🔥🔥 Don’t Miss Out on Our End of Autumn Sale. If you have any questions, feel free to click the bottom right corner to contact our customer service..

Concat us[email protected]
Shopping Cart

No products in the cart.

🔍
BS IEC 63173-2:2022:2023 Edition

BS IEC 63173-2:2022:2023 Edition

$215.11

Maritime navigation and radiocommunication equipment and systems – Data interface – Secure online transfer of S-100 based products applied on S-421 Route Plan

Published By Publication Date Number of Pages
BSI 2023 200
PDF Format Searchable Printable Preview Now
Guaranteed Safe Checkout
Categories: ,

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

PDF Catalog

PDF Pages PDF Title
2 undefined
4 English
CONTENTS
15 FOREWORD
17 INTRODUCTION
18 1 Scope
2 Normative references
19 3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
23 3.2 Abbreviated terms
4 General description of SECOM
4.1 General
24 4.2 Information service interface
Figures
Figure 1 – Overview of SECOM
25 4.3 Information security
4.3.1 Measures
4.3.2 SECOM PKI
26 4.3.3 Communication channel security
4.3.4 Data protection
Figure 2 – Secure communication channel
27 Figure 3 – Illustration of what parts of the message are protected by the two signatures
28 4.3.5 Certificate revocation status
4.4 Service discoverability
Figure 4 – Envelope and data validation
29 4.5 Structure of this document
5 SECOM information service interface
5.1 General
30 5.2 How to read descriptions of service interface definition
Figure 5 – Service definition model for the service interface definitions
31 5.3 Service technology and service transportation protocol
Tables
Table 1 – Read instructions for tables in service interface definitions
32 5.4 Service interface versioning
5.5 Pagination
5.6 Common information objects and data types
5.6.1 General
Table 2 – SECOM Service interface versioning
33 5.6.2 Basic data types
5.6.3 SECOM_ExchangeMetadataObject
Table 3 – Basic data types
34 5.6.4 Transfer of public key
Table 4 – SECOM_ExchangeMetadataObject
Table 5 – DigitalSignatureValueObject
35 Figure 6 – Example in C# of conversion from PEM format to minified public key
Figure 7 – Example of a public key in PEM format converted to a single line string
36 5.6.5 PaginationObject
Figure 8 – Example in C# of conversion from minified public key to PEM format
Figure 9 – Example of a minified public key string restored to the original PEM format
37 5.6.6 ContainerTypeEnum
5.6.7 SECOM_DataProductType
Table 6 – PaginationObject
Table 7 – ContainerTypeEnum
Table 8 – SECOM_DataProductType
38 5.6.8 SECOM_ResponseCodeEnum
5.6.9 AckRequest Enum
Table 9 – SECOM_ResponseCodeEnum
Table 10 – AckRequest Enum
39 5.6.10 Common HTTP response codes
5.6.11 Well-known text – WKT
Table 11 – Common HTTP codes
Table 12 – Supported WKT geometric objects
40 5.6.12 Universally Unique Identifier – UUID
Figure 10 – UUID version and variant
Table 13 – UUID variants
41 5.6.13 UN/LOCODE
5.7 Service interface definitions
5.7.1 General
Table 14 – UUID versions
Table 15 – Service interfaces overview
42 5.7.2 Service interface – Upload
43 Figure 11 – Upload interface UML diagram
44 Table 16 – Information input for Upload interface
45 Table 17 – Information output for Upload interface
Table 18 – REST implementation of Upload
46 Table 19 – HTTP Response codes and message in response object
47 Figure 12 – Sequence diagram for upload signedunclassified data with acknowledgement
48 5.7.3 Service interface – Upload Link
49 Figure 13 – Update link interface UML diagram
50 Table 20 – Information input for Upload Link interface
51 Table 21 – Information output for Upload Link interface
Table 22 – REST implementation of Upload Link
Table 23 – HTTP Response codes and message in response object
53 5.7.4 Service interface – Acknowledgement
Figure 14 – Sequence diagram for Upload link to large data
54 Figure 15 – Acknowledgement interface UML diagram
55 Table 24 – Information input for Acknowledgement interface
Table 25 – Enumerations for not acknowledged
Table 26 – Information output for Acknowledgement interface
56 Table 27 – Enumerations for Acknowledgement interface
Table 28 – REST implementation of acknowledgement
57 5.7.5 Service interface – Get
Figure 16 – Sequence diagram for Acknowledgement interface
Table 29 – HTTP Response codes and response message
58 Figure 17 – Get interface UML diagram
59 Table 30 – Information input for Get interface
Table 31 – Information output for Get interface
60 Table 32 – REST implementation of Get
Table 33 – HTTP Response code and message of Get
61 Figure 18 – Sequence diagram for Get interface
62 5.7.6 Service interface – Get Summary
Figure 19 – Sequence diagram for Get interface and classified data
63 Figure 20 – Get Summary interface UML diagram
Table 34 – Information input for Get Summary interface
64 Table 35 – Information output for Get Summary interface
65 Table 36 – REST implementation of Get Summary
Table 37 – HTTP Response codes and messages of Get Summary
66 5.7.7 Service interface – Get By Link
Figure 21 – Sequence diagram for Get Summary interface
Figure 22 – Get By Link interface in UML
Table 38 – Information input for Get By Link interface
67 Table 39 – Information output for Get By Link interface
Table 40 – REST implementation of Get By Link
Table 41 – HTTP Response code and message of Get By Link
68 5.7.8 Service interface – Access
Figure 23 – Sequence diagram for Get By Link interface
69 Figure 24 – Access interface UML diagram
Table 42 – Information input for Access interface
70 Table 43 – Information output for Access interface
Table 44 – Enumerations for Access interface
Table 45 – Parameter binding for the operation
71 5.7.9 Service interface – Access Notification
Figure 25 – Sequence diagram for Request Access and Access Notification interface
Table 46 – HTTP Response codes
72 Figure 26 – Access Notification interface UML diagram
Table 47 – Information input for Access Notification interface
Table 48 – Information output for Access Notification interface
73 5.7.10 Service interface – Subscription
Table 49 – Parameter binding for the operation
Table 50 – HTTP response codes
74 Figure 27 – Subscribe interface UML diagram
75 Table 51 – Information input for Subscription interface
Table 52 – Information output for Subscription interface
Table 53 – REST implementation of Subscription
76 Figure 28 – Sequence diagram for Subscribe interface
Table 54 – HTTP response codes and messages of Subscription
77 Figure 29 – Operational sequence diagram for Subscription interfaces
78 5.7.11 Service interface – Remove Subscription
Figure 30 – Sequence diagram for Subscription interfaceswith external subscription request
79 Figure 31 – Remove Subscription interface UML diagram
Table 55 – Information input for Remove Subscription interface
Table 56 – Information output for Remove Subscription interface
80 Figure 32 – Sequence diagram for Remove Subscription interface
Table 57 – REST implementation of Remove Subscription
Table 58 – HTTP Response codes and messages of Remove Subscription
81 5.7.12 Service interface – Subscription Notification
Figure 33 – Subscription Notification interface UML diagram
Table 59 – Information input for Subscription Notification interface
Table 60 – Information output for Subscription Notification interface
82 Table 61 – Enumerations for Subscription Notification interface
Table 62 – Information exchange for Subscription Notification
Table 63 – HTTP response codes for Subscription Notification
83 5.7.13 Service interface – Capability
Figure 34 – Sequence diagram for Subscription Notification interface
Table 64 – Capability example
84 Figure 35 – Capability interface UML diagram
85 Table 65 – Information output for Capability interface
86 5.7.14 Service interface – Ping
Figure 36 – Sequence diagram for Capability interface
Table 66 – REST implementation of Capability
Table 67 – HTTP response codes and messages of Capability
87 Figure 37 – Ping interface UML diagram
Table 68 – Information output for Ping interface
88 5.7.15 Service interface – EncryptionKey
Figure 38 – Check status on service
Table 69 – REST implementation of Ping
Table 70 – HTTP response codes of Ping
89 Figure 39 – Encryption Key interface UML diagram
90 Table 71 – Information input for Encryption Key interface
Table 72 – Information input for Encryption Key Notification interface
91 Table 73 – Information output for Encryption Key interface
Table 74 – REST implementation of EncryptionKey upload
Table 75 – HTTP response codes of EncryptionKey upload
92 Table 76 – REST implementation of EncryptionKey notification
Table 77 – HTTP response codes of EncryptionKey notification
93 Figure 40 – Operational sequence diagram for EncryptionKey upload interface
94 5.7.16 Service interface – PublicKey
Figure 41 – Operational sequence diagram for EncryptionKey notification interface
95 Figure 42 – PublicKey interface UML diagram
Table 78 – Information input for PublicKey interface
Table 79 – Information output for PublicKey interface GETand information input for PublicKey interface POST
96 Table 80 – REST implementation of PublicKey (GET)
Table 81 – HTTP response code and message of PublicKey (GET)
97 Figure 43 – Operational sequence diagram for PublicKey interface
Table 82 – REST implementation of PublicKey (POST)
Table 83 – HTTP response code and message of PublicKey (POST)
98 6 SECOM communication channel security
6.1 General
6.2 Secure transfer
6.2.1 Secure communication channel
99 6.2.2 Authentication procedure
7 SECOM data protection
7.1 General
Figure 44 – Principle for service authentication
100 7.2 Data compression and packaging
7.3 Data authentication and signing
7.3.1 General
7.3.2 Data formats and standards for digital signatures, keys and certificates
101 7.3.3 Creation of digital signature
102 7.3.4 Creation of envelope signature
Table 84 – Conversion rules
103 7.3.5 Verification of digital signature
Table 85 – Interfaces with envelope signature
104 7.3.6 Verification of envelope signature
7.3.7 Example of commands for data authentication
Table 86 – Command examples
105 7.4 Data encryption
7.4.1 General
7.4.2 Encryption algorithm
7.5 Creation and transfer of encryption key
7.5.1 General
106 7.5.2 SECOM encryption key management
Figure 45 – Sequence for SECOM encryption key management
107 7.5.3 Generate encryption key
7.5.4 Sign the protected encryption key
7.5.5 Transfer of the encryption key
Figure 46 – Alternative sequence for SECOM encryption key management
108 7.5.6 Example
8 SECOM PKI
8.1 General
Table 87 – Example of commands
109 8.2 Scheme
8.2.1 General
8.2.2 Scheme administrator
8.2.3 Data servers
8.2.4 Data clients
110 8.2.5 Procedure
8.3 Generation of public and private key
111 8.4 Certificate signing request
8.5 Certificate revocation
8.5.1 General
8.5.2 CRL – Certificate revocation list
8.5.3 OCSP – Online certificate status protocol
Table 88 – Creation of public and private key pairs – Example of basic commands
112 8.6 SECOM PKI service interface
8.6.1 General
8.6.2 Service interface – CSR
Table 89 – PKI interface overview
113 Figure 47 – CSR interface UML diagram
Table 90 – Information input for CSR interface
Table 91 – Information output for CSR interface
114 Figure 48 – Operational sequence diagram for CSR
Table 92 – REST implementation of CSR
Table 93 – HTTP response codes and message in response object
115 8.6.3 Service interface – GetPublicKey
Figure 49 – GetPublicKey interface UML diagram
Table 94 – Information input for GetPublicKey interface
Table 95 – Information output for GetPublicKey interface
116 Table 96 – REST implementation of GetPublicKey interface
Table 97 – HTTP Response codes and message in response object
117 8.6.4 Service interface – CRL
Figure 50 – Operational sequence diagram for GetPublicKey
Figure 51 – GetCRL interface UML diagram
118 8.6.5 Service interface – OCSP
Figure 52 – Operational sequence diagram for CRL
Table 98 – REST implementation of CRL
Table 99 – HTTP response codes and message in response object
119 Figure 53 – GetOCSP interface UML diagram
Table 100 – REST implementation of OCSP
120 Table 101 – HTTP response codes and message in response object
Table 102 – REST implementation of OCSP
Table 103 – HTTP response codes and message in response object
121 8.6.6 Service interface – Revoke
Figure 54 – Operational sequence diagram for OCSP
Figure 55 – PostRevoke interface UML diagram
Table 104 – Information input for Revoke interface
122 Table 105 – Enumerations for Revoke interface
Table 106 – Information output for Revoke interface
Table 107 – REST implementation of Revoke
123 9 SECOM service discovery service interface
9.1 General
9.2 Service interface – Search service
9.2.1 Specification
Figure 56 – Operational sequence diagram for Revoke
Table 108 – HTTP response codes and message in response object
124 9.2.2 Data exchange model
Figure 57 – Search service UML information diagram
125 Table 109 – Information input for search service interface
Table 110 – Information input for search parameter object
126 9.2.3 REST design
Table 111 – Information output for search service interface
127 10 SECOM error cases
10.1 Error cases
Table 112 – REST implementation for Search Service
Table 113 – HTTP response codes
128 10.2 General
10.3 Message integrity
10.4 Data integrity
10.5 Transport confidentiality
129 10.6 Data protection
10.7 Service identity
10.8 Client identity
130 10.9 Client authorization
10.10 Bandwidth optimization
10.11 Large message transfer
131 10.12 Closed loop communication
132 10.13 Service discoverability
10.14 Information push
10.15 Information pull
133 10.16 Subscribe to data
10.17 Service information
10.18 Service condition
134 11 Test methods and expected results
11.1 General
11.2 Communication channel security test
135 11.3 Data protection test
11.3.1 Data Compression and packaging
11.3.2 Data authentication and signature
11.3.3 Encryption
11.3.4 Digital signature test
11.4 SECOM ship/shore test
11.4.1 General
136 Table 114 – Test data reference
138 11.4.2 Prerequisites SECOM ship/shore EUT
11.4.3 Upload data
139 11.4.4 Download data
Table 115 – Upload test method steps
140 Table 116 – Download test method steps
141 11.5 SECOM Information Service test
11.5.1 General
Table 117 – Test data reference
142 11.5.2 Prerequisites SECOM information service EUT
11.5.3 Access
143 11.5.4 Access notification
11.5.5 Acknowledgement
Table 118 – Access test method steps
Table 119 – Access Notification test method steps
144 11.5.6 Capability
Table 120 – Acknowledgement test method steps
Table 121 – Capability test method steps
145 11.5.7 EncryptionKey
11.5.8 EncryptionKey Notification
Table 122 – EncryptionKey test method steps
146 11.5.9 Get
Table 123 – EncryptionKey notification test method steps
147 11.5.10 Get By Link
Table 124 – Get test method steps
148 11.5.11 Get Summary
Table 125 – Get By Link test method steps
149 11.5.12 Get Public Key
11.5.13 Upload Public Key
Table 126 – Get Summary test method steps
Table 127 – Get Public Key test method steps
150 11.5.14 Ping
11.5.15 Subscription
Table 128 – Upload Public Key test method steps
Table 129 – Ping test method steps
151 11.5.16 Subscription Notification
11.5.17 Remove Subscription
Table 130 – Subscription test method steps
Table 131 – Subscription Notification test method steps
152 11.5.18 Upload
Table 132 – Remove Subscription test method steps
153 11.5.19 Upload Link
Table 133 – Upload test method steps
154 11.6 SECOM PKI Service test
11.6.1 Prerequisites PKI EUT
Table 134 – Upload Link test method steps
155 11.6.2 CRL
11.6.3 OCSP
Table 135 – CRL test method steps
Table 136 – OCSP test method steps
156 11.6.4 Revoke
11.6.5 CSR
11.6.6 GetPublicKey
Table 137 – Revoke test method steps
Table 138 – CSR test method steps
157 11.7 SECOM Service Discovery test
11.7.1 General
11.7.2 Prerequisites Service Discovery EUT
11.7.3 Search service – By geometry
Table 139 – GetPublicKey test method steps
158 11.7.4 Search service – Without specified search criteria
Table 140 – Search service by geometry test method steps
Table 141 – Search service empty query test method steps
159 Annex A (normative)REST service interface definitions
A.1 Purpose
A.2 SECOM information service REST interface definition
A.3 SECOM PKI service REST interface definition
A.4 SECOM discovery service REST interface definition
160 Annex B (informative)Operational use cases and profiles
B.1 Purpose
B.2 Use cases and service interface profiles
B.2.1 UC-1 Ship shares route plan with service providing enhanced monitoring
161 B.2.2 UC-2 Pilot routes
Table B.1 – UC-1 Ship shares route plan with service providing enhanced monitoring
162 B.2.3 UC-3 Route optimization
Table B.2 – Required service interfaces in UC-3
163 B.2.4 UC-4 Enhanced monitoring service requests route plan from/for ship for monitoring
Table B.3 – Required service interfaces in UC-3
164 B.2.5 UC-5 Discover service instance to consume
Table B.4 – Required service interfaces in UC-4
165 B.2.6 UC-6 Chart (ENC) updates
166 B.2.7 UC-7 navigational warning service
Table B.5 – Required service interfaces in UC-6
167 Table B.6 – Required service interfaces in UC-7
168 B.2.8 UC-8 Updates for detailed bathymetry and tidal and water level forecasts
Table B.7 – Required service interfaces in UC-8
169 Annex C (informative)Message exchange patterns
C.1 Purpose
C.2 Message exchange pattern
C.2.1 Generic message exchange patterns
Figure C.1 – Message Exchange Pattern – ONE_WAY
170 Figure C.2 – Message Exchange Pattern – REQUEST_CALLBACK
Figure C.3 – Message exchange pattern – REQUEST_RESPONSE
171 Figure C.4 – Message exchange pattern – PUBLISH_SUBSCRIBE (Provider nominates)
Figure C.5 – Message exchange pattern – PUBLISH_SUBSCRIBE (Consumer request)
172 C.2.2 Alternative and error sequences
Figure C.6 – Error sequence; Incorrect uploaded message
Figure C.7 – Error sequence; Unauthorized upload of message
Figure C.8 – Error sequence; Unauthorized subscription request
173 Annex D (informative)Guidance on implementation
D.1 Purpose
Figure D.1 – Overview of SECOM
174 D.2 On ship
Figure D.2 – Overview of certificate usage
175 D.3 On shore
Figure D.3 – Deployment example for SECOM on ship
176 D.4 Service composition
Figure D.4 – Deployment example for SECOM on shore
177 D.5 Private side security
Figure D.5 – Service composition
178 D.6 SECOM PKI
D.6.1 General
D.6.2 Structure and Functionality
Figure D.6 – Structure of MIR within MCP
179 D.6.3 Identity management
182 D.6.4 Public Key Infrastructure
183 Figure D.7 – Hierarchical X.509 PKI Structure
185 Table D.1 – Domain parameters
Table D.2 – Subject distinguished name field items
186 Table D.3 – Fields and object identifiers
187 D.6.5 Authentication and authorization for web services
188 D.6.6 Profile “Basic Requirements”
D.7 SECOM service discovery
D.7.1 Example 1: geometry combined with serviceType search
Table D.4 – MCP OpenID Connect token
189 Figure D.8 – Request find service with geometry and query
190 D.7.2 Example 2: Search with AND/OR condition
Figure D.9 – Response from service registry
191 Figure D.10 – Response from service registry
192 Annex E (informative)Use of white list
E.1 Purpose
E.2 Authorization to access data
193 E.3 Access control list
E.4 Authorization based on predefined rules or list
194 E.5 Manually updated list
E.6 Rule based handling on request to information (rule based authorization)
E.7 Rule based request for information
E.8 Procedure when receiving “Not authorized”
195 Annex F (informative)Test and simulators
F.1 Purpose
F.2 Manual testing
F.3 Ship and shore equipment
Figure F.1 – Manual testing
196 F.4 SECOM information service equipment
F.5 SECOM PKI equipment
Figure F.2 – Overview of test equipment for ship and shore equipment
Figure F.3 – Overview of test equipment for SECOM information service equipment
197 F.6 SECOM Service Discovery equipment
Figure F.4 – Overview of test equipment for SECOM PKI equipment
Figure F.5 – Overview of test equipment for SECOM service discovery equipment
198 Bibliography

Related products

BS IEC 63173-2:2022
$215.11