CN108270590A - A kind of high security network communication system for railway equipment maintenance management - Google Patents
A kind of high security network communication system for railway equipment maintenance management Download PDFInfo
- Publication number
- CN108270590A CN108270590A CN201611254180.1A CN201611254180A CN108270590A CN 108270590 A CN108270590 A CN 108270590A CN 201611254180 A CN201611254180 A CN 201611254180A CN 108270590 A CN108270590 A CN 108270590A
- Authority
- CN
- China
- Prior art keywords
- intranet
- processing module
- net
- computer room
- unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/04—Network management architectures or arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
Abstract
The present invention relates to a kind of high security network communication system for railway equipment maintenance management, including:Outer net processing module, for receiving the solicited message of outer net and being fed back;Feedback information for sending solicited message to Intranet equipment, and is passed to outer net processing module by Intranet processing module;Intranet and extranet protection module, for filtering the solicited message of outer net processing module transmission;Intranet processing module includes:Net unit in computer room for storing solicited message and feedback information, and carries out two-way communication with outer net processing module;Net unit in maintenance, for transmitting the maintenance status information of railway equipment;Managing intranet unit, for receiving solicited message and safeguarding status information, and generate feedback information.Compared with prior art, the present invention has many advantages, such as that security performance is high, Intranet communication speed is fast and is controlled convenient for management.
Description
Technical field
The present invention relates to railway administration field, more particularly, to a kind of high security net for railway equipment maintenance management
Network communication system.
Background technology
It is also more important for the maintenance management of railway equipment with the rapid development of domestic railway, in order to ensure high ferro
Station information and the stabilization, functions reliably and efficiently of electromechanical equipment operation, the railway system need it is a set of it is special, be efficiently used for railway
The network communication system of equipment maintenance and management supports the daily operation management to work.
The existing network communication system for railway equipment maintenance management is mostly fairly simple, i.e. outer net and railway Intranet
It being attached by fire wall, outer net sends solicited message to railway Intranet, is transmitted to after firewall filtering in railway Intranet,
Information is stored to server and waits for the response of Intranet equipment by railway Intranet, and this communication modes are due to needing Intranet to set
Standby active response causes communication speed slow, and due to huge, the connection with complexity between each equipment of railway Intranet
Relationship leads to once have unsafe solicited message to flow into, it will be transferred to rapidly among entire Intranet, lead to the comprehensive of Intranet
Paralysis.
Invention content
The purpose of the present invention is provide a kind of high security network for railway equipment maintenance management regarding to the issue above
Communication system.
The purpose of the present invention can be achieved through the following technical solutions:
A kind of high security network communication system for railway equipment maintenance management, the system comprises:
Outer net processing module is connect with outer net equipment, for receiving the solicited message of outer net and being fed back;
Intranet processing module is connect respectively with outer net processing module and Intranet equipment, for being sent outside warp to Intranet equipment
The solicited message that net processing module is transmitted, and the feedback information of Intranet equipment is passed into outer net processing module;
Intranet and extranet protection module is connect respectively with outer net processing module and Intranet processing module, for filtering outer net processing
The solicited message that module is transmitted ensures the security performance of Intranet processing module;
The Intranet processing module includes:
Net unit in computer room is connect with outer net processing module, for storing solicited message and feedback information, and at outer net
It manages module and carries out two-way communication;
Net unit in maintenance is connect respectively with net unit in computer room and the railway equipment safeguarded, is set for transmitting railway
Standby maintenance status information;
Managing intranet unit, respectively the office equipment with net unit in computer room and administrative staff connect, for out of computer room
Solicited message and the maintenance status information of railway equipment are received in net unit, and generates feedback information.
Net unit includes in the computer room:
Computer room Intra-Network switch connect with net unit in outer net processing module, maintenance and managing intranet unit, is used for respectively
It receives and forwards solicited message, feedback information and safeguard status information;
Application server is connect with computer room Intra-Network switch, for storing solicited message, feedback information and safeguarding state letter
Breath.
Net unit further includes computer room Intranet protection gateway in the computer room, is respectively arranged in maintenance in net unit and computer room
Between network switch and between managing intranet unit and computer room Intra-Network switch.
Managing intranet fire wall is additionally provided between the computer room Intra-Network switch and managing intranet unit.
The quantity of the application server is no less than 2.
The intranet and extranet protection module includes sequentially connected intranet and extranet protection gateway and intranet and extranet fire wall, described inside and outside
Net protection gateway is connect with net unit in computer room, and the intranet and extranet fire wall is connect with outer net processing module.
The intranet and extranet protection gateway includes 3600 serial gateways of net Shen SecSIS.
The railway equipment safeguarded include AFC system headend equipment, window talkback equipment, scanner and
Certification recognition device.
Compared with prior art, the invention has the advantages that:
(1) Intranet processing module is subjected to modular division according to function, is divided into the dimension for reading railway equipment state in real time
In shield net unit with connect the managing intranet unit of administrative staff, and pass through net unit in the computer room for store forwarding information and carry out letter
The forwarding of breath actively responds outer net request without Intranet equipment, substantially increases the information communication speed of system.
(2) in Intranet processing module only connected by net unit in computer room with outer net processing module, in maintenance net unit with
Managing intranet unit is isolated with the holding of outer net processing module, once there is unsafe solicited message to flow into, can be cut off in time
Contacting between net unit in net unit and managing intranet unit and computer room, greatly improves the security performance of system in maintenance.
(3) protection gateway is equipped between net unit in net unit, managing intranet unit and computer room in safeguarding, has carried out two
Secondary security protection, further improves security performance.
(4) it is not connected between net unit and managing intranet unit in safeguarding, information therebetween passes through computer room Intranet list
Member is transmitted, the risk for reducing administrative staff's maloperation and the mistake of railway equipment state being caused to be changed.
(5) quantity of application server is no less than 2 in net unit in computer room, for carrying out redundancy backup, if there is a
Other server breaks down, remaining server is it is also ensured that information stablizes transmission and storage.
(6) intranet and extranet protection module includes sequentially connected intranet and extranet protection gateway and intranet and extranet fire wall, and traditional
The method for carrying out safeguard protection using fire wall as protection module is compared, and dual safety prevention measure can greatly increase system
Safety.
(7) gateway employs the serial gateways of god of net SecSIS 3600, can realize and swap control by independent hardware
System, security performance higher.
Description of the drawings
Fig. 1 is the structural diagram of the present invention;
Wherein, 1 is outer net processing module, and 21 be net unit in computer room, and 22 be net unit in safeguarding, 23 be managing intranet list
Member, 211 be computer room Intra-Network switch, and 212 be application server, and 213 protect gateway for computer room Intranet, and 214 protect for intranet and extranet
Gateway, 215 be intranet and extranet fire wall, and 221 be railway equipment, and 231 be office equipment, and 232 be managing intranet fire wall.
Specific embodiment
The present invention is described in detail with specific embodiment below in conjunction with the accompanying drawings.The present embodiment is with technical solution of the present invention
Premised on implemented, give detailed embodiment and specific operating process, but protection scope of the present invention is not limited to
Following embodiments.
A kind of high security network for railway equipment maintenance management to be provided in the present embodiment communicates as shown in Figure 1
System, including:Outer net processing module 1 is connect with outer net equipment, for receiving the solicited message of outer net and being fed back;Intranet
Processing module is connect respectively with outer net processing module 1 and Intranet equipment, for being sent to Intranet equipment through outer net processing module 1
The solicited message of transmission, and the feedback information of Intranet equipment is passed into outer net processing module 1;Intranet and extranet protection module, respectively
It is connect with outer net processing module 1 and Intranet processing module, for filtering the solicited message of the transmission of outer net processing module 1, in guarantee
The security performance of net processing module;Intranet processing module includes:Net unit 21 in computer room connect with outer net processing module 1, are used for
Solicited message and feedback information are stored, and two-way communication is carried out with outer net processing module 1;Net unit 22 in maintenance, respectively with machine
Net unit 21 and the railway equipment 221 safeguarded connect in room, for transmitting the maintenance status information of railway equipment 221;Management
Interior net unit 23, connect respectively with net unit in computer room 21 and the office equipment of administrative staff 231, for from computer room Intranet unit
Solicited message and the maintenance status information of railway equipment 221 are received in 21, and generates feedback information.
Wherein, net unit 21 includes in computer room:Computer room Intra-Network switch 211, respectively with outer net processing module 1, safeguard in
Net unit 22 and managing intranet unit 23 connect, for receiving and forwarding solicited message, feedback information and safeguard status information;It should
It with server 212, is connect with computer room Intra-Network switch 211, for storing solicited message, feedback information and safeguarding status information.
Net unit 21 further includes computer room Intranet protection gateway 213 in computer room, is respectively arranged at net unit 22 and computer room Intranet in maintenance and hands over
It changes planes between 211 and between managing intranet unit 23 and computer room Intra-Network switch 211.Computer room Intra-Network switch 211 and management
Managing intranet fire wall 232 is additionally provided between interior net unit 23.In the present embodiment, the quantity of application server 212 is 4.It is interior
Outer net protection module includes sequentially connected intranet and extranet protection gateway 214 and intranet and extranet fire wall 215.It is and inside and outside in the present embodiment
Net protection gateway 214 is using 3600 serial gateways of net Shen SecSIS.The railway equipment 221 safeguarded is examined including automatic selling
Bill system headend equipment, window talkback equipment, scanner and certification recognition device.
The operation principle of the system is as follows:External user sends solicited message, intranet and extranet fire wall 215 and intranet and extranet first
Protection gateway 214 is successively filtered the solicited message, and waiting in computer room Intra-Network switch 211 is transmitted to if safety and is turned
Hair, while be uploaded in application server 212 and preserved.Solicited message is forwarded by computer room Intra-Network switch 211, warp
It is sent in management after crossing 213 managing intranet unit of computer room Intranet protection gateway, 23 firewall filtering in the case where confirming safety
Net unit 23, managing intranet unit 23 are transmitted it in the office equipment 231 of administrative staff, and administrative staff believe according to request
Breath generates the solicited message of the maintenance state of railway equipment 221 and is transmitted to net unit 21 in computer room, computer room Intra-Network switch
The information is protected gateway 213 to be transmitted to net unit 22 in maintenance after filtering by 211 by computer room Intranet, and net unit 22 is right in maintenance
The maintenance state of railway equipment 221, which is read out and generates, safeguards status information, then in the computer room by net unit in computer room 21
Network switch 211 is forwarded to managing intranet unit 23, and administrative staff are generated according to the maintenance status information of reading and solicited message
Corresponding feedback information is re-transmitted to net unit 21 in computer room, is on the one hand transmitted it to by computer room Intra-Network switch 211
On the other hand outer net processing module 1 is uploaded in server and is preserved.
Claims (8)
1. a kind of high security network communication system for railway equipment maintenance management, the system comprises:
Outer net processing module is connect with outer net equipment, for receiving the solicited message of outer net and being fed back;
Intranet processing module is connect respectively with outer net processing module and Intranet equipment, for being sent at through outer net to Intranet equipment
The solicited message that module is transmitted is managed, and the feedback information of Intranet equipment is passed into outer net processing module;
Intranet and extranet protection module is connect respectively with outer net processing module and Intranet processing module, for filtering outer net processing module
The solicited message of transmission ensures the security performance of Intranet processing module;
It is characterized in that, the Intranet processing module includes:
Net unit in computer room is connect with outer net processing module, for storing solicited message and feedback information, and handles mould with outer net
Block carries out two-way communication;
Net unit in maintenance is connect respectively with net unit in computer room and the railway equipment safeguarded, for transmitting railway equipment
Safeguard status information;
Managing intranet unit, respectively the office equipment with net unit in computer room and administrative staff connect, for from computer room Intranet list
Solicited message and the maintenance status information of railway equipment are received in member, and generates feedback information.
2. the high security network communication system according to claim 1 for railway equipment maintenance management, feature exists
In net unit includes in the computer room:
Computer room Intra-Network switch is connect respectively with net unit in outer net processing module, maintenance and managing intranet unit, for receiving
And it forwards solicited message, feedback information and safeguards status information;
Application server is connect with computer room Intra-Network switch, for storing solicited message, feedback information and safeguarding status information.
3. the high security network communication system according to claim 2 for railway equipment maintenance management, feature exists
In net unit further includes computer room Intranet protection gateway in the computer room, is respectively arranged at net unit and computer room Intranet in maintenance and hands over
Between changing planes and between managing intranet unit and computer room Intra-Network switch.
4. the high security network communication system according to claim 2 for railway equipment maintenance management, feature exists
In being additionally provided with managing intranet fire wall between the computer room Intra-Network switch and managing intranet unit.
5. the high security network communication system according to claim 2 for railway equipment maintenance management, feature exists
In the quantity of the application server is no less than 2.
6. the high security network communication system according to claim 1 for railway equipment maintenance management, feature exists
In the intranet and extranet protection module includes sequentially connected intranet and extranet protection gateway and intranet and extranet fire wall, the intranet and extranet are prevented
Protecting wire net lock is connect with net unit in computer room, and the intranet and extranet fire wall is connect with outer net processing module.
7. the high security network communication system according to claim 6 for railway equipment maintenance management, feature exists
In the intranet and extranet protection gateway includes the serial gateways of god of net SecSIS 3600.
8. the high security network communication system according to claim 1 for railway equipment maintenance management, feature exists
In the railway equipment safeguarded, which includes AFC system headend equipment, window talkback equipment, scanner and certificate, to be known
Read device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611254180.1A CN108270590A (en) | 2016-12-30 | 2016-12-30 | A kind of high security network communication system for railway equipment maintenance management |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611254180.1A CN108270590A (en) | 2016-12-30 | 2016-12-30 | A kind of high security network communication system for railway equipment maintenance management |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108270590A true CN108270590A (en) | 2018-07-10 |
Family
ID=62754324
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611254180.1A Pending CN108270590A (en) | 2016-12-30 | 2016-12-30 | A kind of high security network communication system for railway equipment maintenance management |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108270590A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108965320A (en) * | 2018-08-08 | 2018-12-07 | 湖南中车时代通信信号有限公司 | A kind of system and method for general railway intranet and extranet data interaction |
| PL427624A1 (en) * | 2017-10-31 | 2019-05-06 | Azd Praha Sro | Method of operation of the automatic train protection system on-board unit and the automatic train protection system device for execution of the method |
| CN112787836A (en) * | 2019-11-07 | 2021-05-11 | 比亚迪股份有限公司 | Information security network topology and method for implementing information security |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2239932A1 (en) * | 2009-04-06 | 2010-10-13 | Cogelec | Interphone method, recording medium and interphone for said method |
| CN105787679A (en) * | 2014-12-15 | 2016-07-20 | 兰州正远科技有限公司 | Data interaction system for railway logistics information platform |
| CN205564024U (en) * | 2016-01-20 | 2016-09-07 | 浙江万邦智能工程有限公司 | Intelligent traffic system |
| CN106230806A (en) * | 2016-07-26 | 2016-12-14 | 中国南方电网有限责任公司信息中心 | Blended data custom protocol communication system under tertiary-structure network environment and method |
-
2016
- 2016-12-30 CN CN201611254180.1A patent/CN108270590A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2239932A1 (en) * | 2009-04-06 | 2010-10-13 | Cogelec | Interphone method, recording medium and interphone for said method |
| CN105787679A (en) * | 2014-12-15 | 2016-07-20 | 兰州正远科技有限公司 | Data interaction system for railway logistics information platform |
| CN205564024U (en) * | 2016-01-20 | 2016-09-07 | 浙江万邦智能工程有限公司 | Intelligent traffic system |
| CN106230806A (en) * | 2016-07-26 | 2016-12-14 | 中国南方电网有限责任公司信息中心 | Blended data custom protocol communication system under tertiary-structure network environment and method |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| PL427624A1 (en) * | 2017-10-31 | 2019-05-06 | Azd Praha Sro | Method of operation of the automatic train protection system on-board unit and the automatic train protection system device for execution of the method |
| CN108965320A (en) * | 2018-08-08 | 2018-12-07 | 湖南中车时代通信信号有限公司 | A kind of system and method for general railway intranet and extranet data interaction |
| CN112787836A (en) * | 2019-11-07 | 2021-05-11 | 比亚迪股份有限公司 | Information security network topology and method for implementing information security |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8756411B2 (en) | Application layer security proxy for automation and control system networks | |
| CN106411820B (en) | A kind of industrial communication based on SDN framework spreads defeated method of controlling security | |
| CN107070613B (en) | Reliable data transmission method in distributed network environment | |
| CN108270590A (en) | A kind of high security network communication system for railway equipment maintenance management | |
| CN101986638A (en) | Gigabit one-way network isolation device | |
| CN106506510A (en) | Dynamic vibration signal data inter-network lock Transmission system and its method | |
| EP2945350A2 (en) | Communication apparatus, a system for secure communication, and a method for communication | |
| CN109558366A (en) | A kind of firewall based on multiple processor structure | |
| CN105208352B (en) | A kind of network video safety monitoring system and physical isolation method | |
| CN101262350A (en) | A realization method, system and device for Portal dual host hot swap | |
| JP2010166486A (en) | Protection control measuring system and device and data transfer method | |
| CN202003423U (en) | Security access control system | |
| CN104601550A (en) | System and method for transmitting reversely quarantined file based on cluster array | |
| CN105656655B (en) | A kind of network safety managing method, device and system | |
| CN101114932A (en) | Method and system for implementing remote capturing packet | |
| CN106549502B (en) | A kind of safe distribution of electric power protecting, monitoring system | |
| CN108965297A (en) | A kind of access control equipment management system | |
| CN110011941A (en) | A kind of message forwarding method and equipment | |
| CN104539517A (en) | Chatting method and system based on intelligent terminal local server | |
| KR20150090212A (en) | Switch device, vlan setting management method and program | |
| CN101252523A (en) | Message redirecting method, method and device for reverting redirecting message feature information | |
| CN103416026B (en) | Network system and packet processing method | |
| CN102724164A (en) | Multi-communication protocol transmission apparatus of electric power control system and method thereof | |
| CN103747472B (en) | Noninductive tandem system on basis of circuit switch domain No.7 signaling network | |
| CN206472142U (en) | A kind of high security network communication system for railway equipment maintenance management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |