CN115022123A - Communication management equipment - Google Patents
Communication management equipment Download PDFInfo
- Publication number
- CN115022123A CN115022123A CN202210943106.XA CN202210943106A CN115022123A CN 115022123 A CN115022123 A CN 115022123A CN 202210943106 A CN202210943106 A CN 202210943106A CN 115022123 A CN115022123 A CN 115022123A
- Authority
- CN
- China
- Prior art keywords
- interface
- equipment
- user
- industrial control
- custom
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 32
- 238000001514 detection method Methods 0.000 claims description 4
- 230000002093 peripheral effect Effects 0.000 claims description 4
- 230000005641 tunneling Effects 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 13
- 238000012545 processing Methods 0.000 description 7
- 238000000034 method Methods 0.000 description 3
- 101100513046 Neurospora crassa (strain ATCC 24698 / 74-OR23-1A / CBS 708.71 / DSM 1257 / FGSC 987) eth-1 gene Proteins 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 150000003839 salts Chemical class 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000003044 adaptive effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000010248 power generation Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/382—Information transfer, e.g. on bus using universal interface adapter
- G06F13/387—Information transfer, e.g. on bus using universal interface adapter for adaptation of different data processing systems to different peripheral devices, e.g. protocol converters for incompatible systems, open system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/06—Energy or water supply
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Business, Economics & Management (AREA)
- Economics (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Strategic Management (AREA)
- Water Supply & Treatment (AREA)
- General Engineering & Computer Science (AREA)
- Human Resources & Organizations (AREA)
- Marketing (AREA)
- Primary Health Care (AREA)
- Public Health (AREA)
- Tourism & Hospitality (AREA)
- General Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Small-Scale Networks (AREA)
Abstract
The embodiment of the disclosure discloses communication management equipment, which comprises industrial control equipment and custom interface equipment embedded in the industrial control equipment; the user-defined interface equipment is integrated with a VPN function; and the user-defined interface carries out interface definition according to the interface function of the industrial control equipment. The industrial control equipment acquires the configuration information according to the configuration interface and transmits the configuration information to the user-defined interface equipment to complete configuration. By redefining the logic of the user-defined interface, the user-defined interface equipment can support the realization of VPN function after being integrated in the industrial control equipment. The VPN function of the user-defined interface equipment can be displayed on a panel of the industrial control equipment through a Mini-PCIE channel, and the external equipment can call the VPN function through corresponding interface connection with the panel where the industrial control equipment is located. The safety of the power switching station is effectively improved by embedding the user-defined interface equipment supporting the VPN function into each industrial control equipment.
Description
Technical Field
The present disclosure relates to the field of information security technologies, and in particular, to a communication management device.
Background
Wind power generation construction speed is faster and faster, attacks on a power switching station are more and more, and in order to protect safety of power equipment in the power switching station, a set of VPN (Virtual Private Network) safety equipment is usually deployed in an outlet Network of the power switching station at present. The network safety in the whole power switch station is protected through the plug-in mode.
Traditional VPN devices are deployed at border networks, protecting the border security of the entire lan. When the local area network has a safety communication requirement, the external VPN equipment cannot realize the endpoint safety protection of the industrial control equipment in the local area network. And when the boundary VPN equipment is in failure or is attacked, the internal network of the power switching station is exposed outside, and immeasurable risks are brought to the whole station.
It can be seen that how to improve the safety of a power switching station is a problem that needs to be solved by those skilled in the art.
Disclosure of Invention
An object of the disclosed embodiment is to provide a communication management device, which can improve the safety of a power switching station.
In order to achieve the above object, the present disclosure provides a communication management device, including an industrial control device and a custom interface device embedded in the industrial control device; the user-defined interface equipment is integrated with a VPN function; the user-defined interface carries out interface definition according to the interface function of the industrial control equipment so as to realize the communication between the user-defined interface equipment and the industrial control equipment;
the industrial control equipment is used for acquiring configuration information according to a configuration interface and transmitting the configuration information to the custom interface equipment so as to facilitate the custom interface equipment to complete configuration;
and the user-defined interface equipment is used for realizing data communication with external equipment according to the user-defined interface.
Optionally, the custom interface comprises a LAN portal;
the industrial control equipment is used for acquiring a configuration instruction transmitted by external equipment through a configuration interface; under the condition that the destination address carried by the configuration instruction is the address of the user-defined interface equipment, transmitting the configuration information carried by the configuration instruction to the user-defined interface equipment through the LAN port;
the user-defined interface equipment is used for receiving the configuration information transmitted by the industrial control equipment through the LAN interface and completing configuration according to the configuration information.
Optionally, the industrial control device is configured to transmit an internal data packet to the custom interface device through the LAN interface; wherein the internal data packet comprises network data and service data;
the user-defined interface equipment is used for receiving the internal data packet transmitted by the LAN port; calling a password operation component to encrypt the internal data packet under the condition that the internal data packet meets an encryption condition; and transmitting the encrypted internal data packet to the industrial control equipment through the LAN port.
Optionally, the custom interface further comprises a WAN network port;
and the user-defined interface equipment is used for realizing key agreement and tunnel state detection with other user-defined interface equipment through the WAN port.
Optionally, the custom interface device is configured to receive an external data packet transmitted by the WAN port; calling a password operation part to decrypt the external data packet; and transmitting the decrypted external data packet to the industrial control equipment through the LAN port.
Optionally, the custom interface includes an indicator light interface for indicating an operating state of the custom interface device;
the user-defined interface equipment is used for connecting the indicating lamp on the panel where the industrial control equipment is located through the indicating lamp interface and adjusting the working mode of the corresponding indicating lamp based on the working state of the user-defined interface equipment.
Optionally, the working state of the user-defined interface device includes an operating state, a tunnel state and an encryption state; the indicating lamp interfaces comprise a first indicating lamp interface corresponding to the running state, a second indicating lamp interface corresponding to the tunnel state and a third indicating lamp interface corresponding to the encryption state.
Optionally, the custom interface includes a serial port for performing serial port control on the custom interface device;
and the user-defined interface equipment is used for receiving the serial port control information transmitted by the external equipment through the serial port.
Optionally, the number of the serial ports is multiple, any one serial port is selected as the serial port for performing serial port control on the user-defined interface device, and the rest serial ports are used as standby serial ports.
Optionally, the custom interface includes a USB interface for performing file upgrade on the custom interface device;
and the user-defined interface equipment is used for receiving the file system upgrading information transmitted by the USB peripheral through the USB interface.
According to the technical scheme, the communication management equipment comprises industrial control equipment and user-defined interface equipment embedded in the industrial control equipment; the user-defined interface equipment is integrated with a VPN function; the user-defined interface carries out interface definition according to the interface function of the industrial control equipment so as to realize the communication between the user-defined interface equipment and the industrial control equipment. The industrial control equipment can acquire the configuration information according to the configuration interface and transmit the configuration information to the user-defined interface equipment, so that the user-defined interface equipment can complete configuration. The user-defined interface device can realize data communication with the external device according to the user-defined interface. In the technical scheme, the VPN function is integrated on a user-defined interface device with a user-defined interface, and the user-defined interface device can support the realization of the VPN function after being integrated inside the industrial control device through logic redefinition of the user-defined interface. The VPN function of the embedded user-defined interface equipment can be displayed on a panel of the industrial control equipment through a Mini-PCIE channel, different interfaces correspond to different types of VPN functions on the panel of the industrial control equipment, and the external equipment is connected with the corresponding interfaces, so that the VPN function can be called. The deployment of the user-defined interface equipment does not affect the network function of the original industrial control equipment, the existing network is not required to be modified, and the deployment difficulty is reduced. When the user-defined interface equipment is damaged or attacked, only the industrial control equipment of the current host is threatened, the safety risk cannot spread to the whole network, the normal operation of other industrial control equipment is not influenced, and the safety of the power switching station is effectively improved.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure without limiting the disclosure. In the drawings:
fig. 1 is a schematic structural diagram of a communication management device according to an embodiment of the present disclosure;
fig. 2 is a schematic diagram of an interface call for implementing parameter configuration according to an embodiment of the present disclosure;
fig. 3 is a schematic diagram of an interface call for implementing data protection according to an embodiment of the present disclosure;
fig. 4 is a schematic diagram of an interface call for implementing working state display according to an embodiment of the present disclosure;
fig. 5 is a schematic diagram of interface call for implementing serial port control according to an embodiment of the present disclosure;
fig. 6 is a schematic diagram of an interface call for implementing file system upgrade according to an embodiment of the present disclosure.
Detailed Description
The following detailed description of specific embodiments of the present disclosure is provided in connection with the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present disclosure, are given by way of illustration and explanation only, not limitation.
The present disclosure is described in further detail below with reference to the accompanying drawings and detailed description, in order to enable those skilled in the art to better understand the disclosure.
Next, a communication management apparatus provided in an embodiment of the present disclosure is described in detail. Fig. 1 is a schematic structural diagram of a communication management device according to an embodiment of the present disclosure, including an industrial control device 11 and a custom interface device 12 embedded in the industrial control device 11; wherein, the user-defined interface device 12 is integrated with the VPN function; the user-defined interface performs interface definition according to the interface function of the industrial control equipment 11 so as to realize the communication between the user-defined interface equipment 12 and the industrial control equipment 11;
the industrial control device 11 can configure the custom interface device 12 according to the configuration information obtained by the configuration interface.
The custom interface device 12 includes a plurality of idle interfaces, and these idle interfaces can be defined secondarily, so as to implement adaptation with the interface on the industrial control device 11.
The custom interface device 12 can implement data communication with an external device according to the custom interface.
In practical application, the custom interface device 12 may be a Mini-PCIE interface device, and the custom interface is a Mini-PCIE interface. For convenience of introduction, the following description will use the Mini-PCIE interface device as an example.
For the configuration process of the custom interface device 12, in practical application, the external host may configure the custom interface device 12 by connecting to a configuration interface, i.e., a Config interface, of the industrial control device 11. Configuration information may include tunnel, policy, certificate, network, log service, etc. information. The industrial control device 11 receives the configuration information of the Config interface, and may forward the configuration data to the custom interface device 12 through the custom interface, so that the custom interface device 12 completes the initialization configuration.
In practical applications, the data received by the industrial control device 11 is various, and the industrial control device 11 can identify whether the currently received data belongs to the configuration information of the custom interface device 12 according to the destination IP address included in the data.
When the destination IP address included in the data is for the custom interface device 12, at this time, the data is configuration information for the custom interface device 12, and at this time, the industrial control device 11 may forward the configuration data to the custom interface device 12 through the custom interface, so that the custom interface device 12 completes initialization configuration.
When the destination IP address included in the data is directed to the industrial control device 11 itself, the industrial control device 11 may perform the relevant operation according to the received data, and the data does not need to be transmitted to the custom interface device 12.
In practical application, in order to realize the calling of the VPN function, the idle interface of the user-defined interface device 12 may be defined for the second time, so that the idle interface supports an internal network port, an external network port, a serial port control, an indicator light, a USB function, and the like.
The internal and external network ports are used for realizing data receiving and transmitting, the internal network port can be defined as a LAN network port, and the external network port can be defined as a WAN network port.
Taking the LAN interface as an example, in practical application, the industrial control device 11 may obtain a configuration instruction transmitted by an external device through a configuration interface; and transmitting the configuration information carried by the configuration instruction to the custom interface device 12 through the LAN port under the condition that the destination address carried by the configuration instruction is the address of the custom interface device 12.
And the custom interface device 12 is configured to receive configuration information transmitted by the industrial control device 11 through the LAN interface, and complete configuration according to the configuration information.
Fig. 2 is a schematic diagram illustrating interface invocation for implementing parameter configuration according to an embodiment of the present disclosure, and in order to facilitate clear understanding of a path through which configuration information is transmitted from the industrial control device to the custom interface device, the industrial control device and the custom interface device are explained by two panels that are separated from each other. The industrial control equipment comprises a Config interface, a WAN (wide area network) port, a LAN (local area network) port, a Console port, a USB port, an LED1 port, an LED2 port and an LED3 port, and the adaptive custom interface equipment can customize the WAN port, the LAN port, the Console port, the USB port, the LED1 port, the LED2 port and the LED3 port. The Config interface of the industrial control device in fig. 2 may obtain the configuration information, and transmit the configuration information to the custom interface device through the LAN interface.
It should be noted that fig. 2 and the following schematic diagrams for showing interface invocation are only to simply show the interfaces used for supporting the VPN function, and the number of the interfaces and the arrangement manner of the interfaces are not limited.
The custom interface device 12 may implement encryption processing of the internal data packets. In practical application, the industrial control device 11 may transmit the internal data packet to the custom interface device 12 through the LAN interface; the internal data packet may include network data and service data.
The custom interface device 12 may receive an internal data packet transmitted by the LAN interface; calling a password operation component to encrypt the internal data packet under the condition that the internal data packet meets the encryption condition; and transmitting the encrypted internal data packet to the industrial control equipment 11 through the LAN port.
For example, the industrial control device 11 may deliver the acquired network data and the service data sent by the industrial control device 11 to the custom interface device 12 through the LAN interface for processing. The custom interface device 12 performs policy check, and if the data packet received from the industrial control device 11 hits the encryption policy, calls a cryptographic operation component to perform VPN encryption processing. The encrypted data packet is sent out by the WAN port of the industrial control equipment 11 through the mini-pci channel.
Taking the WAN portal as an example, the custom interface device 12 can implement key agreement and tunnel state detection with other custom interface devices 12 through the WAN portal.
The WAN function of the custom interface device 12 is defined by a custom interface, a WAN port defined by the custom interface device 12 is directly connected to a WAN interface of the industrial control device, and the custom interface device 12 performs key agreement and tunnel state monitoring with other custom interface devices 12 through the WAN port.
The key negotiation and the tunnel state detection belong to the conventional VPN function, and therefore detailed description of the specific operation flow is omitted.
The custom interface device 12 may implement decryption processing for external data packets. In practical application, the custom interface device 12 may receive an external data packet transmitted by the WAN port; calling a password operation part to decrypt the external data packet; and transmitting the decrypted external data packet to the industrial control equipment 11 through the LAN port.
For example, the encrypted external data packet received by the WAN network port of the industrial control device 11 may be directly delivered to the custom interface device 12 through the WAN network port. The custom interface device 12 detects information such as tunnel and anti-replay, and schedules the cryptographic operation component to decrypt qualified ciphertext data packets. After policy check, the decrypted external data packet is delivered to the industrial control device 11 by the Mini-PCIE channel for processing.
Fig. 3 is a schematic diagram illustrating interface calling for implementing data protection according to an embodiment of the present disclosure, and in fig. 3, in order to facilitate clear understanding of a calling manner of an interface during data encryption and decryption, an industrial control device and a custom interface device are explained by using two panels that are separated from each other. In fig. 3, the industrial control device may receive the encrypted external data packet through the WAN port, deliver the encrypted external data packet to the custom interface device through the Mini-PCIE channel, and the custom interface device may call the cryptographic operation unit to decrypt the external data packet, and deliver the decrypted external data packet to the industrial control device through the Mini-PCIE channel. The industrial control equipment can transmit the collected internal data to the user-defined interface equipment through the LAN internet access in the form of internal data packets, the user-defined interface equipment can call the password operation component to encrypt the internal data packets, the encrypted internal data packets are transmitted to the industrial control equipment through the LAN internet access, and the industrial control equipment can transmit the encrypted internal data packets to the outside through the WAN internet access.
Taking an indicator light interface for indicating the working state of the user-defined interface device 12 as an example, the user-defined interface device 12 may be connected to an indicator light on a panel where the industrial control device 11 is located through the indicator light interface, and based on the working state of the user-defined interface device, the working mode of the corresponding indicator light is adjusted.
Considering practical applications, the working state of the custom interface device 12 may include a running state, a tunnel state and an encryption state; correspondingly, the indicator light interface may include a first indicator light interface corresponding to the operating state, a second indicator light interface corresponding to the tunnel state, and a third indicator light interface corresponding to the encryption state.
Fig. 4 is a schematic diagram illustrating interface calling for implementing working state display according to an embodiment of the present disclosure, and in fig. 4, in order to facilitate clear understanding of a manner of calling an indicator light interface, an industrial control device and a custom interface device are expanded and described by two panels that are separated from each other. In fig. 4, the LED1 port of the industrial control device represents a first indicator light interface, the LED2 port represents a second indicator light interface, the LED3 port represents a third indicator light interface, and the indicator lights are not shown in fig. 4, but actually, each indicator light interface is connected with a corresponding indicator light. The user-defined interface equipment can control the working mode of the indicator light through the corresponding indicator light interface according to the current working state.
Each indicator light may be a different color or may be illuminated to indicate a different status.
By taking the first indicator light corresponding to the running state as an example, when the user-defined interface equipment is in the running state, the first indicator light can be controlled to be turned on to be green through the first indicator light interface, and when the user-defined interface equipment runs abnormally, the first indicator light can be turned on to be red.
Taking the second indicator light corresponding to the tunnel state as an example, when the user-defined interface device establishes the tunnel, the second indicator light can be controlled to be turned on through the second indicator light interface, and when the user-defined interface device does not establish the tunnel, the second indicator light can be turned off or continuously flickered.
Taking the third indicator light corresponding to the encryption state as an example, when the custom interface device is in the encryption state, the third indicator light may be controlled to be turned on green through the third indicator light interface, and when the custom interface device does not execute the encryption processing, the third indicator light may be turned on red.
Taking a serial port for performing serial port control on the custom interface device 12 as an example, in practical applications, the custom interface device 12 may receive serial port control information transmitted by an external device through a serial port.
The serial port (Console) function of the custom interface device 12 is defined by a custom interface, the serial port defined by the custom interface device 12 is directly connected to the Console interface of the industrial control device, and the external PC can realize the serial port control of the custom interface device 12 by connecting the Console interface of the industrial control device 11.
Fig. 5 is a schematic diagram illustrating interface calling for implementing serial port control according to an embodiment of the present disclosure, in fig. 5, in order to facilitate clear understanding of a serial port calling manner, an industrial control device and a custom interface device are expanded and described as two panels that are separated from each other, and in practical application, the custom interface device is embedded in a working device. The Console port of the industrial control equipment in FIG. 5 represents a serial port, the serial port control process does not need to be processed by the industrial control equipment, and the external equipment can directly realize the serial port control of the user-defined interface equipment by connecting the Console port on the panel where the industrial control equipment is positioned.
When the custom interface is defined for the second time, a plurality of serial ports can be defined, any one serial port is selected as the serial port for controlling the serial port of the custom interface device 12, and the rest serial ports can be used as standby serial ports.
Taking the USB interface for performing file upgrade on the custom interface device 12 as an example, in practical applications, the custom interface device 12 may receive the file system upgrade information transmitted by the USB peripheral device through the USB interface.
The USB function of the user-defined interface equipment 12 is defined by a user-defined interface, the USB interface defined by the user-defined interface equipment 12 is directly connected to the USB interface of the industrial control equipment, and the USB peripheral equipment can be connected into the user-defined interface equipment 12 through the USB interface connected with the industrial control equipment 11, so that the upgrading of a file system is completed.
Fig. 6 is a schematic diagram illustrating interface calling for implementing file system upgrade according to an embodiment of the present disclosure, and in fig. 6, in order to facilitate clear understanding of a USB port calling manner, an industrial control device and a custom interface device are expanded and described as two panels that are separated from each other. As can be seen from fig. 6, the upgrading process of the file system does not need to be processed by the industrial control device, and the external device can upgrade the file system of the user-defined interface device directly by connecting with the USB port on the panel where the industrial control device is located.
Because the network environment of the power switching station has severe environment conditions such as high electromagnetic compatibility, high temperature, severe cold, salt fog, damp heat and the like, the manufacturing cost of the externally-hung VPN equipment is high. In the embodiment of the present disclosure, the VPN function is integrated in the custom interface device 12, and the custom interface device 12 may be embedded in the industrial control device 11, so that the effect of embedding the VPN device may be achieved. The user-defined interface device 12 is less affected by the network environment, and special processing treatment is not required for factors such as high electromagnetic compatibility, high temperature, severe cold, salt fog, damp and hot, so that higher production cost cannot be generated. By embedding the user-defined interface device 12 integrated with the VPN function in the industrial control device 11, independent protection of each industrial control device can be achieved.
It can be known from the above description that the custom interface may include a LAN port, a WAN port, an indicator light interface for indicating the working state of the custom interface device 12, a serial port for performing serial port control on the custom interface device 12, and a USB interface for performing file upgrade on the custom interface device 12. In practical application, an idle self-defined interface can be selected for redefining, so that an LAN port, a WAN port, an indicator light interface, a serial port and a USB interface are defined.
Table 1 below provides a description of the interface pins that redefine the custom interface according to the embodiment of the present disclosure,
TABLE 1
The following is illustrated for each pin in table 1: pins #51, #49, #47, # 45: the 100M MDI interface needs a transformer on a bottom plate. Pins #41, # 39: and (6) inputting a power supply. Pin # 33: and 3.3V level, lighting up at low level, and connecting a yellow lamp (ACT #) on the network port. Pin # 31: 3.3V level, low level, and green light (LINK #) connected to the network port. Pins #29, # 227: the MINI PCIE standard is GND. Pin # 13: and the lamp is lighted at a low level of 3.3V, and is connected with a yellow lamp (ACT #) on the network port. Pin # 11: 3.3V level, low level, and green light (LINK #) connected to the network port. Pins #7, #5, #3, # 1: the 100M MDI interface needs a transformer on a bottom plate. Pin # 52: and (6) inputting a power supply. Pin # 48: 3.3V output, connected to the middle tap of transformer. Pin # 46: the running lamp is lighted at 3.3V level and low level. Pin # 44: tunnel lamp, 3.3V level, low level lighting. Pin # 42: the encrypted lamp is lighted at 3.3V level and low level. Pin # 30: output, 3.3V level. Pin # 28: input, 3.3V level. Pin # 24: and (6) inputting a power supply. Pin # 22: input, 3.3V level, low level is active. Pin # 16: input, 3.3V level. Pin # 14: output, 3.3V level. Pin # 12: input, 3.3V level. Pin # 10: output, 3.3V level. Pin # 6: 3.3V output, connected to the middle tap of transformer. Pin # 2: and (6) inputting a power supply.
In table 1, pins #51, #49, #47, and #45 are used to define the gigabit transceiver function of the ethernet port (eth0), and pins #33, #31 are used to define the connectivity and data status indicator function of the ethernet port (eth 0). Pins #1, #3, #5, #7 define the ethernet port (eth1) gigabit transceiver function, and pins #13, #11 define the ethernet port (eth1) connection and data status indicator light functions. Pins #46, #44, #42 define the run status indicator, tunnel status indicator, and encryption status indicator functions of the custom interface device. Pins #30, #28, #16, #14, #12, #10 define three serial functions. Pins #25, #23, #38, #36 define two USB interface functions.
In practical application, for the serial port function, one serial port is selected from three defined serial ports, and the rest two serial ports can be used as standby serial ports. For the USB interface, one USB interface is selected from the two defined USB interfaces, and the remaining one USB interface can be used as a spare USB interface.
According to the technical scheme, the communication management equipment comprises industrial control equipment and user-defined interface equipment embedded in the industrial control equipment; the user-defined interface equipment is integrated with a VPN function; the user-defined interface carries out interface definition according to the interface function of the industrial control equipment so as to realize the communication between the user-defined interface equipment and the industrial control equipment. The industrial control equipment can acquire the configuration information according to the configuration interface and transmit the configuration information to the user-defined interface equipment, so that the user-defined interface equipment can complete configuration. The user-defined interface device can realize data communication with the external device according to the user-defined interface. In the technical scheme, the VPN function is integrated on a user-defined interface device with a user-defined interface, and the user-defined interface device can support the realization of the VPN function after being integrated inside the industrial control device through logic redefinition of the user-defined interface. The VPN function of the embedded user-defined interface equipment can be displayed on a panel of the industrial control equipment through a Mini-PCIE channel, different interfaces correspond to different types of VPN functions on the panel of the industrial control equipment, and the external equipment is connected with the corresponding interfaces, so that the VPN function can be called. The deployment of the user-defined interface equipment does not affect the network function of the original industrial control equipment, the existing network is not required to be modified, and the deployment difficulty is reduced. When the user-defined interface equipment is damaged or attacked, only the industrial control equipment of the current host is threatened, the safety risk cannot spread to the whole network, the normal operation of other industrial control equipment is not influenced, and the safety of the power switching station is effectively improved.
The preferred embodiments of the present disclosure are described in detail with reference to the accompanying drawings, however, the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solution of the present disclosure within the technical idea of the present disclosure, and these simple modifications all belong to the protection scope of the present disclosure.
It should be noted that, in the foregoing embodiments, various features described in the above embodiments may be combined in any suitable manner, and in order to avoid unnecessary repetition, various combinations that are possible in the present disclosure are not described again.
In addition, any combination of various embodiments of the present disclosure may be made, and the same should be considered as the disclosure of the present disclosure, as long as it does not depart from the spirit of the present disclosure.
Claims (10)
1. The communication management equipment is characterized by comprising industrial control equipment and user-defined interface equipment embedded in the industrial control equipment; the user-defined interface equipment is integrated with a VPN function; the user-defined interface carries out interface definition according to the interface function of the industrial control equipment so as to realize the communication between the user-defined interface equipment and the industrial control equipment;
the industrial control equipment is used for acquiring configuration information according to a configuration interface and transmitting the configuration information to the user-defined interface equipment so as to facilitate the user-defined interface equipment to complete configuration;
and the user-defined interface equipment is used for realizing data communication with external equipment according to the user-defined interface.
2. The communication management device according to claim 1, wherein the custom interface comprises a LAN portal;
the industrial control equipment is used for acquiring a configuration instruction transmitted by external equipment through a configuration interface; under the condition that the destination address carried by the configuration instruction is the address of the user-defined interface equipment, transmitting the configuration information carried by the configuration instruction to the user-defined interface equipment through the LAN port;
the user-defined interface equipment is used for receiving the configuration information transmitted by the industrial control equipment through the LAN interface and completing configuration according to the configuration information.
3. The communication management device according to claim 2, wherein the industrial control device is configured to transmit an internal data packet to the custom interface device through the LAN interface; wherein the internal data packet comprises network data and service data;
the user-defined interface equipment is used for receiving the internal data packet transmitted by the LAN port; calling a password operation component to encrypt the internal data packet under the condition that the internal data packet meets an encryption condition; and transmitting the encrypted internal data packet to the industrial control equipment through the LAN port.
4. The communication management device of claim 2, wherein the custom interface further comprises a WAN portal;
and the user-defined interface equipment is used for realizing key agreement and tunnel state detection with other user-defined interface equipment through the WAN port.
5. The communication management device according to claim 4, wherein the custom interface device is configured to receive external data packets transmitted by the WAN port; calling a password operation part to decrypt the external data packet; and transmitting the decrypted external data packet to the industrial control equipment through the LAN port.
6. The communication management device of claim 1, wherein the custom interface comprises an indicator light interface for indicating an operational status of the custom interface device;
the user-defined interface equipment is used for connecting the indicating lamp on the panel where the industrial control equipment is located through the indicating lamp interface and adjusting the working mode of the corresponding indicating lamp based on the working state of the user-defined interface equipment.
7. The communication management device according to claim 6, wherein the working state of the custom interface device includes a running state, a tunneling state, and an encryption state; the indicating lamp interfaces comprise a first indicating lamp interface corresponding to the running state, a second indicating lamp interface corresponding to the tunnel state and a third indicating lamp interface corresponding to the encryption state.
8. The communication management device of claim 1, wherein the custom interface comprises a serial port for serial port control of the custom interface device;
and the user-defined interface equipment is used for receiving the serial port control information transmitted by the external equipment through the serial port.
9. The communication management device according to claim 8, wherein the number of the serial ports is plural, any one serial port is selected as the serial port for controlling the self-defined interface device, and the remaining serial ports are used as spare serial ports.
10. The communication management device of claim 1, wherein the custom interface comprises a USB interface for file upgrading the custom interface device;
and the user-defined interface equipment is used for receiving the file system upgrading information transmitted by the USB peripheral through the USB interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210943106.XA CN115022123A (en) | 2022-08-08 | 2022-08-08 | Communication management equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210943106.XA CN115022123A (en) | 2022-08-08 | 2022-08-08 | Communication management equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115022123A true CN115022123A (en) | 2022-09-06 |
Family
ID=83066301
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210943106.XA Pending CN115022123A (en) | 2022-08-08 | 2022-08-08 | Communication management equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115022123A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116032712A (en) * | 2022-12-28 | 2023-04-28 | 北京力控元通科技有限公司 | Industrial equipment remote maintenance system and method based on N2N technology |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105556403A (en) * | 2013-09-13 | 2016-05-04 | 西门子公司 | Restricting communications in industrial control |
| CN206650697U (en) * | 2017-04-13 | 2017-11-17 | 杭州国电大力机电工程有限公司 | A kind of portable engineering equipment remote information collecting transmitter |
| CN209805847U (en) * | 2019-08-09 | 2019-12-17 | 烟台东方纵横科技股份有限公司 | Safety production data front-end processor |
| CN111381553A (en) * | 2020-02-19 | 2020-07-07 | 北京航天智造科技发展有限公司 | VPN technology-based equipment and method and system for remotely maintaining PLC |
-
2022
- 2022-08-08 CN CN202210943106.XA patent/CN115022123A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105556403A (en) * | 2013-09-13 | 2016-05-04 | 西门子公司 | Restricting communications in industrial control |
| US20160269363A1 (en) * | 2013-09-13 | 2016-09-15 | Derrick Southerland | Restricting communications in industrial control |
| CN206650697U (en) * | 2017-04-13 | 2017-11-17 | 杭州国电大力机电工程有限公司 | A kind of portable engineering equipment remote information collecting transmitter |
| CN209805847U (en) * | 2019-08-09 | 2019-12-17 | 烟台东方纵横科技股份有限公司 | Safety production data front-end processor |
| CN111381553A (en) * | 2020-02-19 | 2020-07-07 | 北京航天智造科技发展有限公司 | VPN technology-based equipment and method and system for remotely maintaining PLC |
Non-Patent Citations (1)
| Title |
|---|
| 彭瑜: "智能制造大环境下的发展趋势和路径", 《自动化博览》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116032712A (en) * | 2022-12-28 | 2023-04-28 | 北京力控元通科技有限公司 | Industrial equipment remote maintenance system and method based on N2N technology |
| CN116032712B (en) * | 2022-12-28 | 2023-08-11 | 北京力控元通科技有限公司 | Industrial equipment remote maintenance system and method based on N2N technology |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109842585B (en) | Network information safety protection unit and protection method for industrial embedded system | |
| CN106411859B (en) | Device for transmitting process data | |
| CA2502164A1 (en) | Modular cryptographic device providing multi-mode wireless lan operation features and related methods | |
| CN1883154B (en) | Method and apparatus of communicating security/encryption information to a physical layer transceiver | |
| EP1580921B1 (en) | Modular cryptographic device and related method | |
| CN105556403A (en) | Restricting communications in industrial control | |
| CN104335531A (en) | Implementing pvlans in a large-scale distributed virtual switch | |
| CN104969517A (en) | Automated control plane for limited user destruction | |
| CN115022123A (en) | Communication management equipment | |
| US7711963B2 (en) | Modular cryptographic device providing enhanced interface protocol features and related methods | |
| EP1580932A2 (en) | Methods and modular cryptographic device with status determination | |
| CA2501982A1 (en) | Cryptographic device and coupling therefor and related methods | |
| CN210469376U (en) | Data encryption and decryption equipment based on ZYNQ7020 and security chip | |
| EP1580922A2 (en) | Methods and modular cryptographic davice with enhanched communication control | |
| US20070058654A1 (en) | Arrangement and coupling device for securing data access | |
| CN114338215A (en) | Network link security encryption system | |
| EP4181431A1 (en) | Service transmission method and apparatus, network device, and storage medium | |
| JP6975846B2 (en) | L2 switch for network security and remote monitoring and control system using it | |
| CN110417706A (en) | A kind of safety communicating method based on interchanger | |
| KR101845776B1 (en) | MACsec adapter apparatus for Layer2 security | |
| US11032250B2 (en) | Protective apparatus and network cabling apparatus for the protected transmission of data | |
| CN114143076B (en) | Electric power thing networking safety protection system based on virtual switch frame | |
| KR101624294B1 (en) | Dedicated controller for integrated management of united communication outlet switch | |
| CN216016881U (en) | Ethernet anti-attack gateway based on control chip | |
| CN115361152A (en) | Encryption system and encryption method for seamless access to existing network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220906 |