CN202584231U - Highway toll collection network system having safety protection function - Google Patents
Highway toll collection network system having safety protection function Download PDFInfo
- Publication number
- CN202584231U CN202584231U CN 201220236548 CN201220236548U CN202584231U CN 202584231 U CN202584231 U CN 202584231U CN 201220236548 CN201220236548 CN 201220236548 CN 201220236548 U CN201220236548 U CN 201220236548U CN 202584231 U CN202584231 U CN 202584231U
- Authority
- CN
- China
- Prior art keywords
- center
- network
- branch
- charge station
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The utility model relates to a highway toll collection network system having a safety protection function. The highway toll collection network system having the safety protection function is a three-level toll collection network system composed of a toll collection information center provided with an information center server, a plurality of toll collection branch centers including branch center servers, and a plurality of toll stations connected with the toll collection branch centers. Each of the toll stations includes a lane industrial control unit and a toll station server. The highway toll collection network system having the safety protection function is characterized in that the toll collection information center, the toll collection branch centers and the toll stations are provided with an information center safety gateway connected with the information center server, branch center safety gateways connected with the branch center servers and toll station safety gateways connected with the toll station servers and the lane industrial control units respectively. The toll station safety gateways are connected with the branch center safety gateways respectively. The branch center safety gateways are connected with the information center safety gateway. The information center safety gateway is also connected with a network safety management workstation. The highway toll collection network system having the safety protection function provided by the utility model has advantages of controlling viruses, guaranteeing bandwidths of key services, authenticating network access of strange hosts and protecting data safety.
Description
Technical field
The utility model relates to the expressway tol lcollection network system, relates in particular to a kind of expressway tol lcollection network system with function of safety protection.
Background technology
At present the expressway tol lcollection network system is by the charge station that is distributed in each track, the charge branch center corresponding with the highway section and gather the pay imformation center three-level network formation of charging in all highway sections; Whole charging network system is based on the TCP/IP network interconnection, but with INTERNET net physical isolation.This network architecture has been stopped the hacker from external network invasion, altered data and make the threat of Fare Collection System paralysis, but still can't get rid of from the potential safety hazard of network internal, and especially virus outbreak illegally inserts with the main frame that has potential safety hazard.In case virus outbreak often causes charge station's cisco unity malfunction, thereby can cause the problem that charging aperture is delayed unloading, and because expressway tol lcollection network system scale is big, website distributes wide, and often the short time can't effectively solve.Especially along with the offering of ETC (Electronic Toll Collection) no-stop charging system, the safe operation of expressway tol lcollection network system more becomes problem anxious to be solved.
Fig. 1 illustrates the structured flowchart of existing expressway tol lcollection network system.As shown in Figure 1, in the expressway tol lcollection network system, be provided with the pay imformation center C that comprises information center's server and connected information center switch; The pay imformation center C connects P charge branch center B1-Bp; Each branch center B1-Bp that charges comprises branch center server and connected branch center switch respectively; Each branch center B1-Bp that charges connects some subordinaties charge station respectively; As n the A11-A1n of subordinate charge station of branch center B1 connection that charge, charge branch center Bp connects m the AP1-APm of subordinate charge station, and each charge station comprises track industry control unit, charge station's server and the charge station's switch that is provided with a plurality of tracks industrial computer respectively; The track industry control unit of each charge station and charge station's server connect charge station's switch of this charge station respectively; Each charge station's switch connects the branch center switch of the charge branch center that is subordinate to respectively through charge station's level communication link 10, each branch center switch is respectively through information center's level communication link 20 and information center's switch link information central server.Charge branch center industrial computer quantity in charge station's quantity that comprises and industry control unit among the figure between charge branch center B1 and charge branch center Bp was incomplete same, other structures were identical, omit among the figure, and this does not detail.The track industrial computer is as the expressway network toll terminal in above-mentioned charging network system, and charge station's server is used to receive the data that each track industrial computer is uploaded, and data queue is transmitted to branch center server and information center's server; The branch center server is used to receive data that charge station's server uploads and these highway section data is carried out tabulate statistics, generates form; Information center's server be used to receive data that charge station's server uploads and to the system-wide netting index according to splitting, tabulate statistics also generates form.Charge station's level communication link is the communication link that the transmission data are used between each charge station and the branch center; Information center's level communication link is the communication link that the transmission data are used between each branch center and the information center, and the bandwidth that its bandwidth is compared charge station's level communication link is high.
The subject matter of highway tolling system is the access control policy that exists following potential safety hazard: ⑴ in the whole network, to have no at present, and any main frame in the network all can have access to any resource of the whole network, and data do not have security.⑵ the COM1 all-round opening of All hosts in the whole network in case there be a certain main frame to receive virus infections, can arrive any other main frames easily through network, and hide, and irregularly outburst causes uncontrollable serious consequence.⑶ the network bandwidth is uncontrollable, in case virus or wooden horse outburst are arranged in the network, can produce than the macroreticular flow, and network is resulted in blockage, and influences the normal transmission of charge data.⑷ get into the network lack of identity authentication to strange main frame; Like network maintenance staff, applicating maintenance personnel in the process of using notebook personal computer's access network; Only need an IP address to get final product; The access strategy that has no other does not carry out detections such as authentication or the antivirus software of installation provision " whether " to the main frame that be about to insert the charge net.
Along with the fast development of network has brought new security threat and to managerial challenge, according to the numerous network users' demand, new security architecture and Network Security Device also arise at the historic moment.Security gateway reaches its network security workstation that carries out policy configurations and system maintenance has been applied in the multiple network environment such as telecommunications, finance and enterprise at present.Security gateway carries out policy control through the network security workstation to it, has main-machine communication port access control function in the transmission interface access control function, network, network bandwidth control function and to the safety inspection of network insertion main frame and force the access function.If can this MP be introduced the expressway tol lcollection network system, will thoroughly solve the potential safety hazard of highway tolling system, for the normal operation of highway provides reliable assurance.
The utility model content
The fundamental purpose of the utility model is to the problems referred to above; On the basis of existing expressway tol lcollection network system, improve; The security protection facility is set respectively in the three-level network layer; Provide a kind of expressway tol lcollection network system, thoroughly solve the potential safety hazard of highway tolling system, for the normal operation of highway provides reliable assurance with function of safety protection.
The utility model solves the technical scheme that its technical matters adopted:
A kind of expressway tol lcollection network system with function of safety protection; Be three grades of charging network systems of the some charges branch center that comprises the branch center server respectively that one comprises the pay imformation center that is provided with information center's server from top to bottom, be connected through information center's level communication link with said pay imformation center and some charge stations of being connected through charge station's level communication link with each branch center of charging; Wherein, each charge station comprises track industry control unit and the charge station's server that is provided with a plurality of tracks industrial computer; It is characterized in that being provided with the information center's security gateway that is connected with the information center server at the pay imformation center; In the charge branch center branch center security gateway that is connected with the branch center server is set; The charge station's security gateway that is connected with each track industrial computer of this charge station's server and track industry control unit respectively is set in each charge station; Each charge station's security gateway connects each the branch center security gateway that is subordinate to through charge station's level communication link respectively; Each branch center security gateway is through information center's level communication link link information center security gateway, and information center's security gateway also connects the network security management workstation.
Said network security management workstation comprises private network network interface card, the management control module and the data acquisition module that are connected with the private network network interface card respectively, and data acquisition module also connects data disaply moudle.
The beneficial effect of the utility model is: will have now and divide the pay imformation center switch, charge branch center switch and the charge station's switch that are located in the three-level network layer to replace to information center's security gateway, branch center security gateway and charge station's security gateway respectively in the expressway tol lcollection network system; And set up the network security management workstation; Thus; ⑴ make each chassis road industrial computer of charge station on charge station's security gateway, set the independent transmission interface, can forbid exchanging visits, even there is a certain chassis road industrial computer to poison; Can not have influence on other track industrial computer yet; Prevent virus spread, be controlled at virus among a small circle in, also guaranteed the system data security.⑵ through the strategy setting of charge station's security gateway; Make the only open required COM1 of charge operation of track industrial computer; Remaining COM1 is forbidden visit; Each branch center server and track industrial computer are isolated, effectively reduced the risk that virus is propagated to the branch center server, greatly reduce the possibility that the track industrial computer becomes viral source.⑶ big flow can occur happening suddenly for a long time when facing virus outbreak, causes network blockage, the present situation of the charge operation that influence is crucial; Setting through security gateway in the network layers at different levels; Can reserve enough bandwidth to key business, realize the key business bandwidth safeguard, like this; Can guarantee that also crucial charge operation normally moves even the big flow of the virus of burst occurs, thereby reliable assurance is provided for the normal operation of highway.⑷ strange main frame gets into network needs authentication, at first detects and inserts the I P scope whether IP address that main frame is provided with allows at strategy, if not in scope then the disable access Internet resources; Detect the access main frame more whether the anti-virus software of appointment is housed, if do not have then the disable access Internet resources.Any resource of the equipment of access authentication in without exception can not accesses network not, thus the safety of network data guaranteed.
Description of drawings
Fig. 1 is existing expressway tol lcollection network architecture block diagram;
Fig. 2 is the expressway tol lcollection network architecture block diagram with function of safety protection that the utility model provides;
Fig. 3 is the structured flowchart of network security management workstation among Fig. 2.
Among the figure:
10. charge station's level communication link, 20. information center's level communication links,
A11-A1n, AP1-APm, A11 '-A1n ', AP1 '-APm '. charge station,
B1-Bp, B1 '-Bp '. the charge branch center,
C, C '. the pay imformation center.
Embodiment
Below in conjunction with accompanying drawing and embodiment the utility model is specified.
Fig. 2~Fig. 3 illustrates a kind of expressway tol lcollection network system with function of safety protection; In the present embodiment; P among Fig. 2 is 8; N is 9, and m is 6, and also promptly this charging network system is three grades of charging network systems of the some charge stations that comprise 8 charge branch center B1 '-B8 ' respectively and be connected through charge station's level communication link 10 with each branch center B1 '-B8 ' that charges that one comprise the pay imformation center C ' that is provided with information center's server from top to bottom, be connected through information center's level communication link 20 with said pay imformation center C '; In this example; 9 A11 of charge station '-A19 ' of charge branch center B1 ' subordinate, 6 A81 of charge station '-A86 ' of charge branch center B8 ' subordinate comprise the track industry control unit and the charge station's server that are provided with a plurality of tracks industrial computer respectively in each charge station; Charge branch center B1 ' and charge 6 charge branch center B2 '-B6 ' between the B8 ' of branch center and charge branch center B1 ', B8 ' industrial computer quantity in charge station's quantity that comprises and track industry control unit are incomplete same; Other structures are identical, omit among the figure, and this does not detail.The utility model is characterised in that at pay imformation center C ' the information center's security gateway that is connected with the information center server is set; In 8 charge branch center B1 '-B8 ', the branch center security gateway that is connected with each branch center server is set respectively; The charge station's security gateway that is connected with each industrial computer of this charge station's server and track industry control unit respectively is set in each charge station; Each charge station's security gateway connects each the branch center security gateway that is subordinate to through charge station's level communication link 10 respectively; Each branch center security gateway is through information center's level communication link 20 link information center security gateways, and information center's security gateway also connects the network security management workstation.
Owing to be separately positioned on the terminal quantity difference that information center's security gateway, branch center security gateway and charge station's security gateway in above-mentioned pay imformation center, charge branch center and the charge station's three-level network layer are comprised; In order to guarantee the stable and reliable operation of security gateways at different levels; Difference to some extent on the interstitial content of equipment performance, support and data throughout when selecting device type; The security gateway major parameter of being selected for use is described below: charge station's security gateway has adopted multinuclear security gateway SG-6000-M3100 of new generation; Its firewall throughput is 1Gbps, and maximum concurrent connection (standard configuration/maximum) is respectively 4,0/1,000,000, and the anti-virus handling capacity is 70Mbps.The branch center security gateway has adopted multinuclear security gateway SG-6000-G2110 of new generation, and its firewall throughput is 2Gbps, and maximum concurrent connection (standard configuration/maximum) is respectively 10,0/2,000,000, and the anti-virus handling capacity is 250Mbps.Information center's security gateway has adopted multinuclear security gateway SG-6000-G2120 of new generation, and its firewall throughput is 4Gbps, and maximum concurrent connection (standard configuration/maximum) is respectively 10,0/2,000,000, and the anti-virus handling capacity is 350Mbps.The major function of above-mentioned charge station security gateway, branch center security gateway and information center's security gateway is the access rights and the open port of main frame in the limiting network; Filter virus; Network traffics are monitored; Guarantee the required network bandwidth of regular traffic, and the main frame that inserts is carried out safety inspection and forces access.
Above-mentioned network security management workstation has adopted the IBM workstation, installed with above-mentioned three-level network layer in the safety management system of security gateway coupling each security gateway is kept watch on and is managed.Fig. 3 illustrates the structure of network security management workstation, comprises private network network interface card, the management control module and the data acquisition module that are connected with the private network network interface card respectively, and data acquisition module also connects data disaply moudle.Information center's security gateway connects data acquisition module and management control module through the private network network interface card; Data acquisition module is responsible for Information Monitoring; Receive security gateway is uploaded in the above-mentioned network layer at different levels data and and then send data disaply moudle to; Show through the mode of data disaply moudle, make things convenient for the user to carry out data statistics intuitively and check equipment state with graphic interface.Management control module is responsible for the security gateway in the network layers at different levels in the network is carried out policy configurations and system maintenance; Access strategy to the main frame of access network is: ⑴ detects and inserts the IP scope whether IP address that main frame is provided with allows at strategy, if the IP scope that does not allow at strategy then disable access Internet resources.⑵ detect the access main frame whether the anti-virus software of appointment be housed, if do not have then the disable access Internet resources., in the process of using notebook personal computer's access network, need carry out above-mentioned authentication and just can get permission to get into network, thereby guarantee the safety of network data network maintenance staff, applicating maintenance personnel.
The track industrial computer is as the expressway network toll terminal in above-mentioned charging network system, and charge station's server is used to receive the data that each track industrial computer is uploaded, and data queue is transmitted to branch center server and information center's server; The branch center server is used to receive data that charge station's server uploads and these highway section data is carried out tabulate statistics, generates form; Information center's server be used to receive data that charge station's server uploads and to the system-wide netting index according to splitting, tabulate statistics also generates form.Charge station's level communication link is the communication link that the transmission data are used between each charge station and the branch center; Information center's level communication link is the communication link that the transmission data are used between each branch center and the information center, and the bandwidth that its bandwidth is compared charge station's level communication link is high.
Branch center B1 ' is an example with charge; During work; After track industrial computer in the track industry control unit of each A11 of charge station '-A19 ' of its subordinate produces charge data; Be uploaded to charge station's server to data respectively through charge station's security gateway; Charge station's server will be from the data queue of each track industrial computer; Then, lead up to charge station's security gateway, charge station's level communication link 10 and branch center security gateway with the branch center server of data forwarding to charge branch center B1 ', another road is given information center's server through charge station's security gateway, charge station's level communication link 10, branch center security gateway, information center's level communication link 20 and information center's security gateway with data forwarding.The course of work of 7 charges of in the charging network system all the other branch center B2 '-B8 ' is identical with charge branch center B1 ', divides two-way to be transmitted to branch center server and information center's server separately respectively data.Each branch center server is used to receive data that charge station's server uploads and these highway section data is carried out tabulate statistics, generates form; Information center's server be used to receive data that charge station's server uploads and to the system-wide netting index according to splitting, tabulate statistics also generates form.The network security management workstation will receive data through the private network network interface card and send data acquisition module to and show through the mode of data disaply moudle with graphic interface, make things convenient for the user to carry out data statistics intuitively and check equipment state; And the security gateway in the network layers at different levels in the network is carried out policy configurations and system maintenance through management control module.The switch in the network layers at different levels will replace with security gateway in the expressway tol lcollection network system owing to having now; Through the network security workstation charge station's security gateway, branch center security gateway and information center's security gateway are carried out policy control, realized that main-machine communication port access control function, network bandwidth control function reach the safety inspection of network insertion main frame and pressure access function in transmission interface access control function, the network.
Above content is not that structure, shape to the utility model done any pro forma restriction.Every technical spirit according to the utility model all still belongs in the scope of the utility model technical scheme any simple modification, equivalent variations and modification that above embodiment did.
Claims (2)
1. expressway tol lcollection network system with function of safety protection; Be three grades of charging network systems of the some charges branch center that comprises the branch center server respectively that one comprises the pay imformation center that is provided with information center's server from top to bottom, be connected through information center's level communication link with said pay imformation center and some charge stations of being connected through charge station's level communication link with each branch center of charging; Wherein, each charge station comprises track industry control unit and the charge station's server that is provided with a plurality of tracks industrial computer; It is characterized in that being provided with the information center's security gateway that is connected with the information center server at the pay imformation center; In the charge branch center branch center security gateway that is connected with the branch center server is set; The charge station's security gateway that is connected with each track industrial computer of this charge station's server and track industry control unit respectively is set in each charge station; Each charge station's security gateway connects each the branch center security gateway that is subordinate to through charge station's level communication link respectively; Each branch center security gateway is through information center's level communication link link information center security gateway, and information center's security gateway also connects the network security management workstation.
2. the expressway tol lcollection network system with function of safety protection according to claim 1; It is characterized in that said network security management workstation comprises private network network interface card, the management control module and the data acquisition module that are connected with the private network network interface card respectively, data acquisition module also connects data disaply moudle.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201220236548 CN202584231U (en) | 2012-05-23 | 2012-05-23 | Highway toll collection network system having safety protection function |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201220236548 CN202584231U (en) | 2012-05-23 | 2012-05-23 | Highway toll collection network system having safety protection function |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN202584231U true CN202584231U (en) | 2012-12-05 |
Family
ID=47253621
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201220236548 Expired - Fee Related CN202584231U (en) | 2012-05-23 | 2012-05-23 | Highway toll collection network system having safety protection function |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN202584231U (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113284267A (en) * | 2021-05-27 | 2021-08-20 | 中远海运科技股份有限公司 | Expressway networking charging system |
-
2012
- 2012-05-23 CN CN 201220236548 patent/CN202584231U/en not_active Expired - Fee Related
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113284267A (en) * | 2021-05-27 | 2021-08-20 | 中远海运科技股份有限公司 | Expressway networking charging system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102724189B (en) | A kind of method and device controlling user URL access | |
| US20120005724A1 (en) | Method and system for protecting private enterprise resources in a cloud computing environment | |
| CN100486180C (en) | Local network safety management method based on IEEE 802.1X protocol | |
| CN104917776A (en) | Industrial control network safety protection equipment and industrial control network safety protection method | |
| CN103283202A (en) | System and method for network level protection against malicious software | |
| CN106992984A (en) | A kind of method of the mobile terminal safety access information Intranet based on electric power acquisition net | |
| CN105490831A (en) | Internet data center/Internet service provider (IDC/ISP) information security management system and information management method thereof | |
| Iyengar et al. | A multilevel thrust filtration defending mechanism against DDoS attacks in cloud computing environment | |
| CN109165508A (en) | A kind of external device access safety control system and its control method | |
| CN100539499C (en) | A kind of safe star-shape local network computer system | |
| CN105531679A (en) | Anomaly detection on web client | |
| Haque et al. | DDoS attack monitoring using smart controller placement in software defined networking architecture | |
| CN104753952A (en) | Intrusion detection and analysis system on basis of service data flow of virtual machines | |
| CN106559399A (en) | A kind of the Internet mobile terminal synthesis managing and control system | |
| CN105516189A (en) | Network security enforcement system and method based on big data platform | |
| CN109495448A (en) | Information safety system based on nuclear power emergency flight control | |
| Hamad et al. | Red-Zone: Towards an Intrusion Response Framework for Intra-vehicle System. | |
| Sukiasyan et al. | Secure data exchange in Industrial Internet of Things | |
| CN202584231U (en) | Highway toll collection network system having safety protection function | |
| Wang | Full‐scene network security protection system based on ubiquitous power Internet of things | |
| CN111262815A (en) | Virtual host management system | |
| Odarchenko et al. | 5G Networks Cyberincidents Monitoring System for Drone Communications | |
| CN103441882A (en) | Remote management method for internet access | |
| CN102970188B (en) | A kind of 110kV digital transformer substation secure network | |
| CN201707676U (en) | Virtualized enterprise information management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121205 Termination date: 20130523 |