CN108769076A - Data collecting system, method and device with network isolation function - Google Patents
Data collecting system, method and device with network isolation function Download PDFInfo
- Publication number
- CN108769076A CN108769076A CN201810737914.4A CN201810737914A CN108769076A CN 108769076 A CN108769076 A CN 108769076A CN 201810737914 A CN201810737914 A CN 201810737914A CN 108769076 A CN108769076 A CN 108769076A
- Authority
- CN
- China
- Prior art keywords
- data
- acquisition
- configuration
- module
- ontology
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000002955 isolation Methods 0.000 title claims abstract description 78
- 238000000034 method Methods 0.000 title abstract description 22
- 230000005540 biological transmission Effects 0.000 claims abstract description 152
- 238000004891 communication Methods 0.000 claims description 59
- 238000012546 transfer Methods 0.000 claims description 16
- 238000000465 moulding Methods 0.000 claims 1
- 238000007781 pre-processing Methods 0.000 description 15
- 238000012545 processing Methods 0.000 description 15
- 238000010586 diagram Methods 0.000 description 9
- 230000000694 effects Effects 0.000 description 8
- 238000004458 analytical method Methods 0.000 description 7
- 238000007405 data analysis Methods 0.000 description 4
- 230000009545 invasion Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 241000208340 Araliaceae Species 0.000 description 2
- 241001269238 Data Species 0.000 description 2
- 241001062009 Indigofera Species 0.000 description 2
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 description 2
- 235000003140 Panax quinquefolius Nutrition 0.000 description 2
- 230000004888 barrier function Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000012790 confirmation Methods 0.000 description 2
- 235000008434 ginseng Nutrition 0.000 description 2
- 230000036541 health Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 238000011897 real-time detection Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 241001124569 Lycaenidae Species 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000001727 in vivo Methods 0.000 description 1
- 206010022000 influenza Diseases 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000011218 segmentation Effects 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Small-Scale Networks (AREA)
Abstract
The present invention discloses a kind of harvester with network isolation function, ontology is acquired including the first data, it includes the first acquisition configuration module that first data, which acquire ontology, transmission configuration for carrying out that there is network isolation function, and obtain acquisition configuration information, wherein, acquisition configuration information includes the acquisition configuration information to target device;Data acquisition module is used for the data of the acquisition configuration acquisition of information target device of the transmission configuration and acquisition according to the first acquisition configuration module;First data transmission blocks, the data for obtaining data acquisition module export.Additionally provide a kind of data collecting system and method with network isolation function, it may be implemented to acquire medical device data from hospital's Intranet through the invention, hospital's Intranet will not be caused to be connected to the direct of outer net again, so as to thoroughly solve the problems, such as that Medical Devices big data acquires.
Description
Technical field
The present invention relates to technology of network isolation field, especially a kind of data collecting system with network isolation function,
Method and device.
Background technology
From large medical equipment extraction equipment fault data and operation data, the remotely event of the equipment based on big data analysis is done
Hinder diagnostic device management, has been the trend of current technological development.But critical asset of the Medical Devices as hospital, ensure it
Information Security is the important duty of hospital administrators.To ensure that the data safety of Medical Devices, most of hospitals all take
The networking plan of inside and outside network physical isolation, i.e., all Medical Devices are all connected in the Intranet of hospital, and Medical Devices can only be with hospital
Intranet server connection.This networking mode causes very big obstacle to the big data acquisition of Medical Devices, and is directly curing
Institute's Intranet increases tradition, and there is the data acquisition device of outbound communication function, the Intranet of Ze Huishi hospitals to be directly connected to outer net,
The security risk of hospital equipment is caused, prodigious incipient fault for data security can be especially brought to Medical Devices.Therefore, how to protect
The acquisition and application to medical device data are realized on the basis of card data safety, it has also become needs too impatient to wait solve in the industry
Problem.
Invention content
One of present invention purpose is to propose a kind of device with Network Isolation, both may be implemented out of hospital
Net acquisition medical device data, and hospital's Intranet will not be caused to be connected to the direct of outer net, it is set so as to thoroughly solve medical treatment
The problem of standby big data acquisition.
To realize the goal of the invention, according to an aspect of the present invention, a kind of the adopting with network isolation function provided
Acquisition means include that the first data acquire ontology, and it includes the first acquisition configuration module that the first data, which acquire ontology, for being had
The transmission configuration of network isolation function, and obtain acquisition configuration information, wherein acquisition configuration information includes being adopted to target device
Collect configuration information;Data acquisition module, for according to the first acquisition configuration module transmission configuration and set according to transmission configuration
The data of acquisition configuration acquisition of information target device;First data transmission blocks, the data for obtaining data acquisition module
Output.It can be attached as a result, with specified target device by the first acquisition configuration module, not will produce because while matching
Multiple equipment, and the data of acquisition is caused not have specific aim, it is unfavorable for subsequently being transmitted data.Matched by what is matched each other
Confidence breath is correspondingly connected with again, then by matched first data transmission blocks transmission data, can effectively establish subnetting,
The high-risk data of outer net are isolated, achieve the effect that the data safety for protecting Medical Devices.
In some embodiments, above-mentioned harvester can also include that the second data acquire ontology, the acquisition of the second data
Ontology may include the second acquisition configuration module, and for setting the communication configuration information that the second data are acquired with ontology, communication is matched
Confidence breath includes acquisition Ontology Matching relation information;Data reception module is adopted for being based on communication configuration information with the first data
Collect this body communication, receives the data of the first data transmission blocks output;Second data transmission blocks are used for data reception module
The data transmission of reception is to outer net;Wherein, the transmission configuration with network isolation function of the first acquisition configuration module is embodied as
By the first data transmission blocks be configured to be merely able to data reception module one-way communication, and be merely able to send mould by the first data
Block is to data reception module transmission data;Acquisition configuration information further includes acquisition Ontology Matching relation information.Pass through setting as a result,
Second data, which acquire ontology, to acquire ontology construct Network Isolation with the first data, and the second acquisition configuration module can also have needle
To the data of the corresponding equipment of the acquisition of property, wherein the first data transmission blocks one-way communication may be implemented to acquire from hospital's Intranet
Medical device data, and hospital's Intranet will not be caused to be connected to the direct of outer net, the high-risk data of outer net can be isolated, reach
Protect the effect of the data safety of Medical Devices.
In some embodiments, the communication mode between the first data transmission blocks and data reception module is based on indigo plant
The one-way data transfer of tooth.First data transmission blocks are designed as bluetooth master, data reception module be designed as bluetooth from
Equipment can be only initiated from main equipment to the connection from equipment, and data are unidirectionally written from main equipment from equipment, to realize
One-way data transfer from Intranet to outer net is a kind of in the way of the one-way transmission for safeguarding data safety, can be effective
The second data acquisition ontology of outer net is isolated since the active of malicious operation connects, is effectively protected the peace of Intranet device data
Entirely.
In some embodiments, the communication mode between the first data transmission blocks and data reception module be based on
FTP(File Transport Protocol, File Transfer Protocol)One-way data transfer.First data transmission blocks are set
Be calculated as ftp client, data reception module is designed as ftp server end, and be configured as can only initiating from client to
The connection of server end, and control data and unidirectionally shift server end onto from client, to realize the list from Intranet to outer net
To data transmission, it is effectively protected the safety of Intranet device data.Any association is not run in the first data acquisition ontology simultaneously
The server of view(Only run ftp client), any type of connection can not be initiated from outer net, to effectively avoid outer net black
The invasion of visitor.
In some embodiments, logical between the first data transmission blocks and data reception module of above-mentioned harvester
Letter mode is the one-way data transfer configuration based on serial ports.The one-way transmission in physical connection may be implemented by serial ports as a result,
Operation is simpler.
In some embodiments, above-mentioned first data acquisition ontology can also include link control module, connection control
Module includes the first connection control unit being connect with target device, and number is obtained from target device for providing data acquisition module
According to channel;The second connection control unit being connect with outer net, for providing the first data transmission blocks to outer net transmission data
Channel, and control switch unit, for according to the transmission configuration with network isolation function of the first acquisition configuration module,
Generate switching signal, the break-make of the first connection control unit of control and the second connection control unit;Wherein, the first connection control is single
Member and the second connection control unit are configured to non-concurrent connection according to the control of control switch unit.Thus, it is possible to according to two
Connection the first data of control unit pair acquire the acquisition state of ontology and are controlled with the connection of outer net, can make data transmission
Mode it is more flexible easily-controllable, can also effectively prevent from the first data of outer net pair acquire ontology invasion, protect hospital equipment
Safety.
In some embodiments, the first acquisition configuration module in above-mentioned harvester with network isolation function
Transmission configuration is embodied as detecting outer net connection in real time, and the configuration of control switch unit is simultaneously generated according to the outer net link information detected
Switching signal, the break-make of the first connection control unit of control and the second connection control unit.Accordingly, for the first acquisition configuration mould
The real-time detection that block connects outer net, can be in data transmission, and the transport-type and state of control data much sooner have
The junk data that outer net has been isolated of effect safeguards the data health of network transmission, protects the safe and healthy of equipment and Intranet.
In some embodiments, the first acquisition configuration module in above-mentioned harvester with network isolation function
Transmission configuration is embodied as configuring the frequency acquisition to target device, and control switch unit, which is configured to be generated according to frequency acquisition, to be switched
Signal, the break-make of the first connection control unit of control and the second connection control unit.Thus, it is possible to by configuring frequency acquisition,
To target device by timesharing be isolated in a manner of gathered data, be effectively protected the data safety of equipment, timely early warning.
In some embodiments, the first acquisition configuration module in above-mentioned harvester with network isolation function
Transmission configuration is embodied as configuring the independent communication network interface of the first data acquisition ontology and target device, and data acquisition module is configured to
It is communicated with target device based on independent communication network interface, and according to the data of acquisition configuration acquisition of information target device;First
Data transmission blocks are configured to connect with outer net, and the data that data acquisition module obtains are exported to outer net.Thus, it is possible to logical
The independent communication network interface for crossing configuration is realized and the direct communication of target device, and without Intranet so that the peace of data transmission
Full property higher, will not cause because of certain maloperations by the miscellaneous equipment data transmission of Intranet to outer net.
In some embodiments, the biography with network isolation function of the first acquisition configuration module of above-mentioned harvester
Transmission & distribution, which are set, is embodied as configuring the fire wall that the first data acquisition ontology is communicated with target device, and data acquisition module is configured to
The data channel that fire wall limits is communicated with target device, and according to the data of acquisition configuration acquisition of information target device;
First data transmission blocks are configured to connect with outer net, and the data that data acquisition module obtains are exported to outer net.Fire wall
Foundation the guarantee of safety is effectively provided for Intranet, thus, it is possible to only access specified target device when limiting acquisition,
So that from Intranet collecting device data when it is safer, and will not cause several caused by directly be connected to of hospital's Intranet and outer net
According to safety problem.
In some embodiments, the first data acquisition ontology of above-mentioned harvester further includes data preprocessing module,
The data of target device for being obtained to data acquisition module are handled, and generate pending data;Data cache module is used
It is cached in real time in by the pending data of generation;Wherein, the first data transmission blocks are additionally operable to obtain from data cache module
Pending data is taken to export.Thus, it is possible to by data preprocessing module and data cache module to the data of target device into
The processing of the unitized format of row so that the process of data transmission is more regular, and data cache module can be obtained and currently be set in real time
Standby data, it is ensured that the stability of data transmission prevents the loss of valid data, has reached the data safety of protection equipment
Effect.
In some embodiments, the second data acquisition ontology of above-mentioned harvester further includes data processing module, is used
It is analyzed in the data that data reception module receives, generates analysis data;Second data cache module, for that will generate
Analysis data cached in real time;Wherein, the second data transmission blocks, for obtaining analysis number from the second data cache module
According to being transmitted to outer net.The data processing module for acquiring ontology according to the second data as a result, can be by the number of format after above-mentioned integration
According to being analyzed, obtain outer net and analyze required data type, and pending data is cached, it is ensured that data it is complete
Whole property is conducive to the data safety for protecting equipment.
The present invention also provides a kind of data collecting systems with network isolation function, may include data acquisition device
With remote service end, data acquisition device is transmitted to remote service end progress data via outer net from target device gathered data and deposits
Storage and/or data analysis, wherein data acquisition device is the above-mentioned harvester with network isolation function.As a result, by this
Data collecting system may be implemented to acquire medical device data from hospital Intranet, and will not cause the straight of hospital's Intranet and outer net
Logical function in succession is effectively protected data safety effectively by the specified target device of data acquisition device acquisition.
The present invention also provides a kind of Network Isolation methods for data acquisition, may include steps of:In target
Between the outer net residing for Intranet and remote server residing for equipment, the data acquisition device with network isolation function is configured;
Target equipment data is obtained by data acquisition device to export to outer net;Wherein, the network isolation function of data acquisition device is
By carrying out the transmission configuration with network isolation function to it and setting acquisition configuration information realization according to transmission configuration.By
This, can acquire ontology according to the data of configuration, obtain the data of target device, can effectively establish subnetting, outer net is isolated
High-risk data, achieve the effect that protect Medical Devices data safety
In some embodiments, it is above-mentioned for data acquisition Network Isolation method in, residing for target device in
Between outer net residing for net and remote server, configures the data acquisition device with network isolation function and be embodied as:Configuration the
One data acquire ontology and the second data acquire ontology;First data acquisition ontology is connect with target device;By the second data
Acquisition ontology is connect with outer net;Ontology is acquired to the first data and the second data acquisition ontology is transmitted configuration and setting acquisition
The configuration of configuration information is set to be merely able to one-way communication, and the direction of one-way communication is that the second data acquire ontology only
The data that the first data acquisition ontology is sent can be received.Thus, it is possible to acquire ontology and second by the first data configured
Data acquire ontology construct Network Isolation, and the first data acquisition ontology and the second data acquire the one-way communication of ontology can be with
It realizes from hospital's Intranet and acquires medical device data, and hospital's Intranet will not be caused to be connected to the direct of outer net, can be isolated outer
The high-risk data of net have achieved the effect that the data safety for protecting Medical Devices.
In some embodiments, the above-mentioned Network Isolation method for data acquisition, the Intranet residing for target device
Between the outer net residing for remote server, configures the data acquisition device with network isolation function and be embodied as:Configuration first
Data acquire ontology;It is configured to control the switching signal of the first data acquisition body network break-make;First data are acquired this
Wherein one end of body is connect with target device, and the other end that data are acquired to ontology is connect with outer net;It is controlled according to switching signal
The wherein break-make of one end and the other end makes it can only state of the one end in connection.Thus, it is possible to according to switching signal pair first
Data acquire the acquisition state of ontology and the second data acquisition ontology and are controlled with the connection of outer net, can make data transmission
Mode it is more flexible easily-controllable, be also prevented from when thering is height to jeopardize junk data to enter Intranet, stop loss in time, harmful number is isolated
According to.
In some embodiments, the above-mentioned Network Isolation method for data acquisition, switching signal are configured to according to reality
When the outer net connection status that detects generate or acquire ontology according to the first data the data acquiring frequency of target device is generated.
, can be in data transmission for the real-time detection that switching signal connects outer net, the transmission class of control data much sooner
The junk data of outer net has effectively been isolated in type and state, safeguards the data health of network transmission, protects equipment and Intranet
It is safe and healthy.Can also by configuring frequency acquisition, to target device by timesharing be isolated in a manner of gathered data, can be with duration
The data safety of target data is monitored, the data safety of equipment, timely early warning are effectively protected
In some embodiments, the above-mentioned Network Isolation method for data acquisition, the Intranet residing for target device
Between the outer net residing for remote server, configures the acquisition ontology of the data with network isolation function and be embodied as:It is set in target
Standby configuration independent communication network interface;It configures and acquires ontology with the first data that independent communication network interface is directly connected to.Thus, it is possible to pass through
The independent communication network interface of configuration realizes the direct communication with target device, and without Intranet so that the safety of data transmission
Property higher, will not cause because of certain maloperations by the miscellaneous equipment data transmission of Intranet to outer net.
In some embodiments, the above-mentioned Network Isolation method for data acquisition, the Intranet residing for target device
Between the outer net residing for remote server, configures the acquisition ontology of the data with network isolation function and be embodied as:Configuration first
Data acquire ontology;Fire wall is configured between target device and the first data acquisition ontology, and is arranged so that the first data
The data channel that acquisition ontology is limited based on the fire wall is communicated with target device.It is interior that the foundation of fire wall is effective
Net provides the guarantee of safety, thus, it is possible to only access specified target device when limiting acquisition so that is set from Intranet acquisition
It is safer when standby data, and problem of data safety caused by being directly connected to of hospital's Intranet and outer net will not be caused.
In some embodiments, above-mentioned before the target equipment data of acquisition is transmitted to outer net, further include:To obtaining
The data of the target device taken carry out data processing and caching generates and adapts to the data that remote server can be read.As a result, may be used
To carry out the data that data processing generation is more matched with remote server by the data of the target device to acquisition so that long-range
Server obtains more complete data, is easy to subsequent data analysis.
Description of the drawings
Fig. 1 is the structure chart of the harvester with network isolation function of one embodiment of the present invention;
Fig. 2 is the tool of the transmission configuration for carrying out having network isolation function to harvester of one embodiment of the present invention
Body realizes the structure chart of example;
Fig. 3 carries out the transmission configuration with network isolation function for another embodiment of the present invention to harvester
Implement the structure chart of example;
Fig. 4 carries out the transmission configuration with network isolation function for another embodiment of the invention to harvester
Implement the structure chart of example;
Fig. 5 carries out the transmission configuration with network isolation function for a further embodiment of the invention to harvester
Implement the structure chart of example;
Fig. 6 is the system framework figure of the data collecting system with network isolation function of one embodiment of the present invention;
Fig. 7 is the Network Isolation method flow diagram for data acquisition of one embodiment of the present invention;
Fig. 8 is the Network Isolation method flow diagram for data acquisition of another embodiment of the present invention;
Fig. 9 is the Network Isolation method flow diagram for data acquisition of another embodiment of the invention;
Figure 10 is the Network Isolation method flow diagram for data acquisition of another embodiment of the present invention;
Figure 11 is the Network Isolation method flow diagram for data acquisition of another embodiment of the present invention.
Specific implementation mode
The invention will now be described in further detail with reference to the accompanying drawings.
Fig. 1 schematically shows the harvester with network isolation function according to an embodiment of the present invention, such as
Shown in figure, which includes data acquisition ontology 2, and the internal structure which acquires ontology 2 may include acquisition configuration module
201, the transmission configuration that can be used for carrying out that there is network isolation function and acquisition configuration information is set according to transmission configuration,
In, have the transmission configuration of network isolation function that can be accomplished in several ways, specific implementation example below in connection with
Fig. 2 to Fig. 5 is described in detail.And it is included at least according to the acquisition configuration information of transmission configuration setting and target device is adopted
Collection configuration information, such as including:The ID or IP of target device 1, the journal file path of target device 1 and filename and target
The file acquisition mode of equipment 1(Can be ftp, ssh, telnet, file-sharing etc.).Set the configuration information of target device 1
Mode can be by user manually data acquire ontology on input, can also be by man-machine interface input, can also
It is to be inputted by configuration webpage, can also be and obtained from database by connecting cloud server(It needs to be adopted in data by user
User name, the IP address of password and corresponding cloud server are inputted on collection ontology, so that it may with the data being connect with outer net by it
Communication module, such as 3G, 4G, wifi, Ethernet, are connected to cloud server, to obtain configuration information).As shown in Figure 1,
It can also include data acquisition module 202 that notebook data, which acquires ontology 2, for according to the transmission configuration of above-mentioned acquisition configuration module and
The data of the acquisition configuration acquisition of information target device 1 of setting(The data obtained according to demand for example may include the event of equipment
The crucial subassembly parameter of barrier daily record data, the running log data of equipment, the basic parameter of equipment, equipment), according to user's need
Ask obtain target device 1 related data can it is comprehensive and systematic grasp current device operating condition, be conducive to staff
It obtains correct daily record data and timely maintenance etc. is carried out to equipment.Wherein, by connecting cloud server from number
In the realization method for obtaining configuration information according to library, data acquisition module 202 is can be normally from target device according to configuration information
When reading data, the confirmation message of also return successful connection, which exports, gives data acquisition configuration module, data acquisition configuration module root
According to the confirmation message of the successful connection, it will be automatically deleted IP address, the username and password of cloud server, to realize number
According to the disconnection of the network connection between acquisition ontology and cloud server, during ensureing subsequent data acquisition, data acquisition
The disconnection connected between ontology 2 and outer net.As shown in Figure 1, data acquisition ontology 2 can also include data transmission blocks 205,
Data output for obtaining data acquisition module 202.In embodiments of the present invention, data transmission blocks 205 are in output number
According to when, be to be matched into row data communication according to this according to the transmission configuration of acquisition configuration module and the acquisition configuration information of setting
It sets, data transmission blocks 205 when sending data, realize the isolation of Intranet and outer net, therefore, can effectively set target
Standby 1 carries out Network Isolation with outer net, only carries out obtaining data from Intranet when carrying out data transmission, and can not make the data of outer net
Enter Intranet, protect the safety of 1 place hospital lan of target device 1 and target device, avoid hospital's Intranet and
Problem of data safety caused by the directly connection of outer net.
Can also include data preprocessing module and data cache module, when receiving mesh in other preferred embodiments
After the data of marking device 1, it can be handled:Adjust the data arrangement sequence of target device 1;Its daily record data has been carried out
Whole property verification;Data are split according to type etc.;Metadata is added to the data of target device 1(Such as device id, time
Stamp, line number etc.), pending data output is generated after dealing with.Wherein, target device of the data cache module to continuous renewal
1 data are cached, and ensure the integrality of the data obtained.
What Fig. 2 schematically showed an embodiment carries out the transmission configuration with network isolation function to harvester
Specific implementation example, as shown in Fig. 2, in the realization example, it is by that will count that carrying out, which has the transmission configuration of network isolation function,
It is arranged to include that the first data acquisition ontology 21 and the second data acquisition ontology 3 are realized according to acquisition ontology 2, i.e. present embodiment
In the harvester with network isolation function be embodied as:Ontology 21 is acquired including the first data and the second data acquire ontology
3, wherein the first data acquisition ontology 21 with the Intranet where target device for connecting, to obtain data from target device, the
Two data acquisition ontology 3 acquires ontology 21 with the first data respectively and outer net is connect, the data of the target device for that will obtain
It is transmitted to outer net.As shown in Fig. 2, in the present embodiment, the internal structure of the first data acquisition ontology 21 includes:First acquisition is matched
Set module 2011, data acquisition module 202 and the first data transmission blocks 2051.Wherein, the first acquisition configuration module 201 is used for
Configuration and setting acquisition configuration information are transmitted to the first data acquisition ontology 21, the transmission configuration in the embodiment is arranged to
First data acquisition ontology 21 is limited to be merely able to carry out one-way communication with the second data acquisition ontology 3, and one-way communication
Data transfer direction is that can only acquire ontology 21 from the first data to acquire 3 transmission data of ontology to the second data, in the embodiment
Transmission configuration can be realized by the prior art such as Bluetooth technology, therefore no longer be repeated herein, and those skilled in the art should
Understand, in the prior art any communication mode that can realize one-way transmission, all can serve as the specific implementation of the present invention
One of example.In the present embodiment, the acquisition configuration information of setting include target device 1 acquisition configuration information and with the second data
Acquire the connection relation configuration information between ontology 3, wherein the content and set-up mode of acquisition configuration information are specifically referred to
Configuration mode shown in FIG. 1, it includes between acquiring ontology to acquire the connection relation configuration information between ontology 3 with the second data
Matching relationship information, such as it is stored with the connection identifier of the second data acquisition ontology 3, the first number can be made by the connection identifier
Found according to acquisition ontology 21 and identify that the second data acquire ontology 3, and established a connection, so as to by data from first
Data acquisition ontology 21 is transmitted to the second data acquisition ontology 3.Wherein, the particular content of connection identifier is adopted depending on two data
Collect the communication mode between ontology, for example, when using bluetooth connection between two data acquire ontology, the first data are adopted
Matching relationship information between the acquisition ontology stored in collection ontology 21 is just embodied as the Bluetooth pairing of the second data acquisition ontology 3
Thus title, bluetooth equipment id can realize the matching between two acquisition ontologies.Data acquisition module 202 is used for basis
The data of the acquisition configuration acquisition of information target device 1 of setting, i.e., according to acquisition configuration information limit equipment ID or IP with
And the file path and file acquisition mode limited, out of the corresponding log file data of target device acquisition, the data of acquisition
Appearance can be previously described various data, can also be other data limited according to user demand, as long as the data meet
The file path and file acquisition mode of configuration, so that it may be obtained from specific file path in a manner of by corresponding file acquisition
It arrives, the embodiment of the present invention does not limit the data content of acquisition, wherein according to file acquisition mode and file path from corresponding
The mode of the target device acquisition data of device IP is referred to the corresponding prior art and is realized.First data transmission blocks
2051 for according to the matching connection information between the acquisition ontology in transmission configuration and acquisition configuration information by data acquisition module
202 data obtained, which are exported to the second data, acquires ontology 3, i.e., acquires this with corresponding second data according to matching connection information
Body 3 establishes connection, and later according to the configuration of one-way transmission, the data that data acquisition module obtains are one-way transmitted to the second data
Acquire ontology 3.Second data acquire ontology 3:Second acquisition configuration module 301, data reception module 302 and the second data
Sending module 305.Second acquisition configuration module 301 is used to set the communication configuration information that the second data are acquired with ontology 3, communication
Configuration information includes the equipment matching relationship information that ontology 3 is acquired with the first data(Can be to be assisted by Handshake Protocol or network
The matching relationship information of two acquisition ontologies of view connection), specific setting means can be inputted by man-machine interface, pass through and configure
Webpage is inputted or/and can also be obtained from database by connecting cloud server automatically(High in the clouds is only connected in configuration process
Server can disconnect after configuring).When in use, the second data acquisition ontology 3 is placed in outer net, then first is counted
It is matched with the second data acquisition ontology 3 according to acquisition ontology 21.Data reception module 302 is used to believe based on above-mentioned communication configuration
Breath is communicated with the first data acquisition ontology 2, and is merely able to receive the data of the first data transmission blocks 203 transmission.Second number
According to data transmission of the sending module 303 for receiving data reception module 302 to outer net.In the present embodiment, the first number
Bluetooth sending module is can be implemented as according to sending module(Such as it is designed as bluetooth master), data reception module can be implemented as indigo plant
Tooth receiving module(Bluetooth slave devices are such as designed as, and limitation can be only initiated from main equipment to the connection from equipment, and data
Unidirectionally be written from main equipment from equipment), the second data transmission blocks can be implemented as by 3G connections, 4G connections, wifi connections,
For the modes such as Ethernet connection to the cloud server transmission data of outer net, these are referred to the network of existing data acquisition box
Connection and data transfer mode are realized.The present embodiment acquires ontology and the second number by the way that the first data of one-way communication are arranged
According to acquisition ontology, the one-way data transfer channel between intranet and extranet is established, the communication mode of this one-way transmission may be implemented
Medical device data is acquired from hospital's Intranet, and hospital's Intranet will not be caused to be connected to the direct of outer net, outer net can be isolated
High-risk data, achieved the effect that the data safety of protection Medical Devices, and be effectively accomplished isolation outer net junk data etc.
Function, protect the data safety of hospital lan.
In other realization examples, the first data transmission blocks can be implemented as serial ports sending module, and data reception module can
To be embodied as serial ports receiving module, specific implementation can be to realize the first data transmission blocks and data reception module
For serial communication port(It is realized with reference to the prior art), and the two is connected to by serial communication transmission line such as RS232,
In, in order to realize the one-way data data transmission based on serial ports, before connecting the two by RS232 Serial Port Lines, also to transmission
Line is handled, remove in Serial Port Line from data reception module to the line of the first data transmission blocks transmission data so that number
According to the transmission line for only having a unidirectional data transmission in transmission line, to realize that data one-way transmission, so opposite pass through configure
The communication mode of bluetooth is physically truly realized and is merely able to carry out one-way transmission, safety higher.
In other realization examples, the first data transmission blocks can be implemented as File Transfer Protocol client, data receiver
Module can be implemented as ftp server end, and specific implementation is by the first data transmission blocks and data receiver
Module is embodied as the communication based on File Transfer Protocol(It is realized with reference to the prior art), may be implemented only to be transmitted by file in this way and assist
View client initiates the connection to the server end of File Transfer Protocol, and can control data and be unidirectionally sent to from client
Server end is effectively protected the safety of Intranet device data to realize the one-way data transfer from Intranet to outer net.
The server for not running any agreement in the first data acquisition ontology simultaneously, can not initiate any type of connection from outer net,
To effectively avoid the invasion of outer net hacker.
As a preferred embodiment, data processing and data cache module can also be set in harvester, with to from mesh
The data that marking device obtains carry out corresponding analyzing processing, meet the demand data of user.And due to target device 1 to the first
The network transmission mode of data acquisition ontology 21 is kilomega network or 100,000,000 nets, is adopted from the first data acquisition the 21 to the second data of ontology
The transmission mode of collection ontology 3 is bluetooth and kilomega network, 100,000,000 nets, and ontology 3 is acquired to the network transmission side of outer net from the second data
Formula is 3G, 4G or WIFI, so data caused by can eliminating the network transmission of different rates by setting data cache module
Transmission mismatches, and can also overcome the problems, such as to lose data in transmission process.As shown in Fig. 2, as a preferred embodiment, first
Data acquire ontology 21 include data preprocessing module 203 and data cache module 204, data preprocessing module 203 for pair
The data for the target device that data acquisition module obtains are handled, and pending data is generated;Data cache module 204 is used for will
The pending data of generation is cached in real time.After obtaining the data of target device 1, data preprocessing module 203 receives
The data of target device 1 can be handled it, specifically for example including:Adjust the data arrangement sequence of target device 1, to it
Daily record data carries out completeness check, data is split according to type etc. and add first number to the data of target device 1
According to(Such as device id, timestamp, line number)Deng, later, the pending number that data preprocessing module 203 generates after dealing with
According to output.Wherein, the target device 1 for the continuous renewal that data cache module 204 exports data preprocessing module 203 waits locating
Reason data are cached, and are by the number in data cache module 204 in this way, when the first data transmission blocks carry out data transmission
According to being exported.Similarly, as shown in Fig. 2, the second data acquisition ontology 3 further includes data processing module 303 and the second data
Cache module 304, data processing module 303 is used to analyze the pending data of acquisition, such as carries out format conversion, makes
It is converted into external analysis(As cloud server is analyzed)Required file format, to generate analysis data output so that
External server can obtain and analyze the data of the target device 1 of required format;Also, passing through data processing module 303
When obtaining analysis data, also analysis data can in real time be cached by the second data cache module 304, in this way, the second number
When carrying out data transmission according to sending module, it is to export the data in the second data cache module 304 to outer net, avoids data
It loses.
It will be apparent to a skilled person that in other embodiments, data processing module, number can not also be arranged
Data preprocess module and data cache module, can also be only setting a data cache module, and be not provided with data processing module and/
Or data preprocessing module(In this case, data cache module is directly to cache the data of acquisition, to avoid heterogeneous networks
Between the data transmission brought of message transmission rate mismatch), the setting of these modules can be flexible according to user demand progress
It combines and deletes, it is not limited by the embodiments of the present invention.
Fig. 3, which is schematically showed, carries out with Network Isolation work(harvester according to another embodiment of the invention
The structure chart of the specific implementation example of the transmission configuration of energy, as shown in Figure 3:The harvester with network isolation function includes the
One data acquire ontology 21, and it includes the first acquisition configuration module 201, data acquisition module 202, number that the first data, which acquire ontology 21,
Data preprocess module 203, data cache module 204, link control module 4 and the first data transmission blocks 2051, wherein data
The specific implementation of acquisition module 202, data preprocessing module 203 and data cache module 204 is referred to shown in Fig. 2
First data acquire the realization method of the corresponding module of ontology 21.Wherein, the first acquisition configuration module 201 is used for the first data
Acquisition ontology 21 is transmitted configuration and setting acquisition configuration information, the setting means of the acquisition configuration information in the present embodiment and
Content is transmitted configuration and is embodied as adopting the IP of the target device in acquisition configuration information and the first data with reference to describing above
The IP of collection ontology 21 is set as filter condition parameter, and link control module 4 includes that the first connection control unit 401, second connects
Control unit 402 and control switch unit 403, control switch unit 403 are configured to be detected in real time according to filter condition parameter outer
The network connection different from filter condition parameter is all considered as outer net connection, in the outer net link information detected by net connection
Switching signal is generated, control the first connection control unit 401 and second connects the break-make of control unit 402.First connection control
Unit 401 is connect with target device 1, the channel for providing data acquisition module 202 from the acquisition data of target device 1;Second
Connection control unit 402 is connect with outer net, for providing channel of first data transmission blocks 2051 to outer net transmission data;Its
In, the first connection control unit 401 and second connects control unit 402 and needs to lead to the Dynamic link library of target device 1 and outer net
It crosses control switch unit 403 and realizes according to testing result and control the logic of network-in-dialing or disconnection to realize.Wherein, control is cut
It changes unit 403 and realizes that the control logic of network-in-dialing or disconnection can be realized by software program or by hardware such as circuit control
It makes to realize, by taking software program controls realization method as an example, such as switch unit 403 in order to control may be implemented and grasped using Linux
The netstat orders for making system can detect all connections established with data acquisition box, therefrom according to filter condition parameter
Filter out this collecting cassette IP and target device IP, it is remaining be exactly the connection come from outer net can when having detected outer net connection
To use the first data to acquire the ifdown of the linux system in ontology 21<Intranet network interface title>Order cut-out Intranet network interface
Connection;When control switch unit 403 detects no outer net connection, the ifup of linux system can be used<It is interior
Net network interface title>Order restores the connection of Intranet network interface.According to above-mentioned control principle, in use, when control switching is single
After member 403 detects that the connection of the active from outer net disconnects, the target of the first connection control unit 401 and Intranet will be controlled
Equipment 1 is attached, and is connected while to avoid Intranet with outer net.In a preferred embodiment, when control switch unit more than 403 times
After detecting the active connection from outer net, network intrusions warning can also be sent out to operating personnel, such as pass through sound report
Alert, LED light instruction is realized to modes such as preset terminal device transmission information, and invasion is solved the problems, such as by operator's intervention.By
This, can make the safety higher of data transmission, make the completely isolated external harassing and wrecking of data transmission procedure.It should be noted that
It can be existing communication module that the first connection control unit 401 and second in the present embodiment, which connects control unit 402, such as
Bluetooth module or interface module etc., control switch unit 403 according to testing result connect the first connection control unit 401 and second
Connect the break-make control that control unit 402 carries out network.
In another embodiment, the configuration that is transmitted in the first acquisition configuration module 201 is also implemented as setting
The frequency acquisition of the data of target device 1(Can be default or machine experience study artificially), in the realization example, control
Switch unit 403 is configured to obtain frequency acquisition progress timing, generates switching signal according to frequency acquisition, connects for controlling first
The break-make that control unit 401 and second connects control unit 402 is connect, such as according to when being transmitted configuration, by frequency acquisition
As soon as being configured to acquire time data per hour, time conditions of the switch unit 403 according to frequency acquisition are controlled, in each integral point
When, the ifup of the linux system in ontology 21 is acquired using the first data<Intranet network interface title>Order restores Intranet network interface
Connection, and after having acquired data, use the ifdown of linux system<Intranet network interface title>Order cut-out Intranet net
The connection of mouth, then reuses the ifup of linux system<Outer net network interface title>Order restores the connection of Intranet network interface.In this way,
It controls switch unit 403 and just connects control unit 401 according in 201 preset frequency acquisition pair first of the first acquisition configuration module
It is controlled with the break-make of the second connection control unit 402, can reach and acquisition time is carried out to the data of target device 1, it can
The data safety of target data is monitored with duration, is effectively protected the data safety of equipment, timely early warning.
It should be noted that in carrying out the realization example of network break-make control using linux system instruction, control switching is single
The switching signal that member generates is linux system instruction.In other realization methods, the switching signal of generation is according to specific implementation
Mode may be other signals, such as level signal or character signal.
Fig. 4, which is schematically showed, carries out with Network Isolation work(harvester according to another embodiment of the invention
The structure chart of the specific implementation example of the transmission configuration of energy, as shown in figure 4,
The data acquisition device of present embodiment includes that the first data acquire ontology 21, and the first data acquisition ontology 21 includes
First acquisition configuration module 2011, data acquisition module 202, data preprocessing module 203, data cache module 204 and first
Data transmission blocks 2051, wherein data preprocessing module 203, data cache module 204 and the first data transmission blocks 2051
Specific implementation with it is identical above.The difference is that in the present embodiment, the first acquisition configuration module 2011 is used for
Carry out that there is the transmission configuration of network isolation function to be embodied as configuring solely between the first data acquisition ontology 2 and target device 1
Vertical communication network communicates the first data acquisition ontology 2 with target device 1 by the foundation of independent communication network interface 5(The independent communication
When network interface is connect with target device 1, increase network interface card, usb on target device 1 is needed to turn the hardware such as network interface), and the first acquisition is matched
Set module for setting the mode of acquisition configuration information and the content of the acquisition configuration information of setting is referred to realize above.
In this embodiment, data acquisition module 202 is configured to independent communication network interface 5 and is communicated with target device 1, and root
It is directly established according to acquisition configuration information and target device 1 and contacts the data for obtaining target device 1;In this way, the acquisition of the first data is originally
Body 21 and target device 1 can not directly establish one-to-one connection by Intranet, obtain the data of target device 1, can be with
Subnetting effectively is established, the high-risk data of outer net are isolated, achievees the effect that the data safety for protecting Medical Devices.
Fig. 5, which is schematically showed, carries out with Network Isolation work(harvester according to another embodiment of the invention
The structure chart of the specific implementation example of the transmission configuration of energy, as shown in Figure 5
The data acquisition device of present embodiment includes that the first data acquire ontology 21, and the first data acquisition ontology 21 includes
First acquisition configuration module 2011, data acquisition module 202, data preprocessing module 203, data cache module 204 and first
Data transmission blocks 2051, wherein data preprocessing module 203, data cache module 204 and the first data transmission blocks 2051
Specific implementation with it is identical above.The difference is that in the present embodiment, the first acquisition configuration module 2011 is used for
Carry out that there is the transmission configuration of network isolation function to be embodied as acquiring to configure between ontology 2 and target device 1 in the first data preventing
Wall with flues 6, the data channel that data acquisition module 202 is configured to fire wall restriction are communicated with target device 1, and according to
The data of acquisition configuration acquisition of information target device 1, the first data transmission blocks 2051 are configured to connect with outer net, and by data
The data that acquisition module 202 obtains are exported to outer net.Wherein, the mode for configuring fire wall can be implemented as preventing fires using preceding login
The page is arranged in wall(Login method is operated according to the operation instructions of fire wall, is generally connected by cable, is stepped on using browser
Record), the page is set into security strategy, the IP address of target device and the port that can be accessed are set(Port is needed according to mesh
The file acquisition mode and port that marking device provides are arranged, such as 21 port-ftp, 22 port-ssh, 23 ports-
Telnet etc.), the first data of setting acquire the IP address of ontology, and setting security strategy to the first data acquisition ontology can only
Access target device IP, and can only access target equipment designated port.In this way, when the first data acquisition ontology 21 and target
, be preferentially by fire wall 6, by 6 access target equipment 1 of fire wall when being transmitted data after equipment 1 establishes connection, this
The first data of sample acquire the communication port between ontology 21 and target device 1 and are restricted to the logical of firewall security policy setting
Letter interface can not access specified target and set it is possible thereby to which data acquisition box is allowed only to access the designated port of specified target device 1
Standby 1 other ports and other any equipment that can not be other than access target equipment 1.It can be with monitoring data by fire wall 6
All data of collecting cassette acquisition, so that it is guaranteed that data acquisition box only obtains the journal file i.e. event of equipment of target device 1
The crucial subassembly parameter of barrier daily record data, the running log data of equipment, the basic parameter of equipment, equipment, without obtaining
Other any extraneous datas.
Fig. 6 schematically shows the data acquisition system with network isolation function according to an embodiment of the present invention
System, as shown in the figure:
The data collecting system with network isolation function, including data acquisition device 7 and remote service end 8, data
Harvester 7 is from 1 gathered data of target device(The fault log data of equipment, the running log data of equipment, equipment it is basic
Parameter, the crucial subassembly parameter of equipment)It is transmitted to remote service end 8 via outer net and carries out data storage and/or data analysis,
Wherein, data acquisition device can be the harvester that any one of the above has network isolation function.It can by the system
May be implemented to acquire medical device data from hospital's Intranet, and the work(that is directly connected to of hospital's Intranet with outer net will not be caused
Can, effectively by the specified target device of data acquisition device acquisition, it is effectively protected data safety.
In the embodiment above, each data acquire ontology, i.e. data acquisition ontology 2, the first data acquisition ontology 21 and the
Two data acquisition ontology 3 can select data acquisition box in the prior art or with reference to data acquisition box in the prior art reality
Existing, at least data acquisition module is referred to data acquisition box in the prior art and realizes that the realization method of data acquisition is realized, and
Data processing module, data preprocessing module and data cache module then can be as described above its realize function and work
With being realized using the prior art such as program or hardware implementation mode, specific implementation side of the embodiment of the present invention to each module
Formula is not limited.
Fig. 7 schematically shows the Network Isolation method flow for data acquisition according to an embodiment of the present invention
Figure, as shown, including the following steps:
Step S701:Between the outer net residing for Intranet and remote server residing for target device, configuration has network
The data acquisition device of isolation features.The specific implementation of the step can be:Including data acquisition device is separately connected
Between net and outer net, and Network Isolation configuration is carried out to data acquisition device.Wherein, including data acquisition device being separately connected
Between net and outer net, and Network Isolation is carried out to data acquisition device and configures and can be accomplished in several ways, including to data
Harvester be transmitted configuration and according to transmission configuration set acquisition configuration information, more specifically realize example below in connection with
Fig. 8 to Figure 11 is described in detail.
Step S702:The data of target device are obtained using the data acquisition device of configuration.Wherein, the target device of acquisition
1 data can be fault log data, the running log data of equipment, the basic parameter of equipment and/or the equipment of equipment
Crucial subassembly parameter etc..The mode for obtaining target equipment data, can be according to the structure and original of the data acquisition device of configuration
Reason, is realized based on acquisition configuration information by the connection of foundation, and it is real that specific implementation is referred to various harvesters above
Corresponding description in existing example, details are not described herein.
Step S703:Data processing is carried out to the data of the target device of acquisition and caching generates and adapts to remote server
The data that can be read.It is implemented as:The data arrangement sequence for adjusting the target device obtained, carries out its daily record data complete
Property verification, data are split according to type etc., and to the data of target device add metadata, after dealing with generate wait for
Handle data output.Wherein, carry out data sorting, completeness check, data segmentation and addition metadata realization method, can be with
It is implemented with reference to related art.After the data to the target device of acquisition are handled, the present embodiment can also
By treated, data cache so that the data of acquisition can adapt to the transmission error between heterogeneous networks transmission rate.
In other preferred embodiments, the processing carried out to the data of acquisition further includes handling the pending data of generation, example
Format conversion is such as carried out, caches and exports after being converted into the data of required format.
Step S704:By treated, data are exported to outer net, are implemented as:Acquisition is handled successively from data buffer storage
Data afterwards, by it is above-mentioned it is processed after data exported by the connection established between data acquisition device and outer net
It analyzed to server or high in the clouds etc., handled, studied.Wherein, data acquisition device and outer net by 3G, 4G, wifi, with
The too mode of the foundation such as net connection, is referred to the description of data acquisition device part above.
Wherein, Fig. 8 is schematically shown so that the data acquisition device configured is data acquisition device shown in Fig. 2 as an example
The Network Isolation method flow diagram for data acquisition according to an embodiment of the present invention, as shown, including following step
Suddenly:
Step S801:Configure the first data acquisition ontology and the second data acquisition ontology;Specific implementation is:By first
Data acquisition ontology is connect with the Intranet where target device, and to obtain data from target device, the second data are acquired ontology
It acquires ontology and outer net with the first data respectively connect, the data transmission of the target device for being used to obtain to outer net.
Step S802:Ontology is acquired to the first data and the second data acquisition ontology is acquired the setting of configuration information.
It is implemented as:Configure the first data acquisition ontology acquisition configuration information, including the acquisition configuration information of target device and with
Second data acquire the connection relation configuration information between ontology, and configure the communication information of the second data acquisition ontology.Specifically
Configuration information and mode be referred to above.
Step S803:Ontology is acquired to the first data and the second data acquisition ontology is transmitted configuration, is set to
It is merely able to one-way communication.Specific implementation is:Ontology is acquired based on the first data and the second data acquire the communication work(of ontology
Can, the transmission configuration with network isolation function is carried out to the first data acquisition ontology, it is configured to be merely able to and the second number
It is based on bluetooth according to acquisition ontology and carries out one-way communication, and is configured to be merely able to be acquired to the second data from the first data acquisition ontology
Ontology transmission data.It has been effectively accomplished the function of isolation outer net junk data etc., has protected the data safety of hospital lan.
Realization method of the specific implementation of step S804 to step S806 with reference to step S702 to step S704.
Fig. 9 schematically shows basis so that the data acquisition device configured is data acquisition device shown in Fig. 3 as an example
The Network Isolation method flow diagram for data acquisition of another embodiment of the present invention, as shown, including the following steps:
Step S901:Configure the first data acquisition ontology.It is implemented as:It is arranged first in the first data acquire ontology
Control unit and the second connection control unit are connected, the first connection control unit is connect with the Intranet where target device, it will
Second connection control unit is connect with outer net.Wherein, the specific implementation of the first connection control unit and the second connection control unit
It is referred to describe above.
Step S902:It is configured to control the first connection control unit and the second connection control of the first data acquisition ontology
The transmission configuration parameter of the network break-make of unit, and the transmission configuration parameter based on configuration generates switching signal control intranet and extranet
Break-make;Specific implementation is:The transmission configuration parameter of handover network break-make is configured in the first data acquire ontology,
In, which can be the frequency acquisition of the filter condition parameter and/or target device for detecting outer net connection.
Wherein, to the configuration mode of the frequency acquisition of filter condition parameter and target device, and switching signal generated based on the configuration
The realization process of the network break-make of the first connection control unit of control and the second connection control unit, is referred to device portion above
The corresponding description divided.
Step S903 to step S905:Target equipment data is obtained by data acquisition device to export to outer net.It is specific
Realization method is referred to step S702 to the realization method of step S704.
Figure 10 schematically shows root so that the data acquisition device configured is data acquisition device shown in Fig. 4 as an example
According to the Network Isolation method flow diagram for data acquisition of another embodiment of the present invention, as shown, including the following steps:
Step S1001:Independent communication network interface is configured in target device.It is implemented as:On the target device increase network interface card,
Usb turns the hardware such as network interface and is used to form independent network interface, usually configures network interface card for target device, when configuring USB for target device
It is when not having extra network interface on the network interface card that target device configures, at this moment, it is necessary to install one in the USB port of target device
A USB turns the device of network interface(This device is the prior art, can directly be bought), then installed in target device operating system
USB turns the driver of net-port device with one.It can be communicated with target device based on independent communication network interface, and the first data
Acquisition ontology is not connect with target device by Intranet, is directly directly connected to by USB jack or cable, to obtain mesh
The data of marking device.
Step S1002:It configures and acquires ontology with the first data that independent communication network interface is directly connected to.Specific implementation
For:By setting acquisition configuration information(Independent communication network interface based on configuration is set, content and the set-up mode ginseng of setting
According to describing above)The independent network interface that first data acquisition ontology is configured to target device communicates, if target is set
Standby network interface card turns network interface etc. and has vacant network interface, is introduced into the network settings interface of target device operating system, is vacant
Network interface configures fixed IP address, is connect vacant network interface with the first data acquisition ontology with cable, using the IP set
Location obtains data from target device.If on the network interface card of target device, without vacant network interface, turning network interface using above-mentioned USB
When device(This device is the prior art, can directly be bought), it is necessary to USB is installed in target device operating system and turns network interface
The driver of device, and give the network interface newly added with configuring fixed IP in the network configuration page of target device operating system
The network interface newly added is connect with the first data acquisition ontology with cable, is obtained from target device using the IP address set by location
Data.The data for only obtaining target device without the Intranet of hospital by target device can be realized as a result,.
Step S1003 to step S1005:Target equipment data is obtained by data acquisition device to export to outer net.It has
Body realization method is referred to step S702 to the realization method of step S704.
Figure 11 schematically shows root so that the data acquisition device configured is data acquisition device shown in fig. 5 as an example
According to the Network Isolation method flow diagram for data acquisition of another embodiment of the present invention, as shown, including the following steps:
Step S1101:Configure the first data acquisition ontology.Specific implementation is in Intranet where target device and outer
The first data acquisition ontology is configured between net, and the first data acquisition ontology one end is connect with the Intranet where target device, it will
The first data acquisition ontology other end is connect with outer net.Wherein, the mode that the first data acquisition ontology is connect with Intranet and outer net
It is referred to the narration of device part above.
Step S1102:Fire wall is configured between target device and first data acquisition ontology, and based on configuration
Firewall information sets the acquisition configuration information of the first data acquisition ontology.Specific implementation is:This is acquired in the first data
One fire wall of setting in vivo, wherein the mode that fire wall is arranged is to log in fire wall the page is arranged(Login method is according to fire wall
Operation instructions operation, generally connected by cable, logged in using browser), into security strategy, the page, setting are set
The IP address of target device and the port that can be accessed(Port needs the file acquisition mode provided according to target device and position
It is arranged, such as 21 port-ftp, 22 port-ssh, 23 port-telnet etc.), the IP of setting the first data acquisition ontology
Address, by security strategy be set as the first data acquisition ontology can only access target device IP, and can only access target equipment
Designated port.After setting fire wall, the setting of configuration information is acquired to the first data acquisition ontology.In this way,
It is achieved that the data channel that the first data acquisition ontology is limited based on fire wall is communicated with target device, and according to acquisition
Configuration information obtains the data of target device.Target equipment data is obtained by fire wall, in this way, when the first data acquire ontology
After establishing connection with target device, when being transmitted data, data can be allowed by firewall configuration preferentially by fire wall
Collecting cassette only accesses specified target device, can not access other any equipment other than specified target device.Pass through fire wall
All data that can be acquired with monitoring data collection box, so that it is guaranteed that data acquisition box only obtains the daily record text of target device
The fault log data of part, that is, equipment, the crucial subassembly ginseng of the running log data of equipment, the basic parameter of equipment, equipment
Number, without obtaining other any extraneous datas.
Step S1103 to step S1105:Target equipment data is obtained by data acquisition device to export to outer net.Specific implementation
Realization method of the step with reference to step S702 to step S704.
Main application fields of the present invention are medical field, but can be applied in other fields, such as large-scale industry neck
Domain, fire-fighting domain etc..
Above-described is only some embodiments of the present invention.For those of ordinary skill in the art, not
Under the premise of being detached from the invention design, various modifications and improvements can be made, these belong to the protection model of the present invention
It encloses.
Claims (10)
1. the harvester with network isolation function, which is characterized in that acquire ontology, first data including the first data
Acquiring ontology includes
First acquisition configuration module, transmission configuration for carrying out having network isolation function and being set according to transmission configuration acquire
Configuration information, wherein the acquisition configuration information includes the acquisition configuration information to target device;
Data acquisition module, for being obtained according to the transmission configuration of the first acquisition configuration module and the acquisition configuration information of acquisition
Take the data of target device;
First data transmission blocks, the data output for obtaining the data acquisition module.
2. harvester according to claim 1, which is characterized in that further include the second data acquisition ontology, described second
Data acquire ontology
Second acquisition configuration module, for setting the communication configuration information that second data are acquired with ontology, the communication is matched
Confidence breath includes acquisition Ontology Matching relation information;
Data reception module acquires this body communication, described in reception for being based on the communication configuration information and first data
The data of first data transmission blocks output;
Second data transmission blocks, data transmission for receiving the data reception module to outer net;
Wherein, the transmission configuration with network isolation function of the first acquisition configuration module is embodied as the first data hair
Send module be merely able to the data reception module one-way communication, and be merely able to from the first data transmission blocks to data reception
Block transmission data;
The acquisition configuration information further includes acquisition Ontology Matching relation information.
3. harvester according to claim 2, which is characterized in that first data transmission blocks and data reception
Communication mode between block is the one-way data transfer configuration based on bluetooth.
4. harvester according to claim 2, which is characterized in that first data transmission blocks and data reception
Communication mode between block is the one-way data transfer based on File Transfer Protocol.
5. harvester according to claim 2, which is characterized in that first data transmission blocks and data reception
Communication mode between block is the one-way data transfer configuration based on serial ports.
6. harvester according to claim 1, which is characterized in that the first data acquisition ontology further includes connection control
Molding block, the link control module include
The first connection control unit being connect with target device, number is obtained for providing the data acquisition module from target device
According to channel;
The second connection control unit being connect with outer net, for providing first data transmission blocks to outer net transmission data
Channel, and
Switch unit is controlled, it is raw for the transmission configuration with network isolation function according to the first acquisition configuration module
At switching signal, the break-make of the first connection control unit of control and the second connection control unit;
Wherein, the first connection control unit and the second connection control unit are matched according to the control of the control switch unit
It is set to non-concurrent connection.
7. harvester according to claim 6, which is characterized in that the first acquisition configuration module have network every
Transmission configuration from function is embodied as detecting outer net connection in real time, and the control switch unit is configured to according to the outer net detected
Link information generates switching signal, the break-make of the first connection control unit of control and the second connection control unit.
8. harvester according to claim 6, which is characterized in that the first acquisition configuration module have network every
Transmission configuration from function is embodied as configuring the frequency acquisition to target device, and the control switch unit is configured to according to
Frequency acquisition generates switching signal, the break-make of the first connection control unit of control and the second connection control unit.
9. harvester according to claim 1, which is characterized in that the first acquisition configuration module have network every
Transmission configuration from function is embodied as configuring the independent communication network interface of the first data acquisition ontology and target device,
The data acquisition module is configured to the independent communication network interface and is communicated with target device, and is matched according to acquisition
Set the data of acquisition of information target device;
First data transmission blocks are configured to connect with outer net, and the data that the data acquisition module obtains are exported to outer
Net.
10. harvester according to claim 1, which is characterized in that the first acquisition configuration module has network
The transmission configuration of isolation features is embodied as configuring the fire wall that the first data acquisition ontology is communicated with target device,
The data acquisition module is configured to the data channel that the fire wall limits and is communicated with target device, and root
According to the data of acquisition configuration acquisition of information target device;
First data transmission blocks are configured to connect with outer net, and the data that the data acquisition module obtains are exported to outer
Net.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810737914.4A CN108769076B (en) | 2018-07-06 | 2018-07-06 | Data acquisition system, method and device with network isolation function |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810737914.4A CN108769076B (en) | 2018-07-06 | 2018-07-06 | Data acquisition system, method and device with network isolation function |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108769076A true CN108769076A (en) | 2018-11-06 |
| CN108769076B CN108769076B (en) | 2023-12-05 |
Family
ID=63972659
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810737914.4A Active CN108769076B (en) | 2018-07-06 | 2018-07-06 | Data acquisition system, method and device with network isolation function |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108769076B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111277582A (en) * | 2020-01-15 | 2020-06-12 | 上海至数企业发展有限公司 | Internal and external network data distribution device for hospital |
| CN111768846A (en) * | 2020-05-27 | 2020-10-13 | 医利捷(上海)信息科技有限公司 | Clinical data management method |
| CN113329002A (en) * | 2021-05-20 | 2021-08-31 | 普天通信有限责任公司 | Internet of things data aggregation system |
| CN113609052A (en) * | 2021-07-30 | 2021-11-05 | 上海创景信息科技有限公司 | Chip simulation system based on FPGA and microprocessor and implementation method |
| CN115664841A (en) * | 2022-11-14 | 2023-01-31 | 济南大学 | Data acquisition system and method with network isolation and one-way encryption transmission functions |
Citations (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1791008A (en) * | 2004-12-17 | 2006-06-21 | 北邮英科(北京)信息技术研究所有限公司 | Isolation method and isolation switch apparatus between multiple different safety class networks |
| CN1808971A (en) * | 2006-02-09 | 2006-07-26 | 南京工业大学 | Method and system for realizing safety communication between internal and external networks of computer based on simplex communication principle |
| CN2850148Y (en) * | 2005-01-28 | 2006-12-20 | 朱寿祥 | Unidirectional physics isolation type network safety device |
| US20080052393A1 (en) * | 2006-08-22 | 2008-02-28 | Mcnaughton James L | System and method for remotely controlling network operators |
| CN101902448A (en) * | 2009-05-27 | 2010-12-01 | 厦门敏讯信息技术股份有限公司 | Method and system for implementing data transmission through serial ports |
| CN102752286A (en) * | 2012-06-05 | 2012-10-24 | 东莞市博晟电子科技有限公司 | Network isolation system |
| CN102882828A (en) * | 2011-07-11 | 2013-01-16 | 上海可鲁系统软件有限公司 | Information safe transmission control method between inside network and outside network and gateway thereof |
| CN103997495A (en) * | 2014-05-23 | 2014-08-20 | 中国人民解放军理工大学 | Security isolation file transmission control method |
| CN104092673A (en) * | 2014-06-27 | 2014-10-08 | 中国人民解放军第二军医大学 | System and method for achieving safe one-way data transmission between networks |
| CN104202300A (en) * | 2014-08-06 | 2014-12-10 | 广东电网公司电力科学研究院 | Data communication method and device based on network isolating device |
| CN104243426A (en) * | 2013-06-19 | 2014-12-24 | 鞍钢股份有限公司 | Protocol-isolated internal and external network data communication method |
| CN104363221A (en) * | 2014-11-10 | 2015-02-18 | 青岛微智慧信息有限公司 | Network safety isolation file transmission control method |
| CN204596143U (en) * | 2015-05-13 | 2015-08-26 | 中科汉华医学科技(北京)有限公司 | A kind of data collector based on hospital |
| CN204719759U (en) * | 2015-07-09 | 2015-10-21 | 河北软创实业有限公司 | A kind of computer network virus shielding system |
| CN105391613A (en) * | 2015-11-19 | 2016-03-09 | 四川中鼎自动控制有限公司 | Hydropower station Ethernet-type security isolation device inside-outside universal data bridge |
| CN105550380A (en) * | 2016-02-16 | 2016-05-04 | 国网浙江新昌县供电公司 | High-power-distribution user power data acquisition and access system and working method thereof |
| CN105812387A (en) * | 2016-05-09 | 2016-07-27 | 北京航天数控系统有限公司 | Unidirectional safe data exchange device |
| CN106713281A (en) * | 2016-11-30 | 2017-05-24 | 国网北京市电力公司 | Monitoring system |
| CN107424105A (en) * | 2016-08-01 | 2017-12-01 | 北京绪水互联科技有限公司 | Medical imaging equipment payment omitted intelligent management system and method |
| CN107622078A (en) * | 2017-07-27 | 2018-01-23 | 国网辽宁省电力有限公司 | A kind of method of the power information collecting device health status of monitoring in real time |
| CN107749863A (en) * | 2017-12-01 | 2018-03-02 | 广州来米信息科技有限公司 | A kind of method of information systems internetting security isolation |
| CN210093254U (en) * | 2018-07-06 | 2020-02-18 | 北京绪水互联科技有限公司 | Data acquisition system and device with network isolation function |
-
2018
- 2018-07-06 CN CN201810737914.4A patent/CN108769076B/en active Active
Patent Citations (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1791008A (en) * | 2004-12-17 | 2006-06-21 | 北邮英科(北京)信息技术研究所有限公司 | Isolation method and isolation switch apparatus between multiple different safety class networks |
| CN2850148Y (en) * | 2005-01-28 | 2006-12-20 | 朱寿祥 | Unidirectional physics isolation type network safety device |
| CN1808971A (en) * | 2006-02-09 | 2006-07-26 | 南京工业大学 | Method and system for realizing safety communication between internal and external networks of computer based on simplex communication principle |
| US20080052393A1 (en) * | 2006-08-22 | 2008-02-28 | Mcnaughton James L | System and method for remotely controlling network operators |
| CN101902448A (en) * | 2009-05-27 | 2010-12-01 | 厦门敏讯信息技术股份有限公司 | Method and system for implementing data transmission through serial ports |
| CN102882828A (en) * | 2011-07-11 | 2013-01-16 | 上海可鲁系统软件有限公司 | Information safe transmission control method between inside network and outside network and gateway thereof |
| CN102752286A (en) * | 2012-06-05 | 2012-10-24 | 东莞市博晟电子科技有限公司 | Network isolation system |
| CN104243426A (en) * | 2013-06-19 | 2014-12-24 | 鞍钢股份有限公司 | Protocol-isolated internal and external network data communication method |
| CN103997495A (en) * | 2014-05-23 | 2014-08-20 | 中国人民解放军理工大学 | Security isolation file transmission control method |
| CN104092673A (en) * | 2014-06-27 | 2014-10-08 | 中国人民解放军第二军医大学 | System and method for achieving safe one-way data transmission between networks |
| CN104202300A (en) * | 2014-08-06 | 2014-12-10 | 广东电网公司电力科学研究院 | Data communication method and device based on network isolating device |
| CN104363221A (en) * | 2014-11-10 | 2015-02-18 | 青岛微智慧信息有限公司 | Network safety isolation file transmission control method |
| CN204596143U (en) * | 2015-05-13 | 2015-08-26 | 中科汉华医学科技(北京)有限公司 | A kind of data collector based on hospital |
| CN204719759U (en) * | 2015-07-09 | 2015-10-21 | 河北软创实业有限公司 | A kind of computer network virus shielding system |
| CN105391613A (en) * | 2015-11-19 | 2016-03-09 | 四川中鼎自动控制有限公司 | Hydropower station Ethernet-type security isolation device inside-outside universal data bridge |
| CN105550380A (en) * | 2016-02-16 | 2016-05-04 | 国网浙江新昌县供电公司 | High-power-distribution user power data acquisition and access system and working method thereof |
| CN105812387A (en) * | 2016-05-09 | 2016-07-27 | 北京航天数控系统有限公司 | Unidirectional safe data exchange device |
| CN107424105A (en) * | 2016-08-01 | 2017-12-01 | 北京绪水互联科技有限公司 | Medical imaging equipment payment omitted intelligent management system and method |
| CN106713281A (en) * | 2016-11-30 | 2017-05-24 | 国网北京市电力公司 | Monitoring system |
| CN107622078A (en) * | 2017-07-27 | 2018-01-23 | 国网辽宁省电力有限公司 | A kind of method of the power information collecting device health status of monitoring in real time |
| CN107749863A (en) * | 2017-12-01 | 2018-03-02 | 广州来米信息科技有限公司 | A kind of method of information systems internetting security isolation |
| CN210093254U (en) * | 2018-07-06 | 2020-02-18 | 北京绪水互联科技有限公司 | Data acquisition system and device with network isolation function |
Non-Patent Citations (1)
| Title |
|---|
| 胡建理: "一种基于安全隔离网闸技术的医院内部网安全解决方案", pages 1 - 3 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111277582A (en) * | 2020-01-15 | 2020-06-12 | 上海至数企业发展有限公司 | Internal and external network data distribution device for hospital |
| CN111768846A (en) * | 2020-05-27 | 2020-10-13 | 医利捷(上海)信息科技有限公司 | Clinical data management method |
| CN113329002A (en) * | 2021-05-20 | 2021-08-31 | 普天通信有限责任公司 | Internet of things data aggregation system |
| CN113329002B (en) * | 2021-05-20 | 2022-06-21 | 普天通信有限责任公司 | Internet of things data aggregation system |
| CN113609052A (en) * | 2021-07-30 | 2021-11-05 | 上海创景信息科技有限公司 | Chip simulation system based on FPGA and microprocessor and implementation method |
| CN115664841A (en) * | 2022-11-14 | 2023-01-31 | 济南大学 | Data acquisition system and method with network isolation and one-way encryption transmission functions |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108769076B (en) | 2023-12-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108769076A (en) | Data collecting system, method and device with network isolation function | |
| CN106209870B (en) | A kind of Network Intrusion Detection System for distributed industrial control system | |
| CN104065731B (en) | A kind of ftp file Transmission system and transmission method | |
| CN110460521A (en) | A kind of edge calculations AnyRouter | |
| CN109739203B (en) | Industrial network boundary protection system | |
| CN107040459A (en) | A kind of intelligent industrial secure cloud gateway device system and method | |
| CN101197715B (en) | Method for centrally capturing mobile data service condition | |
| CN107479524A (en) | A kind of Intelligent wind power field SCADA system of ciphering type Profinet communication modes | |
| CN107819633A (en) | It is a kind of quickly to find and handle the system and its processing method of network failure | |
| CN105208352B (en) | A kind of network video safety monitoring system and physical isolation method | |
| CN210093254U (en) | Data acquisition system and device with network isolation function | |
| CN111478891A (en) | Industrial network isolation method and device with different security levels | |
| CN111083047A (en) | Gateway based on internet of things multi-protocol communication | |
| CN110049015A (en) | Network security situation sensing system | |
| CN109459972A (en) | The belt conveyor programmable logic controller (PLC) tele-diagnostic device of Virtual Private Network | |
| CN113114626A (en) | Security gateway system based on edge calculation and construction method thereof | |
| CN110609533A (en) | Safety architecture of SCADA data acquisition system | |
| CN111935254A (en) | Remote peer-to-peer transparent transmission debugging system | |
| CN109218064A (en) | network management system and management method | |
| CN111399463A (en) | Industrial network data one-way isolation method and device | |
| Niedermaier et al. | Efficient intrusion detection on low-performance industrial iot edge node devices | |
| CN115134131B (en) | Internet of things communication transmission system based on situation awareness | |
| CN212009372U (en) | Industrial control data fusion acquisition system | |
| CN115801452A (en) | Data acquisition instrument with network security isolation function | |
| KR102145421B1 (en) | Digital substation with smart gateway |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: Room 668, floor 6, building a, yard 19, Ronghua Middle Road, Beijing Economic and Technological Development Zone, Daxing District, Beijing 102600 Applicant after: BEIJING XUSHUI INTERCONNECTION TECHNOLOGY CO.,LTD. Address before: 100160 Beijing Daxing District Beijing economic and Technological Development Zone, Tongji Middle Road 7, 18, 5, 2, unit 506 Applicant before: BEIJING XUSHUI INTERCONNECTION TECHNOLOGY CO.,LTD. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |