CN110753320B - Train-mounted encryption device and train-mounted encryption machine - Google Patents

Train-mounted encryption device and train-mounted encryption machine Download PDF

Info

Publication number
CN110753320B
CN110753320B CN201910910238.0A CN201910910238A CN110753320B CN 110753320 B CN110753320 B CN 110753320B CN 201910910238 A CN201910910238 A CN 201910910238A CN 110753320 B CN110753320 B CN 110753320B
Authority
CN
China
Prior art keywords
module
signal
train
control module
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910910238.0A
Other languages
Chinese (zh)
Other versions
CN110753320A (en
Inventor
刘民
姜鹏程
廖家旺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhuzhou Trinovo Technologies Co ltd
Original Assignee
Zhuzhou Trinovo Technologies Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhuzhou Trinovo Technologies Co ltd filed Critical Zhuzhou Trinovo Technologies Co ltd
Priority to CN201910910238.0A priority Critical patent/CN110753320B/en
Publication of CN110753320A publication Critical patent/CN110753320A/en
Application granted granted Critical
Publication of CN110753320B publication Critical patent/CN110753320B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/42Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for mass transport vehicles, e.g. buses, trains or aircraft
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/44Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Aviation & Aerospace Engineering (AREA)
  • Electric Propulsion And Braking For Vehicles (AREA)

Abstract

A train-mounted encryption device and a train-mounted encryption machine comprise a first control module, a second control module, an encryption module, a communication interface module and a wireless communication module; the first control module generates an encryption request signal and a sending data signal according to application requirements, and generates a first communication signal according to a first encryption data signal; the second control module transmits the encryption request signal, the sending data signal and the first encryption data signal; the encryption module encrypts the sending data signal according to the encryption request signal to generate a first encrypted data signal; the communication interface module forwards a first communication signal; the wireless communication module generates a first wireless signal according to the first communication signal so as to communicate with the ground server; the encryption machine is inserted into the train-mounted chassis to perform remote wireless transmission and remote wireless reception of encrypted data, and the safety, stability and reliability of train network data transmission are improved.

Description

Train-mounted encryption device and train-mounted encryption machine
Technical Field
The invention belongs to the technical field of train information safety, and particularly relates to a train-mounted encryption device and a train-mounted encryption machine.
Background
At present, with the rapid development and popularization of train information network technology, the degree of train informatization is higher and higher, and with the development of network informatization, a passenger internet access system, a locomotive operation monitoring system, a part of equipment upgrading system and even an automatic control train system start to use civil 4G and 5G networks and ground systems for data communication. Due to the security of the train network, it is required that the data of the train network cannot be stolen and modified by an attacker, and an encryption machine is used for encrypting the contents transmitted on the public network. Due to the variability of the train operation environment, the encryption equipment is required to be suitable for severe environments such as wide temperature, high pressure and vibration, and the requirements of low power consumption and high stability are required to be met.
The traditional encryption equipment is generally a rack type equipment, and is suitable for fixed workplaces such as a machine room and the like; the device is a civil grade product, and faults such as downtime, damage, restart and the like can occur when the device is exposed to a high-temperature, high-pressure and vibrating network environment; the existing encryption equipment can not be connected to a train system because a standard RJ45 and a common power interface are generally adopted and a special module electrical interface is adopted by a train; as a result, conventional network encryption techniques and equipment are unable to meet these security protection requirements in a train network environment.
Therefore, the problem that the safety protection requirement in the train network environment cannot be met due to the fact that the network encryption machine technology and equipment cannot be connected into the train system to be suitable for the network environment with high temperature, high pressure, vibration and the like exists in the traditional technical scheme.
Disclosure of Invention
In view of this, the embodiment of the present invention provides a train-mounted encryption device and a train-mounted encryption device, and aims to solve the problem that the network encryption device technology and equipment in the conventional technical scheme cannot be accessed to a train system to be suitable for network environments with high temperature, high pressure, vibration, etc., so that the safety protection requirement in the train network environment cannot be met.
A first aspect of an embodiment of the present invention provides a train-mounted encryption apparatus, including:
the first control module is used for generating an encryption request signal and a sending data signal according to application requirements and generating a first communication signal according to the first encryption data signal; wherein the transmission data signal carries transmitted data information, and the first communication signal and the first encrypted data signal carry first encrypted data information;
a second control module, connected to the first control module, for forwarding the encryption request signal, the transmission data signal, and the first encrypted data signal;
the encryption module is connected with the second control module and used for encrypting the sending data signal according to the encryption request signal so as to generate the first encrypted data signal;
the communication interface module is connected with the first control module and used for forwarding the first communication signal;
the wireless communication module is connected with the communication interface module and used for generating a first wireless signal according to the first communication signal so as to communicate with a ground server; wherein the first wireless signal carries first encrypted data information.
In one embodiment, the wireless communication module is further configured to receive a second wireless signal sent by the ground server, and generate a second communication signal according to the second wireless signal; wherein the second wireless signal and the second communication signal carry second encrypted data information;
the communication interface module is further used for forwarding the second communication signal;
the first control module is further used for generating a second encrypted data signal and a decryption request signal according to the second communication signal;
the second control module is further configured to forward the decryption request signal and the second encrypted data signal to the encryption module, and forward a second data signal to the first control module;
the encryption module is further used for decrypting the second encrypted data signal according to the decryption request signal to generate the second data signal; wherein the second encrypted data signal and the second data signal carry received data information.
In one embodiment, the train-mounted encryption device further includes:
and the power supply module is used for generating power supply voltage according to the input voltage so as to supply power to each functional module.
In one embodiment, the train-mounted encryption device further comprises:
and the interface conversion module is connected with the first control module and is used for converting the Ethernet MAC interface of the first control module and the PCIE interface of the first control module so as to expand the Ethernet MAC interface and the PCIE interface into a plurality of network ports.
In one embodiment, the interface conversion module includes an ethernet chip, a network controller chip, a first network transformer, and a second network transformer.
In one embodiment, the train-mounted encryption device further comprises:
the temperature detection module is used for detecting the ambient temperature of the equipment to generate a temperature detection signal;
the first control module is further used for adjusting the working frequency according to the temperature detection signal.
In one embodiment, the train-mounted encryption device further includes:
the positioning module is connected with the communication interface module and used for detecting the position of the train-mounted encryption device to generate a position detection signal;
the communication interface module is further used for forwarding the position detection signal;
the first control module is further used for generating a position signal according to the position detection signal; wherein the location signal carries location information.
In one embodiment, the wireless communication module comprises a USB interface wireless communication module and an Ethernet interface wireless communication module.
In one embodiment, the communication interface module includes at least one of a UART interface, a USB interface, a CAN bus interface, an SPI interface, and an I2C interface.
A second aspect of an embodiment of the present invention provides a train-mounted encryption device, which includes the train-mounted encryption device described above.
According to the embodiment of the invention, through the first control module, the second control module, the encryption module, the communication interface module and the wireless communication module, the hardware design of the train-mounted encryption machine is changed, so that the special electrical interface of train equipment of a train system can be matched, the encryption machine can be inserted into a train-mounted case and meets the requirements of wide temperature, high voltage, shock resistance, low power consumption and high stability of the train system, the wireless communication transceiving technology and the encryption technology are combined, the remote wireless transmission and remote wireless reception of encrypted data are realized, the train can be efficiently, safely and stably interconnected with a ground system in real time by means of wireless communication, and the safety, stability and reliability of train network data transmission are improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic structural diagram of a train-mounted encryption device according to an embodiment of the present invention;
fig. 2 is another schematic structural diagram of a train-mounted encryption device according to an embodiment of the present invention;
fig. 3 is another schematic structural diagram of an on-board encryption device for a train according to an embodiment of the present invention;
fig. 4 is another schematic structural diagram of a train-mounted encryption device according to an embodiment of the present invention;
fig. 5 is another schematic structural diagram of an on-board encryption device for a train according to an embodiment of the present invention;
fig. 6 is another schematic structural diagram of a train-mounted encryption device according to an embodiment of the present invention;
fig. 7 is another schematic structural diagram of a train-mounted encryption device according to an embodiment of the present invention;
fig. 8 is another schematic structural diagram of a train-mounted encryption device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, a schematic structural diagram of a train-mounted encryption device according to an embodiment of the present invention shows only parts related to the embodiment for convenience of description, and details are as follows:
the train-mounted encryption device comprises a first control module 11, a second control module 12, an encryption module 13, a communication interface module 14 and a wireless communication module 15.
The first control module 11 is configured to generate an encryption request signal and a transmission data signal according to an application requirement, and generate a first communication signal according to the first encryption data signal; the sending data signal carries the sent data information, and the first communication signal and the first encrypted data signal carry first encrypted data information; the second control module 12 is connected to the first control module 11, and configured to forward the encryption request signal, send the data signal, and send the first encrypted data signal; the encryption module 13 is connected to the second control module 12, and is configured to encrypt the transmission data signal according to the encryption request signal to generate a first encrypted data signal; the communication interface module 14 is connected to the first control module 11, and is configured to forward the first communication signal; the wireless communication module 15 is connected with the communication interface module 14, and is used for generating a first wireless signal according to the first communication signal so as to communicate with the ground server 100; wherein the first wireless signal carries first encrypted data information.
In a specific implementation, the first control module 11, the second control module 12, the encryption module 13, the communication interface module 14, and the wireless communication module 15 may be integrated on a PCB (Printed Circuit Board). When the first control Module 11 detects that the train-mounted system has the train-mounted data to be sent to the ground server 100, an encryption request signal and a data sending signal are generated and output to the second control Module 12 through an EIM (External Interface Module) Interface of the first control Module 11; the second control module 12 can determine the type of the received signal and data and forward the received signal and data to the corresponding functional module, so that the second control module 12 forwards the received encryption request signal and the received data transmission signal to the encryption module 13 according to the received encryption request signal and the received data transmission signal; the encryption module 13 encrypts the transmission data carried by the transmission data signal according to the encryption request signal to generate a first encrypted data signal, and the first encrypted data signal is forwarded to the first control module 11 through the second control module 12; the first control module 11 generates a first communication signal according to the first encrypted data signal, transmits the first communication signal to the wireless communication module 15 through the communication interface module 14, and remotely and wirelessly transmits the encrypted data to the ground server 100 through the wireless communication module 15, thereby completing the wireless encrypted transmission of the data.
Referring to fig. 2, in one embodiment, the wireless communication module 15 is further configured to receive a second wireless signal sent by the ground server 100, and generate a second communication signal according to the second wireless signal; wherein the second wireless signal and the second communication signal carry second encrypted data information; the communication interface module 14 is further configured to forward the second communication signal; the first control module 11 is further configured to generate a second encrypted data signal and a decryption request signal according to the second communication signal; the second control module 12 is further configured to forward the decryption request signal and the second encrypted data signal to the encryption module 13, and forward the second data signal to the first control module 11; the encryption module 13 is further configured to perform decryption processing on the second encrypted data signal according to the decryption request signal to generate a second data signal; wherein the second encrypted data signal and the second data signal carry the received data information.
In a specific implementation, the encryption module 13 decrypts the received data carried by the second encrypted data signal according to the decryption request signal to generate a second data signal. The ground server 100 is a ground encryption server, and the ground encryption server can receive the encrypted data from the first control module 11 through the wireless communication module 15 and the communication interface module 14, and send the encrypted data to the first control module 11, so as to realize data interaction with the first control module 11, that is, the encrypted data exchange between the ground encryption server and the train-mounted encryption device can be realized through the wireless communication module 15.
Optionally, the first control module 11 includes a microprocessor, the second control module 12 includes an FPGA (Field Programmable Gate Array) chip, the encryption module 13 includes a national crypto chip (for example, a high-performance cryptographic coprocessor chip HSM2-H2 and a special block cipher chip HSM4-G2 are used in combination), the main functions of the national crypto HSM2-H2 chip include producing public and private key pairs, storing a private key in the encryption chip for encryption and decryption of the private key for asymmetric encryption, and the main functions of the national crypto HSM4-G2 chip realize symmetric encryption and decryption of data, so that the cryptographic functions of the national standards SM2, SM3, and SM4 are realized, and it is ensured that other applications cannot obtain the private key, the security of the private key and the security of data operation are ensured, and resources of the microprocessor of the first control module 11 are not occupied, and the application requirements for data encryption can be met while the security, efficient decryption, storage, and transmission of data can be ensured. In specific implementation, the working state of the microprocessor can be detected through the FPGA chip, and the power supply voltage of the microprocessor is controlled to be switched off according to the abnormal working state of the microprocessor, such as system downtime, software failure, incapability of recovering redialing the mobile communication network and the like, so that the power-off and restarting function of the microprocessor is realized, and the reliability of the device is improved.
Referring to fig. 3, in one embodiment, the train-mounted encryption device further includes a power module 16.
The power supply module 16 is configured to generate a supply voltage according to the input voltage to supply power to each functional module.
In specific implementation, the first control module 11 controls the power module 16 to generate various power supply voltages according to application requirements to supply power to each functional module and control the time-sharing power-on start of each functional module. Optionally, the input voltage is a direct current 5V voltage, the power module 16 generates various power supply voltages according to the direct current 5V voltage to supply power to each functional module, for example, generates power supply voltages of 3.3V, 1.8V, 2.5V, 1.2V, 0.7V, and the like, and optionally, supplies power to the first control module 11 through the 1.8V power supply voltage, and supplies power to the wireless communication module 15 through the 3.3V power supply voltage. Further, the power module 16 employs a fuse or a fuse to perform short-circuit protection and overcurrent protection on the input voltage. The power module 16 comprises an isolated direct current to direct current voltage conversion chip and a non-isolated direct current to direct current voltage conversion chip, and the direct current to direct current voltage conversion chip with high efficiency and integrated inductance is selected to design an independent power management circuit for each functional module and carry out current-limiting protection; meanwhile, the power loss can be reduced, the board distribution space is reduced, and the heat loss is reduced.
In one embodiment, the communication interface module 14 includes at least one of a UART interface, a USB interface, a CAN bus interface, a SPI interface, and an I2C interface.
In a specific implementation, the first communication signal is forwarded to the wireless communication module 15 through the USB interface in the communication interface module 14. Optionally, each interface of the communication interface module 14 is designed to be electrically isolated from the communication between the wireless communication module 15 and other functional modules, for example, the CAN interface provided in this embodiment is connected to an external dedicated interface connector of the train system through an isolated CAN chip (e.g., ADM3057 ETRWZ-EP), so as to implement communication with a wireless security communication plug-in of the train system; the USB interface uses a special USB isolation device (such as ADuM4160 BRWZ) to perform electrical isolation processing; the UART interface is connected to the positioning module 19 and the wireless communication module 15 through an isolation chip (e.g., ADI isolation chip ADUM 1201) for isolated communication; the safety, stability and reliability of the mutual communication between the train system and the device are improved.
Referring to fig. 4, in one embodiment, the train-mounted encryption device further includes an interface conversion module 17.
The interface conversion module 17 is connected to the first control module 11, and is configured to convert an ethernet MAC interface of the first control module 11 and a PCIE interface of the first control module 11 to expand the ethernet MAC interface and the PCIE interface into multiple network ports.
In one embodiment, the interface conversion module 17 includes an ethernet chip, a network controller chip, a first network transformer, and a second network transformer.
In specific implementation, the ethernet chip is connected to the first control module 11 and the first network transformer, and the network controller chip is connected to the first control module and the second network transformer. Optionally, the first control module 11 employs a multi-core application processor, for example, an i.mx 6Dual automotive-level chip, and an ethernet MAC interface and a high-speed serial computer expansion bus PCIE interface of the multi-core application processor need to be subjected to interface expansion to meet the interface application requirement of the train system. Optionally, the ethernet chip adopts a PHY (Physical, port Physical layer, which is a common abbreviation for OSI model Physical layer) chip, and converts one path of ethernet MAC interface of the multicore application processor into one path of 10/100M adaptive ethernet interface through the PHY chip (e.g., AR8031-AL 1B) and the first network transformer; a path of PCIE interface of a high-speed serial computer expansion bus of the multi-core application processor is expanded into 3 10/100M self-adaptive Ethernet interfaces through a network controller (such as an NHI350AM4 chip) and a second network transformer, and the Ethernet interfaces are led out through the network transformer. The encryption device is connected with the special electrical interface of the train system through the Ethernet interfaces and the communication interface module 14, so that the encryption device is connected into the train system.
Referring to fig. 5, in one embodiment, the encryption device on board a train further includes a temperature detection module 18.
The temperature detection module 18 is used for detecting the ambient temperature of the device to generate a temperature detection signal; the first control module 11 is further configured to adjust the operating frequency according to the temperature detection signal.
In specific implementation, the temperature detection module 18 includes a plurality of temperature sensors, set up temperature sensor in the great region of heat in the PCB board, for example, the region of first control module 11 or the region of wireless communication module 15, detect the ambient temperature of PCB board through temperature sensor, when ambient temperature exceeded the preset temperature value, first control module 11 adjusted operating frequency according to the temperature detection signal this moment, in order to reduce and generate heat, reduce the temperature, avoid circuit components and parts to be damaged under high temperature environment, the reliability and the practicality of device have been improved.
Referring to fig. 6, in one embodiment, the encryption device on board a train further includes a positioning module 19.
The positioning module 19 is connected with the communication interface module 14 and is used for detecting the position of the train-mounted encryption device to generate a position detection signal; the communication interface module 14 is specifically configured to forward the position detection signal; the main control first control module 11 is further specifically configured to generate a position signal according to the position detection signal; wherein the position signal carries position information.
In specific implementation, the positioning module 19 performs positioning using a global navigation satellite system GNSS, performs data interaction with the first control module 11 through a UART interface of the communication interface module 14, and the first control module 11 generates a position signal according to the position detection signal, where the position signal carries position information of the train-mounted encryption device.
The positioning module 19 is powered by an isolation power supply, namely, the input voltage is converted by an isolation type direct current-to-direct current voltage conversion chip to generate the power supply voltage required by the positioning module 19, and the communication between the positioning module 19 and other functional modules is electrically isolated by an isolation circuit so as to improve the safety and the precision of the operation of the train-mounted encryption device.
Optionally, the train-mounted encryption device further includes a display module 20, the display module 20 includes a display screen, the control module 11 generates a display signal according to the position signal to visually display the position information, and meanwhile, the first control module 11 further determines whether the positioning of the positioning module 19 is valid according to the position detection signal, and feeds back a positioning valid signal or a positioning invalid signal to the positioning module 19 for knowing, so as to perform positioning adjustment.
In one embodiment, the wireless communication module 14 includes, but is not limited to, at least one of LoRa, wiFi, zigBee, GPRS, bluetooth (Bluetooth), ultra Wideband (UWB), and mobile 2G/3G/4G communication.
In one embodiment, the wireless communication module 15 comprises a SIM card. SIM (Subscriber identity Module) cards are also called Subscriber identity cards, smart cards.
In the concrete implementation, optionally, wireless communication module 15 adopts and removes 4G communication, utilize to set up the SIM draw-in groove on the PCB board, and set up from bullet formula SIM draw-in groove, add the stopper through the adoption in the top of SIM card, and fix the stopper at the PCB board and give birth to, it is spacing through the side board to take out the direction at the SIM card, the side board is mobile link, it carries out the structure reinforcement design to move away the mode that the side board can take out the SIM card, in order to satisfy the on-vehicle encryption device's of train anti-vibration requirement and installation facility. Meanwhile, the SIM card slot is as close as possible to the first control module 11, the communication interface module 14 and the interface conversion module 16, and the SIM card is in communication connection with the first control module 11 through the communication interface module 14.
Further, referring to fig. 7, the wireless communication module 15 includes an ethernet interface wireless communication module 151 and a USB interface wireless communication module 152. The ethernet interface wireless communication module 151 includes an ethernet interface and a first SIM card, and the USB interface wireless communication module 152 includes a USB interface and a second SIM card. The first communication signal and the second communication signal are forwarded to the USB interface wireless communication module 152 through the USB interface of the communication interface module 14. The first control module 11 performs operations such as network dialing and parameter configuration on the USB interface wireless communication module 152 through the USB interface, and performs data communication, for example, performs encrypted data transmission and encrypted data reception, so as to implement functions such as train system parameter reading, log downloading, software upgrading and remote maintenance; meanwhile, the ethernet interface wireless communication module 151 is reserved to realize communication between the train-mounted encryption device and other devices, for example, configuration, monitoring, management, software programming and the like of the train-mounted encryption device are realized through the ethernet interface and the ethernet interface wireless communication module 151, wherein the software programming comprises programming and debugging of underlying software and application software. Software resetting and power supply on-off of the wireless communication module 15 are controlled through the data input/output port I/O of the second control module 12, and the wireless communication module 15 reads the identity information of the train-mounted encryption device from the SIM card. The input voltage is converted by the isolated DC-DC voltage conversion chip to generate a power supply voltage to supply power to the wireless communication module 15, so that the wireless communication module 15 is supplied with power by using an isolated power supply. The communication between the wireless communication module 15 and the first control module 11 is designed to be electrically isolated, so that the safety and the reliability of data transmission of the train-mounted encryption device are improved, and the device has strong mobility and high practicability.
In specific implementation, configuration, monitoring, management and software programming of the train-mounted encryption device can be realized through the RS232 serial communication interface (one UART interface) of the communication interface module 14.
Referring to fig. 8, in one embodiment, the encryption device on board a train includes a storage module 20.
The storage module 20 is connected to the first control module 11 and the second control module 12, and is used for storing application programs and data.
In specific implementation, the storage module 20 includes a plurality of memory chips, including a NOR FLASH chip, a NAND FLASH chip, an SSD chip, and an EEPROM memory, and can meet application requirements for storing configuration information, encryption certificates, train system data information, and the like of each functional module.
Referring to fig. 8, in one embodiment, the encryption device on board the train includes an indication module 21
The indicating module 21 comprises an LED indicating lamp, and can correspondingly indicate the working state of the power supply, the data encryption state, the communication state and the like, for example, indicate the normal and abnormal states of communication, indicate power supply faults and the like, so that a user can know the working state of the train-mounted encryption device in time and adjust the working state of the train-mounted encryption device in time, and the reliability of the train-mounted encryption device is improved.
In specific implementation, the heat dissipation structure can be designed on the PCB to disperse the temperature of the functional modules which are easy to generate heat on the PCB, and meanwhile, the temperature sensor which is matched with the temperature detection module 18 is used for monitoring the temperature, so that the stable and reliable operation of each functional module on the PCB is guaranteed, and the stable and reliable operation of the train-mounted encryption device is further guaranteed.
A second aspect of the embodiments of the present invention provides a train-mounted encryption device, including the train-mounted encryption device described above.
According to the embodiment of the invention, the hardware design of the train-mounted encryption equipment is changed, so that the encryption equipment can be inserted into the train-mounted case, the use of the train-mounted encryption equipment meets the requirements of wide temperature, high voltage, shock resistance, low power consumption and high stability, the 4G mobile wireless communication is applied to the train-mounted encryption equipment, the remote wireless sending and the remote wireless receiving of encrypted data can be realized, and the safety and the reliability of train network data transmission are improved.
Reference throughout this specification to "in one embodiment," "in an embodiment," or the like means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment. Thus, the appearances of the phrases "in one embodiment" or "in an embodiment" or the like in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. Thus, a particular feature, structure, or characteristic illustrated or described in connection with one embodiment may be combined, in whole or in part, with features, structures, or characteristics of one or more other embodiments without presuming that such combination is not an illogical or functional limitation. Any directional references are used for identification purposes to aid the reader in understanding the present disclosure, and do not create limitations, particularly as to the position, orientation, or use of the embodiments.
Although certain embodiments have been described above with a certain degree of particularity, those skilled in the art could make numerous alterations to the disclosed embodiments without departing from the scope of this disclosure. Joinder references (e.g., attached, coupled, connected, and the like) are to be construed broadly and may include intermediate members between a connection of elements and relative movement between elements. Thus, connection references do not necessarily imply that two elements are directly connected/coupled and in a fixed relationship to each other. The use of "for example" throughout this specification should be broadly construed and used to provide non-limiting examples of embodiments of the present disclosure, and the present disclosure is not limited to such examples. It is intended that all matter contained in the above description or shown in the accompanying drawings shall be interpreted as illustrative only and not limiting. Changes in detail or structure may be made without departing from the disclosure.
It should be clear to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional units and modules is only used for illustration, and in practical applications, the above function distribution may be performed by different functional units and modules as needed, that is, the internal structure of the apparatus may be divided into different functional units or modules to perform all or part of the above described functions. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
The present invention is not limited to the above preferred embodiments, and any modifications, equivalent substitutions and improvements made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (8)

1. An on-train encryption device, comprising:
the first control module is used for generating an encryption request signal and a sending data signal according to application requirements and generating a first communication signal according to the first encryption data signal; wherein the transmission data signal carries transmitted data information, and the first communication signal and the first encrypted data signal carry first encrypted data information;
a second control module, connected to the first control module, for forwarding the encryption request signal, the transmission data signal, and the first encrypted data signal;
the encryption module is connected with the second control module and used for encrypting the sending data signal according to the encryption request signal so as to generate the first encrypted data signal;
the communication interface module is connected with the first control module and used for forwarding the first communication signal;
the wireless communication module is connected with the communication interface module and used for generating a first wireless signal according to the first communication signal so as to communicate with a ground server; wherein the first wireless signal carries first encrypted data information;
the interface conversion module is connected with the first control module and used for converting an Ethernet MAC interface of the first control module and a PCIE interface of the first control module to expand into a plurality of network ports; the interface conversion module comprises an Ethernet chip, a network controller chip, a first network transformer and a second network transformer;
the Ethernet chip is connected with the first control module and the first network transformer, and the network controller chip is connected with the first control module and the second network transformer; the Ethernet chip and the first network transformer convert an Ethernet MAC interface of the first control module into a self-adaptive Ethernet interface; the network controller chip and the second network transformer expand the PCIE interface of the first control module into a plurality of self-adaptive Ethernet interfaces.
2. The train-mounted encryption device of claim 1, wherein the wireless communication module is further configured to receive a second wireless signal sent by the ground server, and generate a second communication signal according to the second wireless signal; wherein the second wireless signal and the second communication signal carry second encrypted data information;
the communication interface module is further used for forwarding the second communication signal;
the first control module is further used for generating a second encrypted data signal and a decryption request signal according to the second communication signal;
the second control module is further configured to forward the decryption request signal and the second encrypted data signal to the encryption module, and forward a second data signal to the first control module;
the encryption module is further used for decrypting the second encrypted data signal according to the decryption request signal to generate the second data signal; wherein the second encrypted data signal and the second data signal carry received data information.
3. The on-train encryption device according to claim 1 or 2, further comprising:
and the power supply module is used for generating power supply voltage according to the input voltage so as to supply power to each functional module.
4. The train-mounted encryption device according to claim 1 or 2, further comprising:
the temperature detection module is used for detecting the ambient temperature of the equipment to generate a temperature detection signal;
the first control module is further used for adjusting the working frequency according to the temperature detection signal.
5. The train-mounted encryption device according to claim 1 or 2, further comprising:
the positioning module is connected with the communication interface module and used for detecting the position of the train-mounted encryption device to generate a position detection signal;
the communication interface module is further used for forwarding the position detection signal;
the first control module is also used for generating a position signal according to the position detection signal; wherein the location signal carries location information.
6. The on-train encryption device according to claim 1 or 2, wherein the wireless communication module includes a USB interface wireless communication module and an ethernet interface wireless communication module.
7. The on-train encryption apparatus of claim 1 or 2, wherein the communication interface module includes at least one of a UART interface, a USB interface, a CAN bus interface, an SPI interface, and an I2C interface.
8. An on-train encryption device, characterized in that it comprises the on-train encryption device of any one of claims 1 to 7.
CN201910910238.0A 2019-09-25 2019-09-25 Train-mounted encryption device and train-mounted encryption machine Active CN110753320B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910910238.0A CN110753320B (en) 2019-09-25 2019-09-25 Train-mounted encryption device and train-mounted encryption machine

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910910238.0A CN110753320B (en) 2019-09-25 2019-09-25 Train-mounted encryption device and train-mounted encryption machine

Publications (2)

Publication Number Publication Date
CN110753320A CN110753320A (en) 2020-02-04
CN110753320B true CN110753320B (en) 2022-11-01

Family

ID=69277063

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910910238.0A Active CN110753320B (en) 2019-09-25 2019-09-25 Train-mounted encryption device and train-mounted encryption machine

Country Status (1)

Country Link
CN (1) CN110753320B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111152820A (en) * 2020-04-03 2020-05-15 北京全路通信信号研究设计院集团有限公司 Multi-source data integrated remote train driving method and system
CN111934859A (en) * 2020-07-22 2020-11-13 北京三未信安科技发展有限公司 Cipher card communication method, cipher card and computer equipment
CN111935707A (en) * 2020-07-29 2020-11-13 北京三未信安科技发展有限公司 Cipher device and cipher equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA3147287A1 (en) * 2016-10-19 2018-04-19 Somos, Inc. Toll-free telecommunications and data management platform
CN108898026A (en) * 2018-06-28 2018-11-27 泰康保险集团股份有限公司 Data ciphering method and device
CN208522993U (en) * 2018-08-02 2019-02-19 安徽南瑞继远电网技术有限公司 A kind of wireless communication module of encryption forwarding
CN110023170A (en) * 2016-11-25 2019-07-16 西门子移动有限公司 For running the method for the railway system and the vehicle of the railway system
CN110245498A (en) * 2018-03-08 2019-09-17 意法半导体股份有限公司 Decryption method and circuit and corresponding equipment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130067215A1 (en) * 2011-09-08 2013-03-14 AvaLAN Wireless Systems, Inc. System for Enabling a Virtual Private Network ("VPN") Over an Unsecured Network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA3147287A1 (en) * 2016-10-19 2018-04-19 Somos, Inc. Toll-free telecommunications and data management platform
CN110023170A (en) * 2016-11-25 2019-07-16 西门子移动有限公司 For running the method for the railway system and the vehicle of the railway system
CN110245498A (en) * 2018-03-08 2019-09-17 意法半导体股份有限公司 Decryption method and circuit and corresponding equipment
CN108898026A (en) * 2018-06-28 2018-11-27 泰康保险集团股份有限公司 Data ciphering method and device
CN208522993U (en) * 2018-08-02 2019-02-19 安徽南瑞继远电网技术有限公司 A kind of wireless communication module of encryption forwarding

Also Published As

Publication number Publication date
CN110753320A (en) 2020-02-04

Similar Documents

Publication Publication Date Title
CN110753320B (en) Train-mounted encryption device and train-mounted encryption machine
CN103490234B (en) Intelligent ZigBee power socket and network communicating system thereof
CN110430014B (en) Hardware encryption gateway and encryption method for field bus channel encryption
CN104734277A (en) Wireless charging and communication
KR101636456B1 (en) Apparatus and method for supporting sim card in multi modem mobile communication terminal
RU99122354A (en) METHOD FOR USER INTERACTION FOR COMPUTER using a plurality of flexibly hook COMPUTER SYSTEMS (RSCC) LINER APPARATUS RSCC RSCC BEARINGS plurality of devices, the device key UNIVERSAL SERIAL BUS COMMUNICATION (USHPO) METHOD FOR INTERACTION WITH HOST COMPUTER AND METHOD USHPO STORAGE (VARIANTS)
JP2010166486A5 (en)
CN103986582A (en) Data encryption transmission method, device and system based on dynamic encryption technology
CN103902402A (en) Radio frequency tag safety chip device and data processing method thereof
CN105021860A (en) Intelligent electric meter and electric power charging system
US20140189167A1 (en) Computer apparatus
CN101800987A (en) Intelligent card authentication device and method
CN105243814A (en) Data collector for intelligent meter reading network system
CN103326858A (en) NFC dynamic password chip based on time mode and working method of NFC dynamic password chip
CN103218876A (en) Information security management module of remote control intelligent electric energy meter
CN103513742A (en) Terminal device
CN114157410B (en) Lightweight 5G hard encryption communication module for power terminal
CN101303741A (en) Apparatus for checking second generation ID card
CN112750654B (en) Circuit breaker
CN211630190U (en) Terminal equipment safety encryption and decryption system based on safety chip
CN103780387A (en) Hardware security module, security terminal and realizing method of security terminal
EP2985673B1 (en) Method and terminal device for continuous power supply to external carrier
CN211442334U (en) Network safety equipment of train operation monitoring and recording device
CN204537072U (en) A kind of Wireless Keyboard based on NFC certification
CN101587532B (en) Controller special for storage card, and control method and control system for storage card

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant