CN113225248A - Novel network connection type industrial internet edge gateway equipment - Google Patents
Novel network connection type industrial internet edge gateway equipmentDownload PDFInfo
- Publication number
- CN113225248A CN113225248ACN202110357275.0ACN202110357275ACN113225248ACN 113225248 ACN113225248 ACN 113225248ACN 202110357275 ACN202110357275 ACN 202110357275ACN 113225248 ACN113225248 ACN 113225248A
- Authority
- CN
- China
- Prior art keywords
- access
- data
- terminal
- network
- unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/16—Gateway arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
Abstract
Description
Technical Field
The invention relates to a novel network connection type industrial Internet edge gateway device, and belongs to the field of industrial Internet of things network security.
Background
In a production control area of a power network, power distribution terminal equipment is accessed to a boundary network of a safety access area, and the technology should support multiple modes of access, safety access and control of multiple terminals, multiple industrial protocol identification and deep analysis, bidirectional identity authentication, attack protection and real-time report of alarm logs.
At present, various terminals exist in an underlying network environment, different terminals use different buses, if a network needs to be accessed, DTU equipment must be collocated, and the deployment cost is high. The network development is rapid, meanwhile, the network attack is never stopped, the terminal equipment is mostly deployed in an unattended area, an attacker is easy to pretend and copy and then accesses the power network, and serious network safety hidden dangers exist.
The traditional gateway equipment sends the log and the alarm to a log server, and a manager cannot know the occurrence of the event at the first time or look up the event at any time and any place in real time.
The traditional gateway equipment cannot cache data sent by a terminal after the network is interrupted, and data loss is easily caused.
Disclosure of Invention
In view of the above problems, the present invention provides a new network connection type industrial internet edge gateway device.
(1) On the basis that the traditional gateway equipment only supports an RJ45 interface, an industrial bus and a wireless transmission interface are added to support access in various modes, and various protocols are analyzed and encapsulated into network data which are then uploaded to a server.
(2) The traditional gateway equipment only supports wired transmission communication, and 3G, 4G and NB-IoT modules are added to the new network connection type industrial Internet edge gateway, so that wireless transmission communication can be carried out.
(3) On the basis that the traditional gateway equipment only supports an IP control access mode, bidirectional identity authentication is added to prevent an IP address from being counterfeited to access a network.
(4) On the basis that the traditional gateway equipment only supports a point-to-point log reporting mode, the cloud function of the log is added, and remote real-time monitoring and control of a mobile terminal are completed.
(5) The new network connection type industrial internet edge gateway is configured with large-capacity stable storage, has a data caching function, can cache terminal data which fails to be uploaded, and retransmits the terminal data after network recovery.
A new network-connected industrial internet edge gateway device, as shown in fig. 4, comprising:
the access unit is additionally provided with an industrial bus and a wireless transmission interface, is used for supporting the simultaneous access of terminals with various different industrial interfaces, analyzes and encapsulates different protocol buses into network data, and then accesses the network data into the server;
a communication unit for performing wireless communication and wired communication, and capable of performing network transmission in a special environment;
the authentication unit is used for bidirectional identity authentication and can accurately identify and authenticate the identity of the terminal equipment; after the authentication is passed, the terminal equipment is accessed to the network;
the uploading function unit is used for remote real-time monitoring and control of the mobile terminal, transmitting data to a server or a cloud terminal, and transmitting logs and alarms to a PC (personal computer) or the mobile terminal of a manager;
and the data caching unit is used for caching the terminal data which fails to be sent upwards and retransmitting the terminal data after the network recovers.
In the access unit, increased multiple access mode and included common RJ45, optic fibre, USB, industry interface RS232, RS485 etc. still include wireless access mode, including WIFI, loRa, 433 etc..
In the communication unit, the added communication modes comprise wireless 3G, 4G and NB-IoT and wired communication, and are used for dealing with various deployment environments.
In the data cache unit, a network interrupt data cache function is added, data is cached in the gateway, and the data is retransmitted after the network is recovered.
The uploading functional unit is deployed at the boundary gateway position of a safety access area in a power distribution environment and directly accesses the industrial bus or the switch to the lower-layer terminal equipment; the method comprises the steps of accessing an upper access display large screen, checking terminal data, logs and alarms in real time, accessing a server, carrying out service operation on a terminal, selecting an access cloud, pushing messages to mobile terminal equipment, and checking terminal states, logs and alarm information at any time and any place.
Technical effects
The problem that only an industrial interface of an industrial bottom layer terminal is accessed to a network by depending on a DTU conversion device is solved, and a large amount of capital cost brought by a large amount of DTU conversion devices is saved by a plurality of access modes; the communication mode is increased, so that the system can be applied to various deployment environments; the bidirectional identity authentication function is added, so that an attacker is effectively prevented from suffering loss or potential safety hazard caused by accessing the server by using the terminal IP address; the real-time reporting of the log and the alarm and the subscription and distribution of the message are added, so that a manager can know the alarm and look up the log in real time; the network interruption data caching function is added, and larger property loss is caused by data loss.
Drawings
A more complete understanding of exemplary embodiments of the present invention may be had by reference to the following drawings in which:
fig. 1 is a diagram of a terminal access method of the present invention;
FIG. 2 illustrates a terminal accessing bidirectional identity authentication according to the present invention;
FIG. 3 is a device application deployment scenario of the present invention;
fig. 4 is a schematic diagram of the structural design of the present invention.
Detailed Description
The present invention may, however, be embodied in different forms and should not be construed as limited to the embodiments set forth herein, which are provided for complete disclosure of the present invention and to fully convey the scope of the present invention to those skilled in the art. The terminology used in the exemplary embodiments illustrated in the accompanying drawings is not intended to be limiting of the invention. In the drawings, the same units/elements are denoted by the same reference numerals.
Unless otherwise defined, terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Further, it will be understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense.
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
In a production control area of a power network, power distribution terminal equipment is accessed to a boundary network of a safety access area, and the technology should support the safety access and control of various terminals, support various industrial protocol identification and deep analysis, support bidirectional identity authentication, attack protection and real-time report of alarm logs.
At present, various terminals exist in an underlying network environment, different terminals use different buses, if a network needs to be accessed, DTU equipment must be collocated, and the deployment cost is high. The network is developed rapidly, and the network attack is never stopped, the terminal equipment is located at an unattended place, and the IP address of the terminal equipment is easy to disguise by an attacker and imitate the hidden network safety trouble caused by accessing the terminal equipment to the server.
The traditional gateway equipment sends the log and the alarm to a log server, and a manager cannot know the occurrence of the event at the first time or look up the event at any time and any place in real time.
The traditional gateway equipment cannot cache data sent by a terminal after the network is interrupted, so that data loss is caused, and great property loss is generated.
In view of the above problems, the present invention provides a new network connection type industrial internet edge gateway device. The apparatus comprises:
the access unit is used for supporting access in various modes of wired, wireless and industrial buses and supporting identification and deep analysis of various protocols;
the communication unit is used for supporting wired and various wireless transmission technologies and meeting network communication under various environments;
the authentication unit is used for accurately identifying and authenticating the identity of the terminal equipment by using bidirectional identity authentication;
the uploading function unit is used for uploading the monitored terminal data to a server or a cloud in real time;
and the data caching unit is used for caching the terminal data which fails to be sent upwards and retransmitting the terminal data after the network recovers.
Multiple access modes are added in the access unit, and an RS232 bus, an RS485 bus and WIFI, LoRa and 433 wireless access modes are added on the basis of common RJ45, optical fibers and USB access.
A plurality of communication modes are supported, including wired communication and 3G, 4G, NB-IoT wireless communication modes, and the wireless communication mode is used for dealing with various network deployment environments.
The uploading function unit also comprises a boundary gateway which is deployed at the position of a safety access area in the power distribution environment and directly accesses the industrial bus or the switch to the lower-layer terminal equipment; the method comprises the steps of accessing an upper access display large screen, checking terminal data, logs and alarms in real time, accessing a server, carrying out service operation on a terminal, selecting an access cloud, pushing messages to mobile terminal equipment, and checking terminal states, logs and alarm information at any time and any place.
In the data caching unit, the new network connection type industrial internet edge gateway equipment is configured with large-capacity stable storage, has a data caching function, can cache terminal data which are failed to be uploaded, and performs data retransmission after the network is communicated.
On the basis of the traditional access gateway, various access modes are added, communication modes are added, a bidirectional identity authentication function is added, a real-time log and alarm reporting function is added, and a network interrupt data caching function is added, and the method specifically comprises the following steps:
(1) as shown in fig. 1, on the basis that the conventional gateway device only supports the RJ45 interface networking, the new network connection type industrial internet edge gateway adds an industrial bus and a wireless transmission interface, supports multiple access modes including RS485, RS232, RJ45, optical fibers, USB, and a wireless communication terminal including WIFI, LoRa, 433, analyzes and encapsulates different protocol buses into network data, and then accesses to a server.
(2) As shown in fig. 1, for the situation that a communication cable cannot be deployed in a special environment, and on the basis that a conventional gateway device only supports wired transmission communication, a 3G, 4G and NB-IoT module is added to a new network connection type industrial internet edge gateway, so that wireless transmission communication can be performed, the requirement of the special environment is met, the deployment cost is saved, and meanwhile, a wired network connection server is provided, so that the two communication modes are sufficient for various network environments.
(3) The network is developed rapidly, and the network attack is never stopped at the same time, the terminal equipment is located in an unattended place, and the IP address of the terminal equipment is easy to disguise by an attacker and imitate the network safety hidden trouble caused by accessing the terminal equipment to the server; as shown in fig. 2, on the basis that the conventional gateway device only supports the IP control access mode, the new network connection type industrial internet edge gateway adds bidirectional identity authentication to prevent the IP address from being counterfeited to access the network, and solve the harm caused by the attacker who counterfeits the intrusion attack.
(4) On the basis that the traditional gateway equipment only supports a point-to-point log reporting mode, a log cloud-on mode is added to complete remote real-time monitoring and control of a mobile terminal, as shown in fig. 3, the system supports data delivery to a server or a cloud (a private cloud server), and delivers logs and alarms to a PC (personal computer) or the mobile terminal of a manager in a subscription and publishing mode in real time, so that problems can be discovered in time and solved.
(5) The traditional gateway equipment cannot cache data sent by a terminal after the network is interrupted, so that data loss is caused, and great property loss is generated. The novel network connection type industrial Internet edge gateway is configured with large-capacity stable storage, has a data caching function, can store data which cannot be communicated due to network interruption, caches the data in the gateway, and retransmits the data after waiting for network communication, so that data loss is avoided.
(6) As shown in fig. 3, the device application deployment scenario is deployed at a border gateway of a secure access area in a power distribution environment, and the lower layer terminal device may directly access an industrial bus or may access a switch. The large display screen can be accessed to the upper layer, terminal data, logs and alarms can be checked in real time, the server can be accessed to perform business operation on the terminal, meanwhile, the cloud can be selected to be accessed, information pushing to the mobile terminal device is achieved, and information such as terminal states, logs and alarms can be checked anytime and anywhere.
Technical effects
The problem that only an industrial interface of an industrial bottom layer terminal is accessed to a network by depending on a DTU conversion device is solved, and a large amount of capital cost brought by a large amount of DTU conversion devices is saved by a plurality of access modes; the communication mode is increased, so that the system can be applied to various deployment environments; the bidirectional identity authentication function is added, so that an attacker is effectively prevented from suffering loss or potential safety hazard caused by accessing the server by using the terminal IP address; the real-time reporting of the log and the alarm and the subscription and distribution of the message are added, so that a manager can know the alarm and look up the log in real time; the network interruption data caching function is added, and larger property loss is caused by data loss.
The above-mentioned embodiments only express one embodiment of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (5)
1. A new network-connected industrial internet edge gateway device, characterized in that it comprises:
the access unit is used for supporting access in various modes of wired, wireless and industrial buses and supporting identification and deep analysis of various protocols;
the communication unit is used for supporting wired and various wireless transmission technologies and meeting network communication under various environments;
the authentication unit is used for accurately identifying and authenticating the identity of the terminal equipment by using bidirectional identity authentication;
the uploading function unit is used for uploading the monitored terminal data to a server or a cloud in real time;
and the data caching unit is used for caching the terminal data which fails to be sent upwards and retransmitting the terminal data after the network recovers.
2. The device of claim 1, wherein multiple access modes are added to the access unit, and an RS232 bus, an RS485 bus, and WIFI, LoRa, 433 wireless access modes are added on the basis of common RJ45, optical fiber and USB access.
3. The apparatus of claim 1, wherein a plurality of communication modes are supported, including wired communication and 3G, 4G, NB-IoT wireless communication modes, for coping with various network deployment environments.
4. The device according to claim 1, wherein the upload function unit further includes a border gateway deployed in a secure access area in the power distribution environment, and directly accesses the industrial bus or the access switch to the lower layer terminal device; the method comprises the steps of accessing an upper access display large screen, checking terminal data, logs and alarms in real time, accessing a server, carrying out service operation on a terminal, selecting an access cloud, pushing messages to mobile terminal equipment, and checking terminal states, logs and alarm information at any time and any place.
5. The device according to claim 1, wherein in the data cache unit, the new network connection type industrial internet edge gateway device is configured with large-capacity stable storage, has a data cache function, caches the terminal data which is failed to be sent upwards, and retransmits the data after waiting for network connection.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110357275.0ACN113225248A (en) | 2021-04-01 | 2021-04-01 | Novel network connection type industrial internet edge gateway equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110357275.0ACN113225248A (en) | 2021-04-01 | 2021-04-01 | Novel network connection type industrial internet edge gateway equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113225248Atrue CN113225248A (en) | 2021-08-06 |
Family
ID=77086352
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110357275.0APendingCN113225248A (en) | 2021-04-01 | 2021-04-01 | Novel network connection type industrial internet edge gateway equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113225248A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114884766A (en)* | 2022-03-29 | 2022-08-09 | 机械工业仪器仪表综合技术经济研究所 | Device for realizing integration of various industrial buses and 5G communication |
| CN116016703A (en)* | 2022-12-27 | 2023-04-25 | 中铁建工集团有限公司 | Intelligent building site AI super gateway system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180007551A1 (en)* | 2015-04-30 | 2018-01-04 | Hangzhou H3C Technologies Co., Ltd. | Wireless access authentication |
| CN108092884A (en)* | 2017-11-23 | 2018-05-29 | 南京邮电大学 | A kind of wireless access gateway system and application process |
| CN110958262A (en)* | 2019-12-15 | 2020-04-03 | 国网山东省电力公司电力科学研究院 | Ubiquitous Internet of Things security protection gateway system, method and deployment architecture for power industry |
| CN210274117U (en)* | 2019-09-20 | 2020-04-07 | 深圳市赛飞奇光子技术有限公司 | Intelligent gateway and system |
- 2021
- 2021-04-01CNCN202110357275.0Apatent/CN113225248A/enactivePending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180007551A1 (en)* | 2015-04-30 | 2018-01-04 | Hangzhou H3C Technologies Co., Ltd. | Wireless access authentication |
| CN108092884A (en)* | 2017-11-23 | 2018-05-29 | 南京邮电大学 | A kind of wireless access gateway system and application process |
| CN210274117U (en)* | 2019-09-20 | 2020-04-07 | 深圳市赛飞奇光子技术有限公司 | Intelligent gateway and system |
| CN110958262A (en)* | 2019-12-15 | 2020-04-03 | 国网山东省电力公司电力科学研究院 | Ubiquitous Internet of Things security protection gateway system, method and deployment architecture for power industry |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114884766A (en)* | 2022-03-29 | 2022-08-09 | 机械工业仪器仪表综合技术经济研究所 | Device for realizing integration of various industrial buses and 5G communication |
| CN114884766B (en)* | 2022-03-29 | 2024-04-26 | 机械工业仪器仪表综合技术经济研究所 | Device for realizing integration of various industrial buses and 5G communication |
| CN116016703A (en)* | 2022-12-27 | 2023-04-25 | 中铁建工集团有限公司 | Intelligent building site AI super gateway system |
| CN116016703B (en)* | 2022-12-27 | 2024-01-05 | 中铁建工集团有限公司 | Intelligent building site AI super gateway system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109729180B (en) | Whole system intelligent community platform | |
| CN105745869B (en) | For regional network/home network security gateway | |
| CN103916625A (en) | Video monitoring system and method based on cloud computing | |
| CN103078757B (en) | Based on the network element managing method and system of near-field communication, inspection terminal, webmaster and network element device | |
| CN104378382A (en) | Multiple client wireless authentication system and authentication method thereof | |
| CN103035105A (en) | Fire alarm remote monitoring system based on internet of things and cloud computing | |
| CN113225248A (en) | Novel network connection type industrial internet edge gateway equipment | |
| CN111770108A (en) | Network safety system based on artificial intelligence | |
| CN101257678A (en) | Method, terminal and system for realizing mobile terminal software safe detection | |
| CN112615858B (en) | Internet of things equipment monitoring method, device and system | |
| CN107517142A (en) | A kind of system and method that remote maintenance is realized by Quick Response Code | |
| CN202475474U (en) | Multi-network integration intelligent home gateway device and system | |
| CN107273980A (en) | The maintaining-managing system and maintenance management method of a kind of electronic equipment | |
| CN110012018A (en) | An industrial network security system | |
| CA3150968A1 (en) | Method of and system for monitoring civil air defense equipment maintenance | |
| CN102299958B (en) | Method for monitoring video through IE (Internet Explorer) client side and system | |
| CN101738961A (en) | Comprehensive real-time monitoring system for harmful gas in equipment operating environment | |
| CN101178835A (en) | Centralized security monitoring device | |
| CN201657204U (en) | System for realizing network video monitoring off internet platform | |
| CN106357460A (en) | Computer network management system capable of checking identity | |
| CN107547639B (en) | Centralized operation and maintenance hosting system of power distribution room | |
| CN206237406U (en) | Cable's Fault monitoring system based on OTDR | |
| CN201213268Y (en) | Information service server with monitoring remote equipment | |
| CN105812599A (en) | Alarming information reporting and processing method and device thereof | |
| CN114157466A (en) | System and method for realizing safe cross-network access under network partition |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication | Application publication date:20210806 |