CN112953947A - One-way data transparent transmission method of single-chip microcomputer security gateway - Google Patents
One-way data transparent transmission method of single-chip microcomputer security gateway Download PDFInfo
- Publication number
- CN112953947A CN112953947A CN202110209532.6A CN202110209532A CN112953947A CN 112953947 A CN112953947 A CN 112953947A CN 202110209532 A CN202110209532 A CN 202110209532A CN 112953947 A CN112953947 A CN 112953947A
- Authority
- CN
- China
- Prior art keywords
- chip microcomputer
- security gateway
- data
- gateway
- interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
Abstract
The invention discloses a one-way data transparent transmission method of a single-chip microcomputer security gateway, which comprises the following steps: initializing all network hardware interfaces in the single-chip microcomputer security gateway; reading user configuration information, and performing configuration processing on the read user configuration information; initializing a corresponding network hardware interface in the single-chip microcomputer security gateway according to user configuration information so that the single-chip microcomputer security gateway enters a data receiving state; and when the single-chip safety gateway enters a data receiving state, the corresponding network hardware interface in the single-chip safety gateway receives the field network data and sends the received field network data to the specified server from the corresponding network hardware interface. The invention not only ensures the transmission security of the field network data and meets the data requirement of the big data server, but also protects the field network and avoids the security risks of data leakage or hacker invasion and the like.
Description
Technical Field
The invention relates to the technical field of data network security transmission methods, in particular to a one-way data transparent transmission method of a single-chip microcomputer security gateway.
Background
In some fields with high network security, especially some large-scale industrial sites, very strict limitations are imposed on the site network environment, and once network security problems such as data leakage or hacker intrusion occur, very significant loss can be caused, and even enterprise failure can be caused seriously. Therefore, in these situations, the external network usage right of various computer devices (e.g., computers of systems such as Windows or Linux) is generally strictly prohibited, such a field environment causes great difficulty for the construction of the industrial internet, and field data cannot be timely transmitted to a large data server of the internet.
To this end, the applicant has sought, through useful research and research, a solution to the above-mentioned problems, in the context of which the technical solutions to be described below have been made.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: aiming at the defects of the prior art, the one-way data transparent transmission method of the single-chip microcomputer security gateway for ensuring the data transmission security of the field network is provided.
The technical problem to be solved by the invention can be realized by adopting the following technical scheme:
a one-way data transparent transmission method of a single-chip microcomputer security gateway comprises the following steps:
initializing all network hardware interfaces in the single-chip microcomputer security gateway, and enabling the single-chip microcomputer security gateway to enter a program configuration state;
reading user configuration information, and performing configuration processing on the read user configuration information;
initializing a corresponding network hardware interface in the single-chip microcomputer security gateway according to user configuration information so that the single-chip microcomputer security gateway enters a data receiving state; and
and when the single-chip safety gateway enters a data receiving state, the corresponding network hardware interface in the single-chip safety gateway receives the field network data and sends the received field network data to a specified server from the corresponding network hardware interface.
In a preferred embodiment of the present invention, when the user configuration information is read, if no new user configuration information is read, the user configuration information set last time is read.
In a preferred embodiment of the present invention, the configuring process of the read user configuration information includes:
setting UTC time, a use mode, a server IP address, a server, a port number and Log Log marker light information of the single chip microcomputer security gateway;
respectively setting IP addresses, gateway information and mask information of a first LAN network interface, a second LAN network interface and a third LAN network interface of the single-chip microcomputer security gateway; and
and setting a local monitoring port number and local monitoring IP address information of the single-chip microcomputer security gateway.
In a preferred embodiment of the present invention, the initializing, according to the user configuration information, a corresponding network hardware interface in the single chip secure gateway includes:
initializing the state of a first LAN network interface of the single-chip microcomputer security gateway, setting the state of the first LAN network interface as a UDPserver service, and binding a port needing monitoring;
initializing the state of a second LAN network interface of the single-chip microcomputer security gateway, setting the state of the second LAN network interface as a UDPparent service, and binding an IP address and a port of a server to be sent; and
initializing the state of a third LAN network interface of the single-chip microcomputer security gateway, setting the state of the third LAN network interface as the UDPparent service, and binding the IP address and the port of the sent server.
In a preferred embodiment of the present invention, the receiving of the field network data by the corresponding network hardware interface in the single-chip microcomputer security gateway and the sending of the received field network data from the corresponding network hardware interface include:
monitoring whether a UDPserver port receives field network data or not through a first LAN network interface of the single chip microcomputer security gateway;
if the field network data is received, the received field network data is sent to a specified server through the second LAN network interface and/or the third LAN network interface; and
and marking the receiving state and the sending result of the received field network data.
In a preferred embodiment of the present invention, the single-chip secure gateway sends the received field network data out from the corresponding network hardware interface through a UDP protocol.
Due to the adoption of the technical scheme, the invention has the beneficial effects that:
1. the invention isolates the industrial field network data from the internet network data of the server, the field network data collected on the field can only be transmitted to the appointed server in one way, and the remote server network can not reversely invade the field network because no operating system runs, thereby solving the problem of contradiction between the field network security and the data transmission internet, ensuring the transmission security of the field network data, meeting the data requirement of a big data server, protecting the field network, and avoiding the security risks of data leakage or hacker invasion and the like.
2. The invention can carry out dynamic configuration, modify and set a plurality of parameters such as on-site network IP address, port, server IP address, port, data uploading network mode (wired network or wireless network, such as 4G network) and the like, and effectively solve the problems of variable on-site requirements and diversified functional requirements.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of the one-chip microcomputer security gateway of the present invention.
Fig. 2 is a schematic flow chart of the one-way data transparent transmission method of the security gateway of the single chip microcomputer.
Detailed Description
In order to make the technical means, the creation characteristics, the achievement purposes and the effects of the invention easy to understand, the invention is further explained below by combining the specific drawings.
Referring to fig. 1, the single chip secure gateway of the present invention is shown, and includes a gateway controller 100, a power module 200, an RS232 module 300, a first LAN network interface 400, a second LAN network interface 500, a third LAN network interface 600, a UTC timing module 700, a memory 800, and a 4G module 900. The gateway controller 100 is connected to the power module 200, the RS232 module 300, the first LAN network interface 400, the second LAN network interface 500, the third LAN network interface 600, the UTC timing module 700, the memory module 800, and the 4G module 900, respectively.
The gateway controller 100 may employ a control chip of model STM32F767, which is used as the "brain" of the security gateway of the single chip, to control each module and/or network hardware interface to perform cooperative work. The power module 200 is used for providing electric energy required by the operation for the gateway controller 100 and each module and network hardware interface, can support a wide voltage input range of 0-4V, and can effectively resist the problem of unstable voltage of an industrial field. The RS232 module 300 plays a role of serial communication, and is used for dynamic configuration of program functions, that is, after being converted into a COM interface by the RS232 module 300, the COM interface is directly connected to a PC for communication, so as to implement dynamic configuration of programs. The first, second and third LAN network interfaces 400, 500 and 600 are used for receiving or transmitting field network data, wherein the first LAN network interface 400 uses a KSZ8051 chip, and the second and third LAN network interfaces 500 and 600 use a W5500 chip. The UTC timing module 700 is used to time the program run time. The memory 800 is used for storing dynamic data. The 4G module 900 is configured to perform wireless network transmission on the field network data.
Referring to fig. 2, the method for the transparent transmission of the unidirectional data of the security gateway of the single chip microcomputer provided by the invention comprises the following steps:
and step S10, initializing all network hardware interfaces in the single-chip microcomputer security gateway, and enabling the single-chip microcomputer security gateway to enter a program configuration state.
Step S20 is to read the user profile information and perform the profile processing on the read user profile information. When the user configuration information is read, if no new user configuration information is read, the user configuration information set last time is read.
And step S30, initializing the corresponding network hardware interface in the single-chip secure gateway according to the user configuration information, so that the single-chip secure gateway enters a data receiving state.
And step S40, when the single-chip security gateway enters a data receiving state, the corresponding network hardware interface in the single-chip security gateway receives the field network data, and sends the received field network data to the specified server from the corresponding network hardware interface. Specifically, the single chip secure gateway sends the received field network data out from the corresponding network hardware interface through a UDP protocol.
The invention isolates the industrial field network data from the internet network data of the server, the field network data collected on the field can only be transmitted to the appointed server in one way, and the remote server network can not reversely invade the field network because no operating system runs, thereby solving the problem of contradiction between the field network security and the data transmission internet, ensuring the transmission security of the field network data, meeting the data requirement of a big data server, protecting the field network, and avoiding the security risks of data leakage or hacker invasion and the like.
In step S20, the configuration processing of the read user configuration information includes the steps of:
step S21, setting UTC time, use mode, server IP address, server, port number and Log Log marker light information of the single chip microcomputer security gateway;
step S22, setting IP addresses, gateway information, and mask information of the first, second, and third LAN network interfaces 400, 500, and 600 of the one-chip microcomputer security gateway, respectively;
and step S23, setting a local monitoring port number of the singlechip security gateway and local monitoring IP address information.
The invention can carry out dynamic configuration, modify and set a plurality of parameters such as on-site network IP address, port, server IP address, port, data uploading network mode (wired network or wireless network, such as 4G network) and the like, and effectively solve the problems of variable on-site requirements and diversified functional requirements.
In step S30, initializing a corresponding network hardware interface in the single-chip secure gateway according to the user configuration information, including the following steps:
step S31, initializing the state of the first LAN network interface 400 of the single chip microcomputer security gateway, setting the state of the first LAN network interface 400 as the UDPserver service, and binding the port needing to be monitored;
step S32, initializing the state of the second LAN network interface 500 of the one-chip secure gateway, setting the state of the second LAN network interface 500 as the UDPclient service, and binding the IP address and port of the server to be sent;
step S33, initializing the state of the third LAN network interface 600 of the single-chip secure gateway, setting the state of the third LAN network interface 600 as the UDPclient service, and binding the sent server IP address and port.
In step S40, the network hardware interface in the security gateway of the single chip receives the field network data, and sends the received field network data out from the corresponding network hardware interface, including the following steps:
step S41, monitoring whether the UDPserver port receives the field network data through the first LAN network interface 400 of the single chip microcomputer security gateway;
step S42, if the field network data is received, transmitting the received field network data to a designated server through the second LAN network interface 500 and/or the third LAN network interface 600;
and step S43, marking the receiving state and the sending result of the received field network data so as to trace the source of the field network data subsequently.
The foregoing shows and describes the general principles and broad features of the present invention and advantages thereof. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (6)
1. A one-way data transparent transmission method of a single-chip microcomputer security gateway is characterized by comprising the following steps:
initializing all network hardware interfaces in the single-chip microcomputer security gateway, and enabling the single-chip microcomputer security gateway to enter a program configuration state;
reading user configuration information, and performing configuration processing on the read user configuration information;
initializing a corresponding network hardware interface in the single-chip microcomputer security gateway according to user configuration information so that the single-chip microcomputer security gateway enters a data receiving state; and
and when the single-chip safety gateway enters a data receiving state, the corresponding network hardware interface in the single-chip safety gateway receives the field network data and sends the received field network data to a specified server from the corresponding network hardware interface.
2. The one-way data transparent transmission method of the security gateway of the single chip microcomputer according to claim 1, wherein when the user configuration information is read, if no new user configuration information is read, the user configuration information set last time is read.
3. The one-way data transparent transmission method of the security gateway of the single chip microcomputer according to claim 1, wherein the step of configuring the read user configuration information includes:
setting UTC time, a use mode, a server IP address, a server, a port number and Log Log marker light information of the single chip microcomputer security gateway;
respectively setting IP addresses, gateway information and mask information of a first LAN network interface, a second LAN network interface and a third LAN network interface of the single-chip microcomputer security gateway; and
and setting a local monitoring port number and local monitoring IP address information of the single-chip microcomputer security gateway.
4. The method for the one-way data transparent transmission of the security gateway of the single-chip microcomputer according to claim 3, wherein the initializing a corresponding network hardware interface in the security gateway of the single-chip microcomputer according to the user configuration information comprises:
initializing the state of a first LAN network interface of the single-chip microcomputer security gateway, setting the state of the first LAN network interface as a UDPserver service, and binding a port needing monitoring;
initializing the state of a second LAN network interface of the single-chip microcomputer security gateway, setting the state of the second LAN network interface as a UDPparent service, and binding an IP address and a port of a server to be sent; and
initializing the state of a third LAN network interface of the single-chip microcomputer security gateway, setting the state of the third LAN network interface as the UDPparent service, and binding the IP address and the port of the sent server.
5. The one-way data transparent transmission method of the security gateway of the single-chip microcomputer according to claim 4, wherein the receiving of the field network data by the corresponding network hardware interface in the security gateway of the single-chip microcomputer and the sending of the received field network data from the corresponding network hardware interface comprises:
monitoring whether a UDPserver port receives field network data or not through a first LAN network interface of the single chip microcomputer security gateway;
if the field network data is received, the received field network data is sent to a specified server through the second LAN network interface and/or the third LAN network interface; and
and marking the receiving state and the sending result of the received field network data.
6. The one-way data transparent transmission method of the security gateway of the single-chip microcomputer according to claim 1, wherein the security gateway of the single-chip microcomputer transmits the received field network data from the corresponding network hardware interface through a UDP protocol.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110209532.6A CN112953947A (en) | 2021-02-24 | 2021-02-24 | One-way data transparent transmission method of single-chip microcomputer security gateway |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110209532.6A CN112953947A (en) | 2021-02-24 | 2021-02-24 | One-way data transparent transmission method of single-chip microcomputer security gateway |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112953947A true CN112953947A (en) | 2021-06-11 |
Family
ID=76246047
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110209532.6A Pending CN112953947A (en) | 2021-02-24 | 2021-02-24 | One-way data transparent transmission method of single-chip microcomputer security gateway |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112953947A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113542243A (en) * | 2021-07-02 | 2021-10-22 | 上海企翔智能科技有限公司 | Unidirectional security isolation gateway device and data transmission method thereof |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101634850A (en) * | 2008-07-23 | 2010-01-27 | 北京三维力控科技有限公司 | Isolated gateway |
| CN103701802A (en) * | 2013-12-26 | 2014-04-02 | 珠海市鸿瑞信息技术有限公司 | Telecontrol communication safety instrument |
| CN107204917A (en) * | 2016-03-16 | 2017-09-26 | 无锡十月中宸科技有限公司 | A kind of Yunan County's full gateway and cloud security system |
| CN108243231A (en) * | 2016-12-27 | 2018-07-03 | 中国科学院沈阳自动化研究所 | A kind of industrial network information interconnected method and system based on network monitoring |
| CN108243096A (en) * | 2016-12-23 | 2018-07-03 | 中国石油化工股份有限公司胜利油田分公司 | A kind of oil field multifunctional security gateway |
| US20200342153A1 (en) * | 2019-04-23 | 2020-10-29 | Owl Cyber Defense Solutions, Llc | Secure one-way network gateway |
-
2021
- 2021-02-24 CN CN202110209532.6A patent/CN112953947A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101634850A (en) * | 2008-07-23 | 2010-01-27 | 北京三维力控科技有限公司 | Isolated gateway |
| CN103701802A (en) * | 2013-12-26 | 2014-04-02 | 珠海市鸿瑞信息技术有限公司 | Telecontrol communication safety instrument |
| CN107204917A (en) * | 2016-03-16 | 2017-09-26 | 无锡十月中宸科技有限公司 | A kind of Yunan County's full gateway and cloud security system |
| CN108243096A (en) * | 2016-12-23 | 2018-07-03 | 中国石油化工股份有限公司胜利油田分公司 | A kind of oil field multifunctional security gateway |
| CN108243231A (en) * | 2016-12-27 | 2018-07-03 | 中国科学院沈阳自动化研究所 | A kind of industrial network information interconnected method and system based on network monitoring |
| US20200342153A1 (en) * | 2019-04-23 | 2020-10-29 | Owl Cyber Defense Solutions, Llc | Secure one-way network gateway |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113542243A (en) * | 2021-07-02 | 2021-10-22 | 上海企翔智能科技有限公司 | Unidirectional security isolation gateway device and data transmission method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108667807A (en) | A kind of protocol self-adapting method and system based on monitoring cloud platform and gateway | |
| JP2009516955A (en) | Integrated gateway and software framework structure for distributed home networks | |
| Hu et al. | Development and operation analysis of spectrum monitoring subsystem 2.4–2.5 GHz range | |
| Gupta et al. | IoT-based privacy control system through android | |
| Salikhov et al. | Experience of using bluetooth low energy to develop a sensor data exchange system based on the nrf52832 microcontroller | |
| CN102781119A (en) | Wireless ubiquitous network application terminal system and software component application process management method | |
| CN106850418A (en) | A kind of gateway of intelligent home network | |
| CN107566513B (en) | Test equipment DOS environmental data acquisition method and system | |
| CN112953947A (en) | One-way data transparent transmission method of single-chip microcomputer security gateway | |
| CN101719991B (en) | Video matrix protocol converter | |
| CN103106713A (en) | Entrance guard attendance implementation method based on cloud management | |
| JP2003114908A (en) | Data collecting device and data collecting system and program product | |
| CN110611610A (en) | Embedded Internet of things energy gateway and Internet of things system | |
| CN203261357U (en) | Novel universal Internet-of-things gateway | |
| Coman et al. | Techniques to improve reliability in an IoT architecture framework for intelligent products | |
| CN205377912U (en) | Embedded web gateway based on wi -Fi and PROFIBUS -DP bus | |
| CN113542243A (en) | Unidirectional security isolation gateway device and data transmission method thereof | |
| CN105429871A (en) | Embedded Web gateway and communication system based on interconnection of Wi-Fi and PROFIBUS-DP bus | |
| Moga et al. | Embedded platform for Web-based monitoring and control of a smart home | |
| Tao et al. | Secure gateway of internet of things based on AppWeb and secure sockets layer for intelligent granary management system | |
| CN104618190A (en) | Shell-based network bandwidth testing method under cluster environment | |
| Facchinetti et al. | Design and implementation of a web-centric remote data acquisition system | |
| CN203563094U (en) | Photovoltaic system monitoring device | |
| CN201937623U (en) | Safety embedded-type server | |
| He et al. | Work-in-progress: Experience of teaching Internet-of-Things using TI ARM based connected launchpad |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |