CN109246056A - Data safe transmission method and its device - Google Patents
Data safe transmission method and its device Download PDFInfo
- Publication number
- CN109246056A CN109246056A CN201710558047.3A CN201710558047A CN109246056A CN 109246056 A CN109246056 A CN 109246056A CN 201710558047 A CN201710558047 A CN 201710558047A CN 109246056 A CN109246056 A CN 109246056A
- Authority
- CN
- China
- Prior art keywords
- target data
- buffer area
- data
- sent
- cached
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/162—Implementing security features at a particular protocol layer at the data link layer
Abstract
The present invention proposes a kind of data safe transmission method and device, for in closed type track traffic communications system, method includes: to obtain target data to be transmitted, and target data is cached gradually into the first buffer area and the second buffer area, target data is read from the second buffer area, target data is handled using the first track traffic signal secure communication protocols being mutually redundant, by treated, target data is cached in third buffer area, is sent from the target data after reading process in third buffer area.In the present embodiment, due to being provided with multiple buffer areas, the application program of equipment, the network architecture and communication interface, that is, link layer can be carried out to layering isolation, RSSP- Ι has been packaged in the network architecture, can guarantee the safe transfer of data itself.Since function carries out layering isolation, the network architecture is no longer defined in specific communication mode, can call a plurality of types of communication interfaces, so that the network architecture has portable and versatility.
Description
Technical field
The present invention relates to rail communication technical field more particularly to a kind of data safe transmission methods and its device.
Background technique
In track traffic communications system, there can be a threat of network security, there are data frames to repeat in transmission, data frame
It loses, data frame is inserted into, data frame is not in the right order, data frame error, the risks such as data frame transfer time-out.In rail traffic,
It receives there are the train of the data of above-mentioned risk, if continuing to be controlled or run according to these data, drives a vehicle
The dangerous of safety.
In order to guarantee track traffic signal can in enclosed rail traffic communication system safe transmission, need according to
First track traffic signal secure communication protocols (Railway Signal Safety Protocol, abbreviation RSSP- Ι) are to will pass
Defeated data are handled, to improve the safety of data.
Summary of the invention
The present invention is directed to solve at least some of the technical problems in related technologies.
For this purpose, the first purpose of this invention is to propose a kind of data safe transmission method, by a portability,
Versatility network protocol framework realizes safety-oriented data transfer during track traffic communication, improves the purpose of network security, uses
In solving the existing Cyberthreat as present in rail traffic communication system the specified number evidence of transmission is gone wrong, Jin Erke
The problem that traffic safety can be caused lower.
Second object of the present invention is to propose a kind of data security transmission device.
Third object of the present invention is to propose a kind of data security transmission device.
Fourth object of the present invention is to propose a kind of computer program product.
5th purpose of the invention is to propose a kind of non-transitorycomputer readable storage medium.
In order to achieve the above object, first aspect present invention embodiment proposes a kind of data safe transmission method, for closing
In formula rail traffic communication system, which comprises
Target data to be transmitted is obtained, and the target data is buffered in the first buffer area;
The target data is read from first buffer area, and the target data is cached in protocol layer
The second buffer area in;
Using the first track traffic signal secure communication protocols being mutually redundant in the protocol layer to the target
Data are handled;
By treated, the target data is cached in the third buffer area in the protocol layer;
It is sent from the target data after reading process in the third buffer area.
Data safe transmission method provided in this embodiment, for passing through acquisition in closed type track traffic communications system
Target data to be transmitted, and target data is successively cached in the first buffer area and the second buffer area, from the second buffer area
Middle reading target data handles target data using the first track signal secure communication protocols being mutually redundant, will locate
Target data after reason is cached to third and delays in buffer area, is sent out from the target data after reading process in third buffer area
It send.It, can be by the application program, the network architecture and communication interface of equipment due to being provided with multiple buffer areas in the present embodiment
I.e. link layer has carried out layering isolation, is packaged with RSSP- Ι in the network architecture, can guarantee the safe transfer of data itself.Due to
Function carries out layering isolation, and the network architecture is no longer defined in specific communication mode, can call a plurality of types of communication interfaces,
So that the network architecture has portable and versatility.And the corresponding user of application program can only focus on data receiver and hair
It send, does not need the specific implementation of concern RSSP- Ι, be easy to user's use.
In order to achieve the above object, second aspect of the present invention embodiment proposes a kind of data security transmission device, for closing
In formula rail traffic communication system, described device includes:
First cache layer is buffered in the first buffer area for obtaining target data to be transmitted, and by the target data
In;
Protocol layer delays for reading the target data from first buffer area, and by the target data
It is stored in the second buffer area, the target data is carried out using the first track traffic signal secure communication protocols being mutually redundant
Processing, and the target data is cached in third buffer area by treated;
Data send layer, for being sent from the target data after reading process in the third buffer area.
Data security transmission device provided in this embodiment, for passing through acquisition in closed type track traffic communications system
Target data to be transmitted, and target data is successively cached in the first buffer area and the second buffer area, from the second buffer area
Middle reading target data is handled target data using the first track traffic signal secure communication protocols being mutually redundant,
By treated, target data is cached in third buffer area, is sent out from the target data after reading process in third buffer area
It send.It, can be by the application program, the network architecture and communication interface of equipment due to being provided with multiple buffer areas in the present embodiment
I.e. link layer has carried out layering isolation, is packaged with RSSP- Ι in the network architecture, can guarantee the safe transfer of data itself.Due to
Function carries out layering isolation, and the network architecture is no longer defined in specific communication mode, can call a plurality of types of communication interfaces,
So that the network architecture has portable and versatility.And the corresponding user of application program can only focus on data receiver and hair
It send, does not need the specific implementation of concern RSSP- Ι, be easy to user's use.
In order to achieve the above object, third aspect present invention embodiment proposes a kind of data security transmission device, including processor
And memory;Wherein, processor is run and executable program generation by reading the executable program code stored in memory
The corresponding program of code, for realizing the data safety transmission method as described in first aspect embodiment.
In order to achieve the above object, fourth aspect present invention embodiment proposes a kind of computer program product, work as computer program
When instruction in product is executed by processor, the data safety transmission method as described in first aspect embodiment is executed.
In order to achieve the above object, fifth aspect present invention embodiment proposes a kind of non-transitorycomputer readable storage medium,
It is stored thereon with computer program, the data as described in first aspect embodiment are realized when which is executed by processor
Safe transmission method.
The additional aspect of the present invention and advantage will be set forth in part in the description, and will partially become from the following description
Obviously, or practice through the invention is recognized.
Detailed description of the invention
Above-mentioned and/or additional aspect and advantage of the invention will become from the following description of the accompanying drawings of embodiments
Obviously and it is readily appreciated that, in which:
Fig. 1 is a kind of flow diagram of data safe transmission method provided in an embodiment of the present invention;
Fig. 2 is a kind of one of schematic diagram of the network architecture provided in an embodiment of the present invention;
Fig. 3 is the flow diagram of another data safe transmission method provided in an embodiment of the present invention;
Fig. 4 is the two of a kind of schematic diagram of the network architecture provided in an embodiment of the present invention;
Fig. 5 is the flow diagram of another data safe transmission method provided in an embodiment of the present invention;
Fig. 6 is the three of a kind of schematic diagram of the network architecture provided in an embodiment of the present invention;
Fig. 7 is the four of a kind of schematic diagram of the network architecture provided in an embodiment of the present invention;
Fig. 8 is the flow diagram of another data safe transmission method provided in an embodiment of the present invention;
Fig. 9 is the schematic diagram of equipment room data provided in an embodiment of the present invention transmission;
Figure 10 is a kind of structural schematic diagram of data security devices provided in an embodiment of the present invention;
Figure 11 is the structural schematic diagram of another data security devices provided in an embodiment of the present invention.
Specific embodiment
The embodiment of the present invention is described below in detail, examples of the embodiments are shown in the accompanying drawings, wherein from beginning to end
Same or similar label indicates same or similar element or element with the same or similar functions.Below with reference to attached
The embodiment of figure description is exemplary, it is intended to is used to explain the present invention, and is not considered as limiting the invention.
Below with reference to the accompanying drawings the data safe transmission method and system of the embodiment of the present invention are described.
Fig. 1 is a kind of flow diagram of data safe transmission method provided in an embodiment of the present invention.As shown in Figure 1, should
Data safe transmission method includes:
S101 obtains target data to be transmitted, and target data is buffered in the first buffer area.
In the present embodiment, the executing subject of the data safe transmission method can be the network architecture being arranged in equipment,
The network architecture is in closed type track traffic communications system.Fig. 2 is a kind of network architecture provided in an embodiment of the present invention
Structural schematic diagram.Include the first buffer area, protocol layer in the network architecture, is wherein provided with redundancy in protocol layer
First track traffic signal secure communication protocols and the second buffer area and third buffer area and data send layer.
Specifically, it can receive target data to be transmitted, the target data received be then buffered in the first caching
Qu Zhong.In the present embodiment, target data to be transmitted can to need the external data sent outward inside equipment, can also other than
Portion needs the data sent toward equipment content.The network architecture can be supported to send data outward and receive data from outside.
Herein it should be noted that target data can be the application program in the equipment for being equipped with the network architecture
Transmitted data, when the application program in equipment needs to send data outward, so that it may by the network structure toward outgoing
Send data.Target data to be sent is cached in the first buffer area by application program first.
In addition, target data may be the data from external opposite equip., opposite equip. needs to send data
To the application program on above equipment.When opposite equip. needs the application program on above equipment to send data, network rack
Structure receives the target data of opposite equip. transmission first, which is stored in the first buffer area.
S102 reads target data from the first buffer area, and second target data is cached in protocol layer
In buffer area.
In the present embodiment, the second buffer area and third buffer area are provided in protocol layer.From the first buffer area
Target data can be read, then the target data is cached in the second buffer area in protocol layer.
S103, using the first track traffic signal secure communication protocols being mutually redundant in protocol layer to target data
It is handled.
Specifically, for target data after being cached in the second buffer area, Ι layers of RSSP- in the network architecture can be from
Target data is read in two buffer areas, based on the RSSP- Ι being mutually redundant in this layer come processing target data.It needs herein
It is bright, when target data is data received from external equipment, need to parse target data using RSSP- Ι, example
Such as, target data is decrypted using clear crytpographic key.And when target data is the data received from application program,
Since the data are an initial data, need to be packaged processing to target data using RSSP- Ι, it is close for example, by using encrypting
Code encrypts target data, the format of target data is converted into format required by RSSP- Ι etc..
S104, by treated, target data is cached in the third buffer area in protocol layer.
After being handled using RSSP- Ι target data, the network architecture can target data be cached to by treated
In third buffer area in protocol layer.
S105 is sent from the target data after reading process in third buffer area.
It is then right it is possible to further from the target data after reading process in the third buffer area in protocol layer
Treated, and target data is sent.Specifically, the data in Fig. 2 send layer from the third buffer area in protocol layer
Target data is read, then sends the target data read.
When target data is the data that application program needs to send, the network architecture can pass through the communication with opposite equip.
Interface, by treated, target data is sent to opposite equip..Communication interface can be cable or serial port form.It is connect in communication
Specific communication protocol is not limited in mouthful.
When target data is the data that opposite equip. needs to send to application program, the network architecture can be cached from third
Target data in area after reading process is transmitted directly to application program.
Data safe transmission method provided in this embodiment, for passing through acquisition in closed type track traffic communications system
Target data to be transmitted, and target data is successively cached in the first buffer area and the second buffer area, from the second buffer area
Middle reading target data is handled target data using the first track traffic signal secure communication protocols being mutually redundant,
By treated, target data is cached in third buffer area, is sent out from the target data after reading process in third buffer area
It send.It, can be by the application program, the network architecture and communication interface of equipment due to being provided with multiple buffer areas in the present embodiment
I.e. link layer has carried out layering isolation, is packaged with RSSP- Ι in the network architecture, can guarantee the safe transfer of data itself.Due to
Function carries out layering isolation, and the network architecture is no longer defined in specific communication mode, can call a plurality of types of communication interfaces,
So that the network architecture has portable and versatility.And the corresponding user of application program can only focus on data receiver and hair
It send, does not need the specific implementation of concern RSSP- Ι, be easy to user's use.
Data safe transmission method provided by the above embodiment in order to better understand is needed with application program in the present embodiment
Data are sent as a scene, a step is carried out to above-described embodiment and is explained.Fig. 3 is provided in an embodiment of the present invention another
A kind of flow diagram of data safe transmission method.As indicated at 3, which includes the following steps:
S301 receives target data to be sent from application program, and target data is buffered in the first transmission buffer area
In.
In the present embodiment, for the data of application program to be sent to opposite equip..
On the basis of Fig. 2, Fig. 4 provides another network architecture.The first buffer area includes the in the network architecture
One sends buffer area, and the second buffer area includes the second transmission buffer area, and third buffer area includes that third sends buffer area.
In the present embodiment, multiple application programs are often installed in equipment or system, all application programs are in
Application layer in Fig. 4.When application program needs to send target data, the application program in application layer can be into the network architecture
The first transmission buffer area in send target data, and target data is buffered in the first transmission buffer area.
S302 reads target data from the first transmission buffer area and is cached in the second transmission buffer area.
After target data to be cached to the first transmission buffer area, in order to send the target data, network rack outward
Ι layers of structure RSSP- also need to read target data from the first transmission buffer area.
S303 reads target data from the second transmission buffer area.
S304, in protocol layer using the first track traffic signal secure communication protocols being mutually redundant, respectively to mesh
Mark data are packaged.
After reading target data, according to the regulation in RSSP- Ι, target data is packaged, for example, can be by
According in RSSP- Ι encryption regulation encrypted, format conversion, compression and encapsulation etc. processing.
Target data after encapsulation is cached to third and sent in buffer area by S305.
After being packaged using RSSP- Ι to target data, the target data after encapsulation can be cached to third and sent and delayed
It deposits in area.
S306 sends the target data after reading encapsulation in buffer area from third.
In the present embodiment, in order to continue outside transmission objectives data, need to send from third in buffer area after reading encapsulation
Target data.
It can be provided in the network architecture as a kind of possible implementation in order to provide the reliability of data transmission
The dual communication link of redundancy.During application program sends data, the dual communication link being arranged in the network architecture is known as the
A pair of communication link.Wherein, the first dual communication link includes the first main channel and first for channel.First dual communication link can be with
The target data after reading encapsulation in buffer area is sent from third respectively.
S307 calls communication interface that the target data after encapsulation is sent to corresponding opposite equip..
In the present embodiment, after the target data for sending after reading encapsulation in buffer area from second, communication can be called to connect
Mouthful, the target data after encapsulation is then sent to by corresponding opposite equip. by communication interface.
As a kind of possible implementation, the first main channel and first in the first dual communication link can be divided for channel
Not Tiao Yong communication interface, the target data after encapsulation is sent to by opposite equip. by the communication interface of calling.Wherein, communication connects
Mouth can be serial ports or cable.In the present embodiment, the safety that local device and opposite equip. transmit for data, use is superfluous
Remaining design is provided with the dual communication link of redundancy in the network architecture.First main channel of local device passes through communication interface, will
Target data is sent to the main channel on opposite equip. after encapsulation, and the first of local device, by communication interface, will seal for channel
Target data after dress is sent to the standby channel on opposite equip..
Further, after opposite equip. receives the message for carrying target data, in the network architecture of opposite equip.
Ι layers of RSSP- need to the validity-safety check domain-secondary ordered pair of update local security parameter message carries out end to end according to message
Safety check, to guarantee above four security features.
It, can be by the application program, the network architecture and communication of equipment due to being provided with multiple buffer areas in the present embodiment
Interface, that is, link layer has carried out layering isolation, is packaged with RSSP- Ι in the network architecture, can guarantee the safe transfer of data itself.
Since function carries out layering isolation, the network architecture is no longer defined in specific communication mode, can call a plurality of types of communications
Interface, so that the network architecture has portable and versatility.And the corresponding user of application program can only focus on data and connect
It receives and sends, do not need the specific implementation of concern RSSP- Ι, be easy to user's use.
Data safe transmission method provided by the above embodiment in order to better understand, to need to application in the present embodiment
Program sends data as a scene, carries out a step to above-described embodiment and explains.Fig. 5 is provided in an embodiment of the present invention
Another flow diagram of data safe transmission method.As figure 5 illustrates, which includes the following steps:
S501 receives the target data that opposite equip. is sent, target data is buffered in the first reception buffer area.
In the present embodiment, data are sent for application program of the opposite equip. on local device.
In the present embodiment, Ι layers of RSSP- in the network architecture on local device need to the number of targets from opposite equip.
It checks according to doing for example, the authenticity of the data source i.e. source information of transmitting terminal, the correctness of data frame and integrality, data
The timeliness and real-time of frame and the correctness or order of sequence of data frames.
On the basis of Fig. 2, Fig. 6 provides another network architecture.The first buffer area includes the in the network architecture
One receives buffer area, and the second buffer area includes the second reception buffer area and third buffer area includes that third receives buffer area.
In the present embodiment, multiple application programs are often installed in equipment or system, all application programs are in
Application layer in Fig. 6.When opposite equip. needs the application program on local device to send data, opposite equip. can be to net
Target data is sent in the first reception buffer area in network framework.Specifically, number is sent in the application program on local device
During, the dual communication link being arranged in the network architecture is known as the second dual communication link.Opposite equip. passes through communication interface
Target data is sent to the second dual communication link of redundancy.It include that the second main channel and second are standby logical in second dual communication link
Road.Specifically, it calls communication interface from the network connection between opposite equip., receives the number of targets that opposite equip. is sent
According to.After communication interface receives target data, target data is connected by the second dual communication of redundancy, and target data is delayed
There are first to receive in buffer area.
S502 reads target data from the first reception buffer area.
In order to continue to transmit to target data, Ι layers of RSSP- in the network architecture can be received in buffer area from first
Read target data.Herein it should be noted that opposite equip. is similarly the equipment for being equipped with the network architecture, opposite equip. hair
The target data brought is the data after RSSP- Ι encapsulation.
S503, second that the target data read from the first reception buffer area is cached in protocol layer, which receives, to be cached
Qu Zhong.
S504 reads target data from the second reception buffer area.
S505, in protocol layer using the first track traffic signal secure communication protocols being mutually redundant respectively to target
Data are parsed.
After getting target data, in order to get initial data, it is necessary to be carried out using RSSP- Ι to target data
Parsing, the target data after available parsing can be applied at this point, the target data after parsing can be initial data
Program is identified.For example, the processing such as de-encapsulation, decompression, decryption, format conversion can be carried out to target data.
Target data after parsing is cached to the third in protocol layer and received in buffer area by S506.
After target data is parsed, the third that the target data after parsing can be cached in protocol layer
It receives in buffer area.
S507, the target data received after reading parsing in buffer area from third are sent to corresponding application program.
Further, the target data after reading parsing in caching is received from third, then by the target data after parsing
It is sent to corresponding application program.
It, can be by the application program, the network architecture and communication of equipment due to being provided with multiple buffer areas in the present embodiment
Interface, that is, link layer has carried out layering isolation, is packaged with RSSP- Ι in the network architecture, can guarantee the safe transfer of data itself.
Since function carries out layering isolation, the network architecture is no longer defined in specific communication mode, can call a plurality of types of communications
Interface, so that the network architecture has portable and versatility.And the corresponding user of application program can only focus on data and connect
It receives and sends, do not need the specific implementation of concern RSSP- Ι, be easy to user's use.
In order to allow the network architecture preferably to support to send and receive.The network architecture can include that the first transmission is slow simultaneously
It deposits area, the first reception buffer area, the second transmission buffer area and the second reception buffer area and third sends buffer area and third
Buffer area is received, the specific structure of the network architecture is as shown in Figure 7.The application layer docked with the network architecture, net are provided in Fig. 7
Further include in network framework the first main channel and first for channel, the second main channel and second for channel.
Accordingly with Fig. 7, which can provide another data safe transmission method, and Fig. 8 is that the present invention is implemented
The flow diagram for another data safe transmission method that example provides.The data safe transmission method the following steps are included:
S801, task start.
In the present embodiment, data can be sent or be received as a task, after task starts, starting can be executed
The network architecture.
S802, the network architecture obtain the first data from communication interface.
When there is task instruction to need to obtain the first data from communication interface, then the network architecture starts to obtain from communication interface
The first data are taken, herein it should be noted that the first data are the target data from external opposite equip..
S803 judges whether to receive the first data.
If it is judged that receiving the first data, then S804 is executed;If it is judged that not receiving the first data, then execute
S815 waits next task, i.e., task terminates at this time.
S804 receives the first data buffer storage to first in buffer area.
S805 carries out safety check to the first data using RSSP-I.
In order to guarantee that the data of external transmission have enough safeties, RSSP-I can use to the safety of the first data
Property is verified.
S806, judges whether safety check succeeds.
If it is determined that safety check successfully illustrates the first data safety, then S807 is executed, if it is judged that safety check loses
It loses, then executes S816 and mistake is handled and fed back.
S807 parses the first data and is successively cached in second and third reception buffer area.
S808 is received to read in buffer area from third and the first Data Concurrent is sent to give corresponding application program in application layer.
Herein it should be noted that above-mentioned steps are that external opposite equip. needs to send out in application program on local device
Send the scene of data.About this scene lower network framework in each step to the concrete processing procedure of the first data, reference can be made on
The record of related content in embodiment is stated, details are not described herein again.
Second data are sent to the network architecture by S809, the application program in application layer.
S810, the network architecture receive the second data and are successively cached in the first and second transmission buffer areas.
S811 reads the second data from the first transmission buffer area.
S812 judges whether to read the second data.
If it is judged that reading the second data, then S813 is executed;If it is judged that it is unread to the second data, then it executes
S815。
S813 encapsulates the second data using RSSP-I.
S814 sends the second data by communication interface.
Call communication interface that the second data after encapsulation are sent to opposite equip..
S809~S815 needs to send the scene of data outward for the application program in application layer.About this scene lower network
Framework in each step to the concrete processing procedure of the first data, reference can be made in above-described embodiment related content record, herein
It repeats no more.
Herein it should be noted that stringent sequential relationship is not present in the implementation procedure of two scenes, can concurrently hold
Row, can also execute respectively, or sequence executes.
In the present embodiment, since multiple buffer areas are arranged, the application program of equipment, the network architecture and communication can be connect
Mouth is that link layer has carried out layering isolation, is packaged with RSSP- Ι in the network architecture, can guarantee the safe transfer of data itself.By
Layering isolation is carried out in function, the network architecture is no longer defined in specific communication mode, and a plurality of types of communications can be called to connect
Mouthful, so that the network architecture has portable and versatility.And the corresponding user of application program can only focus on data receiver
And transmission, the specific implementation of concern RSSP- Ι is not needed, user's use is easy to.
As shown in figure 9, needing to carry out data transmission between equipment A and equipment B, equipment A is local device, equipment herein
B is opposite equip..Equipment A and equipment B are mounted on the network architecture shown in Fig. 7.In order to enable data two equipment it
Between transmitted, need to select roles in advance for two equipment, wherein role is divided into calling terminal and called end.Show as one kind
Example, the role of equipment A are calling terminal, and the role of equipment B is called end.In order to guarantee data can safe transmission, from
Target data is read in first buffer area, target data is carried out to handle it using the first track traffic signal secure communication protocols
Before, need to establish safe transmission connection between both devices.In RSSP- Ι require only have calling terminal equipment could actively with
The equipment of called end carries out safe transmission establishment of connection.In Fig. 9, when equipment B sends target data to equipment A, Ke Yitong
It crosses in figure and is denoted as the flow direction of grey box composition, and also pass through dotted line frame, for example, application layer, RSSP- Ι and communication interface.
And when equipment A and equipment B sends target data, it can be by being denoted as the flow direction of white box composition in figure, and also pass through
Dotted line frame, for example, application layer, RSSP- Ι and communication interface.
Wherein, two network architectures of the redundancy in equipment can identify logical independently as a source address and source
Believe node.For the angle of equipment A, when the principal series network architecture is connected by safe transmission sends target data to equipment B,
Identical target data need to be passed through the binary channels that is mutually redundant be sent to equipment B the principal series network architecture and it is standby be network
Structure.And it is the network architecture that equipment A, which sends the standby of equipment A for target data by synchronization between being, standby is that the network architecture is also answered
Encapsulation target data and be sent to equipment B principal series and it is standby be the network architecture.
For equipment B, principal series and it is standby be the network architecture in one cycle, can receive equipment A principal series network
The standby message and equipment A for the carrying target data that framework is sent by the binary channels of redundancy is that the network architecture passes through redundancy
The message for the carrying target data that binary channels is sent.
Figure 10 is a kind of structural schematic diagram of data security transmission device provided in an embodiment of the present invention.As shown in Figure 10,
The rich data security transmission device includes: that the first cache layer 11, protocol layer 12 and data send layer 13.
Wherein, the first cache layer 11 is buffered in first for obtaining target data to be transmitted, and by the target data
In buffer area.
Protocol layer 12, for reading the target data from first buffer area, and by the target data
Be cached in the second buffer area, using the first track traffic signal secure communication protocols being mutually redundant to the target data into
Row processing, and the target data is cached in third buffer area by treated.
Data send layer 13, for being sent from the target data after reading process in the third buffer area.
On the basis of Figure 10, Figure 11 is that the structure of another data security transmission device provided in an embodiment of the present invention is shown
It is intended to.Wherein, first buffer area includes the first transmission buffer area, and second buffer area includes the second transmission buffer area,
Third buffer area includes that third sends buffer area.
When the application program on local device needs to send data, then first cache layer 11, is specifically used for from institute
It states and receives the target data to be sent in application program, the target data is buffered in the first transmission buffer area;
Protocol layer 12 will be from described specifically for reading the target data from the first transmission buffer area
The target data that first transmission buffer area is read is cached to second in the protocol layer and sends in buffer area, and
The target data is read from the second transmission buffer area, utilizes first track traffic signal safety being mutually redundant
Communication protocol is respectively packaged the target data and the target data after encapsulation is cached to the third transmission
In buffer area.
Data send layer 13, specifically for sending the target data after reading encapsulation in buffer area from the third,
Call communication interface that the target data after encapsulation is sent to corresponding opposite equip..
Further, the second cache layer 13, specifically for the first dual communication link by redundancy respectively from the third
Read the target data after encapsulation in buffer area, and described in calling respectively by the first dual communication link of the redundancy
Communication interface, by the communication interface and the communication connection between the opposite equip., by the number of targets after encapsulation
According to being sent to the opposite equip.;Wherein, the first dual communication link includes the first main channel and first for channel.
Further, the first buffer area further includes the first reception buffer area, and second buffer area further includes the second reception
Buffer area, the third buffer area further include that third receives buffer area.
When opposite equip. needs the application program on local device to send data, the first cache layer 11 is specifically used for
The target data that the opposite equip. is sent is received, the target data is buffered in the first reception buffer area.
Protocol layer 12 will be from described specifically for reading the target data from the first reception buffer area
The target data that first reception buffer area is read is cached in the second reception buffer area in the protocol layer,
And the target data is read from the second reception buffer area, in the protocol layer using described in being mutually redundant
First track traffic signal secure communication protocols respectively parse the target data, and by the number of targets after parsing
According to being cached in the third buffer area.
Data send layer 13, send out specifically for receiving the target data after reading parsing in buffer area from the third
Give corresponding application program.
First cache layer 11 connects specifically for calling communication interface from the communication connection between the opposite equip.
The target data that the opposite equip. is sent is received, it will be described by the second dual communication link of the communication interface and redundancy
Target data is buffered in described first and receives in buffer area;Wherein, the second dual communication link includes the second main channel and the
Two for channel.
It, can be by the application program, the network architecture and communication of equipment due to being provided with multiple buffer areas in the present embodiment
Interface, that is, link layer has carried out layering isolation, is packaged with RSSP- Ι in the network architecture, can guarantee the safe transfer of data itself.
Since function carries out layering isolation, the network architecture is no longer defined in specific communication mode, can call a plurality of types of communications
Interface, so that the network architecture has portable and versatility.And the corresponding user of application program can only focus on data and connect
It receives and sends, do not need the specific implementation of concern RSSP- Ι, be easy to user's use.
In order to realize goal of the invention, the embodiment of the invention provides another data security transmission devices, including processor
And memory.Wherein, the processor run by reading the executable program code stored in the memory with it is described
The corresponding program of executable program code, for realizing data safe transmission method in above-described embodiment.
In order to realize goal of the invention, the embodiment of the invention provides a kind of computer program products, when the computer journey
When instruction in sequence product is executed by processor, the data safe transmission method in above-described embodiment is executed.
In order to realize goal of the invention, the embodiment of the invention provides a kind of non-transitorycomputer readable storage medium,
On be stored with computer program, which is characterized in that the computer program realizes data in above-described embodiment when being executed by processor
Safe transmission method.
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means specific features, structure, material or spy described in conjunction with this embodiment or example
Point is included at least one embodiment or example of the invention.In the present specification, schematic expression of the above terms are not
It must be directed to identical embodiment or example.Moreover, particular features, structures, materials, or characteristics described can be in office
It can be combined in any suitable manner in one or more embodiment or examples.In addition, without conflicting with each other, the skill of this field
Art personnel can tie the feature of different embodiments or examples described in this specification and different embodiments or examples
It closes and combines.
In addition, term " first ", " second " are used for descriptive purposes only and cannot be understood as indicating or suggesting relative importance
Or implicitly indicate the quantity of indicated technical characteristic.Define " first " as a result, the feature of " second " can be expressed or
Implicitly include at least one this feature.In the description of the present invention, the meaning of " plurality " is at least two, such as two, three
It is a etc., unless otherwise specifically defined.
Any process described otherwise above or method description are construed as in flow chart or herein, and expression includes
It is one or more for realizing custom logic function or process the step of executable instruction code module, segment or portion
Point, and the range of the preferred embodiment of the present invention includes other realization, wherein can not press shown or discussed suitable
Sequence, including according to related function by it is basic simultaneously in the way of or in the opposite order, to execute function, this should be of the invention
Embodiment person of ordinary skill in the field understood.
Expression or logic and/or step described otherwise above herein in flow charts, for example, being considered use
In the order list for the executable instruction for realizing logic function, may be embodied in any computer-readable medium, for
Instruction execution system, device or equipment (such as computer based system, including the system of processor or other can be held from instruction
The instruction fetch of row system, device or equipment and the system executed instruction) it uses, or combine these instruction execution systems, device or set
It is standby and use.For the purpose of this specification, " computer-readable medium ", which can be, any may include, stores, communicates, propagates or pass
Defeated program is for instruction execution system, device or equipment or the dress used in conjunction with these instruction execution systems, device or equipment
It sets.The more specific example (non-exhaustive list) of computer-readable medium include the following: there is the electricity of one or more wirings
Interconnecting piece (electronic device), portable computer diskette box (magnetic device), random access memory (RAM), read-only memory
(ROM), erasable edit read-only storage (EPROM or flash memory), fiber device and portable optic disk is read-only deposits
Reservoir (CDROM).In addition, computer-readable medium can even is that the paper that can print described program on it or other are suitable
Medium, because can then be edited, be interpreted or when necessary with it for example by carrying out optical scanner to paper or other media
His suitable method is handled electronically to obtain described program, is then stored in computer storage.
It should be appreciated that each section of the invention can be realized with hardware, software, firmware or their combination.Above-mentioned
In embodiment, software that multiple steps or method can be executed in memory and by suitable instruction execution system with storage
Or firmware is realized.Such as, if realized with hardware in another embodiment, following skill well known in the art can be used
Any one of art or their combination are realized: have for data-signal is realized the logic gates of logic function from
Logic circuit is dissipated, the specific integrated circuit with suitable combinational logic gate circuit, programmable gate array (PGA), scene can compile
Journey gate array (FPGA) etc..
Those skilled in the art are understood that realize all or part of step that above-described embodiment method carries
It suddenly is that relevant hardware can be instructed to complete by program, the program can store in a kind of computer-readable storage medium
In matter, which when being executed, includes the steps that one or a combination set of embodiment of the method.
It, can also be in addition, each functional unit in each embodiment of the present invention can integrate in a processing module
It is that each unit physically exists alone, can also be integrated in two or more units in a module.Above-mentioned integrated mould
Block both can take the form of hardware realization, can also be realized in the form of software function module.The integrated module is such as
Fruit is realized and when sold or used as an independent product in the form of software function module, also can store in a computer
In read/write memory medium.
Storage medium mentioned above can be read-only memory, disk or CD etc..Although having been shown and retouching above
The embodiment of the present invention is stated, it is to be understood that above-described embodiment is exemplary, and should not be understood as to limit of the invention
System, those skilled in the art can be changed above-described embodiment, modify, replace and become within the scope of the invention
Type.
Claims (15)
1. a kind of data safe transmission method, which is characterized in that be used in closed type track traffic communications system, the method packet
It includes:
Target data to be transmitted is obtained, and the target data is buffered in the first buffer area;
For reading the target data from first buffer area, and the target data being cached in protocol layer
In two buffer areas;
Using the first track traffic signal secure communication protocols being mutually redundant in the protocol layer to the target data
It is handled;
By treated, the target data is cached in the third buffer area in the protocol layer;
It is sent from the target data after reading process in the third buffer area.
2. data safe transmission method according to claim 1, which is characterized in that first buffer area includes the first hair
Buffer area is sent, second buffer area includes the second transmission buffer area and the third buffer area includes that third sends caching
Area;
It is when the application program on local device needs to send data, then described to obtain target data to be transmitted, and will be described
Target data is buffered in the first buffer area, comprising:
The target data to be sent is received from the application program, and the target data is buffered in the first transmission caching
Qu Zhong;
It is described that the target data is read from first buffer area, and the target data is cached in protocol layer
The second buffer area in, comprising:
The target data is read from the first transmission buffer area;
Second that the target data read from the first transmission buffer area is cached in the protocol layer sends
In buffer area;
It is described using the first track traffic signal secure communication protocols being mutually redundant in the protocol layer to the target
Data are handled;
The target data is read from the second transmission buffer area;
In the protocol layer using the first track traffic signal secure communication protocols being mutually redundant, respectively to described
Target data is packaged;
It is described that by treated, the target data is cached in the third buffer area in the protocol layer, comprising:
The target data after encapsulation is cached to the third to send in buffer area;
The target data after reading process in the third buffer area is sent, comprising:
The target data after reading encapsulation in buffer area is sent from the third;
Call communication interface that the target data after encapsulation is sent to corresponding opposite equip..
3. data safe transmission method according to claim 2, which is characterized in that described to send buffer area from the third
The middle target data read after encapsulation, comprising:
By the first dual communication link of redundancy respectively from the target data after reading encapsulation in the third buffer area;
The target data after encapsulation is sent to corresponding opposite equip. by the calling communication interface, comprising: wherein, described
First dual communication link includes the first main channel and first for channel;
The communication interface is called respectively by the first dual communication link of the redundancy;By the communication interface and with it is described
The target data after encapsulation is sent to the opposite equip. by the communication connection between opposite equip..
4. data safe transmission method according to claim 2, which is characterized in that described to be read from first buffer area
The target data is taken, before handling using the first track traffic signal secure communication protocols the target data, also
Include:
It is connected based on safe transmission is established between the first track traffic signal secure communication protocols and the opposite equip.;Its
In, the role of the local device is calling terminal, and the role of the opposite equip. is called end, and the safe transmission connection is by angle
Color is that the local device of calling terminal is actively initiated.
5. data safe transmission method according to claim 1-4, which is characterized in that first buffer area is also
Buffer area is received including first, second buffer area further includes the second reception buffer area and the third buffer area further includes
Third receives buffer area;
It is when opposite equip. needs the application program on local device to send data, then described to obtain number of targets to be transmitted
According to, and the target data is buffered in the first buffer area, comprising:
The target data that the opposite equip. is sent is received, the target data is buffered in the first reception buffer area;
For reading the target data from first buffer area, and the target data being cached in protocol layer
In two buffer areas;
The target data is read from the first reception buffer area;
Described second target data read from the first reception buffer area is cached in the protocol layer
It receives in buffer area;
It is described using the first track traffic signal secure communication protocols being mutually redundant in the protocol layer to the target
Data are handled, comprising:
The target data is read from the second reception buffer area;
In the protocol layer using the first track traffic signal secure communication protocols being mutually redundant respectively to described
Target data is parsed;
It is described that by treated, the target data is cached in third buffer area, comprising:
The target data after parsing is cached to the third to receive in buffer area;
The target data after reading process in the third buffer area is sent, comprising:
The target data received after reading parsing in buffer area from the third is sent to the application program.
6. data safe transmission method according to claim 5, which is characterized in that further include:
The target data for receiving the opposite equip. and sending, is buffered in the first reception buffer area for the target data
In, comprising:
It calls communication interface from the communication connection between the opposite equip., receives the mesh that the opposite equip. is sent
Mark data;
The target data is buffered in described first and received by the second dual communication link of the communication interface and redundancy and is delayed
It deposits in area;Wherein, the second dual communication link includes the second main channel and second for channel.
7. a kind of data security transmission device, which is characterized in that be used in closed type track traffic communications system, described device packet
It includes:
First cache layer is buffered in the first buffer area for obtaining target data to be transmitted, and by the target data;
Protocol layer is cached to for reading the target data from first buffer area, and by the target data
In second buffer area, using the first track traffic signal secure communication protocols being mutually redundant to the target data at
Reason, and the target data is cached in third buffer area by treated;
Data send layer, for being sent from the target data after reading process in the third buffer area.
8. data security transmission device according to claim 7, which is characterized in that first buffer area includes the first hair
Buffer area is sent, second buffer area includes the second transmission buffer area and the third buffer area includes that third sends caching
Area;
When the application program on local device needs to send data, then first cache layer, is specifically used for from the application
The target data to be sent is received in program, and the target data is buffered in described first and is sent in buffer area;
The protocol layer will be from described the specifically for reading the target data from the first transmission buffer area
The target data that one transmission buffer area is read is cached to second in the protocol layer and sends in buffer area, Yi Jicong
The target data is read in the second transmission buffer area, it is logical safely using first track traffic signal being mutually redundant
Believe agreement, the target data is packaged respectively and the target data after encapsulation is cached to the third and sent and is delayed
It deposits in area;
The data send layer, specifically for sending the target data after reading encapsulation in buffer area from the third, adjust
The target data after encapsulation is sent to corresponding opposite equip. with communication interface.
9. data security transmission device according to claim 8, which is characterized in that second cache layer is specifically used for
By the first dual communication link of redundancy respectively from the target data after reading encapsulation in the third buffer area, Yi Jitong
The the first dual communication link for crossing the redundancy calls the communication interface respectively, sets by the communication interface and with the opposite end
Communication connection between standby, is sent to corresponding opposite equip. wherein for the target data after encapsulation, first bilateral
Believe that link includes the first main channel and first for channel.
10. data security transmission device according to claim 8, which is characterized in that the protocol layer process layer is also used to
It is connected based on safe transmission is established between the first track traffic signal secure communication protocols and the opposite equip.;Wherein,
The local device is caller end equipment, and the opposite equip. is called end equipment;Safe transmission connection is by based on role
The local device at end is made actively to initiate.
11. according to the described in any item data security transmission devices of claim 7-10, which is characterized in that first buffer area
It further include the first reception buffer area, second buffer area further includes that the second reception buffer area and the third buffer area also wrap
It includes third and receives buffer area;
When opposite equip. needs the application program on local device to send data, first cache layer, specifically for connecing
The target data that the opposite equip. is sent is received, the target data is buffered in described first and is received in buffer area;
The protocol layer will be from described the specifically for reading the target data from the first reception buffer area
The target data that one reception buffer area is read is cached in the second reception buffer area in the protocol layer, with
And the target data is read from the second reception buffer area, described the be mutually redundant is utilized in the protocol layer
One track traffic signal secure communication protocols respectively parse the target data, and by the target data after parsing
It is cached in the third buffer area;
The data send layer, send specifically for receiving the target data after reading parsing in buffer area from the third
The application program.
12. data security transmission device according to claim 10, which is characterized in that further include:
First cache layer is received specifically for calling communication interface from the network connection between the opposite equip.
The target data that the opposite equip. is sent, by the second dual communication link of the communication interface and redundancy by the mesh
Scalar data cache receives in buffer area described first;Wherein, the second dual communication link includes the second main channel and second
Standby channel.
13. a kind of data security transmission device, which is characterized in that including processor and memory;
Wherein, the processor is run by reading the executable program code stored in the memory can be performed with described
The corresponding program of program code, for realizing data safe transmission method such as claimed in any one of claims 1 to 6.
14. a kind of computer program product is executed when the instruction in the computer program product is executed by processor as weighed
Benefit requires data safe transmission method described in any one of 1-6.
15. a kind of non-transitorycomputer readable storage medium, is stored thereon with computer program, which is characterized in that the calculating
Such as data safe transmission method of any of claims 1-6 is realized when machine program is executed by processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710558047.3A CN109246056A (en) | 2017-07-10 | 2017-07-10 | Data safe transmission method and its device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710558047.3A CN109246056A (en) | 2017-07-10 | 2017-07-10 | Data safe transmission method and its device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109246056A true CN109246056A (en) | 2019-01-18 |
Family
ID=65083006
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710558047.3A Pending CN109246056A (en) | 2017-07-10 | 2017-07-10 | Data safe transmission method and its device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109246056A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112202857A (en) * | 2020-09-21 | 2021-01-08 | 青岛国信会展酒店发展有限公司 | Intelligent management system applied to exhibition center |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1726663A (en) * | 2002-12-18 | 2006-01-25 | 美国博通公司 | Multi-processor platform for wireless communication terminal having partitioned protocol stack |
US20120009976A1 (en) * | 2008-04-17 | 2012-01-12 | Ho-In Ryu | Recess gate transistor |
CN106375298A (en) * | 2016-08-30 | 2017-02-01 | 湖南中车时代通信信号有限公司 | Method for realizing configurable secure communication protocol |
-
2017
- 2017-07-10 CN CN201710558047.3A patent/CN109246056A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1726663A (en) * | 2002-12-18 | 2006-01-25 | 美国博通公司 | Multi-processor platform for wireless communication terminal having partitioned protocol stack |
US20120009976A1 (en) * | 2008-04-17 | 2012-01-12 | Ho-In Ryu | Recess gate transistor |
CN106375298A (en) * | 2016-08-30 | 2017-02-01 | 湖南中车时代通信信号有限公司 | Method for realizing configurable secure communication protocol |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112202857A (en) * | 2020-09-21 | 2021-01-08 | 青岛国信会展酒店发展有限公司 | Intelligent management system applied to exhibition center |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110519742B (en) | Audio synchronous playing method and device and TWS Bluetooth headset | |
CN105518611B (en) | A kind of remote direct data access method, equipment and system | |
CN101953224B (en) | Message processing engine with a virtual network interface | |
DE60138747D1 (en) | A transmission apparatus having a radio connection control layer in a radio communication system and a corresponding data transmission method | |
CN104935594B (en) | Message processing method and device based on virtual expansible LAN tunnel | |
CN106375298A (en) | Method for realizing configurable secure communication protocol | |
CN110061996A (en) | A kind of data transmission method, device, equipment and readable storage medium storing program for executing | |
ES2266099T3 (en) | POINTS FOR DATA ENCRYPTED IN THE HEAD OF PROTOCOL IN REAL TIME (RTP). | |
NO20045244L (en) | System and method for prioritizing transmission of protocol data units to assist radio link transmission | |
CN101286997B (en) | Data reliability verifying method, system, transmitting device and receiving device | |
CN109886692A (en) | Data transmission method, device, medium and electronic equipment based on block chain | |
CN110417756A (en) | Across a network data transmission method and device | |
CN110035058A (en) | Resource request method, equipment and storage medium | |
CN107222759A (en) | Method, system, equipment and the medium of media file encryption and decryption | |
CN109246061A (en) | Data safe transmission method and its device | |
CN109660565A (en) | A kind of isolation gap equipment and implementation method | |
CN109246056A (en) | Data safe transmission method and its device | |
CN114339739A (en) | Intelligent management system of wireless communication protocol | |
CN104243347B (en) | The method and apparatus for being sent based on symmetrical high-speed digital subscriber line SHDSL and receiving data | |
CN209419652U (en) | A kind of isolation gap equipment | |
WO2002069597A3 (en) | Implementing a virtual backbone on a common network infrastructure | |
CN107800502A (en) | The method and device switched between encryption and decryption pattern | |
CN101478428A (en) | Software and hardware cooperative Ethernet failure security communication system and data transmission method | |
CN110457171A (en) | A kind of embedded apparatus debugging method and system | |
JP2007086608A (en) | Falsification prevention processing device for network terminating device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190118 |
|
RJ01 | Rejection of invention patent application after publication |