The Ethernet failure security communication system and the data transmission method of software-hardware synergism
Technical field
The present invention relates to the computer communication technology field, be meant the Ethernet failure security communication system and the data transmission method of software-hardware synergism especially.
Background technology
As everyone knows, in the higher special computers system applies field of security requirement, as railway, Aeronautics and Astronautics etc., often think that communication itself is unreliable and unsafe, need be aided with special safety function module and realize the high reliability and the high security of communication, and require meeting automatic guide safety output state when device fails.In the existing design, some design has realized the error detection to data in the communication by adding special safety check function, but can't avoid because the catastrophic failure of hardware is introduced mistake in data encryption process.The other design has realized the communication function of the two separate networks of two-way, when having ensured data reliability, has but improved the complexity of system and equipment greatly.
Summary of the invention
In view of this, the invention reside in provides the Ethernet of software-hardware synergism failure security communication system and data transmission method, when realizing data security communication in the above-mentioned computer system to solve, and the problem that the complexity of system is high.
For addressing the above problem, the invention provides the Ethernet failure security communication system of software-hardware synergism, comprising:
Rong Yu central processing unit A and central processing unit B are installed on the master control borad each other;
Comprise on the ethernet communication plate, each other Rong Yu application processing unit A and application processing unit B; Rong Yu safety function unit A and safety function unit B each other; Synchronous comparing unit, procotol encapsulation unit, network interface unit, safety function monitoring unit;
Network interface unit is used for Data Format Transform and physical level conversion between procotol encapsulation unit and the IP network;
The procotol encapsulation unit is used to resolve the data from network interface unit, is sent to synchronous comparing unit; And in the future the data of motor synchronizing comparing unit are sent to network interface unit after according to predetermined procotol encapsulation;
Synchronous comparing unit, being used in the future, the data of automatic network protocol encapsulation unit are distributed to safety function unit A and safety function unit B; Secure data from safety function unit A and safety function unit B is compared synchronously, more correct data are sent to the procotol encapsulation unit, relatively wronger data are abandoned, and send secure data timing error message to the safety function monitoring unit;
Safety function unit A, after being used for the data of distribution motor synchronizing comparing unit are carried out the safety function verification, the data that verification is correct are sent to simultaneously to be used processing unit A and uses processing unit B, data to check errors will abandon, and send secure data check errors message to the safety function monitoring unit; The applied business data of self-application processing unit A are carried out the safety function processing in the future, are sent to synchronous comparing unit;
The safety function unit B, after being used for the data of distribution motor synchronizing comparing unit are carried out the safety function verification, the data that verification is correct are sent to simultaneously to be used processing unit A and uses processing unit B, data to check errors will abandon, and send secure data check errors message to the safety function monitoring unit; The applied business data of self-application processing unit B are carried out the safety function processing in the future, are sent to synchronous comparing unit;
Use processing unit A, be used for and compare synchronously from the data of safety function unit A and safety function unit B, more correct data are carried out the data processing of application layer, and be sent to central processing unit A by data channel, relatively wronger data are abandoned, and send the data sync error message to the safety function monitoring unit; To compare synchronously from the data of central processing unit A and central processing unit B, and more correct data are used processing, data after handling are sent to safety function unit A, relatively wronger data are abandoned, and send application data timing error message to the safety function monitoring unit;
Use processing unit B, be used for and compare synchronously from the data of safety function unit A and safety function unit B, more correct data are carried out the data processing of application layer, and be sent to central processing unit B by data channel, relatively wronger data are abandoned, and send the data sync error message to the safety function monitoring unit; To compare synchronously from the data of central processing unit A and central processing unit B, and more correct data are used processing, data after handling are sent to the safety function unit B, relatively wronger data are abandoned, and send application data timing error message to the safety function monitoring unit;
Central processing unit A or central processing unit B are used for the application data that receives is used processing, the data after handling are sent to use processing unit A and use processing unit B.
The safety function monitoring unit is used to collect the error message that other each modules are sent, and carries out failure safe and handle, and guarantees that misdata is not continued to transmit.For the secure data timing error, secure data check errors and data sync mistake need be closed network interface unit, only first A of safety function and safety function unit B are carried out the state replacement, and mistake is carried out record.Carry out error logging for " application data timing error ".
Preferably, described safety function unit A or safety function unit B adopt RC4, MD5, DES, AES or SSL algorithm for encryption/checking data, and use serial number, timestamp, source end and destination information that data are carried out mark, and serial number, timestamp, source end and the destination mark that receives data carried out verification, mistakes such as identification transmission delay, data are out of order, loss of data.Use different two to overlap independently render safe procedures in safety function unit A and the safety function unit B.
Preferably, the encapsulation or the analysis protocol of described procotol encapsulation unit employing are: IEEE802.1, IEEE802.3, IEEE802.11 or TCP/IP.
The present invention also provides the data transmission method for uplink of Ethernet failure security communication system, comprising:
Application data after central processing unit A and central processing unit B will handle is sent to simultaneously to be used processing unit A and uses processing unit B;
Using processing unit A will compare from the data of central processing unit A and central processing unit B synchronously with application processing unit B, and more correct data are used processing, the data of using after processing unit A will handle are sent to safety function unit A, and the data of using after processing unit B will handle are sent to the safety function unit B;
Safety function unit A and safety function unit B the applied business data of self-application processing unit are in the future carried out the safety function processing, are sent to synchronous comparing unit;
Comparing unit compares synchronously the secure data from safety function unit A and safety function unit B synchronously, and more correct data are sent to the procotol encapsulation unit;
The data of procotol encapsulation unit motor synchronizing in the future comparing unit are sent to network interface unit after encapsulating according to predetermined procotol; Network interface unit is carried out format conversion and physical level conversion with data, is sent to IP network.
Preferably, described application processing unit A and application processing unit B abandon the data that relatively make a mistake, and send application data timing error message to the safety function monitoring unit; Comparing unit abandons the data that relatively make a mistake synchronously, and sends " secure data timing error " message to the safety function monitoring unit.
Preferably, the safe handling process of described safety function unit A and safety function unit B employing comprises:
Adopt RC4, MD5, DES, AES or SSL algorithm for encryption data, and use serial number, timestamp, source end and destination information that data are carried out mark.Use different two to overlap independently render safe procedures in safety function unit A and the safety function unit B.
IEEE802.1, IEEE802.3, IEEE802.11 or ICP/IP protocol encapsulation of data that described procotol encapsulation unit adopts.
The present invention also provides the data receive method of Ethernet failure security communication system, comprising:
Network interface unit will be sent to the procotol encapsulation unit through physical level conversion and Data Format Transform from the data that IP network receives; The parsing that the procotol encapsulation unit is finished data according to predetermined procotol is used to resolve the data from network interface unit, and the data after will resolving are sent to synchronous comparing unit;
Synchronous comparing unit, the data of automatic network protocol encapsulation unit are distributed to safety function unit A and safety function unit B in the future;
Safety function unit A and safety function unit B, the data of distribution motor synchronizing comparing unit are carried out the safety function verification after, the data that verification is correct are sent to simultaneously to be used processing unit A and uses processing unit B;
Use processing unit A and use processing unit B, to compare synchronously from the data of safety function unit A and safety function unit B, more correct data are carried out the data processing of application layer, the data that application processing unit A will compare after the unanimity are sent to central processing unit A, and the data that application processing unit B will compare after the unanimity are sent to central processing unit B.
Preferably, described safety function unit A or the verification of safety function unit B will abandon the data of check errors when the error in data, and send " secure data check errors " message and give the safety function monitoring unit; Use processing unit A or use processing unit B and relatively arrive data when inconsistent, relatively wronger data are abandoned, and send " data sync mistake " message to the safety function monitoring unit.
Preferably, the safety check process of described safety function unit A and safety function unit B employing comprises:
Adopt RC4, MD5, DES, AES or SSL algorithm data decryption, and serial number, timestamp, source end and destination information in the data encapsulation are carried out verification.Use different two to overlap independently render safe procedures in safety function unit A and the safety function unit B.
IEEE802.1, IEEE802.3, IEEE802.11 or ICP/IP protocol resolution data that described procotol encapsulation unit adopts.
Method and system of the present invention, adopt the system configuration of part hardware redundancy, in the transmission course of data, realize data encryption and verification, the safety function encapsulation and the verification of data, system encryption process can realize the safety transmitting-receiving of data, and improve the reliability of system by the redundancy of essential elements in the system, it is simple in structure, is easy to realize.
Description of drawings
Fig. 1 is a system construction drawing of the present invention;
Fig. 2 is a procotol hierarchical diagram of the present invention.
Embodiment
For clearly demonstrating the scheme among the present invention, provide preferred embodiment below and be described with reference to the accompanying drawings.
Referring to Fig. 1, Fig. 1 is the structure chart of system of the present invention, and dotted line is that monitor message, solid line are application data among the figure, comprising: Rong Yu central processing unit (CPU) A, central processing unit (CPU) B each other, be used to realize the processing of application data, two central processing units are installed on the master control borad;
Master control borad and ethernet communication plate carry out data interaction, comprise on the ethernet communication plate, and Rong Yu application processing unit is used processing unit A and used processing unit B each other; Rong Yu safety function unit each other, safety function unit A and safety function unit B; Synchronous comparing unit, procotol encapsulation unit, network interface unit, safety function monitoring unit;
Network interface unit is used for Data Format Transform and physical level conversion between procotol encapsulation unit and the IP network;
The procotol encapsulation unit is used to resolve the data from network interface unit, is sent to synchronous comparing unit; And in the future the data of motor synchronizing comparing unit are sent to network interface unit after according to predetermined procotol encapsulation;
Synchronous comparing unit, being used in the future, the data of automatic network protocol encapsulation unit are distributed to safety function unit A and safety function unit B; Secure data from safety function unit A and safety function unit B is compared synchronously, more correct data are sent to the procotol encapsulation unit, relatively wronger data are abandoned, and send " secure data timing error " message to the safety function monitoring unit;
Safety function unit A, after being used for the data of distribution motor synchronizing comparing unit are carried out the safety function verification, the data that verification is correct are sent to simultaneously to be used processing unit A and uses processing unit B, data to check errors will abandon, and send " secure data check errors " message to the safety function monitoring unit; The applied business data of self-application processing unit A are carried out the safety function processing in the future, are sent to synchronous comparing unit;
The safety function unit B, after being used for the data of distribution motor synchronizing comparing unit are carried out the safety function verification, the data that verification is correct are sent to simultaneously to be used processing unit A and uses processing unit B, data to check errors will abandon, and send " secure data check errors " message to the safety function monitoring unit; The applied business data of self-application processing unit B are carried out the safety function processing in the future, are sent to synchronous comparing unit;
Wherein, safety function comprises computings such as data check, encrypting and decrypting.
Use processing unit A, be used for and compare synchronously from the data of safety function unit A and safety function unit B, more correct data are carried out the data processing of application layer, and be sent to central processing unit A by data channel, relatively wronger data are abandoned, and send " data sync mistake " message to the safety function monitoring unit; To compare synchronously from the data of central processing unit A and central processing unit B, and more correct data are used processing, as the conversion of form, encapsulation etc., data after handling are sent to safety function unit A, relatively wronger data are abandoned, and send " application data timing error " message to the safety function monitoring unit;
Use processing unit B, be used for and compare synchronously from the data of safety function unit A and safety function unit B, more correct data are carried out the data processing of application layer, and be sent to central processing unit B by data channel, relatively wronger data are abandoned, and send " data sync mistake " message to the safety function monitoring unit; To compare synchronously from the data of central processing unit A and central processing unit B, and more correct data are used processing, as the conversion of form, encapsulation etc., data after handling are sent to the safety function unit B, relatively wronger data are abandoned, and send " application data timing error " message to the safety function monitoring unit;
Central processing unit A or central processing unit B are used for the application data that receives is used processing, the data after handling are sent to use processing unit A and use processing unit B.
The safety function monitoring unit is used to collect the error message that other each modules are sent, and carries out failure safe and handle, and guarantees that misdata is not continued to transmit.For " secure data timing error ", " secure data check errors " and " data sync mistake " need close network interface unit, only first A of safety function and safety function unit B carried out the state replacement, and mistake is carried out record.Carry out error logging for " application data timing error ".
The optional majority kind of the cryptographic algorithm encrypt/decrypt mode of using in the safety function of the present invention unit, for example: adopt RC4, MD5, DES, AES or SSL algorithm for encryption/data decryption.In addition, the identification of mistake such as, loss of data out of order for data delay, data also can be adopted the method for speaking more, as serial number, timestamp, in data source end and destination information are carried out mark etc.Use different two to overlap independently render safe procedures in safety function unit A and the safety function unit B.
Describe system configuration of the present invention above in detail, describe data transmission procedure below in detail based on system configuration of the present invention realized, in the system configuration of redundancy, realize the safe transmitting-receiving process of data, the protocol hierarchy structure of transmission as shown in Figure 2, layer safe in utilization guarantees data security to the safe handling of carrying out of data under application layer, guarantees that data content is correct, successively sequential is correct to guarantee data, guarantees not obliterated data.Between safe floor and transport layer, use synchronously relatively layer, be used for the data that obtain from redundant hardware are compared, guarantee that the data that encapsulated through safe floor are perfectly safe, and the redundant hardware synchronous working in the control system.Data transmission procedure of the present invention comprises the method that data send, the method for Data Receiving.
Data transmission method for uplink of the present invention is based on the redundancy structure of above-mentioned system, carries out safe handling at the process of transmitting of data, and this process comprises:
Step 11: the application data after central processing unit A and central processing unit B will handle is sent to simultaneously to be used processing unit A and uses processing unit B;
Step 12: use processing unit A and the data from two CPU that receive are compared, relatively more consistent data are finished the processing of application layer with application processing unit B; The data of using after processing unit A will handle are sent to safety function unit A, and the data of using after processing unit B will handle are sent to the safety function unit B.
Step 13: after safety function unit A and safety function unit B receive the data of self-application processing unit, finish safety function respectively and handle, and the data after will handling are sent to synchronous comparing unit;
Step 14: comparing unit compares synchronously the secure data from safety function unit A and safety function unit B synchronously, and more correct data are sent to the procotol encapsulation unit;
Step 15: the procotol encapsulation unit is sent to network interface unit according to predetermined procotol after with data encapsulation; Procotol can be IEEE802.1, IEEE802.3, IEEE802.11 or TCP/IP etc.
Step 16: network interface unit is sent to IP network with data.
Describe the process of transmitting of data above in detail, describe the receiving course of data below in detail, comprising:
Step 21: network interface unit will be sent to the procotol encapsulation unit from the data that IP network receives;
Step 22: the procotol encapsulation unit is finished the parsing of data according to predetermined procotol, and as IEEE802.1, IEEE802.3, IEEE802.11 or TCP/IP etc., and the data after will resolving are sent to synchronous comparing unit respectively;
Step 23: the data of comparing unit automatic network protocol encapsulation in future unit are distributed to safety function unit A and safety function unit B synchronously;
Step 24: after the data that safety function unit A and safety function unit B will be distributed the motor synchronizing comparing unit were respectively carried out the safety function verification, the data that verification is correct are sent to simultaneously to be used processing unit A and uses processing unit B;
Step 25: use processing unit A and will compare synchronously from the data of safety function unit A and safety function unit B with application processing unit B, more correct data are carried out the data processing of application layer, data after application processing unit A will handle are sent to the central processing unit A of connection, and the data after application processing unit B will handle are sent to the central processing unit B of connection.
Step 26: central processing unit A and central processing unit B carry out the processing of application data.
In above-mentioned the data transmission and receiving course, after if the processing procedure of any one application processing unit, central processing unit and/or safety function unit makes a mistake, make a mistake in data comparison process in the capital, send alarm signal, make misdata do not continued to send, guarantee the reliability of data.By in the transmission/receiving course of data, encrypt/verification, adopt RC4, MD5, DES, AES or SSL scheduling algorithm encryption/checking data, realize the safe transmission of data.
Method and system of the present invention adopts redundant system configuration, in the transmission course of data, realize the safe handling and the verification of data, system can realize the safety transmitting-receiving of data, and improves reliability of data transmission by the redundancy of each unit in the system, it is simple in structure, is easy to realize.
For the system and method for being set forth among each embodiment of the present invention, within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.