Automatic fare collection system (AFC) is a comprehensive application of computer, statistics, finance and other professional knowledge. It is an automatic system to realize the whole process of ticket selling, ticket checking, billing, charging, statistics, clearing and settlement and operation management of rail transit. It is the guarantee of rail transit economic source. AFC system transmits the signals collected by terminal equipment to computer center for clearing through Ethernet, and finally to ACC system of rail transit for clearing through core network.
In this scheme, the line center network is composed of server, core layer 3 switch and working group layer 2 switch, which are connected by main and standby redundancy to form a dual network. Each terminal equipment in the line center is gathered on the core layer 3 switch through star connection, and then cascaded to the backbone ring network. The backbone network between stations is connected by 1000Mbps optical fiber ring network redundancy.
Station terminal system: grouping according to the left and right of the hall, connecting the station terminal equipment with the Feichang series network management Industrial Ethernet switch respectively, and then connecting its optical fiber interface with the optical port on the core switch to form a redundant ring network.
Station computer system: an industrial switch is used to gather all equipment in the system in star connection mode, and then cascade with the core switch. The data can communicate with the line center system through the backbone ring network of the station.
Line center computer system: this system is the center system of the whole line, responsible for unified supervision of the information of each station, and uploaded to the rail transit clearing center. Therefore, two industrial Ethernet switches are used in the computer system of the line center to redundantly interconnect the server, memory and communication server in the network structure of one main and one standby.
Maintenance center and training simulation system: the maintenance work area system is responsible for the equipment maintenance and training of the whole station. We use three Feichang 100m Industrial Ethernet switches to cascade the equipment of maintenance center, training and simulation system and maintenance work area to the station core ring network, so as to communicate with the line center.
Through the implementation of "AFC system detection and protection design of rail transit", the hidden danger of information security that may be brought by system connection is completely eliminated from three aspects of information security management, operation and maintenance and technology, so as to ensure the safe and stable operation of rail transit and prevent information security incidents.
1. Overall protection
We should plan and implement information security protection for rail transit AFC system as a whole, and build up a comprehensive, advanced and advanced information security system for rail transit AFC system from the angles of management, technology, operation, physical, network, host, application and data security.
2. Zone isolation
According to the importance, category and function of the business, the AFC system network of rail transit is divided, implemented according to the principle of "vertical stratification and horizontal division". Then, necessary safety isolation and protection measures are adopted between different systems, different layers and different zones to detect, control and protect the data flow and business operation between them.
3. Real time monitoring
Comprehensive information security system can not be separated from real-time control of information security status. Implementing "prevention in advance, incident control and improvement after the event" is one of the core contents of the system information security system.
4. Host control
The central control part of the AFC system of rail transit is subject to centralized security configuration and monitoring audit, and the safety hazards will be detected and contained from the source.
5. Operation and maintenance guarantee
The implementation of system information security policies, strategies, systems and protection means depends on the effective operation of management and technical measures. Operation and maintenance is not only the key activities of linking management and technology, but also the effective support for their implementation.
> The industrial redundant ring network is adopted, and the industrial redundant ring network protocol Super-Ring of Huashu communication is enabled. The self-healing time is less than 20ms, which effectively ensures the rapid self-healing of the transmission network in case of link failure
>Industrial design, protection against shock, vibration and extreme working environment
>No fan design, dual power supply, trouble free working time more than 200000 hours
>Support routing protocol to communicate with external network
>Support - 40 ~ 75 ℃ wide temperature work, high EMC protection level
>Support multiple redundant ring protection protocols, such as STP / RSTP, MSTP, Super-Ring and iec62439-6 (DRP)