CN113553078A - Trackside equipment system upgrading method and device, electronic equipment and readable storage medium - Google Patents

Trackside equipment system upgrading method and device, electronic equipment and readable storage medium Download PDF

Info

Publication number
CN113553078A
CN113553078A CN202110706295.4A CN202110706295A CN113553078A CN 113553078 A CN113553078 A CN 113553078A CN 202110706295 A CN202110706295 A CN 202110706295A CN 113553078 A CN113553078 A CN 113553078A
Authority
CN
China
Prior art keywords
result
control system
trackside
upgrade package
ota upgrade
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110706295.4A
Other languages
Chinese (zh)
Inventor
于银刚
肖骁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Infrastructure Investment Co ltd
Traffic Control Technology TCT Co Ltd
Original Assignee
Traffic Control Technology TCT Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Traffic Control Technology TCT Co Ltd filed Critical Traffic Control Technology TCT Co Ltd
Publication of CN113553078A publication Critical patent/CN113553078A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Stored Programmes (AREA)

Abstract

The invention provides a trackside equipment system upgrading method, a trackside equipment system upgrading device, electronic equipment and a readable storage medium, wherein the method comprises the following steps: acquiring real state data of an operation process acquired by an existing program of a safety control system in the trackside equipment, and calculating the real state data by using the existing program to acquire a reference result; running the OTA upgrade package acquired aiming at the security control system in a shadow mode, and calculating real state data by using a running program of the OTA upgrade package to acquire a result to be verified; and verifying the result to be verified by using the reference result, and replacing the existing file of the safety control system by using the OTA upgrade package when the verified result meets the preset standard so as to realize OTA upgrade of the safety control system in the trackside equipment. The invention does not immediately execute the upgrade after downloading the application software, but executes the upgrade after passing the verification, and can ensure that the upgrade software is safe and credible, thereby ensuring the continuous and safe operation of the trackside equipment.

Description

Trackside equipment system upgrading method and device, electronic equipment and readable storage medium
Technical Field
The invention relates to the technical field of rail transit, in particular to a trackside equipment system upgrading method and device, electronic equipment and a readable storage medium.
Background
With the development of the rail transit technology, an Over-the-Air (OTA) remote upgrade technology is increasingly widely applied to rail transit systems. The existing OTA upgrading scheme mainly solves the problems of handling measures of upgrading failure and information security, and can ensure the information security in the upgrading process through the traditional technology based on encryption technology, identity authentication or white list and the like.
However, for the scenes such as the trackside equipment, especially the trackside equipment adopting wireless communication, the problem cannot be completely solved by using the method because of no physical network isolation, and the method is very easy to be attacked by the network to the information security, so that the remote upgrade downloading is caused to wrong or false upgrade files, and finally, the occurrence of security accidents can be caused.
Disclosure of Invention
The invention provides a method and a device for upgrading a trackside equipment system, electronic equipment and a readable storage medium, which are used for solving the defect that the prior art cannot guarantee the information safety of equipment without physical isolation in upgrading and the like, and achieving the aim of effectively guaranteeing the continuous and safe operation of the equipment.
The invention provides a trackside equipment system upgrading method, which comprises the following steps:
acquiring real state data of an operation process acquired by an existing program of a safety control system in the trackside equipment, and calculating the real state data by using the existing program to acquire a reference result;
running an OTA upgrade package acquired by a safety control system in the trackside equipment by adopting a shadow mode, and calculating the real state data by utilizing a running program of the OTA upgrade package to acquire a result to be verified;
and verifying the result to be verified by using the reference result, and replacing the existing file of the safety control system in the trackside equipment by using the OTA upgrade package when the verified result meets the preset standard so as to realize OTA upgrade of the safety control system in the trackside equipment.
According to the trackside equipment system upgrading method provided by the invention, the OTA upgrading packet obtained by a safety control system in the trackside equipment is operated by adopting the shadow mode, and the method comprises the following steps:
and caching the OTA upgrade package acquired from the server into a sandbox or sandbox calculated by the train control system equipment, and performing isolated execution by adopting the shadow mode.
According to the trackside equipment system upgrading method provided by the invention, the real state data has a plurality of groups, and the verifying the result to be verified by using the reference result comprises the following steps:
for any group of real state data, determining the result of the verification by comparing the result to be verified obtained based on the real state data with the reference result, and after obtaining the result of the verification, switching to the next group of real state data, and executing the process of the comparison until the verification times reach the preset times;
the preset standard comprises the following steps: and the proportion of the verification passing results in the multiple verification results is not less than a preset threshold value.
According to the trackside equipment system upgrading method provided by the invention, the step of caching the OTA upgrading packet into a sandbox or sandbox calculated by the train control system equipment comprises the following steps:
and performing MD5 and/or CRC check on the OTA upgrade package acquired from the server, and caching the OTA upgrade package passing the check into a sandbox or a sandbox calculated by the train control system equipment after the check result is passed.
According to the method for upgrading the trackside equipment system provided by the invention, before the OTA upgrade package acquired by a safety control system in the trackside equipment is operated by adopting the shadow mode, the method further comprises the following steps:
the method comprises the steps of obtaining an upgrading instruction sent by a server, and sending identity authentication information to the server based on the upgrading instruction;
acquiring server identity information sent by the server after passing the authentication based on the identity authentication information, and performing server identity authentication based on the server identity information;
and after the server passes the identity authentication, the server acquires the name and the version number of the OTA upgrade package, and downloads the OTA upgrade package through a download link established by the server after the upgrade is confirmed based on the name and the version number and the version information of the existing file.
According to the method for upgrading the trackside equipment system provided by the invention, in the step of operating the OTA upgrade package acquired by the safety control system in the trackside equipment, the method further comprises the following steps:
and synchronously monitoring the operation process information of the OTA upgrade package, wherein the operation process information comprises one or more of computing resources occupied in the operation process, execution time, operation process and operation thread.
The method for upgrading the trackside equipment system provided by the invention further comprises the following steps:
if the verification result does not meet the preset standard, the reference result and the to-be-verified result are sent to a server control center so as to obtain result abnormal information confirmed by a worker based on the reference result and the to-be-verified result, and whether the OTA upgrade package is abnormal is confirmed based on the result abnormal information;
and/or the presence of a gas in the gas,
and sending the monitored running process information to the server control center to acquire running abnormal information identified by a worker based on the running process information, and confirming whether the running process of the OTA upgrade patch is abnormal or not based on the running abnormal information.
The invention also provides a trackside equipment system upgrading device, which comprises:
the system comprises a first calculation module, a second calculation module and a third calculation module, wherein the first calculation module is used for acquiring actual state data of an operation process acquired by an existing program of a safety control system in the trackside equipment, and calculating the actual state data by using the existing program to acquire a reference result;
the second calculation module is used for operating an OTA upgrade package acquired by a safety control system in the trackside equipment in a shadow mode, calculating the real state data by using an operation program of the OTA upgrade package and acquiring a result to be checked;
and the verification upgrading module is used for verifying the result to be verified by using the reference result, and replacing the existing file of the safety control system in the trackside equipment by using the OTA upgrading packet when the verification result meets the preset standard so as to realize OTA upgrading of the safety control system in the trackside equipment.
The invention also provides an electronic device, which comprises a memory, a processor and a program or an instruction which is stored on the memory and can be run on the processor, wherein when the processor executes the program or the instruction, the steps of the trackside device system upgrading method are realized.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a program or instructions which, when executed by a computer, implement the steps of the trackside equipment system upgrade method as described in any one of the above.
According to the trackside equipment system upgrading method, the trackside equipment system upgrading device, the electronic equipment and the readable storage medium, the upgrading process is not executed immediately after the application software is downloaded, the downloaded application software is confirmed to be correctly executed after the existing application and real data are used for monitoring the downloaded application software through multiple times of input data and output results, the system software upgrading is executed, and the software to be upgraded can be ensured to be safe and credible, so that the continuous and safe operation of the equipment is ensured.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the following briefly introduces the drawings needed to be used in the embodiments of the present invention or the description of the prior art, and obviously, the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained according to these drawings by those skilled in the art without creative efforts.
FIG. 1 is a schematic flow chart of a trackside equipment system upgrading method provided by the present invention;
FIG. 2 is a second schematic flow chart of the trackside equipment system upgrading method provided by the present invention;
FIG. 3 is a schematic structural diagram of a trackside equipment system upgrading device provided by the present invention;
FIG. 4 is a schematic structural diagram of a trackside equipment system upgrade system provided by the present invention;
fig. 5 is a schematic physical structure diagram of an electronic device provided in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Aiming at the problem that the prior art can not ensure the information safety of equipment without physical isolation in the upgrading process, the upgrading process is not executed immediately after the application software is downloaded, the downloaded application software is confirmed to be correctly executed after the downloaded application software is supervised by using the existing application and real data through inputting data and outputting results for many times, and the system software upgrading is executed, so that the software to be upgraded can be ensured to be safe and credible, and the continuous and safe operation of the equipment is ensured. The present invention will now be described and explained with reference to the drawings, in particular, by means of embodiments.
Fig. 1 is a schematic flow diagram of a method for upgrading a trackside equipment system according to the present invention, as shown in fig. 1, the method includes:
s101, acquiring real state data of an operation process acquired by an existing program of a safety control system in the trackside equipment, and calculating the real state data by using the existing program to acquire a reference result.
It can be understood that the invention can utilize the existing running program before upgrading to obtain the real state data generated in the actual running process of the safety control system in the trackside equipment. The currently running program may be a program or software that can provide a certain service or implement a certain function in the safety control system in the trackside equipment, for example, a control program in the trackside equipment, so that the real state data of the safety control system in the trackside equipment can be acquired by using the trackside equipment.
And then, performing conventional logic service calculation on the real state data by using the existing running program to obtain a real operation result, wherein the real operation result can be used as a reference result for verification. The real state data used for software verification can be data acquired in real time or historical data recorded by the train control system. And the software is verified by using historical data or real-time data, so that the function is ensured to be correct.
S102, operating an OTA upgrade package acquired by a safety control system in the trackside equipment in a shadow mode, calculating the real state data by using an operating program of the OTA upgrade package, and acquiring a result to be checked.
It can be understood that, after obtaining the OTA upgrade package for the safety control system in the trackside equipment by OTA downloading, in order to verify whether the OTA upgrade package has a normal service operation function and a fault-oriented safety capability, and at the same time, not to affect the normal operation of the safety control system in the trackside equipment, the present invention operates the OTA upgrade package in a shadow mode in a designated area of the safety control system in the trackside equipment.
After the OTA upgrade package is operated in the shadow mode, the real state data of the safety control system in the trackside equipment can be input into an operation program of the OTA upgrade package, so that the logic service calculation of the real state data is simulated by using the operation program of the OTA upgrade package, and an operation result of the simulation operation is obtained and can be called as a result to be verified.
The shadow mode is a virtual image of an existing operating system constructed by a shadow system, and is completely the same as a real system, and a user can select to enable or quit the virtual image at any time. After the user enters the shadow mode, all operations are virtual, the real system cannot be influenced, and all changes disappear after the user exits the shadow mode. It has the same function as a real system.
Optionally, the running, in the shadow mode, an OTA upgrade package acquired by a security control system in the trackside device includes: and caching the OTA upgrade package acquired from the server into a sandbox or sandbox calculated by the train control system equipment, and performing isolated execution by adopting the shadow mode.
The method can be understood that after the upgrading file, namely the OTA upgrading packet, is downloaded from the server, the OTA upgrading packet is put into a sandbox or sandbox calculated by the train control system equipment for isolated execution, and the train control system equipment is ensured not to be attacked by viruses. The sandbox and sandbox may be implemented in various manners, such as a software prison, a virtual machine, a rule-based execution or a secure computing mode, and the like, which is not limited in the present invention.
S103, verifying the result to be verified by using the reference result, and replacing the existing file of the safety control system in the trackside equipment by using the OTA upgrade package when the verified result meets the preset standard so as to realize OTA upgrade of the safety control system in the trackside equipment.
The verification method can be understood as verifying the accuracy of the result to be verified by using the reference result on the basis of acquiring the reference result calculated by the real existing program and the result to be verified calculated by the OTA upgrade package to obtain the verified result. And then judging whether the verification result meets a preset standard or not, if so, indicating that the OTA upgrade package can realize the related functions of the real existing program and the safety performance can reach a certain standard. Therefore, the OTA upgrade package can be written into a corresponding area of the safety control system in the trackside equipment, so that the OTA upgrade package is used for replacing the existing corresponding program file in the safety control system in the trackside equipment, and the OTA upgrade of the safety control system in the trackside equipment is realized.
That is, the present invention does not execute the downloaded application software immediately, but supervises the new application software by using the existing mature application and real data, and after the input data and output result supervision are performed for many times, the operation authority is handed to the new upgrade software to complete the upgrade after confirming that the new upgrade software can be executed correctly and outputting the credible result. The data can be acquired correctly by the application, and the correct result can be calculated and output.
According to the trackside equipment system upgrading method provided by the invention, the upgrading process is not executed immediately after the application software is downloaded, the downloaded application software is monitored by using the existing application and the real data for a plurality of times of input data and output results, and the system software upgrading is executed only after the downloaded application software is confirmed to be correctly executed, so that the software to be upgraded can be ensured to be safe and credible, and the continuous and safe operation of equipment is ensured.
Optionally, according to the trackside equipment system upgrading method provided in each of the above embodiments, there are multiple sets of the real state data, and the verifying the result to be verified using the reference result includes: and for any group of real state data, determining the result of the verification by comparing the result to be verified obtained based on the real state data with the reference result, and after obtaining the result of the verification, switching to the next group of real state data, and executing the comparison process until the verification times reach the preset times. Wherein the preset standard comprises: and the proportion of the verification passing results in the multiple verification results is not less than a preset threshold value.
It can be understood that, when the verification based on the operation result is performed on the OTA upgrade package to be utilized in the upgrade, the whole result calculated by using the OTA upgrade package is compared with the result calculated by the existing software in the safety control system in the trackside equipment, and if the results are consistent, the verification of the next piece of data is continued.
After comparing and verifying for multiple times, such as 5 times or 10 times, and verifying the calculation results of multiple scenes, if all the results of the upgrade software are in accordance with expectations, the upgrade software replaces the existing software to obtain the operating authority, and becomes the formal software.
That is, the verification of the application software to be upgraded and downloaded by the present invention may include the verification of multi-frame data, and after the downloaded upgrade software is judged to have normal functions and fault-oriented safety capability comprehensively based on the multi-frame data verification, the new upgraded application software is replaced with the existing software to operate formally.
Optionally, according to the trackside device system upgrading method provided in each of the embodiments, before the using the shadow mode and running the OTA upgrade package acquired for the security control system in the trackside device, the trackside device system upgrading method provided in the present invention further includes: the method comprises the steps of obtaining an upgrading instruction sent by a server, and sending identity authentication information to the server based on the upgrading instruction; acquiring server identity information sent by the server after passing the authentication based on the identity authentication information, and performing server identity authentication based on the server identity information; and after the server passes the identity authentication, the server acquires the name and the version number of the OTA upgrade package, and downloads the OTA upgrade package through a download link established by the server after the upgrade is confirmed based on the name and the version number and the version information of the existing file.
It can be understood that, as shown in fig. 2, for the second flowchart of the method for upgrading the trackside device system provided by the present invention, before verifying the downloaded OTA upgrade package, the OTA upgrade package is downloaded from the server, and before downloading, authentication between the server and the field device is required to avoid system errors.
Specifically, the invention can firstly actively send an upgrade request by the server, and the request can be triggered by the staff. And after the communication controller receives the upgrading instruction, identity authentication information is provided for the server, the server sends the identity information to the communication controller after confirming the correctness, and the communication controller completes bidirectional identity verification after confirming the correctness.
Then, the server may issue information such as a name and a version number of the upgrade software to the communication controller, and the communication controller requests the train control system for version information of the existing software and uploads the version information to the server, and optionally, a worker may confirm whether the upgrade is performed. After receiving the instruction of confirming the upgrade, the communication controller receives the link initiated by the server, and starts to download the upgrade file remotely, namely, download the OTA upgrade package to the local.
Optionally, according to the trackside device system upgrading method provided in each of the above embodiments, caching the OTA upgrade package in a sandbox or sandbox calculated by the train control system device includes: and performing MD5 and/or CRC check on the OTA upgrade package acquired from the server, and caching the OTA upgrade package passing the check into a sandbox or a sandbox calculated by the train control system equipment after the check result is passed.
It is to be understood that, as shown in fig. 2, the present invention may also perform MD5 and/or CRC-based check on the downloaded OTA upgrade package before running the OTA upgrade package to perform the shadow mode verification operation, so as to verify the authenticity of the file information in the OTA upgrade package. That is, after the communication controller downloads the upgrade file (i.e., the OTA upgrade package), the MD5 code and/or CRC are used to check the upgrade downloaded file, so as to ensure that no error code or data transmission error occurs during the transmission process.
After the verification based on the MD5 and/or CRC passes, the downloaded upgrade file is put into a sandbox or sandbox calculated by the train control system equipment and is executed in an isolated mode, and the train control system equipment is guaranteed not to be attacked by viruses. The sandbox and sandbox may be implemented in various manners, such as in a software prison, a virtual machine, a rule-based execution or secure computing mode, and the like.
Then, as shown in fig. 2 and described in the foregoing embodiments, the OTA upgrade package executed in shadow mode in isolation is used to calculate the real state data, so as to complete the verification process in the foregoing embodiments and finally implement secure and accurate OTA upgrade.
The invention can find out whether the stored or transmitted information is damaged or tampered by checking the authenticity of the file information by using MD5 and/or CRC and the like, thereby preventing the file or the information from being maliciously tampered.
Optionally, according to the trackside device system upgrading method provided in each of the above embodiments, in the step of running the OTA upgrade package acquired for the security control system in the trackside device, the trackside device system upgrading method provided in the present invention further includes: and synchronously monitoring the operation process information of the OTA upgrade package, wherein the operation process information comprises one or more of computing resources occupied in the operation process, execution time, operation process and operation thread.
It can be understood that, in the process of calculating the real state data by running the OTA upgrade package, the synchronous train control system device can also monitor the calculation resources, the execution duration, the running process, the threads and the like occupied by the upgrade software (that is, the OTA upgrade package) at the same time.
Optionally, according to the trackside equipment system upgrading method provided in each of the above embodiments, the trackside equipment system upgrading method provided in the present invention further includes: if the verification result does not meet the preset standard, the reference result and the to-be-verified result are sent to a server control center so as to obtain result abnormal information confirmed by a worker based on the reference result and the to-be-verified result, and whether the OTA upgrade package is abnormal is confirmed based on the result abnormal information; and/or sending the monitored running process information to the server control center to acquire running abnormal information identified by a worker based on the running process information, and confirming whether the running process of the OTA upgrade patch is abnormal or not based on the running abnormal information.
It is understood that the key steps of the verification and upgrade process of the present invention can be controlled and confirmed by the staff. Specifically, when the whole operation result of the OTA upgrade package is compared with the calculation result of the existing software, if the two results are inconsistent, corresponding data, including real state data, the calculation result and the like, can be uploaded to the control center, whether the result is normal is manually identified by a worker, and the identification result is fed back to the control center.
In addition, when the synchronous train control system device monitors the computing resources occupied by the downloaded upgrade software, the execution duration, the running process, the threads and the like, the data can be fed back to the control center through the communication controller, and whether the abnormality exists or not can be confirmed by staff.
It should be understood that the result supervision in the overall process of the OTA upgrade of the present invention may be performed by existing software or by a separate third party software. The places needing to be confirmed by the workers in the process can be finished in a short time by the workers on duty, and the places can be finished in a long time without the workers on duty.
For example, during the day, the existing software and the upgraded software run simultaneously, the communication controller uploads the original data and the result to the server, and the server summarizes the data and the result, and finally the staff decides the result.
The key steps of the method are controlled by workers, so that the experience knowledge of the workers can be well utilized, the method is more suitable for real scenes, and the reliability is higher.
Based on the same inventive concept, the invention further provides a trackside equipment system upgrading device according to the above embodiments, and the device is used for realizing trackside equipment system upgrading in the above embodiments. Therefore, the description and definition in the trackside device system upgrading method in each embodiment may be used for understanding each execution module in the present invention, and reference may be specifically made to the above method embodiment, which is not described herein again.
According to an embodiment of the present invention, a structure of the trackside equipment system upgrade apparatus is as shown in fig. 3, which is a schematic structural diagram of the trackside equipment system upgrade apparatus provided by the present invention, and the apparatus may be used to implement trackside equipment system upgrade in the above method embodiments, and the apparatus includes: a first computing module 301, a second computing module 302, and a verification upgrade module 303. Wherein:
the first calculation module 301 is configured to obtain real state data of an operation process obtained by an existing program in a safety control system in the trackside equipment, and calculate the real state data by using the existing program to obtain a reference result; the second calculation module 302 is configured to run an OTA upgrade package acquired by a security control system in the trackside device in a shadow mode, and calculate the real state data by using a running program of the OTA upgrade package to acquire a result to be checked; the verification upgrading module 303 is configured to verify the result to be verified by using the reference result, and replace an existing file of the safety control system in the trackside device with the OTA upgrade package when the verification result meets a preset standard, so as to implement OTA upgrading of the safety control system in the trackside device.
Specifically, the first calculation module 301 may obtain real state data generated during the actual operation of the safety control system in the trackside equipment by using an existing running program before the upgrade. The currently running program may be a program or software that can provide a certain service or implement a certain function in the safety control system in the trackside equipment, for example, a control program in the trackside equipment, so that the real state data of the safety control system in the trackside equipment can be acquired by using the trackside equipment.
Then, the first calculation module 301 performs conventional logic service calculation on the real state data by using the existing running program to obtain a real calculation result, and may use the real calculation result as a reference result for verification. The real state data used for software verification can be data acquired in real time or historical data recorded by the train control system. And the software is verified by using historical data or real-time data, so that the function is ensured to be correct.
Then, after obtaining the OTA upgrade package through OTA downloading, in order to verify whether the OTA upgrade package has a normal service operation function and a fault-oriented safety capability, and at the same time, not to affect the normal operation of the safety control system in the trackside device, the second calculation module 302 operates the OTA upgrade package in a shadow mode in a designated area of the safety control system in the trackside device.
After the OTA upgrade package is run in the shadow mode, the second calculation module 302 may input the real state data of the security control system in the trackside device into the running program of the OTA upgrade package, so as to simulate the logic service calculation of the real state data by using the running program of the OTA upgrade package, and obtain an operation result of the simulation operation, which may be referred to as a result to be verified.
Finally, the verification upgrading module 303 verifies the accuracy of the result to be verified by using the reference result on the basis of obtaining the reference result calculated by the actual existing program and the result to be verified calculated by the OTA upgrade package, so as to obtain the verified result. Then, the verification upgrade module 303 determines whether the verification result meets a preset standard, and if the verification result meets the preset standard, it indicates that the OTA upgrade package can implement the related functions of the real existing program, and the security performance can meet a certain standard. Therefore, the verification upgrade module 303 may write the OTA upgrade package into a corresponding area of the security control system in the trackside device, so as to replace the existing corresponding program file in the security control system in the trackside device with the OTA upgrade package, thereby implementing OTA upgrade of the security control system in the trackside device.
The trackside equipment system upgrading device provided by the invention does not execute the upgrading process immediately after downloading the application software, but executes the system software upgrading only after confirming that the downloaded application software can be correctly executed after the downloaded application software is supervised by using the existing application and the real data through inputting data and outputting results for many times, and can ensure that the software to be upgraded is safe and credible, thereby ensuring the continuous and safe operation of equipment.
Optionally, the second computing module, when configured to run, in the shadow mode, an OTA upgrade package acquired for a security control system in the trackside device, is configured to:
and caching the OTA upgrade package acquired from the server into a sandbox or sandbox calculated by the train control system equipment, and performing isolated execution by adopting the shadow mode.
Optionally, there are multiple sets of the real state data, and the verification upgrading module, when configured to verify the result to be verified by using the reference result, is configured to:
for any group of real state data, determining the result of the verification by comparing the result to be verified obtained based on the real state data with the reference result, and after obtaining the result of the verification, switching to the next group of real state data, and executing the process of the comparison until the verification times reach the preset times;
the preset standard comprises the following steps: and the proportion of the verification passing results in the multiple verification results is not less than a preset threshold value.
Optionally, the second computing module, when configured to cache the OTA upgrade package into a sandbox or sandbox computed by a train control system device, is configured to:
and performing MD5 and/or CRC check on the OTA upgrade package acquired from the server, and caching the OTA upgrade package passing the check into a sandbox or a sandbox calculated by the train control system equipment after the check result is passed.
Optionally, the trackside equipment system upgrading apparatus further includes an identity authentication and downloading module, configured to:
the method comprises the steps of obtaining an upgrading instruction sent by a server, and sending identity authentication information to the server based on the upgrading instruction;
acquiring server identity information sent by the server after passing the authentication based on the identity authentication information, and performing server identity authentication based on the server identity information;
and after the server passes the identity authentication, the server acquires the name and the version number of the OTA upgrade package, and downloads the OTA upgrade package through a download link established by the server after the upgrade is confirmed based on the name and the version number and the version information of the existing file.
Optionally, the second computing module is further configured to:
and synchronously monitoring the operation process information of the OTA upgrade package, wherein the operation process information comprises one or more of computing resources occupied in the operation process, execution time, operation process and operation thread.
Optionally, the trackside equipment system upgrading apparatus further includes an exception confirmation module, configured to:
if the verification result does not meet the preset standard, the reference result and the to-be-verified result are sent to a server control center so as to obtain result abnormal information confirmed by a worker based on the reference result and the to-be-verified result, and whether the OTA upgrade package is abnormal is confirmed based on the result abnormal information;
and/or
And sending the monitored running process information to the server control center to acquire running abnormal information identified by a worker based on the running process information, and confirming whether the running process of the OTA upgrade patch is abnormal or not based on the running abnormal information.
It is understood that the relevant program modules in the devices of the above embodiments can be implemented by a hardware processor (hardware processor) in the present invention. Moreover, the trackside equipment system upgrading device of the present invention can implement the trackside equipment system upgrading process of each of the above method embodiments by using each of the above program modules, and when used for implementing trackside equipment system upgrading in each of the above method embodiments, the beneficial effects produced by the device of the present invention are the same as those of the corresponding method embodiments, and reference may be made to the above method embodiments, and details are not repeated here.
The present invention further provides a system for upgrading a trackside device system, as shown in fig. 4, which is a schematic structural diagram of the system for upgrading a trackside device system provided by the present invention, and the system for upgrading a trackside device system includes a central device and a field device. The central equipment, namely the server, is used for storing emergency software; the field devices include a communication controller and a train control system device.
The communication controller is used for communicating with the server, realizing bidirectional identity verification between the server and the field device, MD5/CRC verification of the OTA upgrade package, version management and the like, and may include the trackside device system upgrade apparatus according to the above embodiments. The train control system equipment is computer equipment needing to be upgraded, namely equipment of a safety control system in the trackside equipment.
The server, the communication controller and the train control system device in fig. 4 can realize bidirectional identity verification between the server and the field device, downloading of the OTA upgrade package, MD5/CRC verification of the OTA upgrade package, verification of the operation result of the OTA upgrade package, upgrading of a safety control system in the trackside device and the like through mutual information transmission and internal operation.
As a further aspect of the present invention, the present embodiment provides an electronic device according to the above embodiments, where the electronic device includes a memory, a processor, and a program or an instruction stored in the memory and executable on the processor, and when the processor executes the program or the instruction, the steps of the trackside device system upgrade method according to the above embodiments are implemented.
Further, the electronic device of the present invention may further include a communication interface and a bus. Referring to fig. 5, an entity structure diagram of the electronic device provided by the present invention includes: at least one memory 501, at least one processor 502, a communication interface 503, and a bus 504.
The memory 501, the processor 502 and the communication interface 503 complete mutual communication through the bus 504, and the communication interface 503 is used for information transmission between the electronic equipment and safety control system equipment in the trackside equipment; the memory 501 stores a program or instructions that can be executed on the processor 502, and when the processor 502 executes the program or instructions, the steps of the trackside equipment system upgrade method according to the above embodiments are implemented.
It is understood that the electronic device at least comprises a memory 501, a processor 502, a communication interface 503 and a bus 504, and the memory 501, the processor 502 and the communication interface 503 are connected in communication with each other through the bus 504, and can complete communication with each other, for example, the processor 502 reads program instructions of the trackside device system upgrade method from the memory 501. In addition, the communication interface 503 may also implement communication connection between the electronic device and a security control system device in the trackside device, and may complete mutual information transmission, for example, implement writing in an OTA upgrade package through the communication interface 503.
When the electronic device is running, the processor 502 calls the program instructions in the memory 501 to perform the methods provided by the above-described method embodiments, including for example: acquiring real state data of an operation process acquired by an existing program of a safety control system in the trackside equipment, and calculating the real state data by using the existing program to acquire a reference result; running an OTA upgrade package acquired by a safety control system in the trackside equipment by adopting a shadow mode, and calculating the real state data by utilizing a running program of the OTA upgrade package to acquire a result to be verified; and verifying the result to be verified by using the reference result, and replacing the existing file of the safety control system in the trackside equipment by using the OTA upgrade package when the verified result meets the preset standard so as to realize OTA upgrade of the safety control system in the trackside equipment and the like.
The program instructions in the memory 501 may be implemented in the form of software functional units and may be stored in a computer readable storage medium when sold or used as a stand-alone product. Alternatively, all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, where the program may be stored in a computer-readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The present invention further provides a non-transitory computer-readable storage medium according to the above embodiments, on which a program or instructions are stored, and when the program or instructions are executed by a computer, the program or instructions implement the steps of the trackside equipment system upgrading method according to the above embodiments, for example, the method includes: acquiring real state data of an operation process acquired by an existing program of a safety control system in the trackside equipment, and calculating the real state data by using the existing program to acquire a reference result; running an OTA upgrade package acquired by a safety control system in the trackside equipment by adopting a shadow mode, and calculating the real state data by utilizing a running program of the OTA upgrade package to acquire a result to be verified; and verifying the result to be verified by using the reference result, and replacing the existing file of the safety control system in the trackside equipment by using the OTA upgrade package when the verified result meets the preset standard so as to realize OTA upgrade of the safety control system in the trackside equipment and the like.
As a further aspect of the present invention, the present embodiment further provides a computer program product according to the above embodiments, the computer program product comprising a computer program stored on a non-transitory computer-readable storage medium, the computer program comprising program instructions, which when executed by a computer, enable the computer to perform the trackside device system upgrade method provided by the above method embodiments, the method comprising: acquiring real state data of an operation process acquired by an existing program of a safety control system in the trackside equipment, and calculating the real state data by using the existing program to acquire a reference result; running an OTA upgrade package acquired by a safety control system in the trackside equipment by adopting a shadow mode, and calculating the real state data by utilizing a running program of the OTA upgrade package to acquire a result to be verified; and verifying the result to be verified by using the reference result, and replacing the existing file of the safety control system in the trackside equipment by using the OTA upgrade package when the verified result meets the preset standard so as to realize OTA upgrade of the safety control system in the trackside equipment.
By executing the steps of the trackside device system upgrading method described in each embodiment, the upgrading process is not executed immediately after the application software is downloaded, but the downloaded application software is monitored by using the existing application and real data after multiple times of input data and output results, and the downloaded application software is confirmed to be correctly executed, so that the system software is upgraded, and the software to be upgraded can be ensured to be safe and reliable, thereby ensuring the continuous and safe operation of the device.
It is to be understood that the above-described embodiments of the apparatus, the electronic device and the storage medium are merely illustrative, and that elements described as separate components may or may not be physically separate, may be located in one place, or may be distributed on different network elements. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. Based on such understanding, the technical solutions mentioned above may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as a usb disk, a removable hard disk, a ROM, a RAM, a magnetic or optical disk, etc., and includes several instructions for causing a computer device (such as a personal computer, a server, or a network device, etc.) to execute the methods described in the method embodiments or some parts of the method embodiments.
In addition, it should be understood by those skilled in the art that the terms "comprises," "comprising," or any other variation thereof, in the specification of the present invention, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
In the description of the present invention, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description. Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. A trackside equipment system upgrading method is characterized by comprising the following steps:
acquiring real state data of an operation process acquired by an existing program of a safety control system in the trackside equipment, and calculating the real state data by using the existing program to acquire a reference result;
running an OTA upgrade package acquired by a safety control system in the trackside equipment by adopting a shadow mode, and calculating the real state data by utilizing a running program of the OTA upgrade package to acquire a result to be verified;
and verifying the result to be verified by using the reference result, and replacing the existing file of the safety control system in the trackside equipment by using the OTA upgrade package when the verified result meets the preset standard so as to realize OTA upgrade of the safety control system in the trackside equipment.
2. The trackside device system upgrade method according to claim 1, wherein the running the OTA upgrade package acquired for the security control system in the trackside device in the shadow mode comprises:
and caching the OTA upgrade package acquired from the server into a sandbox or sandbox calculated by the train control system equipment, and performing isolated execution by adopting the shadow mode.
3. The trackside equipment system upgrading method according to claim 1 or 2, wherein the real state data has a plurality of groups, and the verifying the result to be verified by using the reference result comprises:
for any group of real state data, determining the result of the verification by comparing the result to be verified obtained based on the real state data with the reference result, and after obtaining the result of the verification, switching to the next group of real state data, and executing the process of the comparison until the verification times reach the preset times;
the preset standard comprises the following steps: and the proportion of the verification passing results in the multiple verification results is not less than a preset threshold value.
4. The trackside device system upgrade method of claim 3, wherein caching the OTA upgrade package into a sandbox or sandbox computed by a train control system device comprises:
and performing MD5 and/or CRC check on the OTA upgrade package acquired from the server, and caching the OTA upgrade package passing the check into a sandbox or a sandbox calculated by the train control system equipment after the check result is passed.
5. The trackside device system upgrade method according to claim 1, 2 or 4, further comprising, before the running the OTA upgrade package obtained for a security control system in the trackside device in shadow mode:
the method comprises the steps of obtaining an upgrading instruction sent by a server, and sending identity authentication information to the server based on the upgrading instruction;
acquiring server identity information sent by the server after passing the authentication based on the identity authentication information, and performing server identity authentication based on the server identity information;
and after the server passes the identity authentication, the server acquires the name and the version number of the OTA upgrade package, and downloads the OTA upgrade package through a download link established by the server after the upgrade is confirmed based on the name and the version number and the version information of the existing file.
6. The trackside device system upgrade method of claim 1, wherein in the step of running an OTA upgrade package acquired for a security control system in the trackside device, further comprising:
and synchronously monitoring the operation process information of the OTA upgrade package, wherein the operation process information comprises one or more of computing resources occupied in the operation process, execution time, operation process and operation thread.
7. The trackside equipment system upgrade method of claim 6, further comprising:
if the verification result does not meet the preset standard, the reference result and the to-be-verified result are sent to a server control center so as to obtain result abnormal information confirmed by a worker based on the reference result and the to-be-verified result, and whether the OTA upgrade package is abnormal is confirmed based on the result abnormal information;
and/or the presence of a gas in the gas,
and sending the monitored running process information to the server control center to acquire running abnormal information identified by a worker based on the running process information, and confirming whether the running process of the OTA upgrade patch is abnormal or not based on the running abnormal information.
8. A trackside equipment system upgrading device, characterized by, includes:
the system comprises a first calculation module, a second calculation module and a third calculation module, wherein the first calculation module is used for acquiring actual state data of an operation process acquired by an existing program of a safety control system in the trackside equipment, and calculating the actual state data by using the existing program to acquire a reference result;
the second calculation module is used for operating an OTA upgrade package acquired by a safety control system in the trackside equipment in a shadow mode, calculating the real state data by using an operation program of the OTA upgrade package and acquiring a result to be checked;
and the verification upgrading module is used for verifying the result to be verified by using the reference result, and replacing the existing file of the safety control system in the trackside equipment by using the OTA upgrading packet when the verification result meets the preset standard so as to realize OTA upgrading of the safety control system in the trackside equipment.
9. An electronic device comprising a memory, a processor and a program or instructions stored on the memory and executable on the processor, wherein the processor, when executing the program or instructions, performs the steps of the trackside device system upgrade method according to any one of claims 1 to 7.
10. A non-transitory computer readable storage medium having stored thereon a program or instructions, wherein the program or instructions, when executed by a computer, implement the steps of the trackside equipment system upgrade method according to any one of claims 1 to 7.
CN202110706295.4A 2021-06-10 2021-06-24 Trackside equipment system upgrading method and device, electronic equipment and readable storage medium Pending CN113553078A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110646821 2021-06-10
CN2021106468212 2021-06-10

Publications (1)

Publication Number Publication Date
CN113553078A true CN113553078A (en) 2021-10-26

Family

ID=78130906

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110706295.4A Pending CN113553078A (en) 2021-06-10 2021-06-24 Trackside equipment system upgrading method and device, electronic equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN113553078A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114466098A (en) * 2022-01-19 2022-05-10 上海黑眸智能科技有限责任公司 OTA (over the air) upgrading method, system, equipment terminal and APP terminal based on APP interaction
CN114817900A (en) * 2022-06-24 2022-07-29 北京阿帕科蓝科技有限公司 Verification method and system for over-the-air download upgrade of vehicle master control system
WO2023124366A1 (en) * 2021-12-28 2023-07-06 上海淇玥信息技术有限公司 Shadow system-based feature comparison method and apparatus, and electronic device

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023124366A1 (en) * 2021-12-28 2023-07-06 上海淇玥信息技术有限公司 Shadow system-based feature comparison method and apparatus, and electronic device
CN114466098A (en) * 2022-01-19 2022-05-10 上海黑眸智能科技有限责任公司 OTA (over the air) upgrading method, system, equipment terminal and APP terminal based on APP interaction
CN114466098B (en) * 2022-01-19 2023-12-26 上海黑眸智能科技有限责任公司 OTA upgrading method, system, equipment end and APP end based on APP interaction
CN114817900A (en) * 2022-06-24 2022-07-29 北京阿帕科蓝科技有限公司 Verification method and system for over-the-air download upgrade of vehicle master control system

Similar Documents

Publication Publication Date Title
CN113553078A (en) Trackside equipment system upgrading method and device, electronic equipment and readable storage medium
CN108427632B (en) Automatic test method and device
Nourian et al. A systems theoretic approach to the security threats in cyber physical systems applied to stuxnet
CN110011848B (en) Mobile operation and maintenance auditing system
CN104461765B (en) The interlock system data accuracy detection method verified based on version
WO2013000439A1 (en) Method, device and security policy system for executing security policy script
CN105555638B (en) The software upgrading of non-critical component in the crucial distributed system of dual safety
CN110673993A (en) Fault injection method, platform and system
CN111124591B (en) Mirror image transmission method and device, electronic equipment and storage medium
CN114500039A (en) Instruction issuing method and system based on safety control
CN106997435A (en) A kind of method of operating system security prevention and control, apparatus and system
CN114116170A (en) Timed task execution method and device, computer equipment and storage medium
CN111459496B (en) Method for generating tamper-proof program file and method for upgrading equipment
CN114579473B (en) Application testing method, device, equipment and storage medium
CN106528248B (en) Downloading method and system of mobile terminal based on software integrity
CN115981687A (en) Firmware upgrading method, device, equipment and storage medium
KR101548364B1 (en) Method for automatic verification of correctness of api sequences, recording medium and device for performing the method
CN110198249B (en) Power distribution automation system testing method and system
CN113868628A (en) Signature verification method and device, computer equipment and storage medium
CN113297628A (en) Modification behavior auditing method, device, equipment and readable storage medium
CN114268624B (en) Version file transmission method and device and server
CN110311917A (en) Host measure and device
CN117494232B (en) Method, device, system, storage medium and electronic equipment for executing firmware
CN115639972B (en) Data migration method and device, electronic equipment and storage medium
CN117647965B (en) DCS controller trusted policy downloading method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20221212

Address after: 100070 Room 101, 1st Floor, Building 1, Traffic Control Building, Yard 3, Chengbei Street, Fengtai District, Beijing

Applicant after: TRAFFIC CONTROL TECHNOLOGY Co.,Ltd.

Applicant after: Beijing Infrastructure Investment Co.,Ltd.

Address before: No.2 and No.3 building, Beijing headquarters international, No.6 Haiying Road, science and Technology Park, Fengtai District, Beijing 100070

Applicant before: TRAFFIC CONTROL TECHNOLOGY Co.,Ltd.