US 12,309,136 B2
Method and apparatus for access control on ship network
Keon Yun, Seoul (KR); Myung Woo Chung, Seoul (KR); Sang Gyoo Sim, Seoul (KR); Jin Hyuk Jung, Goyang-si (KR); Duk Soo Kim, Seoul (KR); and Seok Woo Lee, Seoul (KR)
Assigned to Penta Security Inc., Seoul (KR)
Filed by Penta Security Inc., Seoul (KR)
Filed on May 18, 2022, as Appl. No. 17/663,998.
Claims priority of application No. 10-2021-0162302 (KR), filed on Nov. 23, 2021.
Prior Publication US 2023/0164134 A1, May 25, 2023
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/0823 (2013.01) [H04L 63/0869 (2013.01); H04L 63/107 (2013.01)] 18 Claims
OG exemplary drawing
 
10. A ship network access control apparatus for a ship network, comprising:
a transceiver connected to the ship network;
a memory storing at least one command; and
at least one processor connected with the transceiver and the memory, wherein the at least one command causes the at least one processor to:
receive, from a first authentication controller agent installed in a first sub-network among sub-networks of the ship network, a registration request message requesting registration based on a first certificate, and verify validity of the first certificate;
in response to determining that the first certificate is valid, transmit, to the first authentication controller agent, registration information for the first authentication controller agent;
receive, from a second authentication controller agent installed in a second sub-network among sub-networks of the ship network, a registration request message requesting registration based on a second certificate, and verifying validity of the second certificate;
in response to determining that the second certificate is valid, transmit, to the second authentication controller agent, registration information for the second authentication controller agent;
receive, from the first authentication controller agent or the second authentication controller agent, a connection request message generated based on the registration information, and verify an authority of the first or the second authentication controller agent according to the reception of the connection request message;
in response to determining that the authority of the first or the second authentication controller agent is verified, for performing a mutual authentication protocol with the first or the second authentication controller agent, transmitting a list or information on a service provided by the second authentication controller agent and registration confirmation information to be used in a connection procedure to the first authentication controller agent, or a list or information on a service provided by the first authentication controller agent and the registration confirmation information to be used in a connection procedure to the second authentication controller agent; and
determine whether to allow a connection between a first terminal in the first sub-network and a second terminal located in the second sub-network of the ship network or between the first terminal or the second terminal and a terminal in an external network according to the authority of the first or the second authentication controller agent,
wherein the registration confirmation information is used to verify information required for connection between the first authentication controller agent and the second authentication controller agent, and information required for connection between the first authentication controller agent or the second authentication controller agent and the terminal in the external network, before performing the mutual authentication protocol.