Search

CN-122027095-A - Method, system, equipment and medium for improving communication security and reliability of distributed electronic module

CN122027095ACN 122027095 ACN122027095 ACN 122027095ACN-122027095-A

Abstract

The method comprises the steps of processing and transmitting command and acquisition data, respectively combining the command to be transmitted and the acquisition data into a plurality of groups of frames to be transmitted, then carrying out internal transmission through different channels, packaging and packaging at a terminal, sending the frames through two paths of wireless and power carriers, carrying out protocol verification on the frames by a receiving end, comparing data packets of the two paths to determine the reliability of wireless communication, transmitting trusted data, and simultaneously carrying out communication supervision according to a security verification result to determine a security state. The method and the device enhance the reliability and safety of data transmission, effectively prevent data loss and tampering through multipath transmission and strict data verification, and ensure the stability and safety of communication.

Inventors

  • QIU ZHAOYANG
  • CHEN GUANG
  • WANG DANDAN
  • FU LIMIN
  • SUN CHAO
  • ZHANG PANPAN

Assignees

  • 北京全路通信信号研究设计院集团有限公司

Dates

Publication Date
20260512
Application Date
20260105

Claims (12)

  1. 1. A method for improving communication security reliability of distributed electronic modules is characterized in that, The method comprises the following steps: respectively acquiring a command data set to be transmitted and a collection data set to be transmitted, and respectively combining the command data set to be transmitted and the collection data set to be transmitted to obtain a first command frame to be transmitted and a second command frame to be transmitted, a first collection frame to be transmitted and a second collection frame to be transmitted; The first command frame to be transmitted, the second command frame to be transmitted, the first acquisition frame to be transmitted and the second acquisition frame to be transmitted are respectively transmitted internally through different transmission channels, respectively packaged and encapsulated in different transmission terminals in sequence, and respectively transmitted externally through a wireless communication path and a power carrier communication path after packaged and encapsulated; Receiving a packaged and encapsulated command frame to be transmitted and a collected frame to be transmitted respectively, and sequentially carrying out transmission layer protocol verification and security layer protocol verification on the packaged and encapsulated command frame to be transmitted and the collected frame to be transmitted; respectively carrying out information comparison on each target data packet received by the two communication paths, determining whether the wireless communication paths are reliable in reception according to comparison results, and transmitting the reliable data packets based on the reception reliability; and determining a safety communication count based on a safety layer protocol verification result, performing communication supervision according to the safety communication count, and determining to enter or release a safety state according to the communication supervision result.
  2. 2. The method of claim 1, wherein the step of determining the position of the substrate comprises, Respectively acquiring a command data set to be transmitted and a collection data set to be transmitted, and respectively combining the command data set to be transmitted and the collection data set to be transmitted to obtain a first command frame to be transmitted and a second command frame to be transmitted, a first collection frame to be transmitted and a second collection frame to be transmitted, wherein the method specifically comprises the following steps: the method comprises the steps of obtaining a command to be transmitted and a central station identity identification code, extracting command abstract information based on the command to be transmitted, combining the command to be transmitted, the command abstract information and the central station identity identification code into a first command frame to be transmitted; Acquiring acquisition data to be transmitted and a module identity identification code, extracting acquisition summary information based on the acquisition data to be transmitted, and combining the acquisition data to be transmitted, the acquisition summary information and the module identity identification code into a first acquisition frame to be transmitted; The command data set to be transmitted comprises the command to be transmitted, the command abstract information and the central station identity identification code, and the acquisition data set to be transmitted comprises the acquisition data to be transmitted, the acquisition abstract information and the module identity identification code.
  3. 3. The method of claim 2, wherein the step of determining the position of the substrate comprises, The first command frame to be transmitted, the second command frame to be transmitted, the first acquisition frame to be transmitted and the second acquisition frame to be transmitted are respectively transmitted internally through different transmission channels, respectively packaged and encapsulated in different transmission terminals in sequence, and respectively transmitted externally through a wireless communication path and a power carrier communication path after packaged and encapsulated, specifically comprising the following steps: Respectively carrying out internal transmission on the first command to-be-transmitted frame and the first acquisition to-be-transmitted frame through wireless transmission channels, respectively and sequentially packing and encapsulating in a wireless transmission terminal point to obtain a target wireless communication command data packet and a target wireless communication acquisition data packet, and respectively carrying out external transmission on the target wireless communication command data packet and the target wireless communication acquisition data packet through wireless communication paths; And respectively carrying out internal transmission on the second command to-be-transmitted frame and the second acquisition to-be-transmitted frame by using a power carrier transmission channel, respectively and sequentially packing and encapsulating in a power carrier transmission terminal point to obtain a target power carrier communication command data packet and a target power carrier communication acquisition data packet, and respectively carrying out external transmission on the target power carrier communication command data packet and the target power carrier communication acquisition data packet by using a power carrier communication path.
  4. 4. The method of claim 3, wherein the step of, Sequentially packing and packaging in a transmission terminal, and specifically comprises the following steps: for any data packet, packing according to a security layer communication protocol to obtain an initial packing result; And encapsulating the initial packaging result into a target data packet conforming to the transmission layer communication protocol format.
  5. 5. The method of claim 4, wherein the step of determining the position of the first electrode is performed, Receiving a packed and encapsulated command frame to be transmitted and a collection frame to be transmitted respectively, and sequentially carrying out transmission layer protocol verification and security layer protocol verification on the packed and encapsulated command frame to be transmitted and the collection frame to be transmitted, wherein the method specifically comprises the following steps of: for any target data packet, carrying out transport layer protocol verification, obtaining a transport layer protocol verification result, and determining to carry out security layer protocol verification according to the transport layer protocol verification result, or discarding the target data packet; Based on the determination, carrying out security layer protocol verification, obtaining a security layer protocol verification result, and determining to carry out information judgment according to the security layer protocol verification result, or sending out a reminding signal; The method comprises the steps of determining to perform security layer protocol verification based on the transmission layer protocol verification result is passing, and discarding a target data packet based on the transmission layer protocol verification result is not passing; and determining to carry out information judgment based on the security layer protocol verification result is passing, and sending out a reminding signal based on the security layer protocol verification result is not passing.
  6. 6. The method of claim 5, wherein the step of determining the position of the probe is performed, Respectively comparing information of target data packets received by two communication paths, determining whether the wireless communication paths are reliable in reception according to comparison results, and transmitting the reliable data packets based on the reception reliability, wherein the method specifically comprises the following steps: Acquiring a latest packet of target wireless communication data packet and a latest packet of target power carrier communication data packet received by a wireless communication path, and determining latest packet of wireless communication abstract information and wireless communication identity identification codes corresponding to the latest packet of target wireless communication data packet and latest packet of wireless communication abstract information and power carrier communication identity identification codes corresponding to the latest packet of target power carrier communication data packet; Performing primary comparison according to the latest packet of wireless communication abstract information and the latest packet of power carrier abstract information; performing secondary comparison according to the wireless communication identity identification code and the power carrier communication identity identification code; And acquiring a primary comparison result and a secondary comparison result, and determining whether the wireless communication path is trusted to receive or not based on the primary comparison result and the secondary comparison result.
  7. 7. The method of claim 6, wherein determining that the wireless communication path is trusted for reception based on the primary comparison result and the secondary comparison result being consistent, transmitting the target wireless communication data packet as a trusted data packet; And if the primary comparison result is inconsistent with the secondary comparison result, determining that the wireless communication path is not trusted to receive, and transmitting the target power carrier communication data packet as a trusted data packet.
  8. 8. The method of claim 7, wherein the step of determining the position of the probe is performed, Determining a safety communication count based on a safety layer protocol verification result, performing communication supervision according to the safety communication count, and determining to enter or release a safety state according to the communication supervision result, wherein the method specifically comprises the following steps of: When the safety communication count is not 0, checking the safety layer protocol verification result at regular time, wherein a new communication arrives and the verification result is passed, reducing the count by 1 until the safety communication count is 0, otherwise, keeping the safety communication count unchanged; when the safety communication count is the upper limit value, the safety communication count is forced to enter a safety state; When the safety communication count is reduced to 0 from the upper limit value, the safety state is released; Wherein the secure communication count is initially 0, and is incremented by 1 to an upper limit based on receiving a notification that the secure layer protocol authentication is not passed.
  9. 9. A system for improving communication security and reliability of distributed electronic modules is characterized in that, The system comprises: the data acquisition and combination module is used for respectively acquiring a command data set to be transmitted and a collection data set to be transmitted, and respectively combining the command data set to be transmitted and the collection data set to be transmitted to obtain a first command frame to be transmitted and a second command frame to be transmitted, a first collection frame to be transmitted and a second collection frame to be transmitted; The transmission sending module is used for respectively carrying out internal transmission on the first command frame to be transmitted, the second command frame to be transmitted, the first acquisition frame to be transmitted and the second acquisition frame to be transmitted by different transmission channels, respectively and sequentially packing and packaging the first command frame to be transmitted, the second command frame to be transmitted, the first acquisition frame to be transmitted and the second command frame to be transmitted by different transmission channels, and respectively carrying out external sending by a wireless communication path and a power carrier communication path after packing and packaging the first command frame to be transmitted and the second command frame to be transmitted; The receiving verification module is used for respectively receiving the packed and encapsulated command frame to be transmitted and the acquisition frame to be transmitted, and sequentially carrying out transmission layer protocol verification and security layer protocol verification on the packed and encapsulated command frame to be transmitted and the acquisition frame to be transmitted; The comparison judging module is used for respectively carrying out information comparison on each target data packet received by the two communication paths, determining whether the wireless communication path is reliable in reception or not according to comparison results, and transmitting the reliable data packet based on the reception reliability; and the counting supervision module is used for determining a safety communication count based on a safety layer protocol verification result, carrying out communication supervision according to the safety communication count, and determining to enter or release a safety state according to the communication supervision result.
  10. 10. An electronic device comprising at least one processor and at least one memory electrically connected; The memory is electrically connected to the processors, wherein the memory stores instructions executable by at least one of the processors to enable the at least one of the processors to perform the method of improving the communication security reliability of the distributed electronic module as claimed in any one of claims 1-8.
  11. 11. A computer storage medium, characterized in that, The computer readable storage medium has a computer program stored therein; the computer program, when executed by a processor, implements the method of improving the communication security reliability of a distributed electronic module according to any of claims 1-8.
  12. 12. A computer program product, characterized in that, The computer program product is stored in at least one storage medium; The computer program product comprising instructions for causing at least one electronic device to perform the method of improving the communication security reliability of a distributed electronic module as claimed in any one of claims 1 to 8.

Description

Method, system, equipment and medium for improving communication security and reliability of distributed electronic module Technical Field The disclosure belongs to the technical field of communication security, and in particular relates to a method, a system, equipment and a medium for improving communication security reliability of a distributed electronic module. Background In the novel two-stage train control system for rail traffic, the distributed full-electronic module bears more than 90% of execution functions and is a core component of a system architecture, the two-stage train control system needs to send train signal control commands by virtue of a central station, the commands are transmitted to the distributed full-electronic module deployed beside a track, the modules respond according to the commands, such as on-off of a control signal machine, control direction of a driving switch machine and the like, meanwhile, the modules acquire key states of a rail and transmit acquisition results to the central station for judging the position of a train and the direction of the speed of the train, but the communication between the distributed full-electronic module and the central station has a plurality of difficulties: 1. The communication distance is long, the track traffic line often extends tens or even hundreds of kilometers, and the trackside equipment such as the annunciator and the track circuit are distributed at all positions of the line in a scattered manner, so that the physical distance between the trackside equipment and the central station is extremely long. If a wired communication mode is adopted, a large number of signal cables are required to be paved, the cables are required to be paved, construction cost and material cost are very high, in addition, periodic maintenance is required in the later period, and labor cost is very high due to long working distance. In addition, since the line conditions and the operation plan may be adjusted and changed, and the cable is fixed after being laid and cannot be moved, if the position of the trackside equipment needs to be adjusted, the existing resource waste is caused, the flexibility of line adjustment is also affected, and the operation in the construction period cannot be carried out and the driving efficiency is also affected; 2. the communication data volume is large, and the information of the train and the track state is various, such as the train position information, the running state, the track circuit occupation check, the switch machine position, the signal machine display and the like, all need to be transmitted accurately in real time. Moreover, to ensure train operation safety, the data must ensure integrity and accuracy, and any data loss or error may have serious consequences; if wired communication is adopted, a large amount of cables are required to be constructed or the cables are transmitted through a unified line, but one line transmits a large amount of data, so that data congestion and transmission delay are extremely easy to cause; 3. In a two-stage train control system, the same central station needs to communicate with tens or even hundreds of distributed full-electronic modules according to the control scale, and different modules and different manufacturer devices are interwoven to form a complex communication network; meanwhile, in the existing scheme, the communication between the distributed all-electronic module and the central station is realized by a wireless communication mode, but the wireless communication technology has inherent defects, the problems of signal attenuation, interference and the like are more serious along with the increase of the distance of wireless signal transmission, so that the accuracy and stability of data transmission are difficult to guarantee, the reliability of long-distance communication cannot be guaranteed by the wireless communication, in addition, the wireless signal is freely transmitted in space and is easily interfered by communication signals of adjacent equipment, if the confusion of communication objects occurs, the driving efficiency is influenced slightly, the safety accident is caused seriously, and the communication safety in a complex communication network cannot be guaranteed by the wireless communication; In the existing scheme, the communication between the distributed all-electronic module and the central station is realized by a power carrier transmission mode, the principle is that a data signal is modulated on a high-frequency carrier and transmitted through a power line, and the carrier signal is demodulated at a receiving end to recover data; however, the power line is not designed for communication, and the problems of limited bandwidth, serious signal attenuation, poor communication stability and the like of power carrier communication are caused by the complex impedance characteristic, the strong electromagnetic interference environment, the mult