[go: up one dir, main page]

CN110166491A - Transmission system and transmission method between railway intranet server and external network server - Google Patents

Transmission system and transmission method between railway intranet server and external network server Download PDF

Info

Publication number
CN110166491A
CN110166491A CN201910558594.0A CN201910558594A CN110166491A CN 110166491 A CN110166491 A CN 110166491A CN 201910558594 A CN201910558594 A CN 201910558594A CN 110166491 A CN110166491 A CN 110166491A
Authority
CN
China
Prior art keywords
data
transmission
external network
server
network server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910558594.0A
Other languages
Chinese (zh)
Inventor
杨海波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SHENZHEN SUPURUI TECHNOLOGY Co Ltd
Original Assignee
SHENZHEN SUPURUI TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SHENZHEN SUPURUI TECHNOLOGY Co Ltd filed Critical SHENZHEN SUPURUI TECHNOLOGY Co Ltd
Priority to CN201910558594.0A priority Critical patent/CN110166491A/en
Publication of CN110166491A publication Critical patent/CN110166491A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention relates to the transmitting device and transmission method between a kind of railway intranet server and external network server, at least two RS232 transmission lines are connected between intranet server and external network server;The transmission of intranet server includes the following steps that A1, encryption initial data obtain MD5 code;A2, segmentation data packet are simultaneously numbered respectively;A3, each data packet is sent to outer net by each RS232 transmission line respectively;The transmission of external network server is the following steps are included: B1, received data packet, and CRC check;B2, all data packets of verifying finish receiving;B3, verification MD5 code;B4, decrypted data packet;B5, valid data are saved.Transmission method uses serial ports either simplex transmission mode, it ensure that data flow from physical layer, guarantee the one-way of network, intranet server is flowed to from internet external network server so not having data, it fundamentally ensure that virus or hacker attack cannot enter in Intranet from internet, data segmentation transmission, will not be stolen data.

Description

Transmission system and transmission method between railway intranet server and external network server
Technical field
The present invention relates to field of network transmission, more specifically to a kind of railway intranet server and external network server Between Transmission system and transmission method.
Background technique
In railway systems, network security requirement is very high, and same terminal device is forbidden accessing Intranet and internet simultaneously, Prevent internet poisoning intrusion and hacker attack.The daily most business of railway are completed in Intranet, when Along Railway When maintenance personal needs to send command centre for real time data, then need to complete by internet.So intranet server It needs to send the data such as some basic informations, instruction message to Internet Server, provides basis for the terminal in internet and match It sets and real-time command.This just has the demand of Intranet and internet communication, and for the requirement of network security, this communication can only be Simplex communication from Intranet to internet, with this come guarantee virus or hacker attack cannot be entered in Intranet from internet.
Currently, ICP/IP protocol is mostly used, between Intranet and internet when realizing Intranet and internet communication in industry Increase firewall, antivirus software etc. is installed on the server, these preventive means can isolate the virus and attack of the overwhelming majority.
Data on network are transmitted as unit of wrapping, can be comprising some specific in each data packet Information, such as source address, destination address, source port number and the destination port number of data.Firewall passes through in read data packet Whether address information comes from network trusty to judge that these are wrapped, and is compared with preset access control rule, And then determine whether that handling and operation need to be carried out to data packet.Packet Filtering can prevent external illegal user to intranet The access of network, but the particular content due to being unable to detection data packet, so cannot identify the data packet with illegal contents, it can not Implement the safe handling to application layer protocol.
Network ip address conversion is a kind of technology for converting private IP address to public network IP address, it is widely used in In various types of networks and internet.On the one hand network ip address conversion can hide the real IP address of internal network, make interior Direct attack of portion's network from hacker.
Application level gateway can check the data packet of disengaging, replicate transmitting data by gateway, prevent in trust service It directly establishes and contacts between device and client computer and not trusted host.Application level gateway is it will be appreciated that agreement in application layer, energy More complex access control is enough done, and does fine registration and checks.It is counted for special network english teaching agreement According to filtering protocol, and to data packet analysis and relevant report can be formed.
Firewall is a link in network link, if suffering from the targeted attacks of hacker, firewall is inherently In the presence of the risk being broken, and intranet server and firewall cannot network, and the needs such as software, set of strategies update manually, Cannot in time, be effectively prevented newest network attack, the use of firewall, it is necessary to open certain strategies are to guarantee service It runs well, if hacker is attacked by these legal strategies, tends not to protect.So using firewall come The validity it cannot be guaranteed that 100% is isolated with internet in progress Intranet.
Safety problem is thoroughly solved, then needs to disconnect TCP/IP network link, uses other way instead to complete data and pass It is defeated, since the data volume that intranet server is sent toward Internet Server on railway is smaller, and it is the demand of either simplex, then can adopts Data security transmission is realized with RS232.
Summary of the invention
The technical problem to be solved in the present invention is that providing the biography between a kind of railway intranet server and external network server Defeated system and transmission method.
The technical solution adopted by the present invention to solve the technical problems is: constructing a kind of railway intranet server and outer net takes Transmission method between business device, is connected at least two RS232 transmission lines between the intranet server and external network server;
The transmission of the intranet server includes the following steps,
A1, encryption initial data, obtain MD5 code;
A2, segmentation data packet are simultaneously numbered respectively;
A3, each data packet is sent to the outer net by each RS232 transmission line respectively;
The transmission of the external network server the following steps are included:
B1, received data packet, and CRC check;
B2, all data packets of verifying finish receiving;
B3, verification MD5 code;
B4, decrypted data packet;
B5, valid data are saved.
Preferably, in the step A2, divide by the quantity of the RS232 transmission line.
Preferably, in the step A3, the filling data pack protocol head in each data packet, including MD5 code, data block are total The information such as amount, first data packet length, last data packet length, send first data packet;Check bit, hair are added for each data packet Send all data packets.
Preferably, the Intranet is further comprising the steps of:
Whether A4, the service of judging terminate, if so, terminating transmission, if it is not, returning to the step A1, recycle the step A1 To step A4, next data is sent.
Preferably, in the step B5, further includes: abandon repeated data.
Preferably, the outer net further include step B6, judge service whether terminate, if so, terminate receive, if it is not, circulation The step B1 to B6, receives next data.
Preferably, the step B1, if verification of data fails, is abandoned, and go to the step B6 into B4.
A kind of Transmission system between railway intranet server and external network server, including intranet server, outer net service Device and at least two RS232 transmission lines being connected between the intranet server and external network server;
The intranet server and external network server use the described in any item transmission methods of claim 1 to 7.
Preferably, the RS232 transmission line is made of tri- transmission data, reception data, GND lines, when data are sent, Transmission data line in the intranet server is docked with the reception data line in the external network server, then by the GND at both ends Docking.
Implement the Transmission system and transmission method between railway intranet server and external network server of the invention, have with Down the utility model has the advantages that transmission method uses serial ports either simplex transmission mode, it ensure that data flow from physical layer, guarantee the list of network Tropism flows to intranet server from internet external network server so not having data, fundamentally ensure that virus or hacker Attack cannot enter in Intranet from internet, and data segmentation transmission, will not be stolen data.
Detailed description of the invention
Present invention will be further explained below with reference to the attached drawings and examples, in attached drawing:
Fig. 1 is the transmission flow diagram of the intranet server in the embodiment of the present invention;
Fig. 2 is the transmission flow diagram of the external network server in the embodiment of the present invention.
Specific embodiment
For a clearer understanding of the technical characteristics, objects and effects of the present invention, now control attached drawing is described in detail A specific embodiment of the invention.
As shown in Figure 1 and Figure 2, the railway intranet server in a preferred embodiment of the invention and between external network server Transmission system include intranet server, external network server and be connected between intranet server and external network server two Root RS232 transmission line, RS232 transmission line can also be more, depending on the size of data of transmission.
RS232 transmission line is by transmission data (Transmitted data-TxD), reception data (Receiveddata- RxD), tri- line compositions of GND, the reception sent in data line and external network server when data are sent, in intranet server Data line docking, then the GND at both ends is docked, then Intranet may be implemented and transmitted to the either simplex data of internet.RS232 interface One of communication interface on people's computer, by Electronic Industries Association (Electronic Industries Association, EIA) prepared asynchronous transmission standard interface.Usual RS-232 interface is with 9 pins (DB-9) or 25 pins (DB-25) Kenel occur, have two groups of RS-232 interfaces in general personal computer, be referred to as COM1 and COM2.
The transmission of intranet server the following steps are included:
A1, encryption initial data, obtain MD5 code;
A2, segmentation data packet are simultaneously numbered respectively;
A3, each data packet is sent to outer net by each RS232 transmission line respectively;
MD in MD5 represents Message Digest, is exactly the meaning of informative abstract, this informative abstract is not in information The abbreviation of appearance, but one 128 (bit) spy obtained after mathematic(al) manipulation is carried out to prime information according to disclosed MD5 algorithm Levy code.
In step A2, divide by the quantity of RS232 transmission line.It in other embodiments, can also be big by specific data packet It is small to be split.
In step A3, data pack protocol head, including MD5 code, data block total amount, first data packet are filled in each data packet The information such as length, last data packet length, send first data packet;Check bit is added for each data packet, sends all data Packet.
Further, Intranet is further comprising the steps of:
Whether A4, the service of judging terminate, if so, terminate transmission, if it is not, return step A1, circulation step A1 be to step A4, Send next data.
In some embodiments, external network server transmission the following steps are included:
B1, received data packet, and CRC check;
B2, all data packets of verifying finish receiving;
B3, verification MD5 code;
B4, decrypted data packet;
B5, valid data are saved.
This transmission method uses serial ports either simplex transmission mode, ensure that data flow from physical layer, guarantees the list of network Tropism flows to intranet server from internet external network server so not having data, fundamentally ensure that virus or hacker Attack cannot enter in Intranet from internet, and data segmentation transmission, will not be stolen data.In the method, every set serial ports Equipment cost is about 200 yuan, far below the cost of network firewall.In the higher ranked industry of railway or other network requirements It is interior, and Intranet needs unidirectionally to send a small amount of data into internet, can use this method.
In step B5, further includes: abandon repeated data, avoid storage hash occupied space.
Further, outer net further include step B6, judge service whether terminate, if so, terminate receive, if it is not, circulation step Rapid B1 to B6, receives next data.
Step B1, if verification of data fails, is abandoned, and go to step B6 into B4.
Transmission method in the present invention ensure that the safety of data, improve transmission speed.
It is to be appreciated that above-mentioned each technical characteristic can be used in any combination and unrestricted.
The above description is only an embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills Art field, is included within the scope of the present invention.

Claims (9)

1. the transmission method between a kind of railway intranet server and external network server, which is characterized in that the intranet server At least two RS232 transmission lines are connected between external network server,
The transmission of the intranet server includes the following steps,
A1, encryption initial data, obtain MD5 code;
A2, segmentation data packet are simultaneously numbered respectively;
A3, each data packet is sent to the outer net by each RS232 transmission line respectively;
The transmission of the external network server the following steps are included:
B1, received data packet, and CRC check;
B2, all data packets of verifying finish receiving;
B3, verification MD5 code;
B4, decrypted data packet;
B5, valid data are saved.
2. the transmission method between railway intranet server according to claim 1 and external network server, which is characterized in that In the step A2, divide by the quantity of the RS232 transmission line.
3. the transmission method between railway intranet server according to claim 1 and external network server, which is characterized in that In the step A3, in each data packet fill data pack protocol head, including MD5 code, data block total amount, head data packet length, The information such as last data packet length send first data packet;Check bit is added for each data packet, sends all data packets.
4. the transmission method between railway intranet server according to any one of claims 1 to 3 and external network server, It is characterized in that, the Intranet is further comprising the steps of:
Whether A4, the service of judging terminate, if so, terminating transmission, if it is not, returning to the step A1, recycle the step A1 to step Rapid A4 sends next data.
5. the transmission method between railway intranet server according to claim 1 and external network server, which is characterized in that In the step B5, further includes: abandon repeated data.
6. the transmission method between railway intranet server according to claim 5 and external network server, which is characterized in that The outer net further includes whether step B6, the service of judging terminate, if so, terminate to receive, if it is not, recycle the step B1 to B6, Receive next data.
7. the transmission method between railway intranet server according to claim 6 and external network server, which is characterized in that The step B1, if verification of data fails, is abandoned, and go to the step B6 into B4.
8. the Transmission system between a kind of railway intranet server and external network server, which is characterized in that including intranet server, External network server and at least two RS232 transmission lines being connected between the intranet server and external network server;
The intranet server and external network server use the described in any item transmission methods of claim 1 to 7.
9. the Transmission system between railway intranet server according to claim 8 and external network server, which is characterized in that The RS232 transmission line is made of tri- transmission data, reception data, GND lines, when data are sent, the intranet server On transmission data line docked with the reception data line in the external network server, then the GND at both ends is docked.
CN201910558594.0A 2019-06-26 2019-06-26 Transmission system and transmission method between railway intranet server and external network server Pending CN110166491A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910558594.0A CN110166491A (en) 2019-06-26 2019-06-26 Transmission system and transmission method between railway intranet server and external network server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910558594.0A CN110166491A (en) 2019-06-26 2019-06-26 Transmission system and transmission method between railway intranet server and external network server

Publications (1)

Publication Number Publication Date
CN110166491A true CN110166491A (en) 2019-08-23

Family

ID=67625641

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910558594.0A Pending CN110166491A (en) 2019-06-26 2019-06-26 Transmission system and transmission method between railway intranet server and external network server

Country Status (1)

Country Link
CN (1) CN110166491A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060191004A1 (en) * 2005-01-28 2006-08-24 Fabien Alcouffe Secured one-way interconnection system
CN103023630A (en) * 2013-01-11 2013-04-03 中国人民解放军国防科学技术大学 Method for hiding information of speech stream on basis of speech coding by pulse code modulation
CN108566284A (en) * 2017-11-25 2018-09-21 广东惠利普路桥信息工程有限公司 A kind of collecting method for MES

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060191004A1 (en) * 2005-01-28 2006-08-24 Fabien Alcouffe Secured one-way interconnection system
CN103023630A (en) * 2013-01-11 2013-04-03 中国人民解放军国防科学技术大学 Method for hiding information of speech stream on basis of speech coding by pulse code modulation
CN108566284A (en) * 2017-11-25 2018-09-21 广东惠利普路桥信息工程有限公司 A kind of collecting method for MES

Similar Documents

Publication Publication Date Title
US7552323B2 (en) System, apparatuses, methods, and computer-readable media using identification data in packet communications
CN110138568A (en) Intranet access method and system
CN104734903B (en) The safety protecting method of OPC agreements based on Dynamic Tracing Technology
GB2318031A (en) Network firewall with proxy
EP2790354B1 (en) Security management system having multiple relay servers, and security management method
US20090119745A1 (en) System and method for preventing private information from leaking out through access context analysis in personal mobile terminal
US20080072280A1 (en) Method and system to control access to a secure asset via an electronic communications network
CN103647772A (en) Method for carrying out trusted access controlling on network data package
CN115065564B (en) Access control method based on zero trust mechanism
CN109309684A (en) A kind of business access method, apparatus, terminal, server and storage medium
CN107733871A (en) Network security shielding system
CN111314381A (en) Safety isolation gateway
CN107196932A (en) Managing and control system in a kind of document sets based on virtualization
CA2506418A1 (en) Systems and apparatuses using identification data in network communication
CN105656765A (en) SMTP protocol data leak prevention method and system based on deep content analysis
CN202652534U (en) Mobile terminal security access platform
CN106559785A (en) Authentication method, equipment and system and access device and terminal
CN102045310B (en) Industrial Internet intrusion detection as well as defense method and device
GB2287619A (en) Security device for data communications networks
CN201878191U (en) Security access device for video
WO2002084512A1 (en) Method and system for restricting access from external
CN110166491A (en) Transmission system and transmission method between railway intranet server and external network server
CN115296926B (en) Network flow management and control method, device, equipment and medium
CN116405314A (en) Method and device for authenticating source address identity of access network
CN107342999A (en) A kind of system and method based on agent protection certificate is strengthened

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190823