CN100518053C - Apparatus and method for guaranteeing instruction safety between heterogeneous systems - Google Patents
Apparatus and method for guaranteeing instruction safety between heterogeneous systems Download PDFInfo
- Publication number
- CN100518053C CN100518053C CNB2004100094823A CN200410009482A CN100518053C CN 100518053 C CN100518053 C CN 100518053C CN B2004100094823 A CNB2004100094823 A CN B2004100094823A CN 200410009482 A CN200410009482 A CN 200410009482A CN 100518053 C CN100518053 C CN 100518053C
- Authority
- CN
- China
- Prior art keywords
- instruction
- access module
- end access
- module
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Alarm Systems (AREA)
Abstract
The present invention discloses a device and a method for ensuring instruction safety between heterogeneous systems. The device is connected with various application subsystems and comprises a front-eA device ensuring safety of command between various subsystems consists of front end wire - in module connected to various application subsystems for receiving commands from application subsystem andnd access module, wherein the access module is connected with various application subsystems, receives the instruction messages of the application subsystems, verifies the safety of the instruction me command control module and for safe - certifying received commands according to safety rule as well as for retransmitting certified commands to command control module or to application subsystem , cssages according to a predefined safety rule, and transmits the instruction messages passing through verification to an instruction control module. Instruction messages from the instruction control moommand control module connected to front end wire - in module for receiving command from front end wire - in module and for safe - certifying received command as well as for sending certified commadule are received and are transmitted to the application subsystems after being verified in safety by the access module. The instruction control module is connected with the front-end access module, rnd to front end wire - in module . eceives instruction messages sent by the front-end access module, verifies the safety of the instruction messages, and sends the instruction messages passing through safety verification to the front-end access module. In the present invention, instructions are not directly processed between subsystems, and are then distributed after being processed in a concentrated mode, and therefore, the safe instruction interaction between subsystems is ensured.
Description
Technical field
The present invention relates to system integration field, particularly relate in the system integration field device of instruction secure and implementation method between a kind of heterogeneous system.
Background technology
Along with the continuous development of informationization technology, various applied information systems are more and more, and integrated between system also becomes increasingly complex.With the city emergency linked system is example, the subsystem that wherein relates to just has: cable network/call center system, wireless clustered system, video-signal system, large screen display system, magnitude of traffic flow supervisory control system, computer communication network system, network management and monitoring system, instruction database system, alarm and command system, GIS-Geographic Information System, GPS (Global Position System), CAD, mobile commanding system, leader's command system, safety-protection system, office automation system or the like are huge, complicated integrated systems.
At present, with regard to individual, in the mutual process of transmitting of the instruction of various information systems, the mode of processing is generally direct end-to-end instruction and sends and receive, and does not have centralized instruction secure control.A kind of preferably method is that (Chinese patent, publication number is patent documentation 00808676.1 " security control of safe mode ": 1354933) propose to specify the level of security that is being performed with a status indicator.Can upgrade this level of security, so that can relatively easily carry out a higher level of security.
But above scheme has following apparent in view shortcoming:
The level of security of instruction illustrates in this command information, instruction itself does not just have fail safe, can't avoid in the malicious instructions level of security being carried out malice fully and distort, and total system can't control effectively, might cause the single-point paralysis, even bring the total system paralysis.
Summary of the invention
Technical problem to be solved by this invention provides a kind of device and method that guarantees instruction secure between the heterogeneous system, solve prior art instruction itself and do not have fail safe, total system can't control effectively, and might cause the single-point paralysis, even brings the problem of total system paralysis.
For achieving the above object, the invention provides a kind of device that guarantees instruction secure between the heterogeneous system, be connected with a plurality of application subsystems, its characteristics are, comprise; Front end access module and instruction control module; Described front end access module connects described a plurality of application subsystem, receives the instruction message of application subsystem, according to predefined safety regulation, described instruction message is carried out safety verification, and will be transmitted to instruction control module by the instruction message of checking; Reception is transmitted to application subsystem from the instruction message of instruction control module and through behind the safety verification; Described instruction control module is connected with described front end access module, receives the instruction message that described front end access module is sent, and described instruction message is carried out safety verification, and will send to described front end access module by the instruction message of safety verification.
The device of instruction secure between the above-mentioned assurance heterogeneous system, its characteristics are that described application subsystem is cable network/call center system, wireless clustered system, video-signal system, large screen display system, magnitude of traffic flow supervisory control system, computer communication network system, network management and monitoring system, instruction database system, alarm and command system, GIS-Geographic Information System, GPS (Global Position System), CAD, mobile commanding system, leader's command system, safety-protection system and/or the office automation system.
In order better to realize purpose of the present invention, the present invention also provides a kind of method that guarantees instruction secure between the heterogeneous system, its characteristics are, comprise the steps: that step 1, application subsystem by using the unified interface of front end access module, send to the front end access module with instruction; Step 2, front end access module are carried out the level of security checking according to predefined instruction secure rank to instruction, and the instruction by checking is sent to instruction control module; Step 3, instruction control module carry out the level of security checking to the instruction that receives, and the instruction by checking is sent to the front end access module; Step 4, front end access module carry out again the instruction secure level other the checking, and the checking by after instruction send to application subsystem.
The method of instruction secure between the above-mentioned assurance heterogeneous system, its characteristics be, is according to predefined safety regulation in the checking of described level of security, instruction message carried out the respective operations of different level of securitys.
The device of instruction secure between the above-mentioned assurance heterogeneous system, its characteristics are that the respective operations of described different level of securitys comprises: to the instruction of level of security for " height ", the processing of reporting to the police, the pedestrian worker that goes forward side by side confirms; To level of security be " in " instruction, the processing of reporting to the police, and under the automation mode, handling; Definition is the instruction of " low " to level of security, directly carries out the automation mode and handles.
The method of instruction secure between the above-mentioned assurance heterogeneous system, its characteristics are, in described step 2 and step 3, further comprise the forwarding step that sends after putting in order, compress, encrypt by the instruction of checking.
The method of instruction secure between the above-mentioned assurance heterogeneous system, its characteristics be, in described step 3 and step 4, further comprise an instruction that receives put in order, deciphering, decompress(ion) to be to recover the receiving step of instruction original text.
The method of instruction secure between the above-mentioned assurance heterogeneous system, its characteristics are, in described step 2, step 3 and step 4, also further comprise the recording step that writes down by the instruction of checking not.
Technique effect of the present invention is:
Apparatus and method of the present invention, according to prior centralized configuration instruction secure rank, not direct instruction processing is distributed after must focusing on via instruction again between subsystem and the subsystem, has guaranteed that instruction secure is mutual between subsystem.Utilize the present invention to realize the commands for controlling of the application subsystem of various isomeries in the system integration, have following main beneficial effect:
At the commands for controlling end unified management is carried out in instruction, centralized instruction process mode is provided;
Provide unified instruction transmission and reception mechanism in the front end access module for heterogeneous system;
For the instruction that safety requirements is arranged, on front end access module and instruction control module, carry out dual safety verification, the fail safe that has improved system.
Description of drawings
Fig. 1 is the position view of instruction safety device in the system integration;
Fig. 2 is the device composition diagram of instruction secure between the assurance heterogeneous system of the present invention;
Fig. 3 is that the instruction of the inventive method sends and receive flow chart.
Embodiment
Below in conjunction with accompanying drawing the apparatus and method among the present invention are elaborated.
Fig. 1 is the position view of instruction safety device when the system integration, we can see, various application subsystems such as call center 101, wireless colony 102, video-signal system 103, large screen display system 104, alarm and command system 105 or the like all and instruction control system connect, by computer communication network (Ethernet) move instruction.
Fig. 2 is the composition diagram of the device of instruction secure between the assurance heterogeneous system of the present invention, and apparatus of the present invention 200 are divided into front end access module 210,220 two parts of instruction control module.
The main effect of front end access module 210 is instruction communications responsible and each application subsystem, simultaneously, current termination is gone into module 210 and is received instruction that application subsystem 230 sends when sending, and instruction is sent to instruction control module 220 carry out the corresponding instruction checking and send.
The main effect of instruction control module 220 has:
1) level of security of defined instruction defines the operation of different level of security correspondences.Best is: security leveldefinition is: height, in, low.Definition is the instruction of " height " to level of security, the processing of reporting to the police, and need to confirm through artificial; Definition to level of security be " in " instruction, the processing of reporting to the police, but do not need artificial affirmation is still handled under the automation mode; Definition is the instruction of " low " to level of security, directly carries out the automation mode and handles.
2) rule (security leveldefinition, the operation of level of security correspondence) of definition is passed to instruction front end access module.
3) message that the front end access module is transmitted is handled, and as the message decompress(ion), deciphers, and obtains out the instruction original text of application system.
4) different processing is carried out in the instruction of different level of securitys.As being the instruction of " height " to level of security, continuously give the alarm, intervene processing up to the keeper.
5) the front end access module is passed in instruction.
Fig. 3 is that the instruction of the inventive method sends and receive flow chart.As shown in scheming, method of the present invention comprises:
Step 301: when application subsystem sends when the needs instruction,, send instruction for the front end access module and send request by using the unified interface of front end access module;
Step 302: the front end access module is carried out safety verification according to pre-defined instruction secure rank to instruction; By checking execution in step 303, otherwise carry out 312
Step 303: the front end access module is the instruction arrangement, and compression is encrypted;
Step 304: the front end access module sends to instruction control module to instruction;
Step 305: after the instruction control module end is received the instruction request information of front end access module,, recover front end access module instruction original text to packets of information arrangement (deciphering, decompress(ion));
Step 306: other checking of instruction secure level is carried out in the instruction that gets access to again; By checking execution in step 307, otherwise carry out 312;
Step 307: instruction control module instructs arrangement, and compression is encrypted the back and formed packets of information and send to the front end access module;
Step 308: the front end access module receives packets of information;
Step 309: the front end access module is recovered the instruction original text to the packets of information arrangement (deciphering, decompress(ion)) of receiving;
Step 310: other checking of instruction secure level is carried out in the instruction that gets access to again; By checking execution in step 311, otherwise carry out 312;
Step 312: disregard, and record.
The present invention will be described below in conjunction with the example of each system command control of the system integration in the city emergency linked system:
This example is an alarm receiving system, the commands for controlling business between GIS-Geographic Information System (GIS) and the group calling system.Require: different safe handlings is carried out in different instructions.
When adopting apparatus and method of the present invention to carry out commands for controlling, alarm receiving system, GIS-Geographic Information System (GIS), group calling systems etc. are all as application subsystem, and the and instruction control device connects by Ethernet, realizes commands for controlling.
The instruction secure rank is set in instruction control module and the respective handling mode is as follows:
| Command content | Level of security | Processing mode |
| Police strength arrives and refers to throw a little near the notice | High | Jingle bell also needs artificial affirmation |
| Plan of distribution assigns a task | In | Jingle bell |
| Display alarm point map | Low | Do not have |
Three kinds of instruction secure send and receiving course as follows:
1. the safety of " display alarm point map " instruction sends and receives
1) GIS-Geographic Information System sends " display alarm point map " instruction and sends to the front end access module.
2) whether after the front end access module is received " display alarm point map " instruction, carrying out decision instruction is the higher instruction of level of security.Be the lower security rank because this instructs, directly carry out next step.
3) the front end access module is compressed instruction and is encrypted, and sends to instruction control module with message mode.
4) after instruction control module receives message, message is decrypted and decompresses, obtain the instruction original text.
5) instruction control module carries out the instruction secure checking, is " low " level of security because this instructs, and directly carries out next step.
6) instruction control module compresses instruction and encrypts, and sends to the front end access module with message mode.
7) whether after the front end access module is received " display alarm point map " instruction, carrying out decision instruction is the higher instruction of level of security.Be " low " level of security because this instructs, directly carry out next step.
8) the front end access module is directly issued GIS-Geographic Information System (GIS) to " display alarm electricity map " instruction.
9) GIS-Geographic Information System (GIS) responds the map that this message demonstrates this alarm point.
2. the safety of " plan of distribution assigns a task " instruction sends and receives
1) GIS-Geographic Information System sends " plan of distribution assigns a task " instruction and sends to the front end access module.
2) whether after the front end access module is received " plan of distribution assigns a task " instruction, carrying out decision instruction is the higher instruction of level of security.Because this instruct into " in " level of security, the processing of reporting to the police, but do not need artificial affirmation directly enters next step.
3) the front end access module is compressed instruction and is encrypted, and sends to instruction control module with message mode.
4) after instruction control module receives message, message is decrypted and decompresses, obtain the instruction original text.
5) instruction control module carries out the instruction secure checking, is the lower security rank because this instructs, and directly carries out next step.
6) instruction control module compresses instruction and encrypts, and sends to the front end access module with message mode.
7) whether after the front end access module is received " plan of distribution assigns a task " instruction, carrying out decision instruction is the higher instruction of level of security.Because this instruct into " in " level of security, the processing of reporting to the police, but do not need artificial affirmation directly enters next step.
8) the front end access module is directly issued GIS-Geographic Information System (GIS) to " plan of distribution assigns a task " instruction.
9) GIS-Geographic Information System (GIS) responds this message, carries out task scheme (as shortest path, personnel, vehicle deploying etc.) and generates.
3. near the safety of " police strength arrives the appointed place notice " instruction sends and receives
1) GIS-Geographic Information System sends near " police strength arrives the appointed place notice " instruction and sends to the front end access module.
2) whether after the front end access module is received near " police strength arrives the appointed place notice " instruction, carrying out decision instruction is the higher instruction of level of security.Be " height " level of security because this instructs, carry out jingle bell and handle, need manually to confirm, just can enter next step.
3) the front end access module is compressed instruction and is encrypted, and sends to instruction control module with message mode.
4) after instruction control module receives message, message is decrypted and decompresses, obtain the instruction original text.
5) instruction control module carries out the instruction secure checking.Be " height " level of security because this instructs, carry out jingle bell and handle, need manually to confirm, just can enter next step.
6) instruction control module compresses instruction and encrypts, and sends to the front end access module with message mode.
7) whether after the front end access module is received near " police strength arrives the appointed place notice " instruction, carrying out decision instruction is the higher instruction of level of security.Be " height " level of security because this instructs, carry out jingle bell and handle, need manually to confirm, just can enter next step.
8) the front end access module is directly issued group calling system near " police strength arrives the appointed place notice " instruction.
9) group calling system responds this message, carries out near police strength is carried out call notification.
The above is preferred embodiment of the present invention only, is not to be used for limiting practical range of the present invention; Every according to equivalence variation and modification that the present invention did, all contained by claim of the present invention.
Claims (8)
1, a kind of device that guarantees instruction secure between the heterogeneous system is connected with a plurality of application subsystems, it is characterized in that, comprising: front end access module and instruction control module;
Described front end access module connects described a plurality of application subsystem, receives the instruction message of application subsystem, according to predefined safety regulation, described instruction message is carried out safety verification, and will be transmitted to instruction control module by the instruction message of checking; Reception is transmitted to application subsystem from the instruction message of instruction control module and through behind the safety verification;
Described instruction control module is connected with described front end access module, receives the instruction message that described front end access module is sent, and described instruction message is carried out safety verification, and will send to described front end access module by the instruction message of safety verification.
2, the device of instruction secure between the assurance heterogeneous system according to claim 1, it is characterized in that described application subsystem is cable network/call center system, wireless clustered system, video-signal system, large screen display system, magnitude of traffic flow supervisory control system, computer communication network system, network management and monitoring system, instruction database system, alarm and command system, GIS-Geographic Information System, GPS (Global Position System), CAD, mobile commanding system, leader's command system, safety-protection system or the office automation system.
3, a kind of method that guarantees instruction secure between the heterogeneous system is characterized in that, comprises the steps:
Step 1, application subsystem send to the front end access module by using the unified interface of front end access module with instruction;
Step 2, front end access module are carried out the level of security checking according to predefined instruction secure rank to instruction, and the instruction by checking is sent to instruction control module;
Step 3, instruction control module carry out the level of security checking to the instruction that receives, and the instruction by checking is sent to the front end access module;
Step 4, front end access module carry out again the instruction secure level other the checking, and the checking by after instruction send to application subsystem.
4, the method for instruction secure between the assurance heterogeneous system according to claim 3 is characterized in that, is according to predefined safety regulation in the checking of described level of security, instruction message is carried out the respective operations of different level of securitys.
5, the method for instruction secure between the assurance heterogeneous system according to claim 4 is characterized in that the respective operations of described different level of securitys comprises: to the instruction of level of security for " height ", and the processing of reporting to the police, the pedestrian worker that goes forward side by side confirms; To level of security be " in " instruction, the processing of reporting to the police, and under the automation mode, handling; Definition is the instruction of " low " to level of security, directly carries out the automation mode and handles.
6, according to the method for instruction secure between claim 3, the 4 or 5 described assurance heterogeneous systems, it is characterized in that, in described step 2 and step 3, further comprise the forwarding step that sends after putting in order, compress, encrypt by the instruction of checking.
7, the method for instruction secure between the assurance heterogeneous system according to claim 6 is characterized in that, in described step 3 and step 4, further comprise the instruction that receives put in order, deciphering, decompress(ion) to be to recover the receiving step of instruction original text.
8, the method for instruction secure between the assurance heterogeneous system according to claim 3 is characterized in that, in described step 2, step 3 and step 4, also further comprises the recording step that writes down by the instruction of checking not.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100094823A CN100518053C (en) | 2004-08-26 | 2004-08-26 | Apparatus and method for guaranteeing instruction safety between heterogeneous systems |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100094823A CN100518053C (en) | 2004-08-26 | 2004-08-26 | Apparatus and method for guaranteeing instruction safety between heterogeneous systems |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1741440A CN1741440A (en) | 2006-03-01 |
| CN100518053C true CN100518053C (en) | 2009-07-22 |
Family
ID=36093668
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100094823A Expired - Fee Related CN100518053C (en) | 2004-08-26 | 2004-08-26 | Apparatus and method for guaranteeing instruction safety between heterogeneous systems |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100518053C (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101014019B (en) * | 2006-12-21 | 2011-05-18 | 建龙钢铁控股有限公司 | Communication method for transmitting message among systems |
| CN104333437A (en) * | 2014-11-20 | 2015-02-04 | 天津光电通信技术有限公司 | Communication equipment and communication method for maritime affair or outdoor area |
-
2004
- 2004-08-26 CN CNB2004100094823A patent/CN100518053C/en not_active Expired - Fee Related
Non-Patent Citations (2)
| Title |
|---|
| 异构网络安全管理的设计. 吴刚,敖青云,李瑞霞,白英彩.计算机工程,第25卷. 1999 |
| 异构网络安全管理的设计. 吴刚,敖青云,李瑞霞,白英彩.计算机工程,第25卷. 1999 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1741440A (en) | 2006-03-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108769240B (en) | Intelligent dispatching command system and method | |
| CA2765275C (en) | A mine operation monitoring system | |
| CN104751295A (en) | Power distribution network repair mass texting work order processing platform and method | |
| CN104468648A (en) | Data processing system and method | |
| CN105321320B (en) | A kind of 4G LTE network on-line early warning system and method based on VPN framework | |
| CN104821900B (en) | Power telecom network emergency first-aid repair whole process managing and control system based on mobile platform application | |
| CN108574696A (en) | A kind of command dispatching system and working method based on GIS map | |
| CN110807020A (en) | Data integration device based on multiple data sources | |
| US7363052B2 (en) | Information distribution system for improved response to safety and security incidents | |
| CN103869219A (en) | Fault handling method and device for power transmission network | |
| CN102394913A (en) | Control method of vehicle service system | |
| CN114553933B (en) | Control authority taking over method, device and system for unmanned vehicle | |
| KR20020019954A (en) | Communication system for working machines | |
| CN101753990A (en) | Mobile monitoring device | |
| CN104966146A (en) | Airport operation command system | |
| CN102238571B (en) | Apparatus of Internet of Things machine to machine/man (M2M) business processing, system and method thereof | |
| CN100518053C (en) | Apparatus and method for guaranteeing instruction safety between heterogeneous systems | |
| CN111988397B (en) | Earthquake-proof disaster-reduction disaster-relief method and system based on edge calculation | |
| CN100463393C (en) | Device and method for data safety share between isomerous system | |
| CN106960565A (en) | Taxi valuation and monitoring system based on GPS GPRS | |
| CN107181929A (en) | Method and apparatus for video monitoring | |
| CN109309526A (en) | A kind of boat-carrying satellite communication network backup management system | |
| US20160205494A1 (en) | Machine-to-Machine (M2M) oriented service platform interface apparatus and method | |
| CN109344979A (en) | Power communication access path alarm method and system | |
| CN101502136A (en) | Information broadcasting system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: HAIMEN TECHNOLOGY DEVELOPMENT CORP. Free format text: FORMER OWNER: ZTE CORPORATION Effective date: 20130424 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 518057 SHENZHEN, GUANGDONG PROVINCE TO: 226144 NANTONG, JIANGSU PROVINCE |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20130424 Address after: 226144, No. 600, Beijing Road, Haimen, Jiangsu, Nantong province (room 0212 of administrative center) Patentee after: Haimen science and Technology Development General Corporation Address before: 518057 Nanshan District science and Technology Industrial Park, Guangdong high tech Industrial Park, ZTE building Patentee before: ZTE Corporation |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090722 Termination date: 20160826 |