CN115297097A - Vehicle-mounted terminal all-in-one machine system and all-in-one machine - Google Patents
Vehicle-mounted terminal all-in-one machine system and all-in-one machine Download PDFInfo
- Publication number
- CN115297097A CN115297097A CN202210801710.9A CN202210801710A CN115297097A CN 115297097 A CN115297097 A CN 115297097A CN 202210801710 A CN202210801710 A CN 202210801710A CN 115297097 A CN115297097 A CN 115297097A
- Authority
- CN
- China
- Prior art keywords
- vehicle
- module
- authentication
- terminal
- control terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 claims abstract description 47
- 238000013500 data storage Methods 0.000 claims abstract description 19
- 238000012545 processing Methods 0.000 claims description 26
- 230000003068 static effect Effects 0.000 claims description 6
- 238000012544 monitoring process Methods 0.000 claims description 4
- 238000012795 verification Methods 0.000 claims description 4
- 238000000926 separation method Methods 0.000 claims 1
- 230000010365 information processing Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 6
- 230000000694 effects Effects 0.000 description 4
- 239000011521 glass Substances 0.000 description 4
- 101100513046 Neurospora crassa (strain ATCC 24698 / 74-OR23-1A / CBS 708.71 / DSM 1257 / FGSC 987) eth-1 gene Proteins 0.000 description 2
- 238000000034 method Methods 0.000 description 2
- 230000001154 acute effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0813—Configuration setting characterised by the conditions triggering a change of settings
- H04L41/082—Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention relates to the technical field of railway information processing all-in-one machines, in particular to a vehicle-mounted end all-in-one machine system and an all-in-one machine, which comprise a vehicle-mounted control terminal, a central control terminal, a data storage module, an authentication module and a management module, wherein the vehicle-mounted control terminal is connected with the central control terminal through a network card, the data storage module is connected with the vehicle-mounted control terminal through a data storage circuit, the authentication module is connected with the vehicle-mounted control terminal through an authentication circuit, the management module is connected with the vehicle-mounted control terminal through a management circuit, the central control terminal comprises a comprehensive multi-element control module, the comprehensive multi-element control module comprises a blacklist increasing module and a whitelist increasing module, the blacklist increasing module is provided with a terminal for access limitation of a blacklist/port MAC address, and the whitelist increasing module is provided with a terminal for specific access.
Description
Technical Field
The invention relates to an integrated machine, in particular to a vehicle-mounted terminal integrated machine system and an integrated machine, and belongs to the technical field of railway information processing integrated machines.
Background
In the transportation industry, in order to master the real-time running condition of an automobile, various vehicle-mounted electronic products are generally installed to acquire information of various aspects of the automobile, and a vehicle-mounted all-in-one machine is a very common device in modern transportation tools.
In chinese patent application No. CN201420663349.9, an intelligent all-in-one vehicle is proposed, which can keep the device floating only about 0.3A even when transmitting large data. Most of the situations are within 0.1A, the influence on a vehicle-mounted power supply system is reduced to the minimum, independent power supply management power supply is carried out on each module, and after the independent power supply modules are used for processing, the power supply ripples of the modules are reduced to the minimum and are all within 50 mV. And the ripple of the power supply of the equipment on the market is more than 100 mV. Meanwhile, the LDO power supply or the switch power supply supplies power to the LDO power supply, the LDO power supply is equivalent to an isolator, own interference of the modules can be isolated, interference to other modules is reduced to the maximum extent, power mutual interference between the modules is reduced to have no influence, each module of the equipment provides an independent power supply, when a problem occurs in the modules, large current or short circuit occurs, the independent power supply can automatically enter a protection state, other modules can still normally operate at the moment, partial functional service can be provided, meanwhile, alarm data reporting is carried out, the fault point is determined, and problems can be conveniently and timely eliminated, and the design greatly improves system safety and stability. And meanwhile, the dual protection and the protection of the independent power supply and the power supply are combined, the main effect of the protection is to protect the power supply, the intelligent degree is not enough, and the flexibility is not high.
The Chinese patent with the application number of CN201521086626.5 provides an intelligent vehicle-mounted all-in-one machine, wherein coated white light glass is arranged on a display screen and used for refracting images of the display screen to the coated white light glass, the coated white light glass is provided with a plurality of display surfaces, the plurality of display surfaces enclose an inverted space, the display surfaces and the display screen are arranged in an acute angle, a planar map is refracted in the coated white light glass in a three-dimensional manner, a driver can conveniently and accurately judge the position of a vehicle in time, and particularly when a three-dimensional building (overpass) needs to pass through, a proper outlet and an inlet can be accurately and timely selected, so that the operation and the position judgment of the vehicle are greatly facilitated.
The present invention has been made in view of this situation.
Disclosure of Invention
The invention aims to provide a vehicle-mounted terminal all-in-one machine system and an all-in-one machine for solving the problems, a basic all-in-one machine structure is formed by matching a vehicle-mounted control terminal and a central control terminal, a blacklist newly-increased module and a white list newly-increased module of a comprehensive multi-element control module can limit an access terminal by setting a blacklist/port MAC address in the using process, and a specific access terminal can be released by setting a white list, so that the flexibility of the system is improved.
The invention achieves the aim through the following technical scheme, and a vehicle-mounted terminal all-in-one machine system and an all-in-one machine comprise a vehicle-mounted control terminal, a central control terminal, a data storage module, an authentication module and a management module, wherein the vehicle-mounted control terminal is connected with the central control terminal through a network card, the data storage module is connected with the vehicle-mounted control terminal through a data storage circuit, the authentication module is connected with the vehicle-mounted control terminal through an authentication circuit, and the management module is connected with the vehicle-mounted control terminal through a management circuit.
In practical application of the invention, openvswitch, docker and authentication program need to be installed in advance, and a network card with type = vxlan is created, for example, a network card named vxlan0 is created on a host which is connected to the internet through a enp s0 network card, and the VNI of the network card is 88, so as to provide connection for the vehicle-mounted terminal all-in-one machine.
ip link add vxlan0 type vxlan id 88 dstport 4789 dev enp1s0
Setting ip for the created network card, and using the terminal (network cable connection) connected to the vehicle-mounted terminal as a gateway, for example, if the network setting of one terminal carried by the vehicle is 192.168.12.200/24 and the gateway is 192.168.12.1, the following commands are given: ifconfig vxlan 0.168.12.1up.
Further, the vehicle-mounted control terminal and the central control terminal are Linux system machines, the vehicle-mounted terminal needs to be pre-loaded with openvswitch, docker and an authentication program, the vehicle-mounted control terminal and the central control terminal start ip forwarding of the two machines by modifying/etc/resolv.conf, wherein the value of net.ipv4.ip _ forward is equal to 1, namely 'net.ipv 4.ip _ forward = 1', and if not, a line is newly added.
Further, the central control terminal comprises a comprehensive multivariate control module, the comprehensive multivariate control module comprises a blacklist newly-added module and a white list newly-added module, the blacklist newly-added module is provided with terminals with access limited by blacklist/port MAC addresses, the white list newly-added module is provided with terminals with specific access released by a white list, the terminals with access limited by blacklist/port MAC addresses can be set, and the terminals with specific access released by a white list can be set.
The authentication module comprises a vehicle-mounted terminal authentication unit, the vehicle-mounted terminal authentication unit is started through a system md, a request address, an account number and a password of an authentication server are configured in a system fixed path configuration file, the account number and the password are automatically called after the system is started to initiate an authentication request to the authentication server, the authentication server verifies the account number and the password after receiving the request, releases a strategy which is correspondingly owned by the account number in an MSAG gateway after the verification is successful, monitoring is started, when an event that the authentication of a lower terminal is successful is initiated by a vehicle-mounted terminal authentication program, authentication update needs to be initiated to a central authentication server again, and releases the strategy which is correspondingly owned by the vehicle-mounted terminal authentication account number in the MSAG gateway.
Furthermore, the authentication module also comprises a vehicle-mounted terminal-connected authentication unit, the vehicle-mounted terminal-connected authentication unit inputs a server address, a port, an account and a password by using a special authentication program, the vehicle-mounted terminal authentication unit authenticates the vehicle-mounted terminal authentication program after logging in by clicking, an event is sent to the vehicle-mounted terminal authentication program after the authentication is successful, and the vehicle-mounted terminal authentication program initiates an update request to the central authentication program.
Furthermore, the authentication module further comprises a flow table issuing unit, the flow table issuing unit adopts a vehicle-mounted access management port, accesses the management port IP through an HTTP protocol, and enters a management interface, if: http://192.168.1.130/.
Further, the management module includes a login module and a release processing module, the login module is specifically a user login unit, the release processing module is specifically a release policy newly-added unit, the release policy newly-added unit includes a dynamic policy and a static policy, the validity period of the dynamic policy is 15 minutes, the terminal needs to keep alive of the policy in the form of a heartbeat package through an authentication program continuously, the policy is configured on the terminal through a management page in the heartbeat period and is not updated in time, and the next heartbeat package initiated by the terminal can take effect only after the configuration. The updating frequency of the heartbeat package is about 8-10 minutes, after the terminal logs out, the strategy is kept effective before the last heartbeat package is invalid, and the validity period of the static strategy is permanent.
Further, the management module further comprises a target processing module, the target processing module comprises a service group separating and adding unit, a target service group loading unit, a target resource address adding unit, a service group and resource address adding unit, if the new service group is required to be added, adding is performed, if the target service group and the resource address are required to be added, a new service group is added to the access target, the target resource is added into the service group, then the target service group is loaded, the operation of the target resource address is performed, finally the target resource address is added, a source service group is added, and the connected terminal is added into the service group.
Furthermore, the management module further comprises a source resource processing module, the source resource processing module comprises a source service group adding unit, a source service group loading unit and a source resource address adding unit, the source service group needs to select a category, and as the resource addresses stored in the group are pc which need to be authenticated, a dynamic address service is selected, and some terminal IPs which need to be connected are added into a resource address list of the group.
An all-in-one machine of a vehicle-mounted end, in particular to an all-in-one machine carrying a system of the all-in-one machine of the vehicle-mounted end.
The invention has the technical effects and advantages that: the vehicle-mounted control terminal and the central control terminal are matched to form a basic all-in-one machine structure, and the blacklist newly-added module and the white list newly-added module of the comprehensive multi-element control module can limit the accessed terminals by setting the blacklist/port MAC address in the using process and can release the specific accessed terminals by setting the white list, so that the flexibility of the vehicle-mounted control terminal and the central control terminal is improved.
The vehicle-mounted terminal authentication unit of the authentication module is started through a system md, a request address, an account number and a password of an authentication server are configured in a system fixed path configuration file, the account number and the password are automatically called to initiate an authentication request to the authentication server after the system is started, the account number and the password are verified after the authentication server receives the request, a strategy which is possessed by the account number and is released in an MSAG gateway correspondingly after verification is successful is started, monitoring is started, when an event that terminal authentication is successful is initiated by a vehicle-mounted terminal authentication program, authentication update needs to be initiated to a central authentication server again, and a strategy which is possessed by the vehicle-mounted terminal authentication account number and is released in the MSAG gateway correspondingly is released by an ip of a lower terminal.
The authentication module of the invention also comprises a vehicle-mounted terminal authentication unit and a flow table issuing unit, wherein the vehicle-mounted terminal authentication unit uses a special authentication program, a server address, a port, an account and a password are input, the vehicle-mounted terminal authentication program is authenticated after the login is clicked, an event is sent to the vehicle-mounted terminal authentication program after the authentication is successful, the vehicle-mounted terminal authentication program initiates an updating request to a central authentication program, the flow table issuing unit adopts a vehicle-mounted access management port, accesses a management port IP through an HTTP protocol and enters a management interface, and the steps are as follows: http://192.168.1.130/.
The management module comprises a login module, a target processing module and a source resource processing module, various data and modules can be flexibly added according to actual requirements, and the management module is simple and convenient to operate and high in economic value.
Drawings
FIG. 1 is an overall block diagram of the present invention;
FIG. 2 is a block diagram of an integrated multivariable control module of the present invention;
FIG. 3 is a system diagram of an authentication module in the present invention;
FIG. 4 is a system diagram of a management module of the present invention;
FIG. 5 is a system diagram of a target processing module of the present invention;
FIG. 6 is a system diagram of a source resource processing module according to the present invention.
In the figure: 1. a vehicle-mounted control terminal; 2. a central control terminal; 201. a comprehensive multi-element control module; 2011. a blacklist newly-added module; 2012. adding a white list new module; 3. a data storage module; 4. an authentication module; 401. a vehicle-mounted terminal authentication unit; 402. the vehicle-mounted terminal is connected with a terminal authentication unit; 403. a flow table issuing unit; 5. a management module; 501. a login module; 5011. a user login unit; 502. a target processing module; 5021. a service group separating and adding unit; 5022. a target service group adding unit; 5023. a target service group loading unit; 5024. a target resource address adding unit; 5025. a service group and resource address adding unit; 503. a source resource processing module; 5031. a source service group newly-added unit; 5032. a source service group loading unit; 5033. a source resource address adding unit; 504. a release processing module; 5041. and releasing the newly added unit of the strategy.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Please refer to fig. 1-6.
Example 1
A vehicle-mounted terminal all-in-one machine system and an all-in-one machine comprise a vehicle-mounted control terminal 1, a central control terminal 2, a data storage module 3, an authentication module 4 and a management module 5, wherein the vehicle-mounted control terminal 1 is connected with the central control terminal 2 through a network card, the data storage module 3 is connected with the vehicle-mounted control terminal 1 through a data storage circuit, the authentication module 4 is connected with the vehicle-mounted control terminal 1 through an authentication circuit, and the management module 5 is connected with the vehicle-mounted control terminal 1 through a management circuit.
An openvswitch, a docker and an authentication program need to be installed in advance, a network card with type = vxlan is created, for example, a network card named vxlan0 is created on a host machine which is accessed to the internet through a enp s0 network card, and a VNI of the network card is 88, so as to provide connection for a vehicle-mounted terminal all-in-one machine
1ip link add vxlan0 type vxlan id 88dstport 4789dev enp1s0
Setting ip for the created network card, and using the terminal network connection under the vehicle-mounted terminal as a gateway, for example, if the current vehicle carries a terminal network setting of 192.168.12.200/24 and the gateway is 192.168.12.1, the command is as follows: 1ifconfig vxlan 0.168.12.1up.
In the in-vehicle control terminal 1.
1. Creating a docker container for managing web applications and interface programs through docker-composition
(1)docker-compose-f web.yml up-d
2. Generating openvswitch bridges
(1)ovs-vsctl add-br br0
3. Creating a network card for the interface container in br0 created by openvswitch, so that the network card can be operated by the flow table, and enabling the lower terminal to use the interface of the authentication program, wherein the command is fixed as follows:
(1)ovs-docker add-port br0 eth1 web--ipaddress=169.169.169.169/24--macaddress=66:66:66:66:66:66
4. modifying default routing for interface containers
(1)docker exec-it web route del default dev eth0
(2)docker exec-it web route add default dev eth1
5. Create vxlan in br0 created by openvswitch, e.g. center end ip is 192.168.1.128, VNI needs VNI =88 created for the center, then the command is as follows:
(1)ovs-vsctl add-port br0 vxlan0--set interface vxlan0 type=vxlan options:remote_ip=192.168.1.128options:key=88
6. mounting a physical port into an openvswitch-created bridge br0 so that it can be operated by a flow table
(1)ovs-vsctl add-port br0 enp3s0
(2)ovs-vsctl add-port br0 enp4s0
(3)ovs-vsctl add-port br0 enp5s0
(4)ovs-vsctl add-port br0 enp6s0
7. Connecting openvswitch controller, managing web page application issuing service flow table by calling controller program
ovs-vsctl set-controller br0 tcp:127.0.0.1:6633
The vehicle-mounted control terminal 1 and the central control terminal 2 are Linux system machines, openvswitch, docker and an authentication program need to be pre-installed at the vehicle-mounted end, the vehicle-mounted control terminal 1 and the central control terminal 2 start ip forwarding of the two machines by modifying/etc/resolv.conf, wherein the value of net.ipv4.ip _ forward is equal to 1, namely 'net.ipv 4.ip _ forward = 1', and a line is not added.
The central control terminal 2 comprises an integrated multi-element control module 201, the integrated multi-element control module 201 comprises a blacklist newly-adding module 2011 and a whitelist newly-adding module 2012, the blacklist newly-adding module 2011 is provided with terminals of access limited by blacklist/port MAC addresses, the whitelist newly-adding module 2012 is provided with terminals of specific access released by whitelists, the terminals of access limited by blacklist/port MAC addresses can be set, and the terminals of specific access released by whitelists can be set.
Example 2
A vehicle-mounted terminal all-in-one machine system and an all-in-one machine comprise a vehicle-mounted control terminal 1, a central control terminal 2, a data storage module 3, an authentication module 4 and a management module 5, wherein the vehicle-mounted control terminal 1 is connected with the central control terminal 2 through a network card, the data storage module 3 is connected with the vehicle-mounted control terminal 1 through a data storage circuit, the authentication module 4 is connected with the vehicle-mounted control terminal 1 through an authentication circuit, and the management module 5 is connected with the vehicle-mounted control terminal 1 through a management circuit.
The authentication module 4 comprises a vehicle-mounted terminal authentication unit 401, the vehicle-mounted terminal authentication unit 401 is started through a system md, a request address, an account number and a password of an authentication server are configured in a system fixed path configuration file, the account number and the password are automatically called after the system is started to initiate an authentication request to the authentication server, the authentication server verifies the account number and the password after receiving the request, releases a policy which the account number correspondingly possesses in an MSAG gateway after the verification is successful, opens monitoring, and when an event that the authentication of a lower-mounted terminal is successful is initiated by a vehicle-mounted terminal authentication program, the authentication update needs to be initiated to a central authentication server again, and releases the policy which the vehicle-mounted terminal authentication account number correspondingly possesses in the MSAG gateway.
The authentication module 4 further includes a vehicle-mounted terminal authentication unit 402, where the vehicle-mounted terminal authentication unit 402 inputs a server address, a port, an account, and a password using a dedicated authentication program, authenticates the vehicle-mounted terminal authentication program after logging in is clicked, sends an event to the vehicle-mounted terminal authentication program after authentication is successful, and the vehicle-mounted terminal authentication program initiates an update request to the central authentication program.
The authentication module 4 further includes a flow table issuing unit 403, where the flow table issuing unit 403 uses a vehicle-mounted access management port, accesses the management port IP through an HTTP protocol, and enters a management interface, if: http://192.168.1.130/.
Example 3
A vehicle-mounted terminal all-in-one machine system and an all-in-one machine comprise a vehicle-mounted control terminal 1, a central control terminal 2, a data storage module 3, an authentication module 4 and a management module 5, wherein the vehicle-mounted control terminal 1 is connected with the central control terminal 2 through a network card, the data storage module 3 is connected with the vehicle-mounted control terminal 1 through a data storage circuit, the authentication module 4 is connected with the vehicle-mounted control terminal 1 through an authentication circuit, and the management module 5 is connected with the vehicle-mounted control terminal 1 through a management circuit.
The management module 5 includes a login module 501 and a release processing module 504, the login module 501 is specifically a user login unit 5011, the release processing module 504 is specifically a release policy newly-adding unit 5041, the release policy newly-adding unit 5041 includes a dynamic policy and a static policy, the validity period of the dynamic policy is 15 minutes, the terminal needs to keep alive the policy in the form of a heartbeat package through an authentication program, the policy configured for the terminal through a management page is not updated in time in the heartbeat period, and the next heartbeat package initiated by the terminal after configuration needs to be waited to take effect. The updating frequency of the heartbeat package is about 8-10 minutes, after the terminal logs out, the strategy is kept effective before the last heartbeat package is invalid, and the validity period of the static strategy is permanent.
The management module 5 further includes a target processing module 502, the target processing module 502 includes a service group separating and adding unit 5021, a target service group adding unit 5022, a target service group loading unit 5023, a target resource address adding unit 5024 and a service group and resource address adding unit 5025, if a service group is required to be added, adding is performed, if a target service group and a resource address are required to be added, a service group is added for an access target, and a target resource is added into the service group, then the target service group is loaded, the target resource address is operated, finally a target resource address is added, a source service group is added, and a terminal connected in the lower part is added into the service group.
The management module 5 further includes a source resource processing module 503, where the source resource processing module 503 includes a source service group adding unit 5031, a source service group loading unit 5032, and a source resource address adding unit 5033, where the source service group needs to select a category, and since the resource address stored in the group is some pc that needs to be authenticated, a dynamic address service is selected, and some terminal IPs that need to be connected are added to a resource address list of the group.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Furthermore, it should be understood that although the present description refers to embodiments, not every embodiment may contain only a single embodiment, and such description is for clarity only, and those skilled in the art should integrate the description, and the embodiments may be combined as appropriate to form other embodiments understood by those skilled in the art.
Claims (10)
1. The utility model provides a vehicle-mounted end all-in-one machine system which characterized in that: the vehicle-mounted control system comprises a vehicle-mounted control terminal (1), a central control terminal (2), a data storage module (3), an authentication module (4) and a management module (5), wherein the vehicle-mounted control terminal (1) is connected with the central control terminal (2) through a network card, the data storage module (3) is connected with the vehicle-mounted control terminal (1) through a data storage circuit, the authentication module (4) is connected with the vehicle-mounted control terminal (1) through an authentication circuit, and the management module (5) is connected with the vehicle-mounted control terminal (1) through a management circuit.
2. The vehicle-mounted terminal all-in-one machine system according to claim 1, characterized in that: the vehicle-mounted control terminal (1) and the central control terminal (2) are all Linux system machines, the vehicle-mounted terminal needs to be pre-equipped with openvswitch, docker and authentication programs, the vehicle-mounted control terminal (1) and the central control terminal (2) start ip forwarding of the two machines by modifying the value of net.ipv4.ip _ forward in/etc/resolv.conf to be equal to 1, namely, 'net.ipv 4.ip _ forward = 1', and if one line is not added, the two machines are started.
3. The vehicle-mounted terminal all-in-one machine system according to claim 1, characterized in that: the central control terminal (2) comprises a comprehensive multivariate control module (201), the comprehensive multivariate control module (201) comprises a blacklist newly-added module (2011) and a whitelist newly-added module (2012), the blacklist newly-added module (2011) is provided with a blacklist/port MAC address access limiting terminal, and the whitelist newly-added module (2012) is provided with a whitelist releasing terminal with specific access.
4. The vehicle-mounted terminal all-in-one machine system according to claim 1, characterized in that: the authentication module (4) comprises a vehicle-mounted terminal authentication unit (401), the vehicle-mounted terminal authentication unit (401) is started through a system md, a request address, an account and a password of an authentication server are configured in a system fixed path configuration file, the account and the password are automatically called after the system is started to initiate an authentication request to the authentication server, the authentication server verifies the account and the password after receiving the request, the policy corresponding to the account is released in an MSAG gateway after the verification is successful, monitoring is started, when an event that a vehicle-mounted terminal authentication program initiates a terminal authentication success next, authentication update needs to be initiated to a central authentication server again, and the policy corresponding to the vehicle-mounted terminal authentication account is released in the MSAG gateway by the ip of the terminal next.
5. The vehicle-mounted terminal all-in-one machine system according to claim 4, characterized in that: the authentication module (4) further comprises a vehicle-mounted terminal-connected authentication unit (402), the vehicle-mounted terminal-connected authentication unit (402) inputs a server address, a port, an account and a password by using a special authentication program, the vehicle-mounted terminal authentication program is authenticated after the login is clicked, an event is sent to the vehicle-mounted terminal authentication program after the authentication is successful, and the vehicle-mounted terminal authentication program initiates an update request to the central authentication program.
6. The vehicle-mounted terminal all-in-one machine system according to claim 5, characterized in that: the authentication module (4) further comprises a flow table issuing unit (403), the flow table issuing unit (403) adopts a vehicle-mounted access management port, accesses the management port IP through an HTTP protocol, and enters a management interface, if: http://192.168.1.130/.
7. The vehicle-mounted terminal all-in-one machine system according to claim 1, characterized in that: the management module (5) comprises a login module (501) and a release processing module (504), the login module (501) is specifically a user login unit (5011), the release processing module (504) is specifically a release strategy newly-adding unit (5041), the release strategy newly-adding unit (5041) comprises a dynamic strategy and a static strategy, the validity period of the dynamic strategy is 15 minutes, the terminal needs to keep the strategy alive in the form of a heartbeat packet through an authentication program, the strategy is configured on a management page in the heartbeat period and is not updated in time, the next heartbeat packet initiated by the terminal after the configuration needs to be enabled to be valid, the updating frequency of the heartbeat packet is approximately 8-10 minutes, after the terminal logs out, the strategy is kept valid before the last heartbeat packet fails, and the validity period of the static strategy is permanent.
8. The vehicle-mounted terminal all-in-one machine system according to claim 7, characterized in that: the management module (5) further comprises a target processing module (502), and the target processing module (502) comprises a service group separation and addition unit (5021), a target service group addition unit (5022), a target service group loading unit (5023), a target resource address addition unit (5024) and a service group and resource address addition unit (5025).
9. The vehicle-mounted terminal all-in-one machine system according to claim 7, characterized in that: the management module (5) further comprises a source resource processing module (503), and the source resource processing module (503) comprises a source service group adding unit (5031), a source service group loading unit (5032) and a source resource address adding unit (5033).
10. The utility model provides an on-vehicle end all-in-one which characterized in that: in particular to an all-in-one machine carrying the vehicle-mounted terminal all-in-one machine system as claimed in any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210801710.9A CN115297097A (en) | 2022-07-07 | 2022-07-07 | Vehicle-mounted terminal all-in-one machine system and all-in-one machine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210801710.9A CN115297097A (en) | 2022-07-07 | 2022-07-07 | Vehicle-mounted terminal all-in-one machine system and all-in-one machine |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115297097A true CN115297097A (en) | 2022-11-04 |
Family
ID=83821630
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210801710.9A Pending CN115297097A (en) | 2022-07-07 | 2022-07-07 | Vehicle-mounted terminal all-in-one machine system and all-in-one machine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115297097A (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040257208A1 (en) * | 2003-06-18 | 2004-12-23 | Szuchao Huang | Remotely controllable and configurable vehicle security system |
| CN102907039A (en) * | 2010-05-24 | 2013-01-30 | 瑞萨电子株式会社 | Communication system, vehicle-mounted terminal, roadside device |
| CN104574939A (en) * | 2013-10-29 | 2015-04-29 | 上海沐风数码科技有限公司 | 3G network-based large population city-oriented taxi-mounted terminal regulation and control system |
| CN105827718A (en) * | 2016-04-18 | 2016-08-03 | 宁波轩悦行电动汽车服务有限公司 | Client communication system, load balancing method and vehicle renting method |
| CN105959343A (en) * | 2016-04-18 | 2016-09-21 | 宁波轩悦行电动汽车服务有限公司 | On-vehicle APP communication system, load balancing method and vehicle renting method |
| CN106534071A (en) * | 2016-10-09 | 2017-03-22 | 清华大学 | Internet-of-vehicles link security authentication method and system based on device whitelist management |
| JP2021174156A (en) * | 2020-04-22 | 2021-11-01 | 株式会社リコー | Service providing system, login setting method, and information processing system |
| CN113691453A (en) * | 2021-08-16 | 2021-11-23 | 中汽创智科技有限公司 | Network management method, device, equipment and storage medium |
| CN114363372A (en) * | 2021-12-30 | 2022-04-15 | 新开普电子股份有限公司 | Data transmission and processing method between vehicle-mounted terminal and bus platform and service center |
-
2022
- 2022-07-07 CN CN202210801710.9A patent/CN115297097A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040257208A1 (en) * | 2003-06-18 | 2004-12-23 | Szuchao Huang | Remotely controllable and configurable vehicle security system |
| CN102907039A (en) * | 2010-05-24 | 2013-01-30 | 瑞萨电子株式会社 | Communication system, vehicle-mounted terminal, roadside device |
| CN104574939A (en) * | 2013-10-29 | 2015-04-29 | 上海沐风数码科技有限公司 | 3G network-based large population city-oriented taxi-mounted terminal regulation and control system |
| CN105827718A (en) * | 2016-04-18 | 2016-08-03 | 宁波轩悦行电动汽车服务有限公司 | Client communication system, load balancing method and vehicle renting method |
| CN105959343A (en) * | 2016-04-18 | 2016-09-21 | 宁波轩悦行电动汽车服务有限公司 | On-vehicle APP communication system, load balancing method and vehicle renting method |
| CN106534071A (en) * | 2016-10-09 | 2017-03-22 | 清华大学 | Internet-of-vehicles link security authentication method and system based on device whitelist management |
| JP2021174156A (en) * | 2020-04-22 | 2021-11-01 | 株式会社リコー | Service providing system, login setting method, and information processing system |
| CN113691453A (en) * | 2021-08-16 | 2021-11-23 | 中汽创智科技有限公司 | Network management method, device, equipment and storage medium |
| CN114363372A (en) * | 2021-12-30 | 2022-04-15 | 新开普电子股份有限公司 | Data transmission and processing method between vehicle-mounted terminal and bus platform and service center |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111555953B (en) | Remote diagnosis method, device and system based on vehicle-mounted Ethernet and TSP (Total suspended particulate) server | |
| CN108322467B (en) | OVS-based virtual firewall configuration method, electronic equipment and storage medium | |
| CN110677383B (en) | Firewall wall opening method and device, storage medium and computer equipment | |
| US11563799B2 (en) | Peripheral device enabling virtualized computing service extensions | |
| CN110557318B (en) | Method for realizing safe remote operation of IOT equipment | |
| US11520530B2 (en) | Peripheral device for configuring compute instances at client-selected servers | |
| CN110716787A (en) | Container address setting method, apparatus, and computer-readable storage medium | |
| CN112637371B (en) | Node address determination method and device, electronic equipment and storage medium | |
| US10757015B2 (en) | Multi-tenant routing management | |
| WO2021093455A1 (en) | Virtual machine access method and device | |
| US11928449B2 (en) | Information processing method, device, apparatus and system, medium, andprogram | |
| CN113361913A (en) | Communication service arranging method, device, computer equipment and storage medium | |
| CN113872951B (en) | Hybrid cloud security policy issuing method and device, electronic equipment and storage medium | |
| CN113765712B (en) | Server management method, device, electronic equipment and readable storage medium | |
| CN115297097A (en) | Vehicle-mounted terminal all-in-one machine system and all-in-one machine | |
| CN111726429A (en) | Communication method, device, equipment and medium | |
| CN109120680B (en) | Control system, method and related equipment | |
| CN111510431B (en) | Universal terminal access control platform, client and control method | |
| CN110022310B (en) | Authorization method and device based on cloud computing open network operating system | |
| CN109150810B (en) | Set top box convergence gateway and starting method, device and storage medium thereof | |
| CN111357244A (en) | Method for providing data packets from a CAN bus, control device and system having a CAN bus | |
| CN116015804B (en) | Trusted connector, industrial flow control system and method based on zero trust | |
| CN114928552B (en) | Communication equipment management method and device, electronic equipment and storage medium | |
| CN109445910B (en) | Virtual machine VLAN management method, device, terminal and storage medium | |
| CN112671561B (en) | Network card configuration method and equipment of cloud host |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |