CN107888582A - The system and method that a kind of APP softwares penetrate railway Intranet - Google Patents
The system and method that a kind of APP softwares penetrate railway Intranet Download PDFInfo
- Publication number
- CN107888582A CN107888582A CN201711083311.9A CN201711083311A CN107888582A CN 107888582 A CN107888582 A CN 107888582A CN 201711083311 A CN201711083311 A CN 201711083311A CN 107888582 A CN107888582 A CN 107888582A
- Authority
- CN
- China
- Prior art keywords
- intranet
- data
- railway
- app softwares
- outer net
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
Abstract
The invention discloses the system and method that a kind of APP softwares penetrate railway Intranet, enable APP softwares and web information system data interchange in railway.Its technical scheme is:System includes outer net APP softwares, outbound communication server, Intranet application server, railway safety platform, wherein railway safety platform establishes communication connection between outbound communication server, Intranet application server respectively, outbound communication server and outer net APP softwares establish communication connection, railway safety platform realizes the data interaction of Intranet and outer net using the http modes acted on behalf of, realized from accessing outer network from inner network using the positive supply based on user name/password, realized using the reverse proxy based on digital certificate from extranet access Intranet.
Description
Technical field
The present invention relates to railway combined Information Network (be railway department's internal work network, a kind of closed network, Wu Facong
Internet conducts interviews, abbreviation railway Intranet) security platform data penetrate field, more particularly to a kind of APP softwares penetrate railway
The system of Intranet.
Background technology
At present, railway electrical System information is quickly grown, and is moved using APP softwares and is turned into industry regulatory requirement and compels
Cut.The data of information system at this stage only circulate in railway Intranet, and APP softwares can not pass through internet access, railway electrical
System can not moving office operation.Existing intranet and extranet data interaction mode data transmission is slow, data interaction information
Measure small, be only applied to Network Communication in mobile unit and ground, the need that APP softwares interact to bulk information data high-speed can not be met
Ask.
Existing Intranet and outer net (refer generally to internet, usual internet refers to internet, and Internet is then refered in particular to
Internet, this method for being linked together computer network mutually can be referred to as " network interconnection ", be developed on the basis of this
Cover global global internetwork and claim internet, be to interconnect network structure together) transmission technology and its
Deficiency is as follows:
A) transport layer penetrates Intranet:It is traditional side of penetrating to carry out intranet and extranet data interchange by the transport layer of procotol
Method, widely used in track traffic and all kinds of circuits of state's iron at present.Due to the lower level in network architecture, car is typically only used for
Carry equipment and ground communication, for example, LKJ (full name train operation monitoring device is China railways operation and engineers and technicians from
The train speed control system of main research and development, having prevents train overrun a signal, operation hypervelocity and assist driver from improving maneuvering capability
It is the important component of China railways Train Detection and Identification system etc. function) system and TSC main frames.Wirelessly setting on locomotive
It is standby with ground-based server by the agreement agreed upon, be transmitted according to protocol groups bag by internet to railway safety platform,
Intranet queue is transferred to after being judged by railway safety platform again, then after being handled via Intranet program, the data of acquisition are existed
Used in production and management.Transport layer, which penetrates the shortcomings that Intranet, is:Different packets needs different train-ground communication associations
View, transmitted data amount is small, and effectiveness of performance is low, and the probability that queue blocks is high.Communication protocol is simple, exist from public network section to
The possibility that Intranet is launched a offensive, permeated, system is attacked by data falsification.In order to realize that more efficient safe data are handed over
Mutually, it is necessary to which other method is supplemented.
B) outer grid database method:In order to be supplied to mobile device and external network to be used Intranet information, railway
Department sets outer grid database in outer rack, by the method for Timing Synchronization, allows inside and outside network data to be consistent.Needed in external network
Related data is obtained by the database for accessing deployment portion's network outside, and then give applications to carry out in the case of use
Use.The shortcomings that this method is:Instantaneity is poor, and cost is higher, it is most important that security is excessively poor.Outer grid database causes iron
The related data on road is exposed in external network, data is present and is stolen, the risk lost and distorted.It is safer in order to realize
Controllable data interaction is, it is necessary to which other method is supplemented.
Generally speaking, existing transport layer penetrate Intranet method transmitted data amount is small, effectiveness of performance is low, railway security is put down
The probability that platform blocks is high, can not meet the needs of APP softwares are interactive at a high speed to mass data.In existing transport layer penetrates
The method communication protocol of net is simple, the possibility launched a offensive, permeated from public network section to Intranet be present, and outside can pass through forgery
Protocol data is attacked Intranet system, and information system has the risk attacked.Although existing outer grid database method
Can be used by APP softwares, but allow railway related data be exposed to external network in, exist data be stolen, lose and
The risk distorted, security requirement can not be met, while its instantaneity is poor, can not really realize mobile operation management.It is existing
Data penetrating method can not be also managed by railway department, uncontrollable, not manageable risk be present.Therefore, Yi Zhongxin
The through-transmission technique that type, efficient, controllable APP softwares penetrate railway Intranet needs research badly.
The content of the invention
The brief overview of one or more aspects given below is to provide to the basic comprehension in terms of these.This general introduction is not
The extensive overview of all aspects contemplated, and the key or decisive key element for being both not intended to identify all aspects is also non-
Attempt to define the scope in terms of any or all.Its unique purpose is to provide the one of one or more aspects in simplified form
A little concepts think the sequence of more detailed description given later.
It is an object of the invention to solve the above problems, there is provided a kind of APP softwares penetrate system and the side of railway Intranet
Method, enable APP softwares and web information system data interchange in railway.
The technical scheme is that:Present invention is disclosed the system that a kind of APP softwares penetrate railway Intranet, including outer net
APP softwares, outbound communication server, Intranet application server, railway safety platform, wherein railway safety platform are respectively and outer net
Communication connection is established between the communication server, Intranet application server, outbound communication server and outer net APP softwares establish communication
Connection, railway safety platform realizes the data interaction of Intranet and outer net using the http modes acted on behalf of, using based on user name/mouth
The positive supply of order is realized from accessing outer network from inner network, is realized using the reverse proxy based on digital certificate from extranet access Intranet.
An embodiment of the system of railway Intranet is penetrated according to the APP softwares of the present invention, system includes outer from Intranet access
First program of net, the first program of operation realize transmission method of the information by Intranet to outer net, including:
Service or application in railway Intranet send data by APP softwares of the Intranet application server into outer net;
The data of transmission are sent to railway safety platform by Intranet, and railway safety platform calls white list to carrying out message
The APP softwares of reception are judged, if in white list, corresponding proxy user is established if in white list, if
It is not in white list then abandoning data while returns to error message to Intranet application server;
Railway safety platform accesses outbound communication server using the positive http modes acted on behalf of;
Outbound communication server receives and sends data to APP softwares by internet after data.
An embodiment of the system of railway Intranet is penetrated according to the APP softwares of the present invention, system is included out of extranet access
Second program of net, the second program of operation realize transmission method of the information by outer net to Intranet, including:
After APP softwares initiate request of data to Intranet application server, data are first sent to outbound communication server;
Outbound communication server judges whether request is qualified after receiving request of data, and number is abandoned if request is unqualified
According to calling SSL certificate initiates certification to railway safety platform if request is qualified;
Railway safety platform judges whether SSL certificate is qualified, and the application issue if qualified in railway Intranet authorizes
Cookie, the APP softwares in outer net are by authorizing cookie that request of data is sent into Intranet application server;
Intranet application server is received based on http agreements and request handled after request of data, while by result
Or data are back to APP softwares.
An embodiment of the system of railway Intranet is penetrated according to the APP softwares of the present invention, railway safety platform provides three kinds
Data channel mode, including 8000 data channel, 8092 data channel and mapping mode passage, wherein communication protocol are assisted for http
View.
An embodiment of the system of railway Intranet, 8000 data channel and 8092 numbers are penetrated according to the APP softwares of the present invention
Need in outside application server deployment SSL certificate according to the data mode of passage, sent out being entered by request of data when outer net is applied
Certification is played, and the mapping mode of mapping mode passage is each user promulgation digital certificate, directly initiates to recognize in outer net APP softwares
Card.
Present invention further teaches a kind of method that APP softwares penetrate railway Intranet, method is including outer net APP softwares, outer
Network Communication server, Intranet application server, railway safety platform system on implement, railway safety platform respectively with outer Netcom
Communication connection is established between telecommunications services device, Intranet application server, outbound communication server and outer net APP softwares are established communication and connected
Connect, methods described include information by Intranet to outer net transmission and information by outer net to Intranet transmission, wherein:
Information is included by the transmission of Intranet to outer net:
Service or application in railway Intranet send data by APP softwares of the Intranet application server into outer net;
The data of transmission are sent to railway safety platform by Intranet, and railway safety platform calls white list to carrying out message
The APP softwares of reception are judged, if in white list, corresponding proxy user is established if in white list, if
It is not in white list then abandoning data while returns to error message to Intranet application server;
Railway safety platform accesses outbound communication server using the positive http modes acted on behalf of;
Outbound communication server receives and sends data to APP software informations by outer net to Intranet by internet after data
Transmission include:
After APP softwares initiate request of data to Intranet application server, data are first sent to outbound communication server;
Outbound communication server judges whether request is qualified after receiving request of data, and number is abandoned if request is unqualified
According to calling SSL certificate initiates certification to railway safety platform if request is qualified;
Railway safety platform judges whether SSL certificate is qualified, and the application issue if qualified in railway Intranet authorizes
Cookie, the APP softwares in outer net are by authorizing cookie that request of data is sent into Intranet application server;
Intranet application server is received based on http agreements and request handled after request of data, while by result
Or data are back to APP softwares.
An embodiment of the method for railway Intranet is penetrated according to the APP softwares of the present invention, railway safety platform provides three kinds
Data channel mode, including 8000 data channel, 8092 data channel and mapping mode passage, wherein communication protocol are assisted for http
View.
An embodiment of the method for railway Intranet, 8000 data channel and 8092 numbers are penetrated according to the APP softwares of the present invention
Need in outside application server deployment SSL certificate according to the data mode of passage, sent out being entered by request of data when outer net is applied
Certification is played, and the mapping mode of mapping mode passage is each user promulgation digital certificate, directly initiates to recognize in outer net APP softwares
Card.
Present invention contrast prior art has following beneficial effect:The present invention is mainly recognized by HTTP Proxy and SSL certificate
(SSL certificate is exactly to observe ssl protocol to card, by the digital certificate issuing organization CA of trust, is issued after authentication server identity
Hair, has server authentication and data transfer encryption function.SSL certificate passes through in client browser and Web server
Between establish a SSL escape way), railway intranet security platform is penetrated using three-tier architecture technology, put down in railway security
The management and control of platform are issued to the effect of intranet and extranet data message intercommunication, railway electrical system is moved and are turned into industry
Management, innovation management method, improve operating efficiency.
The innovation of the present invention is:
(1) APP softwares are realized first to penetrate in the Intranet of railway electrical system, railway electrical system is moved
Dynamicization job management, has reformed management method, improves operating efficiency.
(2) application development process of system and method for the invention is convenient succinct, employs http protocol communications, uses three
Layer architecture.Http agreements are the abbreviations of HTTP, at present the most widely used agreement of the Internet, applications layer, due to
The characteristic of http agreements, when data communicate, it is only necessary to which transmission method and path, exploitation are convenient.And three-tier architecture " the low coupling of high cohesion
The characteristic of conjunction " ensure that standardization and the high efficiency of application and development.
(3) communication of system and method for the invention is efficiently rapid, is transmitted using http agreements, and http allows transmission any
The data object of type, transmission are efficient.Characteristic connectionless http is that each connect of limitation only handles a request, at server
The request of client is managed, and after receiving the response of client, that is, transmission time can be saved in this way by disconnecting.
(4) system and method for the invention is safe, using SSL authentication modes and railway safety platform manager
Formula, SSL certificate are entered by establishing a SSL escape way between client browser and Web server to the data of transmission
Row is encrypted and hidden, it is ensured that data are not changed in transmission, i.e. the integrality of data, realize data message in client kimonos
Encrypted transmission between business device, can prevent the leakage of data message.
(5) controllability of system and method for the invention is high, and due to the security platform of railway combined Information Network, (MTUP is put down
Platform) there is the management function of SSL certificate, it is easy to railway information functional department to manage related credentials application, controllability is very high.
Brief description of the drawings
After the detailed description of embodiment of the disclosure is read in conjunction with the following drawings, it better understood when the present invention's
Features described above and advantage.In the accompanying drawings, each component is not necessarily drawn to scale, and has similar correlation properties or feature
Component may have same or like reference.
Fig. 1 shows that the APP softwares of the present invention penetrate the system architecture diagram of the embodiment of the system of railway Intranet.
Fig. 2 shows the flow chart of the method from accessing outer network from inner network of the present invention.
Fig. 3 shows the flow chart that intranet data is obtained from outer net of the present invention.
Fig. 4 shows the 8092 channel data mode intercommunication schematic diagrames of the present invention.
Fig. 5 shows the mapping mode schematic diagram in the system of the present invention.
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention is described in detail.Pay attention to, it is below in conjunction with accompanying drawing and specifically real
It is only exemplary to apply the aspects of example description, and is understood not to carry out any restrictions to protection scope of the present invention.
Fig. 1 shows that the APP softwares of the present invention penetrate the framework of the embodiment of the system of railway Intranet.As shown in figure 1, this
The system hardware of embodiment includes:Outer net APP softwares 1, outbound communication server 2, Intranet application server 3, railway security are put down
Platform 4 (MTUP security platforms).Railway safety platform 4 is established between outbound communication server 2, Intranet application server 3 respectively
Communication connection, outbound communication server 2 and outer net APP softwares 1 establish communication connection.
The system of the present invention is using three-tier architecture (3-tier architecture) realization, three layer frames on ordinary meaning
Whole service application is exactly divided into by structure:Boundary layer (User Interface layer), Business Logic (Business
Logic Layer), data access layer (Data access layer).The with different levels purpose in area is i.e. for " high cohesion lower coupling "
Thought, in software architecture design, hierachical structure is a kind of most common, and most important structure.Railway security
Platform 4 realizes the data interaction of Intranet and outer net using the http modes acted on behalf of, and uses the positive supply based on user name/password
Realize from accessing outer network from inner network, realized using the reverse proxy based on digital certificate from extranet access Intranet.
System software includes realization from the first program of accessing outer network from inner network and realizes the second journey from extranet access Intranet
Sequence.
Run the first program and realize that information is as shown in Figure 2 by the implementation steps of the transmission method of Intranet to outer net.
Step 11:Service or application in railway Intranet are sent by APP softwares of the Intranet application server into outer net
Data.
Here APP softwares can be the APP programs in mobile device end APP programs or hand-held job-oriented terminal.Data
Interaction originating end server is located at Intranet, and server is located at outer net (i.e. external service net or internet) at present.
Step S12:The data of transmission are sent to railway safety platform, railway safety platform by Intranet and call white list pair
The APP softwares for carrying out message sink are judged, if in white list.
Step S13 is continued executing with if in white list, step S16 is performed if being not in white list.
Step S13:Establish corresponding proxy user.
Step S14:Railway safety platform accesses outbound communication server using the positive http modes acted on behalf of.
Step S15:Outbound communication server receives and sends data to APP softwares by internet after data.
Step S16:Abandon data and return to error message to Intranet application server simultaneously.
Run the second program and realize that information is as shown in Figure 3 by the implementation steps of the transmission method of outer net to Intranet.
Step S21:After APP softwares initiate request of data to Intranet application server, data are first sent to outbound communication service
Device.
Step S22:Outbound communication server judges whether request is qualified after receiving request of data, if request is unqualified
Abandon data and return to error message to APP softwares, step S23 is continued executing with if request is qualified.
Step S23:SSL certificate is called to initiate certification to railway safety platform, whether railway safety platform judges SSL certificate
It is qualified, step S24 is performed if qualified, error message is returned if unqualified to APP softwares.
Step S24:Application in railway Intranet, which is issued, authorizes cookie, and the APP softwares in outer net are by authorizing cookie
Request of data is sent to Intranet application server.
Step S25:Intranet application server is handled request after receiving request of data based on http agreements.If place
Manage and successfully then return to result to APP softwares, error message is returned if processing is unsuccessful to APP softwares.
Railway safety platform provides three kinds of data channel modes, including 8000 data channel, 8092 data channel and mapping
Mode passage, wherein communication protocol are http agreements.
As shown in figure 4, for 8092 data channel, it is necessary in outside service network application deployment server, to application system
The certification of digital certificate mode is carried out, application system is by calling security platform SDK to be authenticated, by that can pass through peace after mandate
Full platform exchanges data, supports http/https agreements, supports WebService modes, data transmission efficiency is higher, has simultaneously
There is higher stability.
For the data channel of TSM Security Agent 8000, it is necessary in outside service network application deployment server, application system is entered
The certification of row digital certificate mode, application system is by calling security platform SDK to be authenticated, by that can pass through safety after mandate
Platform exchanges data, supports http/https agreements, supports WebService modes, and data transmission efficiency is higher, but this is logical
Road less stable.
As shown in figure 5, for mapping mode passage, mapping mode does not have application deployment server in outside service network, leads to
The preposition proxy access of security platform is crossed, user conducts interviews from internet, using https agreements, enters line number to personal user
The certification of word certificate mode, by the Intranet application that mapping is may have access to after mandate.The application system of mapping need to observe development specifications.
Unlike data mode, the data mode of 8000 data channel and 8092 data channel needs mapping mode
External application servers dispose SSL certificate, and certification is initiated when outer net is applied being entered by request of data, and mapping mode passage
Mapping mode is that each user promulgates digital certificate, directly initiates certification in outer net APP softwares.
In addition, present invention further teaches the method that APP softwares penetrate railway Intranet, method is in foregoing system architecture
Realize, method includes information as shown in Figure 2 by the transmitting procedure and information as shown in Figure 3 of Intranet to outer net by outer net
To the transmitting procedure of Intranet.Description of the transmitting procedure as described above to the step in Fig. 2 and Fig. 3 accompanying drawing is identical, no longer superfluous herein
State.And the railway safety platform in system architecture is also such as previous embodiment, there is provided three kinds of data channel modes, including 8000 data
Passage, 8092 data channel and mapping mode passage, wherein communication protocol are http agreements.8000 data channel and 8092 data
The data mode of passage is needed in outside application server deployment SSL certificate, is initiated being entered by request of data when outer net is applied
Certification, and the mapping mode of mapping mode passage is each user promulgation digital certificate, directly initiates to recognize in outer net APP softwares
Card.
Although for make explanation simplify the above method is illustrated and is described as a series of actions, it should be understood that and understand,
The order that these methods are not acted is limited, because according to one or more embodiments, some actions can occur in different order
And/or with from it is depicted and described herein or herein it is not shown and describe but it will be appreciated by those skilled in the art that other
Action concomitantly occurs.
Those skilled in the art will further appreciate that, with reference to the embodiments described herein come the various illustratives that describe
Logic plate, module, circuit and algorithm steps can be realized as electronic hardware, computer software or combination of the two.To be clear
Explain to Chu this interchangeability of hardware and software, various illustrative components, frame, module, circuit and step be above with
Its functional form makees vague generalization description.Such feature be implemented as hardware or software depend on concrete application and
Put on the design constraint of total system.Technical staff can be realized described for every kind of application-specific with different modes
Feature, but such realize that decision-making should not be interpreted to cause departing from the scope of the present invention.
General place can be used with reference to various illustrative logic plate, module and the circuits that presently disclosed embodiment describes
Reason device, digital signal processor (DSP), application specific integrated circuit (ASIC), field programmable gate array (FPGA) other are compiled
Journey logical device, discrete door or transistor logic, discrete nextport hardware component NextPort or its be designed to carry out function described herein
Any combinations are realized or performed.General processor can be microprocessor, but in alternative, the processor can be appointed
What conventional processor, controller, microcontroller or state machine.Processor is also implemented as the combination of computing device, example
As the combination of DSP and microprocessor, multi-microprocessor, the one or more microprocessors to be cooperated with DSP core or it is any its
His such configuration.
It can be embodied directly in hardware, in by processor with reference to the step of method or algorithm that embodiment disclosed herein describes
Embodied in the software module of execution or in combination of the two.Software module can reside in RAM memory, flash memory, ROM and deposit
Reservoir, eprom memory, eeprom memory, register, hard disk, removable disk, CD-ROM or known in the art appoint
In the storage medium of what other forms.Exemplary storage medium is coupled to processor to enable the processor from/to the storage
Medium is read and write-in information.In alternative, storage medium can be integrated into processor.Processor and storage medium can
Reside in ASIC.ASIC can reside in user terminal.In alternative, processor and storage medium can be used as discrete sets
Part is resident in the user terminal.
In one or more exemplary embodiments, described function can be in hardware, software, firmware or its any combinations
Middle realization.If being embodied as computer program product in software, each function can be used as the instruction of one or more bars or generation
Code storage is transmitted on a computer-readable medium or by it.Computer-readable medium includes computer-readable storage medium and communication
Both media, it includes any medium for facilitating computer program to shift from one place to another.Storage medium can be can quilt
Any usable medium that computer accesses.It is non-limiting as example, such computer-readable medium may include RAM, ROM,
EEPROM, CD-ROM or other optical disc storage, disk storage or other magnetic storage apparatus can be used to carrying or store instruction
Or desirable program code and any other medium that can be accessed by a computer of data structure form.Any connection is also by by rights
Referred to as computer-readable medium.For example, if software is using coaxial cable, fiber optic cables, twisted-pair feeder, digital subscriber line
(DSL) or the wireless technology of such as infrared, radio and microwave etc passes from web site, server or other remote sources
Send, then the coaxial cable, fiber optic cables, twisted-pair feeder, DSL or such as infrared, radio and microwave etc is wireless
Technology is just included among the definition of medium.Disk (disk) and dish (disc) as used herein include compact disc
(CD), laser disc, laser disc, digital versatile disc (DVD), floppy disk and blu-ray disc, which disk (disk) are often reproduced in a manner of magnetic
Data, and dish (disc) laser reproduce data optically.Combinations of the above should also be included in computer-readable medium
In the range of.
Offer is for so that any person skilled in the art all can make or use this public affairs to being previously described for the disclosure
Open.Various modifications to the disclosure all will be apparent for a person skilled in the art, and as defined herein general
Suitable principle can be applied to spirit or scope of other variants without departing from the disclosure.Thus, the disclosure is not intended to be limited
Due to example described herein and design, but should be awarded and principle disclosed herein and novel features phase one
The widest scope of cause.
Claims (8)
1. the system that a kind of APP softwares penetrate railway Intranet, it is characterised in that including outer net APP softwares, outbound communication service
Device, Intranet application server, railway safety platform, wherein railway safety platform respectively with outbound communication server, Intranet application
Communication connection is established between server, outbound communication server and outer net APP softwares establish communication connection, and railway safety platform makes
Realize the data interaction of Intranet and outer net with the http modes acted on behalf of, using the positive supply based on user name/password realize from
Accessing outer network from inner network, realized using the reverse proxy based on digital certificate from extranet access Intranet.
2. the system that APP softwares according to claim 1 penetrate railway Intranet, it is characterised in that system is included from Intranet
The first program of outer net is accessed, the first program of operation realizes transmission method of the information by Intranet to outer net, including:
Service or application in railway Intranet send data by APP softwares of the Intranet application server into outer net;
The data of transmission are sent to railway safety platform by Intranet, and railway safety platform calls white list to carrying out message sink
APP softwares judged, if in white list, corresponding proxy user is established if in the white list, if not locating
Data are then abandoned in white list while return to error message to Intranet application server;
Railway safety platform accesses outbound communication server using the positive http modes acted on behalf of;
Outbound communication server receives and sends data to APP softwares by internet after data.
3. the system that APP softwares according to claim 2 penetrate railway Intranet, it is characterised in that system is included from outer net
The second program of Intranet is accessed, the second program of operation realizes transmission method of the information by outer net to Intranet, including:
After APP softwares initiate request of data to Intranet application server, data are first sent to outbound communication server;
Outbound communication server judges whether request is qualified after receiving request of data, and data are abandoned if request is unqualified, if
Qualified then calling SSL certificate is asked to initiate certification to railway safety platform;
Railway safety platform judges whether SSL certificate is qualified, and the application issue if qualified in railway Intranet authorizes cookie,
APP softwares in outer net are by authorizing cookie that request of data is sent into Intranet application server;
Intranet application server is received based on http agreements and request handled after request of data, while by result or number
According to being back to APP softwares.
4. the system that APP softwares according to claim 3 penetrate railway Intranet, it is characterised in that railway safety platform carries
It is for three kinds of data channel modes, including 8000 data channel, 8092 data channel and mapping mode passage, wherein communication protocol
Http agreements.
5. the system that APP softwares according to claim 4 penetrate railway Intranet, it is characterised in that 8000 data channel and
The data mode of 8092 data channel is needed in outside application server deployment SSL certificate, is being answered by request of data into outer net
Used time initiates certification, and the mapping mode of mapping mode passage is each user promulgation digital certificate, directly in outer net APP softwares
Initiate certification.
6. a kind of method that APP softwares penetrate railway Intranet, method is including outer net APP softwares, outbound communication server, Intranet
Application server, railway safety platform system on implement, railway safety platform respectively with outbound communication server, Intranet application
Communication connection is established between server, outbound communication server and outer net APP softwares establish communication connection, it is characterised in that institute
State method include information by Intranet to outer net transmission and information by outer net to Intranet transmission, wherein:
Information is included by the transmission of Intranet to outer net:
Service or application in railway Intranet send data by APP softwares of the Intranet application server into outer net;
The data of transmission are sent to railway safety platform by Intranet, and railway safety platform calls white list to carrying out message sink
APP softwares judged, if in white list, corresponding proxy user is established if in the white list, if not locating
Data are then abandoned in white list while return to error message to Intranet application server;
Railway safety platform accesses outbound communication server using the positive http modes acted on behalf of;
Outbound communication server receives and sends data to biography of the APP software informations by outer net to Intranet by internet after data
It is defeated including:
After APP softwares initiate request of data to Intranet application server, data are first sent to outbound communication server;
Outbound communication server judges whether request is qualified after receiving request of data, and data are abandoned if request is unqualified, if
Qualified then calling SSL certificate is asked to initiate certification to railway safety platform;
Railway safety platform judges whether SSL certificate is qualified, and the application issue if qualified in railway Intranet authorizes cookie,
APP softwares in outer net are by authorizing cookie that request of data is sent into Intranet application server;
Intranet application server is received based on http agreements and request handled after request of data, while by result or number
According to being back to APP softwares.
7. the method that APP softwares according to claim 6 penetrate railway Intranet, it is characterised in that railway safety platform carries
It is for three kinds of data channel modes, including 8000 data channel, 8092 data channel and mapping mode passage, wherein communication protocol
Http agreements.
8. the method that APP softwares according to claim 7 penetrate railway Intranet, it is characterised in that 8000 data channel and
The data mode of 8092 data channel is needed in outside application server deployment SSL certificate, is being answered by request of data into outer net
Used time initiates certification, and the mapping mode of mapping mode passage is each user promulgation digital certificate, directly in outer net APP softwares
Initiate certification.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711083311.9A CN107888582A (en) | 2017-11-07 | 2017-11-07 | The system and method that a kind of APP softwares penetrate railway Intranet |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711083311.9A CN107888582A (en) | 2017-11-07 | 2017-11-07 | The system and method that a kind of APP softwares penetrate railway Intranet |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107888582A true CN107888582A (en) | 2018-04-06 |
Family
ID=61778880
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711083311.9A Pending CN107888582A (en) | 2017-11-07 | 2017-11-07 | The system and method that a kind of APP softwares penetrate railway Intranet |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107888582A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108600204A (en) * | 2018-04-11 | 2018-09-28 | 浙江大学 | A kind of corporate intranet access method based on Opposite direction connection and application layer tunnel |
CN108965320A (en) * | 2018-08-08 | 2018-12-07 | 湖南中车时代通信信号有限公司 | A kind of system and method for general railway intranet and extranet data interaction |
CN112104754A (en) * | 2020-11-18 | 2020-12-18 | 腾讯科技(深圳)有限公司 | Network proxy method, system, device, equipment and storage medium |
CN112615926A (en) * | 2020-12-23 | 2021-04-06 | 中铁信弘远(北京)软件科技有限责任公司 | Railway mobile data transmission method and system |
CN114629678A (en) * | 2021-12-31 | 2022-06-14 | 绿盟科技集团股份有限公司 | TLS-based intranet penetration method and device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101977224A (en) * | 2010-10-28 | 2011-02-16 | 神州数码网络(北京)有限公司 | SSL VPN equipment-based Web resource authentication information management method |
CN102843352A (en) * | 2012-05-15 | 2012-12-26 | 广东电网公司茂名供电局 | Cross-physical isolation data transparent transmission system and method between intranet and extranet |
CN105119894A (en) * | 2015-07-16 | 2015-12-02 | 上海慧银信息科技有限公司 | Communication system and communication method based on hardware safety module |
CN105471866A (en) * | 2015-11-23 | 2016-04-06 | 深圳市联软科技有限公司 | Protection method and apparatus for mobile application |
-
2017
- 2017-11-07 CN CN201711083311.9A patent/CN107888582A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101977224A (en) * | 2010-10-28 | 2011-02-16 | 神州数码网络(北京)有限公司 | SSL VPN equipment-based Web resource authentication information management method |
CN102843352A (en) * | 2012-05-15 | 2012-12-26 | 广东电网公司茂名供电局 | Cross-physical isolation data transparent transmission system and method between intranet and extranet |
CN105119894A (en) * | 2015-07-16 | 2015-12-02 | 上海慧银信息科技有限公司 | Communication system and communication method based on hardware safety module |
CN105471866A (en) * | 2015-11-23 | 2016-04-06 | 深圳市联软科技有限公司 | Protection method and apparatus for mobile application |
Non-Patent Citations (1)
Title |
---|
杨金刚等: "通过互联网访问铁路内网Web Service技术的研究与实现", 《铁路计算机应用》 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108600204A (en) * | 2018-04-11 | 2018-09-28 | 浙江大学 | A kind of corporate intranet access method based on Opposite direction connection and application layer tunnel |
CN108965320A (en) * | 2018-08-08 | 2018-12-07 | 湖南中车时代通信信号有限公司 | A kind of system and method for general railway intranet and extranet data interaction |
CN112104754A (en) * | 2020-11-18 | 2020-12-18 | 腾讯科技(深圳)有限公司 | Network proxy method, system, device, equipment and storage medium |
CN112615926A (en) * | 2020-12-23 | 2021-04-06 | 中铁信弘远(北京)软件科技有限责任公司 | Railway mobile data transmission method and system |
CN114629678A (en) * | 2021-12-31 | 2022-06-14 | 绿盟科技集团股份有限公司 | TLS-based intranet penetration method and device |
CN114629678B (en) * | 2021-12-31 | 2023-09-19 | 绿盟科技集团股份有限公司 | TLS-based intranet penetration method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107888582A (en) | The system and method that a kind of APP softwares penetrate railway Intranet | |
CN103179115B (en) | The cloud service access control method that a kind of facing cloud television terminal is applied across cloud | |
CN108989318A (en) | A kind of lightweight safety certification and key exchange method towards narrowband Internet of Things | |
CN107294916B (en) | Single-point logging method, single-sign-on terminal and single-node login system | |
Chen et al. | Lightweight and provably secure user authentication with anonymity for the global mobility network | |
CN105187431B (en) | Login method, server, client and the communication system of third-party application | |
US8650622B2 (en) | Methods and arrangements for authorizing and authentication interworking | |
CN104756458B (en) | For protecting the method and apparatus of the connection in communication network | |
CN105791272A (en) | Method and device for secure communication in Internet of Things | |
CN106850201B (en) | Intelligent terminal multiple-factor authentication method, intelligent terminal, certificate server and system | |
CN104283886B (en) | A kind of implementation method of the web secure access based on intelligent terminal local authentication | |
US20100306839A1 (en) | Entity bi-directional identificator method and system based on trustable third party | |
CN107534651A (en) | The safe transmission of Session ID during service authentication | |
CN105827573B (en) | System, method and the relevant apparatus of internet of things equipment strong authentication | |
CN106209749A (en) | Single-point logging method and the processing method and processing device of device, relevant device and application | |
CN102685749B (en) | Wireless safety authentication method orienting to mobile terminal | |
CN109428874A (en) | Register method and device based on serviceization framework | |
CN103281305B (en) | The connection control method of the wisdom city system based on security gateway | |
CN101714918A (en) | Safety system for logging in VPN and safety method for logging in VPN | |
CN105681030B (en) | key management system, method and device | |
CN108347729A (en) | Method for authenticating, slice authentication agent entity and session management entity in network slice | |
US20080091604A1 (en) | Method for the Compartmented Provisioning of an Electronic Service | |
CN105306483B (en) | A kind of Anonymizing networks communication means and system safely and fast | |
CN106161361B (en) | A kind of access method and device of cross-domain resource | |
CN108616504A (en) | A kind of sensor node identity authorization system and method based on Internet of Things |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180406 |