CN110460618A - Safe communication means in a kind of comprehensive monitoring system based on EN50159 standard - Google Patents

Safe communication means in a kind of comprehensive monitoring system based on EN50159 standard Download PDF

Info

Publication number
CN110460618A
CN110460618A CN201910788148.9A CN201910788148A CN110460618A CN 110460618 A CN110460618 A CN 110460618A CN 201910788148 A CN201910788148 A CN 201910788148A CN 110460618 A CN110460618 A CN 110460618A
Authority
CN
China
Prior art keywords
server
monitoring system
message
standard
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910788148.9A
Other languages
Chinese (zh)
Other versions
CN110460618B (en
Inventor
李佑文
褚红健
王志心
王声柱
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Guodian Nanzi Railway Traffic Engineering Co Ltd
Original Assignee
Nanjing Guodian Nanzi Railway Traffic Engineering Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Guodian Nanzi Railway Traffic Engineering Co Ltd filed Critical Nanjing Guodian Nanzi Railway Traffic Engineering Co Ltd
Priority to CN201910788148.9A priority Critical patent/CN110460618B/en
Publication of CN110460618A publication Critical patent/CN110460618A/en
Application granted granted Critical
Publication of CN110460618B publication Critical patent/CN110460618B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • H04L69/162Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/326Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the transport layer [OSI layer 4]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses communication means safe in a kind of comprehensive monitoring system based on EN50159 standard, it is communicated between work station and server using the WEBSOCKET based on SSL encryption, WEBSOCKET communication mechanism is used between the work station and server of the track traffic synthetic monitoring system of B/S framework, guarantee the long connection of communication link, and the communication of work station and server end is complete duplex, sends data between each other;HTTP request is actively initiated by client, -- > transmission data -- > transmit data by way of disconnecting, allow server end actively to client push data establishing connection;In WEBSOCKET, client and server need to only be completed once to shake hands, and just directly create persistent connection, and carry out bidirectional data transfers;Communication between work station and server carries out the compliance design of EN50159 standard on application layer protocol.

Description

Safe communication means in a kind of comprehensive monitoring system based on EN50159 standard
Technical field
The present invention relates to each professional skill fields applied by comprehensively monitoring ISCS, SCADA distributed platform, cover comprehensive Close the automatic industrials control industry such as monitoring, power monitoring, environment and equipment monitoring system, fire hazard monitoring, rail traffic.
Background technique
It is with the present computer technology, network technology, automatic technology and letter that track traffic synthetic, which monitors (ISCS) system, Mainframe computer integrated system based on breath technology.The multiple Automation Specialty subsystems of the system integration, and integrated flat Platform carries out unified monitoring to each profession under supporting, realizes the linkage control function between the information sharing and system of each professional system Can, efficiency of operation is improved, provides basis for IT application to realize that urban track traffic modernizes operation management.
Urban track traffic is once destroyed, and public interest can be seriously endangered, and belongs to the model of key message infrastructure It encloses.Core of the urban track traffic comprehensive monitoring system as urban track traffics such as large- and-medium size cities subway, light rail, tramcars Heart main body, safety problem more can not be ignored." the city the GB-T 50636-2018 rail formally implemented on September 1st, 2018 Road traffic comprehensive monitoring system engineering standard " in explicitly point out that " information security of comprehensive monitoring system should meet existing state Family standard " the safe part 1 of industrial control information system: evaluating regulation " GB/T30976.1 and " industrial control information system peace Full part 2: acceptance specification " GB/T30976.2 regulation, and preferably press the information system security class protective standard third level progress Design is implemented and is checked and accepted ".And at present the actual situation is that the producer of domestic each comprehensive monitoring system all with it is higher require into Row design and transformation comprehensive monitoring system, can meet more professional safety certification, typical such as SIL (Safety Integrity Level- safety integrity level) certification of 2 level securities.
SIL certification is based on IEC 61508 (GB/T 20438), IEC 61511 (GB/T 21109), IEC61513, IEC The standards such as 13849-1, IEC 62061, IEC 61800-5-2, to the safety integrity level (SIL) or performance of safety equipment A kind of third party assessment, verifying and the certification that grade (PL) is assessed and confirmed.
In the urban track traffic comprehensive monitoring system of B/S framework, most critical is also to the highest function of security requirement It can seek to guarantee work station (client) to the communication security between server.European Electrotechnical Standardization Committee (CENELEC) formulate network transmission system secure communication standard EN50159, the standard be suitable in order to communicate using closing or The safety-related electronic system of open Transmission system, to reach safe phase between the safety-related equipment for being connected to Transmission system The communication of pass proposes specific requirement.The current edition of EN50159 is the EN50159:2010 mark that in September, 2010 is implemented at present It is quasi-.In EN50159:2010 specifically to the division of open Transmission system, according to the wind that whether there is unwarranted access Danger, is divided into the opening Transmission system from this risk and bears the opening Transmission system of this risk.It is what is communicated Mainly carry out the transmission security of checking system in system SIL2 level authentication using EN50159 standard.
Comprehensive monitoring system has carried out specially the exploitation of security software, design method during carrying out SIL2 level authentication The training of door, and has learnt the design method of the interlocking of signals system of SIL4 grade, in conjunction with the feature of B/S comprehensive monitoring system, A kind of security transmissions mechanism for carrying out data interaction using web Service interface between work station and server is devised, The mechanism meets the security protection requirement of defined in EN50159 standard, can be effectively prevented from since comprehensive monitoring system is sent out Raw network communication and transmission mistake bring safety issue.
Summary of the invention
Aiming at the problems existing in the prior art, the present invention designs a kind of comprehensive monitoring system based on EN50159 standard Middle safe communication means.
The technical solution of this use are as follows: safe communication means in a kind of comprehensive monitoring system based on EN50159 standard, It is characterized by:
It is communicated between work station and server using the WEBSOCKET based on SSL encryption, is handed in the track of B/S framework WEBSOCKET communication mechanism is used between the work station and server of logical comprehensive monitoring system, guarantees the long connection of communication link, And the communication of work station and server end is complete duplex, sends data between each other;It is actively initiated by client HTTP request, establishing connection, -- > transmission data -- > transmit data by way of disconnecting, allow server end actively To client push data;In WEBSOCKET, client and server, which only needs to be performed, once shakes hands, just straight between the two The persistent connection of creation is connect, and carries out bidirectional data transfers;
Secure Socket Layer SSL+ is used when the work station of track traffic synthetic monitoring system is communicated with server end The communication mode of WEBSOCKET agreement encrypts all mutual messages in TCP layer, and work station only is being mounted with to demonstrate,prove In the case where book, server could be normally accessed, otherwise work station can prompt to connect dangerous, need user installation valid certificate Afterwards, server could be accessed;
EN50159 standard is carried out on application layer protocol to the communication in comprehensive monitoring system between work station and server Compliance design, with meet SIL2 grade authenticate requirements.
Safe communication means in the above-mentioned comprehensive monitoring system based on EN50159 standard, it is further characterized by:
Sequence number design, due to the duplex nature of WEBSOCKET, every message for server-side and client is designed One SendSeqNo and receiving sequence RecvSeqNo that transmit Sequence Number;
SendSeqNo:unsigned int, one frame message of every transmission increase by 1;
RecvSeqNo:unsigned int often receives a frame message and increases by 1;
The receiving sequence RecvSeqNo of client should be equal to the SendSeqNo that transmits Sequence Number of server-side;
The receiving sequence RecvSeqNo of server-side should be equal to the SendSeqNo that transmits Sequence Number of client.
Safe communication means in the above-mentioned comprehensive monitoring system based on EN50159 standard, it is further characterized by:
Timestamp, for one timestamp SendTime of design of EDI messages of every transmission;
SendTime:unsigned long sends the work station of message and the current time stamp of server, in order to save The length of transmitting message does not use the format of " YYYY-MM-dd HH:mm:ss ", but uses timestamp.
Safe communication means in the above-mentioned comprehensive monitoring system based on EN50159 standard, it is further characterized by:
Time-out judgement, design max-timeout time are Tmax, and whether receiving end must verify the time interval between two messages More than the maximum time Tmax of permission, such as it is more than, then is considered as transmission and mistake has occurred;If time T≤Tmax that message j is received It then has not timed out, indicates normal, otherwise it is assumed that sending mistake.
Safe communication means in the above-mentioned comprehensive monitoring system based on EN50159 standard, it is further characterized by:
Source, place identifier are the transmission that every design of EDI messages source identifier From and place identifier To distinguishes recorded message IP and receiving end IP address are held, and configures all possible source mark IP and place mark IP in client and server in advance, And IP verification is carried out after receiving message every time, so that the analog message of illegal IP be avoided to intervene.
Safe communication means in the above-mentioned comprehensive monitoring system based on EN50159 standard, it is further characterized by:
Message is fed back, is continuously receiving M, M=8 must be fed back after frame message, and transmitting terminal continuously transmits meeting after M frame Etc. message to be feedback, if after a time out its do not receive feedback message yet if think error of transmission.
Safe communication means in the above-mentioned comprehensive monitoring system based on EN50159 standard, it is further characterized by:
Authentication procedure, authentication procedure be carried out between client and server end, to guarantee correct identity and just One identification process of true behavior sends identity information when client connects server for the first time to server application code key Token, server-side return to Token and its out-of-service time after identity information is verified, and client is existed using the Token Request in this time is effective, must apply for Token again if the Token time is more than;If server end authentication is believed Breath failure, then directly refusal request.
Safe communication means in the above-mentioned comprehensive monitoring system based on EN50159 standard, it is further characterized by:
Safe coding, be each design of EDI messages one 32 MD5 check code field, for save in addition to the field with Outer content carries out the value of MD5 verification.
Safe communication means in the above-mentioned comprehensive monitoring system based on EN50159 standard, it is further characterized by:
Encryption technology integrally encrypts the message transmitted, the user only authorized, and has corresponding permission It is able to carry out decryption.
The utility model has the advantages that
Originally issuing a statement and requiring the access between server and work station using SSL+WEBSOCKET mode is trust , it ensure that in communication process that data do not get compromised and are not tampered in TCP layer.Simultaneously again in service application layer to interactive report Text has carried out the compliance design of EN50159 standard, guarantees the authenticity of communication message, integrality, in real time by technological means Property and order, to thoroughly solve the full spectrum of threats that is likely encountered of Transmission system.Guarantee the safety of communication system, thus It is final to guarantee that comprehensive monitoring system is correctly steadily run, reduce accident.
Detailed description of the invention
Fig. 1 is the overtime judgment method of the embodiment of the present invention.
Fig. 2 is the maximum continuous N frame requirement feedback message method of the embodiment of the present invention.
Fig. 3 is the authentication method with Token of the embodiment of the present invention.
Fig. 4 is the MD5 safety check code design method of the embodiment of the present invention.
Specific embodiment
The present invention is described in further detail below in conjunction with the drawings and specific embodiments.
WEBSOCKET communication means between work station and server based on SSL encryption:
At this stage, due to the complete thin-client characteristic of B/S framework, data access can be completed using only browser, and It does not need that specific client software is additionally installed on a workstation, more and more industrial controlling softwares are from original C/S framework (or simple WEB publication) is changed into the implementation based on B/S framework, but for the sake of security, objective under the B/S framework of early stage Family end and server end cannot keep the communication of long connection, and server-side, without the direct propelling data of also method to client, this makes The real-time of industrial control field data transmission becomes very poor, in order to solve this contradiction, while also with the development of technology, A kind of WEBSOCKET communication mechanism is designed between the work station and server of the track traffic synthetic monitoring system of B/S framework, This mode can guarantee the long connection of communication link, and work station kimonos as the SOCKET mode under tradition C/S framework The communication at business device end is complete duplex, can send data between each other.
WEBSOCKET substantially still a kind of agreement of applications of computer network layer, for making up http protocol lasting Deficiency in communication capacity, since http protocol itself is stateless protocol, each new HTTP request can only pass through client End is actively initiated, and establishing connection, -- > transmission data -- > transmit data, and use WEBSOCKET by way of disconnecting Communication is so that the data exchange between the work station and server of B/S framework becomes simply, to allow server end actively to client Hold propelling data.In WEBSOCKET, client and server, which only needs to be performed, once shakes hands, between the two just directly can be with Persistent connection is created, and carries out bidirectional data transfers.
Data do not encrypt in simple WEBSOCKET, and data are easy to be stolen by people, in order to protect data safety, SSL (Secure Sockets Layer is used when the work station of track traffic synthetic monitoring system is communicated with server end Secure Socket Layer)+WEBSOCKET agreement communication mode, this communication mode adds all mutual messages in TCP layer Close, work station only in the case where being mounted with certificate, could normally access server, and otherwise work station can prompt connection uneasy Entirely, after needing user installation valid certificate, server could be accessed.Such SSL+WEBSOCKET mode for requiring to use certificate It is required that the access between server and work station be it is trusted, ensure that data are not got compromised in communication process in TCP layer It is not tampered.
EN50159 compliance secure communication protocols design method:
Although having used the WEBSOCKET communication mechanism of safety in TCP layer, this is dedicated SIL2 level authentication In system still not enough, it also requires to carry out the compliance design of EN50159 standard in application layer.
EN50159 standard is specific to safety-relevant communication in railway signal system and sets up, and the standard is from function The threat and safety requirements and measure being likely encountered with technological layer proposition Transmission system.To defend various risks, it is required that logical Letter system must carry out safety guarantee using the safeguard procedures of its defined in application layer, and core concept is to pass through technological means Guarantee authenticity, integrality, real-time and the order of communication message.Seven kinds of EN50159 prescribed by standard threaten and eight kinds Safeguard procedures are as shown in table 1 below.
Threat and safeguard procedures in 1 EN50159 standard of table
In order to meet the requirement of SIL2 grades of certifications, it is necessary to the communication in comprehensive monitoring system between work station and server The compliance design of EN50159 standard is carried out on application layer protocol.
Safeguard procedures 1: sequence number design
Due to the duplex nature of WEBSOCKET, every message for server-side and client designs a transmission sequence A row number SendSeqNo and receiving sequence RecvSeqNo.
SendSeqNo:unsigned int, one frame message of every transmission increase by 1;
RecvSeqNo:unsigned int often receives a frame message and increases by 1;
The receiving sequence RecvSeqNo of client should be equal to the SendSeqNo that transmits Sequence Number of server-side;
The receiving sequence RecvSeqNo of server-side should be equal to the SendSeqNo that transmits Sequence Number of client;
Safeguard procedures 2: timestamp
The one timestamp SendTime of design of EDI messages sent for every.
SendTime:unsigned long sends the work station of message and the current time stamp of server, in order to save The length of transmitting message does not use the format of " YYYY-MM-dd HH:mm:ss ", but (refers to Greenwich time using timestamp Between 1970 01 month 01 day 00 when 00 divide and rise 00 second (00 divides 00 second at Beijing time 1970 01 month 01 day 08) to present total Number of seconds).
Safeguard procedures 3: time-out judgement, as shown in Figure 1
The design max-timeout time is Tmax, receiving end must verify whether the time interval between two messages is more than permission Maximum time Tmax, such as it is more than then to be considered as transmission and mistake has occurred, if Fig. 1 is the embodiment of the present invention, if message j connects in left figure Time T≤the T receivedmaxIt then has not timed out, indicates normal, otherwise it is assumed that sending mistake;The time T that if message j is received in right figure ≤TmaxIt then has not timed out, indicates normal, otherwise it is assumed that sending mistake.In addition, in no service data interaction, by sending heartbeat Message avoids the mistake as caused by time-out.
Safeguard procedures 4: source, place identifier
Transmitting terminal IP and the receiving end of recorded message are distinguished for every design of EDI messages source identifier From and place identifier To IP address, and all possible source mark IP and place mark IP are configured in client and server in advance, and receiving every time IP verification is carried out after to message, so that the analog message of illegal IP be avoided to intervene.
Safeguard procedures 5: feedback message, as shown in Figure 2
It is not required for every frame request message and all has to corresponding feedback message, but continuously receiving M (M=8) frame message After must be fed back, transmitting terminal continuously transmit after M frame can etc. message to be feedback, if it does not receive feedback message yet after a time out Error of transmission is then thought, as shown in Fig. 2, maximum continuous N frame requires feedback design of EDI messages.
Safeguard procedures 6: authentication procedure
Authentication procedure is carrying out between client and server end, for the correct identity of guarantee and correct behavior one A identification process.Identity information (user name, password) is sent when client connects server for the first time to server application code key Token, server-side return to Token and its out-of-service time after identity information is verified, and client is existed using the Token Request in this time is effective, must apply for Token again if the Token time is more than;If server end authentication is believed Breath failure, then directly refusal request, such as
Shown in Fig. 3.
Safeguard procedures 7: safe coding
For one 32 MD5 check code fields of each design of EDI messages, for saving to the content other than the field The value of MD5 verification is carried out, such as
Shown in Fig. 4.
Safeguard procedures 8: encryption technology
The message transmitted is integrally encrypted (different from the check code of MD5), the user only authorized, and there is phase The permission answered can be decrypted.Due to having used SSL encryption technology in TCP layer, application layer may not necessarily be right Message is encrypted.
Typical case:
The urban track traffic that secure communication mechanism disclosed in the present embodiment is mainly used for needing to meet SIL2 grade is comprehensive It closes in monitoring system, also can be used in most of communication systems based on B/S framework.Although current most domestic city rail Traffic comprehensive monitoring system does not have SIL2 class requirement temporarily, but from the point of view of in the bid of new projects, substantially starts to propose Such requirement, therefore the security function based on SIL2 certification within the coming years is certain to be widely used in actual items.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the present invention in any form, though So the present invention has been disclosed as a preferred embodiment, and however, it is not intended to limit the invention, any technology people for being familiar with this profession Member, without departing from the scope of the present invention, when the technology contents using the disclosure above make a little change or modification For the equivalent embodiment of equivalent variations, but anything that does not depart from the technical scheme of the invention content, according to the technical essence of the invention Any simple modification to the above embodiments, equivalent variations and modification, all of which are still within the scope of the technical scheme of the invention.

Claims (9)

1. safe communication means in a kind of comprehensive monitoring system based on EN50159 standard, it is characterised in that:
It is communicated between work station and server using the WEBSOCKET based on SSL encryption, it is comprehensive in the rail traffic of B/S framework It closes and uses WEBSOCKET communication mechanism between the work station and server of monitoring system, guarantee the long connection of communication link, and The communication of work station and server end is complete duplex, sends data between each other;HTTP is actively initiated by client to ask It asks, establishing connection, -- > transmission data -- > transmit data by way of disconnecting, allow server end actively to client Hold propelling data;In WEBSOCKET, client and server, which only needs to be performed, once shakes hands, and just directly creates between the two Persistent connection, and carry out bidirectional data transfers;
Secure Socket Layer SSL+ is used when the work station of track traffic synthetic monitoring system is communicated with server end The communication mode of WEBSOCKET agreement encrypts all mutual messages in TCP layer, and work station only is being mounted with to demonstrate,prove In the case where book, server could be normally accessed, otherwise work station can prompt to connect dangerous, need user installation valid certificate Afterwards, server could be accessed;
The conjunction of EN50159 standard is carried out on application layer protocol to the communication in comprehensive monitoring system between work station and server Rule property design, to meet the requirement of SIL2 grades of certifications.
2. safe communication means, feature in the comprehensive monitoring system according to claim 1 based on EN50159 standard It is:
Sequence number design, due to the duplex nature of WEBSOCKET, every message for server-side and client designs one Transmit Sequence Number SendSeqNo and receiving sequence RecvSeqNo;
SendSeqNo:unsigned int, one frame message of every transmission increase by 1;
RecvSeqNo:unsigned int often receives a frame message and increases by 1;
The receiving sequence RecvSeqNo of client should be equal to the SendSeqNo that transmits Sequence Number of server-side;
The receiving sequence RecvSeqNo of server-side should be equal to the SendSeqNo that transmits Sequence Number of client.
3. safe communication means, feature in the comprehensive monitoring system according to claim 1 based on EN50159 standard It is:
Timestamp, for one timestamp SendTime of design of EDI messages of every transmission;
SendTime:unsigned long sends the work station of message and the current time stamp of server, in order to save transmission The length of message does not use the format of " YYYY-MM-dd HH:mm:ss ", but uses timestamp.
4. safe communication means, feature in the comprehensive monitoring system according to claim 1 based on EN50159 standard It is:
Time-out judgement, the design max-timeout time be Tmax, receiving end must verify the time interval between two messages whether be more than The maximum time Tmax of permission is such as more than then to be considered as transmission and mistake has occurred;If time T≤Tmax that message j is received not Time-out indicates normal, otherwise it is assumed that sending mistake.
5. safe communication means, feature in the comprehensive monitoring system according to claim 1 based on EN50159 standard It is:
Source, place identifier are the transmitting terminal IP that every design of EDI messages source identifier From and place identifier To distinguishes recorded message With receiving end IP address, and all possible source mark IP and place mark IP are configured in client and server in advance, and IP verification is carried out after receiving message every time, so that the analog message of illegal IP be avoided to intervene.
6. safe communication means, feature in the comprehensive monitoring system according to claim 1 based on EN50159 standard It is:
Message is fed back, is continuously receiving M, M=8 must be fed back after frame message, and transmitting terminal can wait after continuously transmitting M frame Feed back message, if after a time out its do not receive yet feedback message if think error of transmission.
7. safe communication means, feature in the comprehensive monitoring system according to claim 1 based on EN50159 standard It is:
Authentication procedure, authentication procedure carry out between client and server end, are the correct identity of guarantee and correct row For an identification process, identity information is sent when client connects server for the first time to server application code key Token, clothes Business end returns to Token and its out-of-service time after identity information is verified, and client is using the Token in this time Interior request is effective, must apply for Token again if the Token time is more than;If server end authentication information fails, Directly refusal request.
8. safe communication means, feature in the comprehensive monitoring system according to claim 1 based on EN50159 standard It is:
Safe coding is the MD5 check code field of each design of EDI messages one 32, for saving to other than the field The value of content progress MD5 verification.
9. safe communication means, feature in the comprehensive monitoring system according to claim 1 based on EN50159 standard It is:
Encryption technology integrally encrypts the message transmitted, the user only authorized, and has corresponding permission can It is decrypted.
CN201910788148.9A 2019-08-26 2019-08-26 Safe communication method in integrated monitoring system based on EN50159 standard Active CN110460618B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910788148.9A CN110460618B (en) 2019-08-26 2019-08-26 Safe communication method in integrated monitoring system based on EN50159 standard

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910788148.9A CN110460618B (en) 2019-08-26 2019-08-26 Safe communication method in integrated monitoring system based on EN50159 standard

Publications (2)

Publication Number Publication Date
CN110460618A true CN110460618A (en) 2019-11-15
CN110460618B CN110460618B (en) 2022-06-07

Family

ID=68488966

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910788148.9A Active CN110460618B (en) 2019-08-26 2019-08-26 Safe communication method in integrated monitoring system based on EN50159 standard

Country Status (1)

Country Link
CN (1) CN110460618B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111212117A (en) * 2019-12-24 2020-05-29 曙光信息产业(北京)有限公司 Remote interaction method and device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140222890A1 (en) * 2013-02-04 2014-08-07 Oracle International Corporation Real-time communication signaling gateway
CN105607592A (en) * 2015-12-17 2016-05-25 中国铁路总公司 Remote utilization system for public work mechanical vehicles, and implementation method
US20160352588A1 (en) * 2015-05-27 2016-12-01 Elastic Beam, Inc. Scalable proxy clusters
CN107921981A (en) * 2015-06-30 2018-04-17 莱尔德技术股份有限公司 The monitoring and control of distributed machines
CN109218839A (en) * 2017-07-07 2019-01-15 杭州海康威视数字技术股份有限公司 Video broadcasting method and device
CN109495530A (en) * 2017-09-13 2019-03-19 杭州海康威视***技术有限公司 A kind of real time traffic data transmission method, transmitting device and Transmission system
CN109768965A (en) * 2018-12-14 2019-05-17 广州华多网络科技有限公司 A kind of login method of server, equipment and storage device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140222890A1 (en) * 2013-02-04 2014-08-07 Oracle International Corporation Real-time communication signaling gateway
US20160352588A1 (en) * 2015-05-27 2016-12-01 Elastic Beam, Inc. Scalable proxy clusters
CN107921981A (en) * 2015-06-30 2018-04-17 莱尔德技术股份有限公司 The monitoring and control of distributed machines
CN105607592A (en) * 2015-12-17 2016-05-25 中国铁路总公司 Remote utilization system for public work mechanical vehicles, and implementation method
CN109218839A (en) * 2017-07-07 2019-01-15 杭州海康威视数字技术股份有限公司 Video broadcasting method and device
CN109495530A (en) * 2017-09-13 2019-03-19 杭州海康威视***技术有限公司 A kind of real time traffic data transmission method, transmitting device and Transmission system
CN109768965A (en) * 2018-12-14 2019-05-17 广州华多网络科技有限公司 A kind of login method of server, equipment and storage device

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
徐明等: "列控安全相关通信***的安全监视", 《铁道学报》, no. 04, 15 April 2011 (2011-04-15) *
杨霓霏等: "《铁路信号***安全相关通信标准与安全协议研究》", 《中国铁路》 *
杨霓霏等: "《铁路信号***安全相关通信标准与安全协议研究》", 《中国铁路》, 15 June 2008 (2008-06-15), pages 48 - 51 *
陈永刚等: "基于WLAN的CBTC***中安全通信协议设计与验证", 《兰州交通大学学报》, no. 04, 15 August 2015 (2015-08-15) *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111212117A (en) * 2019-12-24 2020-05-29 曙光信息产业(北京)有限公司 Remote interaction method and device

Also Published As

Publication number Publication date
CN110460618B (en) 2022-06-07

Similar Documents

Publication Publication Date Title
CN106789015B (en) Intelligent power distribution network communication safety system
CN109257327B (en) Communication message safety interaction method and device for power distribution automation system
CN101401387B (en) Access control protocol for embedded devices
CN106941491B (en) Safety application data link layer equipment of electricity utilization information acquisition system and communication method
CN103686724B (en) Mobile solution access authentication authorization method and system
CN106657268A (en) GYK remote maintenance monitoring system and implementation method
WO2003001326A3 (en) Method and system for e-mail message transmission
MX2007013862A (en) A system and method for converting serial data into secure data packets configured for wireless transmission in a power system.
CN101809519A (en) Method for establishing a secure connection from a service technician to a component of an automation environment that can be remotely diagnosed and/or maintained and is experiencing failure
CN106100836A (en) A kind of industrial user's authentication and the method and system of encryption
CN106302550A (en) A kind of information security method for intelligent substation automatization and system
CN105072125A (en) HTTP communication system and method
CN104253813A (en) Modulation integrated system remote maintenance-based safety protection method
CN109905371A (en) Two-way encrypted authentication system and its application method
CN109981568B (en) Transformer substation remote operation safety protection method based on dual-channel identity authentication
CN111787027A (en) Safety protection system and method for traffic information release
CN111988328A (en) Safety guarantee method and system for acquiring terminal data of power generation unit of new energy plant station
CN103916363A (en) Communication security management method and system for encryption machine
CN106713360A (en) Method for realizing web encrypted access and information encryption storage based on gateway device
Von Oheimb IT security architecture approaches for smart metering and smart grid
CN107967597A (en) Electronic identification processing, storage method and device and electronic identification processing system
CN110445782B (en) Multimedia safe broadcast control system and method
CN108599932A (en) A kind of identity identifying method for electric system
CN101141278B (en) Data transmission system, data transmission method, data processing method and corresponding device
CN110460618A (en) Safe communication means in a kind of comprehensive monitoring system based on EN50159 standard

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant