Banking Wireless Data Acquisition Network Solution: The GPRS network provided by China Mobile can provide data communication services for bank outlets, ATMs and POS machines. In the coverage area of ​​the GPRS network, the ATM can be set up at any location. Breathing Simulator And Heart Beating Device Breathing Simulator and Heart beating device Heart Beating Mechanism,Pulsing Device,Breathing Simulator,Heartbeat Simulating Mechanism AST Industry Co.,LTD , https://www.astsoundchip.com
The bank network is currently mainly built on the basis of the traditional telecommunication digital network. It is implemented through DDN, FR, and remote dialing. Its main disadvantages are the fixed network structure, difficult changes and high costs. The digital switching system built on the wireless network platform allows the bank's head office, branches and settlement centers to continue to use the previously high-bandwidth private network, while the business outlets, bank POS machines, and ATMs for distributed distribution can be used from before. The remote dial-up network transitions to the wireless network. After the wireless network accesses the network, all wireless terminals of an enterprise are connected to the same closed VPN private network. After entering the VPN private network, the terminal must also pass the bank's AAA certification can enter the settlement database. A series of security measures can fully guarantee the security of the trading network.
Based on the characteristics of the banking industry, Beijing Dong Fang Technology integrates wireless routers, wireless DTUs and other wireless transmission devices independently researched and developed to provide professional wireless data collection and monitoring networking solutions for the banking industry.
Overview With the rapid development of science and technology, wireless digital technology has been widely used. It has evolved from the original service provided only for user terminals to now providing enterprises with a secure and stable digital switching platform. Enterprises on this platform can not only achieve all the applications previously used in the traditional telecommunication line, but also break through the point-to-point restrictions of the line in the region, so that the application of the enterprise can achieve digital network access where there is coverage of the mobile phone signal.
Analysis of Bank Network Situation Within the financial system, the backbone network of financial communication networks at all levels in the province, city, and county is basically completed. Access networks for various businesses at the local, city, and county levels are also under construction. Compared with the backbone network, the access network has features such as multiple network elements, multiple branch lines, wide distribution, and low investment, so the wireless access network is one of the best choices. The financial communications industry has chosen a variety of wireless communication methods, but they have not been used and promoted for a long time because of the impact of many factors such as network construction costs, frequency point management, transmission quality, bandwidth limitations, and maintenance capabilities. And China Unicom's CDMA network can just take advantage of weaknesses and make up for the shortcomings of wireless communications in the financial communications network.
The bank network is currently mainly built on the basis of traditional telecommunication digital networks. It is implemented through DDN, FR, and remote dialing. Its main disadvantage is that it is difficult and expensive to change the fixed network structure. The digital switching system built on the CDMA1X wireless network platform fully solves this problem. The bank's head office, branches and settlement centers can use the previously high-bandwidth private network, aiming at a large number of business outlets and bank POS machines. ATMs can then transition from the former remote dial-up network to the CDMA1X network. The CDMA1X network allows all wireless terminals of an enterprise to access the network through the issuing control number segment and then resides in the same closed VPN private network. After the network, the terminal must pass the AAA certification of the bank to enter the settlement database. A series of security measures can fully guarantee the security of the trading network. The wireless terminal can complete the smooth transition without any modification of the banking network system structure.
CDMA1X Wireless Access Bank Application Case The CDMA 1X network provided by China Unicom can provide data communication services for bank outlets, ATMs and POS machines. In the coverage area of ​​the CDMA network, the ATM can be set up at any location. For business outlets, the use of a CDMA wireless network as a backup link is very suitable. Under the premise of ensuring the connection rate, the communication cost will be greatly reduced. The typical CDMA1X wireless application case topology is as follows:
Figure 1: L2TP-based VPDN security solution
Figure 2: IPSec-based VPDN solution
Advantages of CDMA1X Transmission Mode In the banking networking business, the DDN method was often used to connect to the regional bank settlement center. Now the VPDN security tunnel constructed by the CDMA1X wireless data network can be used for data settlement. Compared to access methods such as DDN, it has the following advantages:
1) CDMA1X users can freely distribute and move their own network points, without worrying about the maintenance of the line or the interruption of communication caused by the cable being moved. Building a new business hall does not require any work such as pulling or embedding. Less investment than optical fiber or dedicated line systems, easy installation of equipment.
2) The terminal price is relatively low. Compared with the DDN dedicated Modem, terminal equipment costs less.
3) CDMA1X is cheap and billing is reasonable. CDMA1X tariffs are cheaper than wired telephone networks. The Bank's networked services do not have a large amount of data transmission, and it is not necessary to use high-cost dedicated lines (DDN, Frame Relay). CDMA1X can also charge based on the amount of data communicated and the quality of service provided. In a CDMA1X network, users only need to establish a connection with the network to maintain this connection for a long time, and only occupy the channel and be charged when data is transmitted. In this way, the business hall does not need to establish connections frequently, nor does it have to pay for the transmission gap.
4) CDMA1X can best support frequent, small bursts of data traffic. The communication quality is stable and reliable, never dropping.
5) CDMA1X network access speed is fast, providing a seamless connection with existing data networks. Since the CDMA1X network is a packet data network and supports TCP/IP and X.25 protocols, it does not need to go through the PSTN and other networks to directly communicate with the packet data network (IP network or X.25 network). Only a few seconds faster than circuit data services. With the TCP/IP protocol, network access is more direct and convenient than previous wireless data networks (clusters, two-way paging, and GSM short messages).
6) Data sets are easy to manage. The traditional bank outlets are cascaded. County banks and municipal banks respectively access local telecommunications or Netcom fixed-line operators. Data is uploaded step-by-step and dispersed and difficult to manage. Unicom's CDMA1X wireless access is used in the province. The data center can complete centralized and unified data management, greatly improving efficiency and reducing transmission costs.
7) Cover it well. Compared to many wireless data networks (clusters, two-way paging, CDPD), their network coverage is the best.
CDMA1X wireless access security
1. CDMA1X wireless access workflow:
After China Unicom completed the network-side configuration, after the banking network accesses the CDMA1X network through wireless devices, the CDMA1X packet access device PDSN is routed through the L2TP tunnel to the LNS routers in the center of the banking system, with the China Unicom backbone network and dedicated lines in the middle. The opening and passing of the entire tunnel is within Unicom's network. As a large telecom operator, it has strict security management and protection measures to ensure that the data in the network is safe and reliable, with high security guarantees, and there is no interconnection and intercommunication. Bottlenecks can effectively guarantee users' performance.
Security Assurance CDMA1X adopts wireless spread spectrum technology derived from military technology. The wireless air channel between the user end and the wireless network access device cannot be cracked at present; the wireless packet device is connected to the user terminal device and is tunneled through the dedicated line. , can effectively ensure the safety of the entire system. To protect the security of the entire system, we must first ensure the security of the network itself. External illegal access and illegal data must be shielded as much as possible. Strict user authentication and control of terminals connected from an external network must be performed. For each link of CDMA1X, we analyze their security.
1) CDMA 1X over-the-air channel CDMA adopts military-level anti-eavesdropping technology: long PN coding, spread spectrum technology, encryption algorithm, fast power control, CDMA wireless network adopts air as medium, and CDMA system adopts coding technology and its coding has 4 Four hundred million numbers are arranged, and the encoding of each SIM card is also changing at any time, which makes the theft code can only become theoretically possible. Objectively speaking, CDMA1X technology is superior to the current GPRS technology. The disadvantage is that the coverage of the network in the remote areas is incomplete. The normal use of the network's CDMA1X mobile phone users currently on the network also proves the stability and security of CDMA1X on the other hand.
2) VPDN starts from the connection initiated by the client. The CDMA mobile office connection is tunneled to the user-side network in the form of a forced VPN tunnel. The user's network can be connected to the data private line of Unicom. The entire transmission process is transparent to the external network, ensuring transmission. The private nature of the process.
All data transmission lines of the data transmission line are based on China Unicom's leading all-fiber network. This network can effectively isolate the interoperability between the line and the Internet, and the Unicom Internet 165 data line has been rated as the best by the China Internet Official Organization for three consecutive years. The internet. All data transmissions are within the Unicom Data Private Network, which ensures the security and reliability of data in the private line transmission.
Route Access Control Regardless of the mobile office mode, all client access must be controlled by router access. For illegal logins or connections from other IPs, they are rejected by the router and cannot enter the intranet.
5) Security between Unicom network and banking network CDMA1X network wireless access mode exists with the exclusive connection between Unicom's data private network and the bank private network. As two relatively independent private networks, there are re-certification requirements through Unicom. The connection authenticated by the AAA server needs to be verified again before entering the banking network to confirm that the identity is legal. There are currently two options that can address the bank’s needs:
Option One: Unicom and the bank jointly verify (Figure 1).
A dedicated AAA server is connected to the bank access router part, and an account/password policy can be flexibly configured by establishing a VPDN based on L2TP over IPSec with China Unicom. The Unicom NAS verifies the domain name, user name and UIM card number. Unicom provides the bank with a client account interface. The bank's AAA server verifies the user name and password and cooperates with the router to bind the IP address to fully protect the legitimate user's login. This operating model has been successfully implemented in various local banks and is operating normally.
Option 2: Use a CDMA1X wireless access device with a VPN function (Figure 2).
Connect the user's access router to the center intranet, install a firewall that supports IPSec, connect the bank's network to the IPSec-enabled encryptor + CDMA wireless router, or integrate the IPSec function in the CDMA router; log in to the firewall through a VPN account; Safe tunnel. This kind of scheme has a high level of security, but it has high technical requirements for wireless CDMA routers, is difficult to develop, and costs relatively high.
Eastcom's characteristics of CDMA routers Dongfangxun CDMA routers provide RJ45 Ethernet interfaces, making the network simple, rapid, and flexible. The CDMA router wireless data communication system can not rely on the data interface equipment of the operator switching center to construct a virtual wireless data communication private network that covers the whole of China through the Internet anywhere and anytime.
Product Features:
â— Built-in complete and stable TCP/IP protocol stack, including TCP, UDP, FTP, SOCKTE, TELNET, HTTP, etc.;
â— Automatic dialing after the device is powered on, without human intervention, configuration and maintenance is simple;
â— Provides basic routing functions that can be used to share Internet access among multiple devices.
â— Supporting NAT/static route switching between two modes to facilitate the user to configure the terminal IP address according to application requirements;
â— With a perfect heartbeat mechanism, the user can send heartbeat packets according to their actual settings.
Bank GPRS Wireless Access ATM Networking Application Solution
The typical GPRS wireless application case topology is as follows:
Figure 1: L2TP-based VPDN security solution
Figure 2: Explanation of VPDN security solutions based on IPSec:
GGSN : Gateway GPRS Supporting Node , GPRS Gateway Support Node
SGSN : Serving GPRS Support Node , GPRS Service Support Node
BSS : Base Station System, Base Station System
The advantage of GPRS transmission method If you use GPRS wireless data transmission, you have the following advantages:
1. Cheaper rates and reasonable billing. The GPRS monthly subscription fee is very cheap (please consult your local GPRS service provider for detailed tariff criteria). Since the ATM service does not have a large amount of data transmission, it is not necessary to use a high-cost dedicated line (DDN, etc.). However, GPRS can charge according to the amount of data communicated and the quality of service provided. In a GPRS network, a user only needs to establish a connection with the network to maintain this connection for a long time, and only when the data is transmitted, the channel is occupied and billed. When there is no data transmission, the channel is not occupied nor is it charged. of. Therefore, business outlets do not need to establish frequent connections. Of course, they do not have to pay for dedicated lines when they are idle, and customers no longer have to wait impatiently for dial-up calls.
2. Low equipment investment. Traditional DDNs and other private lines need to purchase DTUs or other dedicated line modems. For dialing modes, Modem Pool, common Modem, and ISDN Modem are required. The use of GPRS wireless only requires the purchase of a GPRS wireless transmission terminal, and the investment is much smaller.
3. It is convenient to add and change outlets. If GPRS is adopted, users can freely change their business outlets without worrying about the maintenance of the line or the interruption of communication caused by the movement. When adding new business locations, there is no need to conduct wiring, embedding, etc. involving multiple parties.
4. The line is stable and never dropped. The packet technology used by GPRS can best support frequent or small bursts of data services.
5. The network access speed is fast. The time for GPRS to log in to the network is very short. It takes only 30 seconds for one or two minutes of the dialing method, and once connected, it is always online, so it can provide a seamless connection with the existing data network.
6. The network coverage is good. Now the coverage of GSM network is very perfect, and GPRS service nodes are distributed in most GSM network nodes to ensure the feasibility of wireless access.
GPRS wireless access security
1. GPRS wireless access workflow:
The bank is connected to the GGSN of the mobile company's GPRS network through a dedicated line, and sets up a dedicated access APN point for the bank on the mobile GGSN network element, thus forming a wireless virtual private network (VPN) between the enterprise's mobile devices and the bank's internal network. ) Channels solve the internal network security and data privacy requirements of companies.
When the mobile terminal performs GPRS attachment, the SGSN first queries the HLR for the APN permitted to be used by the mobile terminal, and then resolves the APN to the corresponding IP address through DNS. The dedicated APN will be reflected on the GGSN as a dedicated network address segment. Since the bank is connected to the mobile company through a dedicated line, the mobile terminal has been connected to the corporate network through GPRS in this way.
Security Level 1 Security: GPRS Network Security User Authentication
GPRS will use the GSM defined authentication procedure with the following differences: This procedure is performed from the SGSN. The GPRS authentication process performs user authentication, selects an encryption algorithm, and synchronizes the start of encryption. The certification triple exists in the SGSN. Once the IMSI is attached, the MSC/VLR will not authenticate the mobile station through the SGSN, nor can it update its location, but it can authenticate the mobile station during CS connection establishment.
The user identification code secret Temporary Logical Link Identification Number (TLLI) is used to identify a GPRS user. Management between TLLI and IMSI can only be known within the mobile station and the SGSN. The TLLI is obtained based on the P-TMSI arranged by the SGSN or created by the mobile station. When the mobile station is in a ready state, the SGSN can re-arrange the P-TMSI at any time. The rescheduling process is performed according to the P-TMSI rescheduling process, or it may also be included in the attach or route update process.
2) Second level security: AAA authentication on the GPRS network side
AAA refers to the three processes of Authentication, Authorization, and Accounting.
Authentication is the confirmation of the user's identity when the user uses the resources in the network system. In this process, identity information (such as user name-password, biometric information, etc.) is obtained through interaction with the user and submitted to the authentication server; the authentication server collates the identity information with the user information stored in the database, and then The processing result confirms whether the user identity is correct.
The authorization is that the network system authorizes the user to use its resources with specific privileges. This process specifies the services that the authenticated user can use after accessing the network and the rights that they have, such as granting IP addresses and permitting access time.
The charging is that the network system collects and records the user's usage information of the network resources so as to charge the user the resource usage fee. Taking the Internet service provider ISP as an example, the user's network access usage can be accurately recorded by traffic or time.
Authentication, authorization, and accounting together enable the network system to accurately record the use of network resources by specific users. This will not only effectively protect the rights of legitimate users to a certain extent, but also effectively guarantee the safe and reliable operation of the network system.
The AAA authentication process on the GPRS network side authenticates the user's domain name. The AAA server on the GPRS network side performs binding verification on the domain name of the logged-in user and the user's IMSI. After the verification is passed, the GPRS network can be accessed.
3) Level 3 security: VPN links between GPRS networks and user networks
A dedicated link can be used between the GPRS network and the user network, and Internet links can also be used. Using Internet links must consider security, so you can use VPNs to link the two using the Internet.
VPNs are transmitted over an insecure Internet. The transmission content may involve confidential data of the enterprise. Therefore, security is very important. Security technologies in VPNs usually consist of encryption, authentication, and key exchange and management. There are mainly authentication technology, encryption technology, key management and exchange technology.
4) Level 4 security: security firewall (FW) on the user network side
Firewall technology is a main method used to implement network security measures. It is mainly used to reject unauthorized users' access, prevent illegal users from accessing sensitive data, and allow legitimate users to access network resources smoothly. A firewall is actually an access control technology that sets up barriers between an organization's internal network and insecure networks, prevents unauthorized access to information resources, and can also use firewalls to block the illegal export of confidential information from protected networks.
The user network can choose the firewall product suitable for this unit to ensure the security of its own network data. <
5) Level 5 security: The AAA authentication on the AAA authentication user's network side of the user's network side can authenticate the VPDN member. Unlike the second-level security, the AAA server of this level will authenticate the correctness of the username and password of the VPDN member.
The features of Dongfang GPRS router Dongfangxun GPRS router provides RJ45 Ethernet interface, the network is simple, rapid and flexible. The GPRS router wireless data communication system can not rely on the data interface equipment of the operator switching center to construct a virtual wireless data communication private network that covers the whole of China through the Internet anywhere and anytime.
Product Features:
â— Built-in complete and stable TCP/IP protocol stack, including TCP, UDP, FTP, SOCKET, TELNET, HTTP, etc.;
â— Automatic dialing after the device is powered on, without human intervention, configuration and maintenance is simple;
â— Provides basic routing functions that can be used to share Internet access among multiple devices.
â— Supporting NAT/static route switching between two modes to facilitate the user to configure the terminal IP address according to application requirements;
â— With a perfect heartbeat mechanism, the user can send heartbeat packets according to their actual settings.
Banking Wireless Data Acquisition Network Summary
Banking Wireless Data Acquisition Network Summary: