Maritime navigation and radiocommunication equipment and systems - Data interface - Part 2: Secure communication between ship and shore (SECOM)

IEC 63173-2:2022 the scope of secure communication between ship and shore (SECOM) includes interfaces (APIs) for data exchange (information services), information security measures to enable secure communication and interfaces for service discoverability. SECOM provides technical interoperability, where the same service interface is used for exchanging the information regardless of its operational use, up to the level of exchanging information securely online. Although designed for IHO S-100 based products, SECOM is technically payload agnostic and applicable also for other types of data.
Communication between SECOM information services for data exchange relies on IP based web services. The "last mile" links between a SECOM information service and the end-user application is not defined in this document, thus the communication technology between the vendor API and a ship/shore system can be non-IP based as well as IP based. The informative Annex D describes one such implementation of this. This allows different solutions between the service and shore/ship’s system/applications.
SECOM does not define physical layer or link layer for transport of data between SECOM information services, but requires that the transport supports IP communication. SECOM is applicable for both public (governmental) and private (business) services. SECOM is applicable for ship-shore and shore-ship communication, and can be used for ship-ship communication.

Matériels et systèmes de navigation et de radiocommunication maritimes - Interface de données - Partie 2: Communications sécurisées entre le navire et la terre (SECOM)

IEC 63173-2:2022 Le domaine d’application du SECOM comprend des interfaces (API) pour l’échange de données (services d’information), des mesures de sécurité de l’information pour permettre des communications sécurisées et des interfaces pour la découvrabilité des services. Le SECOM assure l’interopérabilité technique, où la même interface de service est utilisée pour l’échange d’informations indépendamment de son utilisation opérationnelle, jusqu’au niveau de l’échange d’informations en ligne sécurisé. Bien que conçu pour les produits basés sur la S-100 de l’OHI, le SECOM ne dépend pas techniquement des données utiles et est également applicable à d’autres types de données.
Les communications entre services d’information SECOM pour l’échange de données sont basées sur des services web sur IP. Les liens du "dernier kilomètre" entre un service d’information SECOM et l’application d’utilisateur ne sont pas définis dans le présent document et, par conséquent, la technologie de communication entre l’API du fournisseur et un système navire/terre peut être aussi bien basée sur IP que non basée sur IP. L’Annexe D informative décrit une mise en œuvre de celles-ci. Elle permet différentes solutions entre le service et les systèmes/applications à terre/du navire.
Le SECOM ne définit pas la couche physique ou la couche de liaison pour le transport des données entre services d’information SECOM, mais exige que le transport prenne en charge la communication IP. Le SECOM est applicable aux services publics (gouvernementaux) et privés (entreprises). Le SECOM est applicable aux communications navire-terre et terre-navire, et peut être utilisé pour les communications navire-navire.

General Information

Status
Published
Publication Date
29-May-2022
Current Stage
PPUB - Publication issued
Completion Date
30-May-2022
Ref Project

Buy Standard

Standard
IEC 63173-2:2022 - Maritime navigation and radiocommunication equipment and systems - Data interface - Part 2: Secure communication between ship and shore (SECOM)
English and French language
402 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

IEC 63173-2
Edition 1.0 2022-05
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Maritime navigation and radiocommunication equipment and systems –
Data interfaces –
Part 2: Secure communication between ship and shore (SECOM)
Matériels et systèmes de navigation et de radiocommunication maritimes –
Interfaces de données –
Partie 2: Communications sécurisées entre le navire et la terre (SECOM)
IEC 63173-2:2022-05(en-fr)
---------------------- Page: 1 ----------------------
THIS PUBLICATION IS COPYRIGHT PROTECTED
Copyright © 2022 IEC, Geneva, Switzerland

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form

or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from

either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC

copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or

your local IEC member National Committee for further information.

Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite

ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie

et les microfilms, sans l'accord écrit de l'IEC ou du Comité national de l'IEC du pays du demandeur. Si vous avez des

questions sur le copyright de l'IEC ou si vous désirez obtenir des droits supplémentaires sur cette publication, utilisez

les coordonnées ci-après ou contactez le Comité national de l'IEC de votre pays de résidence.

IEC Secretariat Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC

The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes

International Standards for all electrical, electronic and related technologies.
About IEC publications

The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the

latest edition, a corrigendum or an amendment might have been published.

IEC publications search - webstore.iec.ch/advsearchform IEC Products & Services Portal - products.iec.ch

The advanced search enables to find IEC publications by a Discover our powerful search engine and read freely all the

variety of criteria (reference number, text, technical publications previews. With a subscription you will always

committee, …). It also gives information on projects, replaced have access to up to date content tailored to your needs.

and withdrawn publications.
Electropedia - www.electropedia.org
IEC Just Published - webstore.iec.ch/justpublished
The world's leading online dictionary on electrotechnology,
Stay up to date on all new IEC publications. Just Published
containing more than 22 300 terminological entries in English
details all new publications released. Available online and
and French, with equivalent terms in 19 additional languages.
once a month by email.
Also known as the International Electrotechnical Vocabulary
(IEV) online.
IEC Customer Service Centre - webstore.iec.ch/csc
If you wish to give us your feedback on this publication or
need further assistance, please contact the Customer Service
Centre: sales@iec.ch.
A propos de l'IEC

La Commission Electrotechnique Internationale (IEC) est la première organisation mondiale qui élabore et publie des

Normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.

A propos des publications IEC

Le contenu technique des publications IEC est constamment revu. Veuillez vous assurer que vous possédez l’édition la

plus récente, un corrigendum ou amendement peut avoir été publié.
Recherche de publications IEC - IEC Products & Services Portal - products.iec.ch

webstore.iec.ch/advsearchform Découvrez notre puissant moteur de recherche et consultez

La recherche avancée permet de trouver des publications IEC gratuitement tous les aperçus des publications. Avec un

en utilisant différents critères (numéro de référence, texte, abonnement, vous aurez toujours accès à un contenu à jour

comité d’études, …). Elle donne aussi des informations sur adapté à vos besoins.
les projets et les publications remplacées ou retirées.
Electropedia - www.electropedia.org
IEC Just Published - webstore.iec.ch/justpublished
Le premier dictionnaire d'électrotechnologie en ligne au
Restez informé sur les nouvelles publications IEC. Just
monde, avec plus de 22 300 articles terminologiques en
Published détaille les nouvelles publications parues.
anglais et en français, ainsi que les termes équivalents dans
Disponible en ligne et une fois par mois par email.
19 langues additionnelles. Egalement appelé Vocabulaire
Electrotechnique International (IEV) en ligne.
Service Clients - webstore.iec.ch/csc
Si vous désirez nous donner des commentaires sur cette
publication ou si vous avez des questions contactez-nous:
sales@iec.ch.
---------------------- Page: 2 ----------------------
IEC 63173-2
Edition 1.0 2022-05
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Maritime navigation and radiocommunication equipment and systems –
Data interfaces –
Part 2: Secure communication between ship and shore (SECOM)
Matériels et systèmes de navigation et de radiocommunication maritimes –
Interfaces de données –
Partie 2: Communications sécurisées entre le navire et la terre (SECOM)
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 47.020.70 ISBN 978-2-8322-3802-8

Warning! Make sure that you obtained this publication from an authorized distributor.

Attention! Veuillez vous assurer que vous avez obtenu cette publication via un distributeur agréé.

® Registered trademark of the International Electrotechnical Commission
Marque déposée de la Commission Electrotechnique Internationale
---------------------- Page: 3 ----------------------
– 2 – IEC 63173-2:2022 © IEC 2022
CONTENTS

FOREWORD ......................................................................................................................... 13

INTRODUCTION ................................................................................................................... 15

1 Scope ............................................................................................................................ 16

2 Normative references .................................................................................................... 16

3 Terms, definitions and abbreviated terms ...................................................................... 17

3.1 Terms and definitions ............................................................................................ 17

3.2 Abbreviated terms ................................................................................................. 21

4 General description of SECOM ...................................................................................... 21

4.1 General ................................................................................................................. 21

4.2 Information service interface ................................................................................. 22

4.3 Information security .............................................................................................. 23

4.3.1 Measures....................................................................................................... 23

4.3.2 SECOM PKI ................................................................................................... 23

4.3.3 Communication channel security ................................................................... 24

4.3.4 Data protection .............................................................................................. 24

4.3.5 Certificate revocation status .......................................................................... 26

4.4 Service discoverability .......................................................................................... 26

4.5 Structure of this document .................................................................................... 27

5 SECOM information service interface ............................................................................ 27

5.1 General ................................................................................................................. 27

5.2 How to read descriptions of service interface definition ......................................... 28

5.3 Service technology and service transportation protocol ......................................... 29

5.4 Service interface versioning .................................................................................. 30

5.5 Pagination ............................................................................................................ 30

5.6 Common information objects and data types ......................................................... 30

5.6.1 General ......................................................................................................... 30

5.6.2 Basic data types ............................................................................................ 31

5.6.3 SECOM_ExchangeMetadataObject ................................................................ 31

5.6.4 Transfer of public key .................................................................................... 32

5.6.5 PaginationObject ........................................................................................... 34

5.6.6 ContainerTypeEnum ...................................................................................... 35

5.6.7 SECOM_DataProductType ............................................................................ 35

5.6.8 SECOM_ResponseCodeEnum ....................................................................... 36

5.6.9 AckRequest Enum ......................................................................................... 36

5.6.10 Common HTTP response codes..................................................................... 37

5.6.11 Well-known text – WKT .................................................................................. 37

5.6.12 Universally Unique Identifier – UUID .............................................................. 38

5.6.13 UN/LOCODE ................................................................................................. 39

5.7 Service interface definitions .................................................................................. 39

5.7.1 General ......................................................................................................... 39

5.7.2 Service interface – Upload ............................................................................. 40

5.7.3 Service interface – Upload Link ..................................................................... 46

5.7.4 Service interface – Acknowledgement............................................................ 51

5.7.5 Service interface – Get .................................................................................. 55

5.7.6 Service interface – Get Summary .................................................................. 60

5.7.7 Service interface – Get By Link ...................................................................... 64

---------------------- Page: 4 ----------------------
IEC 63173-2:2022 © IEC 2022 – 3 –

5.7.8 Service interface – Access............................................................................. 66

5.7.9 Service interface – Access Notification .......................................................... 69

5.7.10 Service interface – Subscription .................................................................... 71

5.7.11 Service interface – Remove Subscription ....................................................... 76

5.7.12 Service interface – Subscription Notification .................................................. 79

5.7.13 Service interface – Capability ........................................................................ 81

5.7.14 Service interface – Ping ................................................................................. 84

5.7.15 Service interface – EncryptionKey ................................................................. 86

5.7.16 Service interface – PublicKey ........................................................................ 92

6 SECOM communication channel security ....................................................................... 96

6.1 General ................................................................................................................. 96

6.2 Secure transfer ..................................................................................................... 96

6.2.1 Secure communication channel ..................................................................... 96

6.2.2 Authentication procedure ............................................................................... 97

7 SECOM data protection ................................................................................................. 97

7.1 General ................................................................................................................. 97

7.2 Data compression and packaging ......................................................................... 98

7.3 Data authentication and signing ............................................................................ 98

7.3.1 General ......................................................................................................... 98

7.3.2 Data formats and standards for digital signatures, keys and certificates ........ 98

7.3.3 Creation of digital signature ........................................................................... 99

7.3.4 Creation of envelope signature .................................................................... 100

7.3.5 Verification of digital signature ..................................................................... 101

7.3.6 Verification of envelope signature ................................................................ 102

7.3.7 Example of commands for data authentication ............................................. 102

7.4 Data encryption................................................................................................... 103

7.4.1 General ....................................................................................................... 103

7.4.2 Encryption algorithm .................................................................................... 103

7.5 Creation and transfer of encryption key ............................................................... 103

7.5.1 General ....................................................................................................... 103

7.5.2 SECOM encryption key management ........................................................... 104

7.5.3 Generate encryption key .............................................................................. 105

7.5.4 Sign the protected encryption key ................................................................ 105

7.5.5 Transfer of the encryption key ..................................................................... 105

7.5.6 Example ...................................................................................................... 106

8 SECOM PKI ................................................................................................................. 106

8.1 General ............................................................................................................... 106

8.2 Scheme .............................................................................................................. 107

8.2.1 General ....................................................................................................... 107

8.2.2 Scheme administrator .................................................................................. 107

8.2.3 Data servers ................................................................................................ 107

8.2.4 Data clients ................................................................................................. 107

8.2.5 Procedure .................................................................................................... 108

8.3 Generation of public and private key ................................................................... 108

8.4 Certificate signing request .................................................................................. 109

8.5 Certificate revocation .......................................................................................... 109

8.5.1 General ....................................................................................................... 109

8.5.2 CRL – Certificate revocation list................................................................... 109

8.5.3 OCSP – Online certificate status protocol .................................................... 109

---------------------- Page: 5 ----------------------
– 4 – IEC 63173-2:2022 © IEC 2022

8.6 SECOM PKI service interface ............................................................................. 110

8.6.1 General ....................................................................................................... 110

8.6.2 Service interface – CSR .............................................................................. 110

8.6.3 Service interface – GetPublicKey ................................................................. 113

8.6.4 Service interface – CRL ............................................................................... 115

8.6.5 Service interface – OCSP ............................................................................ 116

8.6.6 Service interface – Revoke .......................................................................... 119

9 SECOM service discovery service interface ................................................................. 121

9.1 General ............................................................................................................... 121

9.2 Service interface – Search service ...................................................................... 121

9.2.1 Specification ................................................................................................ 121

9.2.2 Data exchange model .................................................................................. 122

9.2.3 REST design ............................................................................................... 124

10 SECOM error cases ..................................................................................................... 125

10.1 Error cases ......................................................................................................... 125

10.2 General ............................................................................................................... 126

10.3 Message integrity ................................................................................................ 126

10.4 Data integrity ...................................................................................................... 126

10.5 Transport confidentiality ...................................................................................... 126

10.6 Data protection ................................................................................................... 127

10.7 Service identity ................................................................................................... 127

10.8 Client identity ...................................................................................................... 127

10.9 Client authorization ............................................................................................. 128

10.10 Bandwidth optimization ....................................................................................... 128

10.11 Large message transfer ...................................................................................... 128

10.12 Closed loop communication ................................................................................ 129

10.13 Service discoverability ........................................................................................ 130

10.14 Information push ................................................................................................. 130

10.15 Information pull ................................................................................................... 130

10.16 Subscribe to data ................................................................................................ 131

10.17 Service information ............................................................................................. 131

10.18 Service condition ................................................................................................ 131

11 Test methods and expected results ............................................................................. 132

11.1 General ............................................................................................................... 132

11.2 Communication channel security test .................................................................. 132

11.3 Data protection test ............................................................................................. 133

11.3.1 Data Compression and packaging................................................................ 133

11.3.2 Data authentication and signature ............................................................... 133

11.3.3 Encryption ................................................................................................... 133

11.3.4 Digital signature test .................................................................................... 133

11.4 SECOM ship/shore test ....................................................................................... 133

11.4.1 General ....................................................................................................... 133

11.4.2 Prerequisites SECOM ship/shore EUT ......................................................... 136

11.4.3 Upload data ................................................................................................. 136

11.4.4 Download data ............................................................................................. 137

11.5 SECOM Information Service test ......................................................................... 139

11.5.1 General ....................................................................................................... 139

11.5.2 Prerequisites SECOM information service EUT ............................................ 140

11.5.3 Access......................................................................................................... 140

---------------------- Page: 6 ----------------------
IEC 63173-2:2022 © IEC 2022 – 5 –

11.5.4 Access notification ....................................................................................... 141

11.5.5 Acknowledgement........................................................................................ 141

11.5.6 Capability .................................................................................................... 142

11.5.7 EncryptionKey ............................................................................................. 143

11.5.8 EncryptionKey Notification ........................................................................... 143

11.5.9 Get .............................................................................................................. 144

11.5.10 Get By Link .................................................................................................. 145

11.5.11 Get Summary .............................................................................................. 146

11.5.12 Get Public Key ............................................................................................. 147

11.5.13 Upload Public Key ....................................................................................... 147

11.5.14 Ping ............................................................................................................. 148

11.5.15 Subscription ................................................................................................ 148

11.5.16 Subscription Notification .............................................................................. 149

11.5.17 Remove Subscription ................................................................................... 149

11.5.18 Upload ......................................................................................................... 150

11.5.19 Upload Link ................................................................................................. 151

11.6 SECOM PKI Service test ..................................................................................... 152

11.6.1 Prerequisites PKI EUT ................................................................................. 152

11.6.2 CRL ............................................................................................................. 153

11.6.3 OCSP .......................................................................................................... 153

11.6.4 Revoke ........................................................................................................ 154

11.6.5 CSR ............................................................................................................ 154

11.6.6 GetPublicKey ............................................................................................... 154

11.7 SECOM Service Discovery test ........................................................................... 155

11.7.1 General ....................................................................................................... 155

11.7.2 Prerequisites Service Discovery EUT ........................................................... 155

11.7.3 Search service – By geometry ..................................................................... 155

11.7.4 Search service – Without specified search criteria ....................................... 156

Annex A (normative) REST service interface definitions ..................................................... 157

A.1 Purpose .............................................................................................................. 157

A.2 SECOM information service REST interface definition ........................................ 157

A.3 SECOM PKI service REST interface definition .................................................... 157

A.4 SECOM discovery service REST interface definition ........................................... 157

Annex B (informative) Operational use cases and profiles .................................................. 158

B.1 Purpose .............................................................................................................. 158

B.2 Use cases and service interface profiles ............................................................. 158

B.2.1 UC-1 Ship shares route plan with service providing enhanced

monitoring ................................................................................................... 158

B.2.2 UC-2 Pilot routes ......................................................................................... 159

B.2.3 UC-3 Route optimization .............................................................................. 160

B.2.4 UC-4 Enhanced monitoring service requests route plan from/for ship for

monitoring ................................................................................................... 161

B.2.5 UC-5 Discover service instance to consume ................................................ 162

B.2.6 UC-6 Chart (ENC) updates .......................................................................... 163

B.2.7 UC-7 navigational warning service ............................................................... 164

B.2.8 UC-8 Updates for detailed bathymetry and tidal and water level

forecasts ..................................................................................................... 166

Annex C (informative) Message exchange patterns ............................................................ 167

C.1 Purpose .............................................................................................................. 167

---------------------- Page: 7 ----------------------
– 6 – IEC 63173-2:2022 © IEC 2022

C.2 Message exchange pattern ................................................................................. 167

C.2.1 Generic message exchange patterns ........................................................... 167

C.2.2 Alternative and error sequences .................................................................. 170

Annex D (informative) Guidance on implementation ........................................................... 171

D.1 Purpose ......................................................................................................

...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.