CN103888438A - Train data communication system using information safety technology - Google Patents
Train data communication system using information safety technology Download PDFInfo
- Publication number
- CN103888438A CN103888438A CN201310065104.6A CN201310065104A CN103888438A CN 103888438 A CN103888438 A CN 103888438A CN 201310065104 A CN201310065104 A CN 201310065104A CN 103888438 A CN103888438 A CN 103888438A
- Authority
- CN
- China
- Prior art keywords
- data
- data communication
- network
- packet
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a train data communication system using an information safety technology. Between a safety information network and a data communication network of a train control system, a safety communication device is arranged to isolate the safety information network from a non safety data communication network. After encryption and authentication are carried out on safety information data, the data are transmitted to a safety communication device of a destination end through an open data communication network. The data are decrypted and restored to an original data packet on the safety communication device of the destination end, and the original data packet is sent to the destination safety information network. According to the invention, communication data safety, monitoring or peep prevention, malicious attack prevention and the like are ensured in a train control information communication process; and the integrity, the confidentiality and the non repudiation of important train control information which passes through the data communication system are ensured.
Description
Technical field
The invention belongs to Train Control field, relate in particular to a kind of data communication system that is applied to Train Control.
Background technology
In train control system, need to transmit polytype data.From functional category under data, be mainly divided into security control information and non-vital data two classes.At present, a data communication system is shared in the transmission in train control system of all security information and non-vital data.
Data communication system is divided into cable network and wireless network two parts conventionally, wherein wireless network exists inadequate natural endowment at secure context, because communication media is open wireless signal, so invader can obtain wireless communication data bag by the way of monitoring, there is the former of accidental or malice thereby be subjected to invasion, destroy, change equally likely possibility.Secondly, the radio reception device (for example: trackside AP case) in cable network is laid on outdoor, is also easy to by malicious intrusions, is linked into the data communication system of train control system, obtains the communication information of train control system.Due to the importance of track traffic, certainly fail safe is also just had to very high requirement, therefore the network security problem of data communication system need to be well solved.
Summary of the invention
Technical problem to be solved by this invention is not to provide a kind of train data communication system of application message safe practice, and it can ensure communication data safety in Train Control information communication process, monitored or peep, not by malicious attack.
In order to solve above technical problem, the invention provides a kind of train data communication system of application message safe practice; Between the security information network and data communication network of train control system, there is a safety communications equipment to realize security information network and non-security data communication network isolation; Security information data are encrypted after authentication processing, are transferred to the safety communications equipment of destination by open data communication network; On destination safety communications equipment, be decrypted and be reduced into raw data packets, deliver to object security information network.
Beneficial effect of the present invention is: in Train Control information communication process, ensure communication data safety, and not monitored or peep, not by malicious attack etc.Make integrality, confidentiality and the non-repudiation of important Train Control information after data communication system.
Between two security information networks of needs communication, hold consultation out the cryptographic algorithm of the total encryption key of both sides and high security, then exchange identifying algorithm and key separately.
When having after security information equipment sending data bag, before packet is sent to data communication network, whole three layer data bags are encrypted, calculate after the data that authentication code adds encryption to simultaneously, and encapsulating source IP address and object IP address above, the source here, object IP address are the interface IP addresses between data communication network and secure network.
Whole packet encapsulates according to the IP pack arrangement of standard, then the good packet of new construction is sent in data communication network.
When packet arrives behind destination, there is the actual communication object of the secret key of deciphering and the secret key of certification, can successful decrypted data packet, and the authorization information of calculating in authorization information and packet is compared, the packet that success is compared just can be reduced, and sends to the object network of secure communication.
Brief description of the drawings
Below in conjunction with the drawings and specific embodiments, the present invention is described in further detail.
Fig. 1 is the train data communication system schematic diagram of application message safe practice of the present invention.
Embodiment
As shown in Figure 1, for the safety requirements of train control system communication, design safety solution, guarantees the fail safe in the communication process of security control information in train control system.Data communication system is a functional subsystem in train control system, mainly completes the transmitting function of various information in train control system.Conventionally adopt two, the three layer data network equipments to set up data network, realize the transfer function of security information and non-vital data.For distinguishing security information and non-vital data, can be divided into multiple subnets, the equipment of security information and non-vital data belongs to respectively different IP subnets.What between security information equipment, transmit is security control information, very sensitive to the safety requirements in message transmitting procedure, requires in transmitting procedure, can not peeped by anyone, invade, amendment etc.Therefore, security information needed encrypted and certification before entering data communication network.
Concrete technology is as follows:
First, the cryptographic algorithm of hold consultation out between two security information networks of needs the communication total encryption key of both sides and high security, then exchange identifying algorithm and key separately, and the relevant information of some other secure communications needs.
Then, when having after security information equipment sending data bag, before packet is sent to data communication network, whole three layer data bags are encrypted, calculate after the data that authentication code adds encryption to simultaneously, and encapsulating source IP address and object IP address above, the source here, object IP address are the interface IP addresses between data communication network and secure network.Whole packet encapsulates according to the IP pack arrangement of standard, then the good packet of new construction is sent in data communication network.Due to encrypted and certification of packet, in transmitting procedure, there is anyone to obtain this packet, owing to there is no decruption key, cannot know packet content, data are well protected.Even if he can decrypted data packet and distorts content, because he does not authenticate secret key, also can receiving end verify data test out and be dropped.The fail safe of data is well protected.
Finally, when packet arrives behind destination, there is the actual communication object of the secret key of deciphering and the secret key of certification, can successful decrypted data packet, and the authorization information of calculating in authorization information and packet is compared.The packet that success is compared just can be reduced, and sends to the object network of secure communication.
By this encrypting and authenticating packet after treatment, can in open data communication network, be transferred to safely object network.Because communicating pair can, after regular hour or data, be consulted association key again, can greatly reduce the risk that key cracks.The present invention has ensured that train control system security control data, after open data communication network transmission, are not peeped, invade, distorted, and has ensured the high security of information communication.
The present invention, between the security information network and data communication network of train control system, adds a safety communications equipment and realizes security information network and non-security data communication network isolation.Security information data are encrypted after authentication processing, are transferred to the safety communications equipment of destination by open data communication network.On destination safety communications equipment, be decrypted and be reduced into raw data packets, deliver to object security information network, thereby ensure security control data information transmission security end to end.The present invention does not mainly ensure communication data safety in Train Control information communication process, monitored or peep, not by malicious attack etc.Make integrality, confidentiality and the non-repudiation of important Train Control information after data communication system.
The present invention is not limited to execution mode discussed above.Above the description of embodiment is intended in order to describe and illustrate the technical scheme the present invention relates to.Apparent conversion based on the present invention enlightenment or substitute and also should be considered to fall into protection scope of the present invention.Above embodiment is used for disclosing best implementation method of the present invention, to make those of ordinary skill in the art can apply numerous embodiments of the present invention and multiple alternative reaches object of the present invention.
Claims (5)
1. the train data communication system of an application message safe practice; It is characterized in that, between the security information network and data communication network of train control system, having a safety communications equipment to realize security information network and non-security data communication network isolation;
Security information data are encrypted after authentication processing, are transferred to the safety communications equipment of destination by open data communication network;
On destination safety communications equipment, be decrypted and be reduced into raw data packets, deliver to object security information network.
2. the train data communication system of application message safe practice as claimed in claim 1, it is characterized in that, between two security information networks of needs communication, hold consultation out the cryptographic algorithm of the total encryption key of both sides and high security, then exchange identifying algorithm and key separately.
3. the train data communication system of application message safe practice as claimed in claim 2, it is characterized in that, when having after security information equipment sending data bag, before packet is sent to data communication network, whole three layer data bags are encrypted, calculate after the data that authentication code adds encryption to simultaneously, and encapsulate source IP address and object IP address above, the source here, object IP address are the interface IP addresses between data communication network and secure network.
4. the train data communication system of application message safe practice as claimed in claim 3, is characterized in that, whole packet encapsulates according to the IP pack arrangement of standard, then the good packet of new construction is sent in data communication network.
5. the train data communication system of application message safe practice as claimed in claim 4, it is characterized in that, when packet arrives behind destination, there is the actual communication object of the secret key of deciphering and the secret key of certification, can successful decrypted data packet, and the authorization information of calculating in authorization information and packet compares, the packet that success is compared just can be reduced, and sends to the object network of secure communication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310065104.6A CN103888438A (en) | 2013-03-01 | 2013-03-01 | Train data communication system using information safety technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310065104.6A CN103888438A (en) | 2013-03-01 | 2013-03-01 | Train data communication system using information safety technology |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103888438A true CN103888438A (en) | 2014-06-25 |
Family
ID=50957160
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310065104.6A Pending CN103888438A (en) | 2013-03-01 | 2013-03-01 | Train data communication system using information safety technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103888438A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113242235A (en) * | 2021-05-08 | 2021-08-10 | 卡斯柯信号有限公司 | System and method for encrypting and authenticating railway signal secure communication protocol RSSP-I |
| CN113438617A (en) * | 2021-05-18 | 2021-09-24 | 广东中发星通技术有限公司 | Method and system for encrypting and receiving health data of train driving equipment |
| WO2021243900A1 (en) * | 2020-06-04 | 2021-12-09 | 株洲中车时代电气股份有限公司 | Information security protection method and apparatus |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101594229A (en) * | 2009-06-30 | 2009-12-02 | 华南理工大学 | A kind of trusted network connection system and method based on combined public key |
| CN101754199A (en) * | 2009-12-22 | 2010-06-23 | 上海大学 | Montgomery-type oval curve public key encryption and decryption method suitable for train wireless channels |
| CN101789939A (en) * | 2010-01-25 | 2010-07-28 | 北京交通大学 | Effective realization method for credible OpenSSH |
| US20110208387A1 (en) * | 2008-09-19 | 2011-08-25 | Continental Automotive Gmbh | System and On-Board Unit For Integrating Functions of Vehicle Devices |
-
2013
- 2013-03-01 CN CN201310065104.6A patent/CN103888438A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110208387A1 (en) * | 2008-09-19 | 2011-08-25 | Continental Automotive Gmbh | System and On-Board Unit For Integrating Functions of Vehicle Devices |
| CN101594229A (en) * | 2009-06-30 | 2009-12-02 | 华南理工大学 | A kind of trusted network connection system and method based on combined public key |
| CN101754199A (en) * | 2009-12-22 | 2010-06-23 | 上海大学 | Montgomery-type oval curve public key encryption and decryption method suitable for train wireless channels |
| CN101789939A (en) * | 2010-01-25 | 2010-07-28 | 北京交通大学 | Effective realization method for credible OpenSSH |
Non-Patent Citations (2)
| Title |
|---|
| 刘晓娟: "城市轨道交通CBTC系统关键技术研究", 《中国优秀博士学位论文全文数据库》 * |
| 谢凡: "城市轨道交通CBTC系统的数据传输子系统的研究", 《中国优秀硕士学位论文全文数据库》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021243900A1 (en) * | 2020-06-04 | 2021-12-09 | 株洲中车时代电气股份有限公司 | Information security protection method and apparatus |
| CN113242235A (en) * | 2021-05-08 | 2021-08-10 | 卡斯柯信号有限公司 | System and method for encrypting and authenticating railway signal secure communication protocol RSSP-I |
| CN113438617A (en) * | 2021-05-18 | 2021-09-24 | 广东中发星通技术有限公司 | Method and system for encrypting and receiving health data of train driving equipment |
| CN113438617B (en) * | 2021-05-18 | 2022-07-01 | 北京正弦空间技术有限公司 | Method and system for encrypting and receiving health data of train driving equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106789015B (en) | Intelligent power distribution network communication safety system | |
| CN103491072B (en) | A kind of border access control method based on double unidirection insulation network brakes | |
| CN107113287B (en) | Method of performing device-to-device communication between user equipments | |
| CN111245862A (en) | System for safely receiving and sending terminal data of Internet of things | |
| CN104811427B (en) | A kind of safe industrial control system communication means | |
| CN104994112A (en) | Method for encrypting communication data chain between unmanned aerial vehicle and ground station | |
| CN101783793B (en) | Improve the method, system and device of safety of monitoring data | |
| MX2007013862A (en) | A system and method for converting serial data into secure data packets configured for wireless transmission in a power system. | |
| CN110999223A (en) | Secure encrypted heartbeat protocol | |
| CN102546184B (en) | Method and system for message secure transmission or key distribution in sensor network | |
| CN101990748A (en) | Method and device for transmitting messages in real time | |
| CN103441983A (en) | Information protection method and device based on link layer discovery protocol | |
| JP6092548B2 (en) | Radio system and train control system | |
| CN111988328A (en) | Safety guarantee method and system for acquiring terminal data of power generation unit of new energy plant station | |
| CN111147257A (en) | Identity authentication and information confidentiality method, monitoring center and remote terminal unit | |
| CN106789845A (en) | A kind of method of network data security transmission | |
| CN103888438A (en) | Train data communication system using information safety technology | |
| CN101902610B (en) | Method for realizing secure communication between IPTV set top box and smart card | |
| AU2021244972B2 (en) | Method for data transfer and communication system | |
| KR102419057B1 (en) | Message security system and method of railway communication network | |
| CN212305665U (en) | Domestic communication encryption device suitable for rail transit | |
| CN112069487B (en) | Intelligent equipment network communication safety implementation method based on Internet of things | |
| CN210839642U (en) | Device for safely receiving and sending terminal data of Internet of things | |
| Craven et al. | Security of ATCS wireless railway communications | |
| JP2000305621A (en) | Monitoring control system using internet |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140625 |