (en) Map output device, map output system and program
JP2022121204A (en) Information processing system
JP2007230404A (en) License alteration prevention device, license alteration prevention system, license alteration prevention method and program
JP2022174524A (en) Map output device and map output system
JP2003248894A (en) Electronic license plate and electronic license plate application system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11703487

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11703487

Country of ref document: EP

Kind code of ref document: A1