You can't realistically just download "the patches" as that covers hundreds and hundreds of packages, most of which you won't have installed, and no mechanism to magically find out which ones are relevant to you without an internet connection. Generally if there is no internet connection from the machine, you'd look at a local mirror and update against it:
http://wiki.centos.org/HowTos/CreateLocalMirror