KR-102963296-B1 - Ship Cyber Security Wired And Wireless Patching Methods And System

Abstract

The present invention relates to a wired and wireless cybersecurity patching method and device for ships. As the need for establishing a CBS patch update method and device for ships has arisen, the invention proposes a wired and wireless cybersecurity patching method and system for ships capable of performing patch updates in accordance with IACS UR E26 requirements.

Inventors

• 배양섭
• 김정태
• 조용현

Assignees

• 한화오션 주식회사
• 주식회사 싸이터

Dates

Publication Date

20260511

Application Date

20231228

Claims (6)

1. In the ship cybersecurity patch update system, A system integration server that receives patches for the corresponding CBS from the provider servers of each CBS and integrates them when there are CBSs to be patched for multiple CBSs of a vessel; A patch distribution server that authenticates patches received from the above-mentioned system integration server, encrypts them through a key management system, and distributes the encrypted patches by using different communication connection methods depending on the ship's operating status and location; and It includes a patch update server equipped on the vessel, which authenticates a patch received from the patch distribution server, decrypts it through a key management system, and performs a patch update by verifying the hash, timestamp, and patch version; The above patch update server is equipped with a backup update server, If the communication connection is interrupted while performing a patch update through the above patch update server, the patch state prior to the interruption is saved through the backup update server, and after the communication connection is resumed, the update is performed from the point of interruption; A ship cybersecurity patch system characterized by the above patch update server continuously performing cybersecurity patch updates according to the ship's operating status and location.
2. In claim 1, The above patch distribution server is, A ship cybersecurity patch system characterized by distributing patches by connecting via any one of VSAT, LTE, or Port LAN depending on the ship's operating status and location.
3. delete
4. Regarding the method for updating ship cybersecurity patches, A patch reception step in which, for multiple CBSs of a vessel, if there is a CBS to be patched, the system integration server receives the patch for the corresponding CBS from the provider server of each CBS and integrates it; A patch distribution step that authenticates the patch received through the patch reception step and encrypts it through a key management system, and distributes the encrypted patch from a patch distribution server by using different communication connection methods according to the ship's operating status and location; and It includes a patch update step that receives a patch distributed through the patch distribution step above from the ship's patch update server, authenticates the received patch and decrypts it through a key management system, and performs a patch update by verifying the hash, timestamp, and patch version; In the above patch update step, the patch update server is equipped with a backup update server, and if the communication connection is interrupted while performing a patch update through the patch update server, the patch state prior to the interruption is saved through the backup update server, and after the communication connection is resumed, the update is performed from the point of interruption; A ship cybersecurity patch method characterized by the above patch update step continuously performing cybersecurity patch updates according to the ship's operating status and ship location.
5. In claim 4, The above patch distribution step is, A ship cybersecurity patch method characterized by distributing patches by connecting via any one of VSAT, LTE, or Port LAN depending on the ship's operating status and location.
6. delete

Description

Ship Cyber Security Wired and Wireless Patching Methods and System The present invention relates to a wired and wireless cybersecurity patching method and device for a ship, and as the need for a CBS patch update method and device for a ship has arisen, it relates to a wired and wireless cybersecurity patching method and system for a ship capable of performing patch updates in accordance with IACS UR E26 requirements. As International Maritime Organization (IMO) and classification society rules are strengthened, cybersecurity on board ships is required. Among these cybersecurity regulations, security patches and software updates for onboard computer-based systems (e.g., servers or computers) are particularly important. Patching methods for this purpose can be broadly categorized into using a Patch Management System (PMS) or manual patching methods using USBs. However, due to the characteristics of ships, there has been a problem in that it is not easy to perform patches using satellites. FIG. 1 is a drawing showing a wired/wireless patch system for cybersecurity of a ship according to the present invention. FIG. 2 is a flowchart illustrating a wired/wireless patching method for cybersecurity of a ship according to the present invention. Detailed information regarding the purpose, technical configuration, and the resulting operation and effects of the present invention will be more clearly understood through the detailed description based on the drawings attached to the specification of the present invention. The terms used in this specification are used merely to describe specific embodiments and are not intended to limit the invention. For example, terms such as "composed of" or "comprising" used in this specification should not be interpreted as necessarily including all of the various components or steps described in the invention, but should be interpreted as excluding some of the components or steps, or potentially including additional components or steps. Furthermore, singular expressions used in this specification include plural expressions unless the context clearly indicates otherwise. The present invention will be described in detail below by explaining preferred embodiments with reference to the attached drawings. The embodiments described below are provided to enable those skilled in the art to easily understand the technical concept of the present invention, and should not be interpreted as limiting the present invention; it is obvious to those skilled in the art that the embodiments of the present invention can have various applications. Referring to FIGS. 1 and 2, we will examine the wired and wireless patching method and system for cybersecurity of a ship according to the present invention. A ship's cybersecurity wired/wireless patch system according to one aspect of the present invention establishes a method and system for updating CBS patches for ships in accordance with IACS UR E26 requirements. A ship cybersecurity patch update system according to the present invention may include a system integration server (100) that receives a patch for a CBS from a provider server (10) of each CBS when there is a CBS to be patched among a plurality of CBSs (Computer Based Systems) of a ship; a patch distribution server (200) that authenticates and encrypts the patch received from the system integration server (100) and distributes the encrypted patch by using a different communication connection method according to the ship's operating status and location; and a patch update server (450) that is provided on the ship (400), authenticates and decrypts the patch received from the patch distribution server (200), and performs a patch update by verifying the hash, timestamp, and patch version. The patch update server (450) is characterized by continuously performing cybersecurity patch updates according to the ship's operating status and ship location. In other words, due to the characteristics of the vessel, patch updates can be applied via wireless communication while sailing or anchored. For example, updates can be performed using VSAT (very small aperture terminal) while sailing and 5G or LTE (long term evolution) while anchored. Accordingly, the patch distribution server (300) is characterized by distributing patches by connecting via a communication unit (300) connection method of VSAT, LTE, or Port LAN (local area network) depending on the ship's operating status and ship location. In addition, it is characterized by the ability to perform patching while maintaining security even when other vessels receive patch data by distributing encrypted patches through a key management system. More specifically, when there is a CBS to be patched for a plurality of CBSs of a vessel, the system integration server (100) receives the patch for the corresponding CBS from the provider servers (11 to 13) of each CBS. Next, the patch distribution server (200) authenticates the patch received from the system integrati