CN113225248A - Novel network connection type industrial internet edge gateway equipment - Google Patents

Novel network connection type industrial internet edge gateway equipment Download PDF

Info

Publication number
CN113225248A
CN113225248A CN202110357275.0A CN202110357275A CN113225248A CN 113225248 A CN113225248 A CN 113225248A CN 202110357275 A CN202110357275 A CN 202110357275A CN 113225248 A CN113225248 A CN 113225248A
Authority
CN
China
Prior art keywords
access
data
terminal
network
unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110357275.0A
Other languages
Chinese (zh)
Inventor
刘海涛
杨红磊
吕广宪
方恒福
胡丽娟
宋祺鹏
王利
李二霞
袁启洪
唐建岗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Online Shanghai Energy Internet Research Institute Co ltd
State Grid Corp of China SGCC
China Electric Power Research Institute Co Ltd CEPRI
Original Assignee
China Online Shanghai Energy Internet Research Institute Co ltd
State Grid Corp of China SGCC
China Electric Power Research Institute Co Ltd CEPRI
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Online Shanghai Energy Internet Research Institute Co ltd, State Grid Corp of China SGCC, China Electric Power Research Institute Co Ltd CEPRI filed Critical China Online Shanghai Energy Internet Research Institute Co ltd
Priority to CN202110357275.0A priority Critical patent/CN113225248A/en
Publication of CN113225248A publication Critical patent/CN113225248A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/16Gateway arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention provides a new network connection type industrial internet edge gateway device, which comprises: the access unit supports access in various modes such as wired, wireless and industrial buses and supports identification and deep analysis of various protocols; the communication unit supports wired and various wireless transmission technologies and meets network communication under various environments; the authentication unit is used for accurately identifying and authenticating the identity of the terminal equipment by using bidirectional identity authentication; the uploading function unit uploads the monitored terminal data to a server or a cloud in real time; and the data caching unit is used for caching the terminal data which fails to be sent upwards and retransmitting the terminal data after the network recovers.

Description

Novel network connection type industrial internet edge gateway equipment
Technical Field
The invention relates to a novel network connection type industrial Internet edge gateway device, and belongs to the field of industrial Internet of things network security.
Background
In a production control area of a power network, power distribution terminal equipment is accessed to a boundary network of a safety access area, and the technology should support multiple modes of access, safety access and control of multiple terminals, multiple industrial protocol identification and deep analysis, bidirectional identity authentication, attack protection and real-time report of alarm logs.
At present, various terminals exist in an underlying network environment, different terminals use different buses, if a network needs to be accessed, DTU equipment must be collocated, and the deployment cost is high. The network development is rapid, meanwhile, the network attack is never stopped, the terminal equipment is mostly deployed in an unattended area, an attacker is easy to pretend and copy and then accesses the power network, and serious network safety hidden dangers exist.
The traditional gateway equipment sends the log and the alarm to a log server, and a manager cannot know the occurrence of the event at the first time or look up the event at any time and any place in real time.
The traditional gateway equipment cannot cache data sent by a terminal after the network is interrupted, and data loss is easily caused.
Disclosure of Invention
In view of the above problems, the present invention provides a new network connection type industrial internet edge gateway device.
(1) On the basis that the traditional gateway equipment only supports an RJ45 interface, an industrial bus and a wireless transmission interface are added to support access in various modes, and various protocols are analyzed and encapsulated into network data which are then uploaded to a server.
(2) The traditional gateway equipment only supports wired transmission communication, and 3G, 4G and NB-IoT modules are added to the new network connection type industrial Internet edge gateway, so that wireless transmission communication can be carried out.
(3) On the basis that the traditional gateway equipment only supports an IP control access mode, bidirectional identity authentication is added to prevent an IP address from being counterfeited to access a network.
(4) On the basis that the traditional gateway equipment only supports a point-to-point log reporting mode, the cloud function of the log is added, and remote real-time monitoring and control of a mobile terminal are completed.
(5) The new network connection type industrial internet edge gateway is configured with large-capacity stable storage, has a data caching function, can cache terminal data which fails to be uploaded, and retransmits the terminal data after network recovery.
A new network-connected industrial internet edge gateway device, as shown in fig. 4, comprising:
the access unit is additionally provided with an industrial bus and a wireless transmission interface, is used for supporting the simultaneous access of terminals with various different industrial interfaces, analyzes and encapsulates different protocol buses into network data, and then accesses the network data into the server;
a communication unit for performing wireless communication and wired communication, and capable of performing network transmission in a special environment;
the authentication unit is used for bidirectional identity authentication and can accurately identify and authenticate the identity of the terminal equipment; after the authentication is passed, the terminal equipment is accessed to the network;
the uploading function unit is used for remote real-time monitoring and control of the mobile terminal, transmitting data to a server or a cloud terminal, and transmitting logs and alarms to a PC (personal computer) or the mobile terminal of a manager;
and the data caching unit is used for caching the terminal data which fails to be sent upwards and retransmitting the terminal data after the network recovers.
In the access unit, increased multiple access mode and included common RJ45, optic fibre, USB, industry interface RS232, RS485 etc. still include wireless access mode, including WIFI, loRa, 433 etc..
In the communication unit, the added communication modes comprise wireless 3G, 4G and NB-IoT and wired communication, and are used for dealing with various deployment environments.
In the data cache unit, a network interrupt data cache function is added, data is cached in the gateway, and the data is retransmitted after the network is recovered.
The uploading functional unit is deployed at the boundary gateway position of a safety access area in a power distribution environment and directly accesses the industrial bus or the switch to the lower-layer terminal equipment; the method comprises the steps of accessing an upper access display large screen, checking terminal data, logs and alarms in real time, accessing a server, carrying out service operation on a terminal, selecting an access cloud, pushing messages to mobile terminal equipment, and checking terminal states, logs and alarm information at any time and any place.
Technical effects
The problem that only an industrial interface of an industrial bottom layer terminal is accessed to a network by depending on a DTU conversion device is solved, and a large amount of capital cost brought by a large amount of DTU conversion devices is saved by a plurality of access modes; the communication mode is increased, so that the system can be applied to various deployment environments; the bidirectional identity authentication function is added, so that an attacker is effectively prevented from suffering loss or potential safety hazard caused by accessing the server by using the terminal IP address; the real-time reporting of the log and the alarm and the subscription and distribution of the message are added, so that a manager can know the alarm and look up the log in real time; the network interruption data caching function is added, and larger property loss is caused by data loss.
Drawings
A more complete understanding of exemplary embodiments of the present invention may be had by reference to the following drawings in which:
fig. 1 is a diagram of a terminal access method of the present invention;
FIG. 2 illustrates a terminal accessing bidirectional identity authentication according to the present invention;
FIG. 3 is a device application deployment scenario of the present invention;
fig. 4 is a schematic diagram of the structural design of the present invention.
Detailed Description
The present invention may, however, be embodied in different forms and should not be construed as limited to the embodiments set forth herein, which are provided for complete disclosure of the present invention and to fully convey the scope of the present invention to those skilled in the art. The terminology used in the exemplary embodiments illustrated in the accompanying drawings is not intended to be limiting of the invention. In the drawings, the same units/elements are denoted by the same reference numerals.
Unless otherwise defined, terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Further, it will be understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense.
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
In a production control area of a power network, power distribution terminal equipment is accessed to a boundary network of a safety access area, and the technology should support the safety access and control of various terminals, support various industrial protocol identification and deep analysis, support bidirectional identity authentication, attack protection and real-time report of alarm logs.
At present, various terminals exist in an underlying network environment, different terminals use different buses, if a network needs to be accessed, DTU equipment must be collocated, and the deployment cost is high. The network is developed rapidly, and the network attack is never stopped, the terminal equipment is located at an unattended place, and the IP address of the terminal equipment is easy to disguise by an attacker and imitate the hidden network safety trouble caused by accessing the terminal equipment to the server.
The traditional gateway equipment sends the log and the alarm to a log server, and a manager cannot know the occurrence of the event at the first time or look up the event at any time and any place in real time.
The traditional gateway equipment cannot cache data sent by a terminal after the network is interrupted, so that data loss is caused, and great property loss is generated.
In view of the above problems, the present invention provides a new network connection type industrial internet edge gateway device. The apparatus comprises:
the access unit is used for supporting access in various modes of wired, wireless and industrial buses and supporting identification and deep analysis of various protocols;
the communication unit is used for supporting wired and various wireless transmission technologies and meeting network communication under various environments;
the authentication unit is used for accurately identifying and authenticating the identity of the terminal equipment by using bidirectional identity authentication;
the uploading function unit is used for uploading the monitored terminal data to a server or a cloud in real time;
and the data caching unit is used for caching the terminal data which fails to be sent upwards and retransmitting the terminal data after the network recovers.
Multiple access modes are added in the access unit, and an RS232 bus, an RS485 bus and WIFI, LoRa and 433 wireless access modes are added on the basis of common RJ45, optical fibers and USB access.
A plurality of communication modes are supported, including wired communication and 3G, 4G, NB-IoT wireless communication modes, and the wireless communication mode is used for dealing with various network deployment environments.
The uploading function unit also comprises a boundary gateway which is deployed at the position of a safety access area in the power distribution environment and directly accesses the industrial bus or the switch to the lower-layer terminal equipment; the method comprises the steps of accessing an upper access display large screen, checking terminal data, logs and alarms in real time, accessing a server, carrying out service operation on a terminal, selecting an access cloud, pushing messages to mobile terminal equipment, and checking terminal states, logs and alarm information at any time and any place.
In the data caching unit, the new network connection type industrial internet edge gateway equipment is configured with large-capacity stable storage, has a data caching function, can cache terminal data which are failed to be uploaded, and performs data retransmission after the network is communicated.
On the basis of the traditional access gateway, various access modes are added, communication modes are added, a bidirectional identity authentication function is added, a real-time log and alarm reporting function is added, and a network interrupt data caching function is added, and the method specifically comprises the following steps:
(1) as shown in fig. 1, on the basis that the conventional gateway device only supports the RJ45 interface networking, the new network connection type industrial internet edge gateway adds an industrial bus and a wireless transmission interface, supports multiple access modes including RS485, RS232, RJ45, optical fibers, USB, and a wireless communication terminal including WIFI, LoRa, 433, analyzes and encapsulates different protocol buses into network data, and then accesses to a server.
(2) As shown in fig. 1, for the situation that a communication cable cannot be deployed in a special environment, and on the basis that a conventional gateway device only supports wired transmission communication, a 3G, 4G and NB-IoT module is added to a new network connection type industrial internet edge gateway, so that wireless transmission communication can be performed, the requirement of the special environment is met, the deployment cost is saved, and meanwhile, a wired network connection server is provided, so that the two communication modes are sufficient for various network environments.
(3) The network is developed rapidly, and the network attack is never stopped at the same time, the terminal equipment is located in an unattended place, and the IP address of the terminal equipment is easy to disguise by an attacker and imitate the network safety hidden trouble caused by accessing the terminal equipment to the server; as shown in fig. 2, on the basis that the conventional gateway device only supports the IP control access mode, the new network connection type industrial internet edge gateway adds bidirectional identity authentication to prevent the IP address from being counterfeited to access the network, and solve the harm caused by the attacker who counterfeits the intrusion attack.
(4) On the basis that the traditional gateway equipment only supports a point-to-point log reporting mode, a log cloud-on mode is added to complete remote real-time monitoring and control of a mobile terminal, as shown in fig. 3, the system supports data delivery to a server or a cloud (a private cloud server), and delivers logs and alarms to a PC (personal computer) or the mobile terminal of a manager in a subscription and publishing mode in real time, so that problems can be discovered in time and solved.
(5) The traditional gateway equipment cannot cache data sent by a terminal after the network is interrupted, so that data loss is caused, and great property loss is generated. The novel network connection type industrial Internet edge gateway is configured with large-capacity stable storage, has a data caching function, can store data which cannot be communicated due to network interruption, caches the data in the gateway, and retransmits the data after waiting for network communication, so that data loss is avoided.
(6) As shown in fig. 3, the device application deployment scenario is deployed at a border gateway of a secure access area in a power distribution environment, and the lower layer terminal device may directly access an industrial bus or may access a switch. The large display screen can be accessed to the upper layer, terminal data, logs and alarms can be checked in real time, the server can be accessed to perform business operation on the terminal, meanwhile, the cloud can be selected to be accessed, information pushing to the mobile terminal device is achieved, and information such as terminal states, logs and alarms can be checked anytime and anywhere.
Technical effects
The problem that only an industrial interface of an industrial bottom layer terminal is accessed to a network by depending on a DTU conversion device is solved, and a large amount of capital cost brought by a large amount of DTU conversion devices is saved by a plurality of access modes; the communication mode is increased, so that the system can be applied to various deployment environments; the bidirectional identity authentication function is added, so that an attacker is effectively prevented from suffering loss or potential safety hazard caused by accessing the server by using the terminal IP address; the real-time reporting of the log and the alarm and the subscription and distribution of the message are added, so that a manager can know the alarm and look up the log in real time; the network interruption data caching function is added, and larger property loss is caused by data loss.
The above-mentioned embodiments only express one embodiment of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (5)

1. A new network-connected industrial internet edge gateway device, characterized in that it comprises:
the access unit is used for supporting access in various modes of wired, wireless and industrial buses and supporting identification and deep analysis of various protocols;
the communication unit is used for supporting wired and various wireless transmission technologies and meeting network communication under various environments;
the authentication unit is used for accurately identifying and authenticating the identity of the terminal equipment by using bidirectional identity authentication;
the uploading function unit is used for uploading the monitored terminal data to a server or a cloud in real time;
and the data caching unit is used for caching the terminal data which fails to be sent upwards and retransmitting the terminal data after the network recovers.
2. The device of claim 1, wherein multiple access modes are added to the access unit, and an RS232 bus, an RS485 bus, and WIFI, LoRa, 433 wireless access modes are added on the basis of common RJ45, optical fiber and USB access.
3. The apparatus of claim 1, wherein a plurality of communication modes are supported, including wired communication and 3G, 4G, NB-IoT wireless communication modes, for coping with various network deployment environments.
4. The device according to claim 1, wherein the upload function unit further includes a border gateway deployed in a secure access area in the power distribution environment, and directly accesses the industrial bus or the access switch to the lower layer terminal device; the method comprises the steps of accessing an upper access display large screen, checking terminal data, logs and alarms in real time, accessing a server, carrying out service operation on a terminal, selecting an access cloud, pushing messages to mobile terminal equipment, and checking terminal states, logs and alarm information at any time and any place.
5. The device according to claim 1, wherein in the data cache unit, the new network connection type industrial internet edge gateway device is configured with large-capacity stable storage, has a data cache function, caches the terminal data which is failed to be sent upwards, and retransmits the data after waiting for network connection.
CN202110357275.0A 2021-04-01 2021-04-01 Novel network connection type industrial internet edge gateway equipment Pending CN113225248A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110357275.0A CN113225248A (en) 2021-04-01 2021-04-01 Novel network connection type industrial internet edge gateway equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110357275.0A CN113225248A (en) 2021-04-01 2021-04-01 Novel network connection type industrial internet edge gateway equipment

Publications (1)

Publication Number Publication Date
CN113225248A true CN113225248A (en) 2021-08-06

Family

ID=77086352

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110357275.0A Pending CN113225248A (en) 2021-04-01 2021-04-01 Novel network connection type industrial internet edge gateway equipment

Country Status (1)

Country Link
CN (1) CN113225248A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114884766A (en) * 2022-03-29 2022-08-09 机械工业仪器仪表综合技术经济研究所 Device for realizing integration of various industrial buses and 5G communication
CN116016703A (en) * 2022-12-27 2023-04-25 中铁建工集团有限公司 Intelligent building site AI super gateway system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180007551A1 (en) * 2015-04-30 2018-01-04 Hangzhou H3C Technologies Co., Ltd. Wireless access authentication
CN108092884A (en) * 2017-11-23 2018-05-29 南京邮电大学 A kind of wireless access gateway system and application process
CN110958262A (en) * 2019-12-15 2020-04-03 国网山东省电力公司电力科学研究院 Ubiquitous Internet of things safety protection gateway system, method and deployment architecture in power industry
CN210274117U (en) * 2019-09-20 2020-04-07 深圳市赛飞奇光子技术有限公司 Intelligent gateway and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180007551A1 (en) * 2015-04-30 2018-01-04 Hangzhou H3C Technologies Co., Ltd. Wireless access authentication
CN108092884A (en) * 2017-11-23 2018-05-29 南京邮电大学 A kind of wireless access gateway system and application process
CN210274117U (en) * 2019-09-20 2020-04-07 深圳市赛飞奇光子技术有限公司 Intelligent gateway and system
CN110958262A (en) * 2019-12-15 2020-04-03 国网山东省电力公司电力科学研究院 Ubiquitous Internet of things safety protection gateway system, method and deployment architecture in power industry

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114884766A (en) * 2022-03-29 2022-08-09 机械工业仪器仪表综合技术经济研究所 Device for realizing integration of various industrial buses and 5G communication
CN114884766B (en) * 2022-03-29 2024-04-26 机械工业仪器仪表综合技术经济研究所 Device for realizing integration of various industrial buses and 5G communication
CN116016703A (en) * 2022-12-27 2023-04-25 中铁建工集团有限公司 Intelligent building site AI super gateway system
CN116016703B (en) * 2022-12-27 2024-01-05 中铁建工集团有限公司 Intelligent building site AI super gateway system

Similar Documents

Publication Publication Date Title
CN109729180B (en) Whole system intelligent community platform
CN101848373B (en) Wireless video monitoring system and video monitoring method thereof
CN104639624B (en) A kind of method and apparatus for realizing mobile terminal remote access control
CN202178780U (en) Internal-and-external network safety isolation system based on one-way transmission
CN113225248A (en) Novel network connection type industrial internet edge gateway equipment
CN103078757B (en) Based on the network element managing method and system of near-field communication, inspection terminal, webmaster and network element device
CN104378382A (en) Multiple client wireless authentication system and authentication method thereof
CN107517142A (en) A kind of system and method that remote maintenance is realized by Quick Response Code
CN103035105A (en) Fire alarm remote monitoring system based on internet of things and cloud computing
CN105072415A (en) Transformer substation video monitoring method using distributed storage and server unified management
CN112615858B (en) Internet of things equipment monitoring method, device and system
CN108769220A (en) Intelligent ammeter box environmental monitoring installation and monitoring method
CN105306216A (en) Power distribution network equipment maintenance system based on mobile network security authentication
CN102299958B (en) Method for monitoring video through IE (Internet Explorer) client side and system
CN108184091B (en) Video monitoring equipment deployment method and device
CN101738961A (en) Comprehensive real-time monitoring system for harmful gas in equipment operating environment
CN207957435U (en) A kind of elevator monitoring system and elevator
CN108270798A (en) A kind of mobile terminal device safety management system
CN107204060A (en) A kind of all-purpose card gate control system
CN201657204U (en) System for realizing network video monitoring off internet platform
CN105867342A (en) Small hydroelectric power mobile terminal monitoring method based on embedded industrial computer
CN107547639B (en) Centralized operation and maintenance hosting system of power distribution room
CN206237406U (en) Cable's Fault monitoring system based on OTDR
CN114157466A (en) System and method for realizing safe cross-network access under network partition
TW201332321A (en) System and method for identifying internet connection facilities to establish point to point connection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination