CN101056179A - Method and system for controlling the user to visit the network at the specific area - Google Patents
Method and system for controlling the user to visit the network at the specific area Download PDFInfo
- Publication number
- CN101056179A CN101056179A CN 200710111017 CN200710111017A CN101056179A CN 101056179 A CN101056179 A CN 101056179A CN 200710111017 CN200710111017 CN 200710111017 CN 200710111017 A CN200710111017 A CN 200710111017A CN 101056179 A CN101056179 A CN 101056179A
- Authority
- CN
- China
- Prior art keywords
- login
- access server
- user
- authentication information
- territory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a method and system for controlling the user accessing the network only at the specified area. The method includes: record the corresponding relationship between the access server and this logon domain, this relation is recorded as the unique attribute of access server and the corresponding relationship with logon domain, and binds the user account number with the logon domain; the user may send the logon authentication information with the user account number to the access server, which may add the unique attribute of this access server in the logon authentication information to generate the authentication information, then sends the authentication information to the service end system, which may take out the unique attribute of access server from the authentication information, if the service end system makes sure that the access server corresponding to the user account number logon domain has the access server taken out from the authentication information, then the sub-area logon authentication of the user may be passed. The invention may effectively prevent the accessing of unauthorized users at the specified area, strengthen the network logon management and enhance the network safety.
Description
Technical field
The present invention relates to the method and system of network authentication mandate book keeping operation (AAA, Authentication, Authorization, Accounting) management, particularly relate to the method and system that a kind of user logins authorization identifying.
Background technology
Along with carrying out in a deep going way of national information work, improve the emphasis that the educational system level of IT application becomes work at present.The campus network construction then is the key of educational system informatization, and especially the university campus net is built.In informationalized process of construction, campus network can promote Faculty and Students to improve the level of application message technology as early as possible.Campus network for the teacher provide a kind of advanced person the aided education instrument, abundant teaching resources library is provided, campus network provides a large amount of resources for research and academic informations for scientific research personnel and postgraduate; The online class and the professional background knowledge of various ways are provided for the student.For the network entry management of different user, the general mode of Certificate Authority accounting system that adopts is carried out in the prior art.
A typical A AA system configuration sketch as shown in Figure 1, this system comprises a plurality of user PC1, one or more access server (NAS, Network Access Server) 2, convergence switch 3, service end system 4 and fire compartment wall 5, the user inputs information such as user account number, password on user PC1, send to access server 2, by access server 2 these information are sent to convergence switch 3, convergence switch 3 is convergent points of many access servers 2, it must handle all traffics from access server 2, and the data uplink link is provided; Convergence switch 3 sends authentication information to service end system 4, finish authentication function by service end system 4, if the user account number cipher authentication passes through, then service end system 4 sends message that authentication passes through to access server 2 by convergence switch 3, has finished the Certificate Authority function thus.
The normal remote customer dialing authentication service (RADIUS that adopts of subscriber authorisation authentication, RemoteAuthentication Dial In User Service) agreement, the RADIUS pack arrangement that sends at service end system 4 and between by convergence switch and access server 2 as shown in Figure 2, wherein code domain shows that the type of this packet is authentication request packet or response request packet, or charge information packet, and identification field represents that the RADIUS bag is request package or respond packet, length field comprises whole length of data package information, and Attribute domain can be inserted multiple attribute, its length can freely be adjusted according to selected attribute, and described attribute can comprise user account number, password, contents such as IP address.The content of authenticated domain is used for replying of authentication server end system, also is used to insert the encrypted content of user password in addition.When the code domain content is 1, represent that this packet is the access checking request that access server sends to service end system, when the code domain content is 2, represent that this packet is that service end system passes through packet to the checking result that access server sends.
In the existing AAA system, mainly concentrate on user account number and the password for user information authentication, this system can bring some problems, and for example, some student user is class hour on the school laboratory, the information that may surf the web and learn to have nothing to do, influence study; Perhaps some student uses notebook computer to surf the Net at teaching building, can influence other students' study like this, in addition, nucleus in some needs to be keep secret, if this user who does not have access authority can surf the Net in these zones, just may obtain confidential information, cause the hidden danger of network security management by modes such as network monitorings.Therefore, the problem of existing AAA system is the zone that uncontrollable user institute can surf the Net, and causes managerial confusion of online and fail safe to be difficult to assurance.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of user of control can only be in the method for specific region online, and this method can be bound the unique attribute of user account number and access server and login territory, control thus the user the zone that can surf the Net.The present invention also aims to provide a kind of user of control can only be in the system of specific region online.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of control the user can only be in the method for specific region online, this method comprises:
A, division login territory, the corresponding relation in access server and this login territory in the record login territory, this relation record is that a kind of of access server can be different from the unique attribute of other access servers and the corresponding relation in login territory, and with user account number and the binding of login territory;
The login authentication information that B, user will comprise user account number is sent to access server, access server adds the unique attribute of this access server in login authentication information, generate authentication information, then authentication information is sent to service end system, service end system takes out the unique attribute of access server from authentication information, if include the access server that takes out in the definite access server corresponding to user account number login territory of service end system from authentication information, then user's subregion login authentication is passed through.
Wherein, the foundation of the operation in division login territory is to set up different logins territories according to the difference in geographical position in the described steps A.
Wherein, further comprise after the above-mentioned steps A: several login territories are combined into a login territory group, user account number and login territory group binding; Correspondingly, user described in the step B is sent to subregion login authentication information after the service end system, also comprises: take out each login domain name from the group of the pairing login of user account number territory, take out the unique attribute of respectively logining access server that domain name comprises.
Further comprise after the above-mentioned steps A: will login domain name, deposit in the database with the login domain information of user account number binding and the unique attribute of the login access server that the territory comprised; Correspondingly, user described in the step B is sent to subregion login authentication information after the service end system, also comprise: service end system is obtained the pairing login domain name of user account number from database, and the unique attribute of the access server that comprised of this login territory.
Wherein, the unique attribute of described access server comprises the IP address of access server.
Described user log-in authentication information is sent to service end system according to the mode of remote customer dialing authentication service agreement, and the unique attribute of described access server is included in the Attribute domain of remote customer dialing authentication service data bag.
A kind of control the user can only be in the system of specific region online, this system comprises: user PC, access server and service end system, wherein said user PC are used for sending the login authentication information that comprises user account number to access server; Described access server is used for adding in described login authentication information the unique attribute of this access server, generates authentication information, and sends this authentication information to service end system; Described service end system is used for taking out from authentication information the unique attribute of access server, and when determining to include the access server that takes out in the access server corresponding to user account number login territory from authentication information, user PC is by the subregion login authentication
Control user of the present invention can only be in the method for specific region online, unique attribute by user bound account number and access server is to the particular login territory, the user that can effectively prevent lack of competence in the specific region has strengthened the login management of network in this zone online, promotes internet security.When scheme provided by the invention was applied to campus network, the user of the information system that can give an impulse to education rationally used network, promoted study, teaching and scientific research.
Description of drawings
Fig. 1 is the AAA system structure diagram of prior art;
Fig. 2 is the RADIUS message inclusion composition of prior art;
Fig. 3 is the AAA system user of prior art and setting, storage and the acquisition methods schematic diagram of operator's authorization identifying information;
Fig. 4 is operator's foresee steps flow chart of the present invention;
Fig. 5 is a user partition of the present invention territory login authentication flow chart of steps;
Embodiment
The present invention is further described in more detail below in conjunction with drawings and the specific embodiments.
Core concept of the present invention is: the step that this method is divided into step that login authentication rule in subregion is set and service end system carries out the subregion login authentication according to above-mentioned set rule to user login information is referred to as foresee steps and user partition territory login authentication step here respectively.
Wherein, foresee steps comprises: divide the login territory, access servers all in the territory and the corresponding relation of logining the territory logined in record, this relation can be recorded as a kind of of access server can be different from the unique attribute of other access servers and the corresponding relation between the login territory, and with user account number and the binding of login territory; Each corresponding relation that is provided with in the foresee steps can adjust accordingly according to practical application, and these set-up procedures still belong among the foresee steps.
Login authentication step in user partition territory comprises: the user is sent to access server with login authentication information, comprise user account number in this login authentication information, contents such as password, access server adds its unique attribute in login authentication information, generate authentication information, then authentication information is sent to service end system through convergence switch, service end system takes out these information from authentication information, contrast is corresponding to the unique attribute of the unique attribute of the access server in user account number login territory and the access server that takes out from authentication information, if include the access server that takes out in the access server corresponding to user account number login territory from authentication information, then user's subregion login authentication is passed through.
In order to realize said method, also adopt structure shown in Figure 1 on the accession authorization system hardware of subregion of the present invention, wherein, can network be divided into different logins territory according to geographical position or other management strategy, with the campus network is example, can be divided into dormitory area, teaching district, laboratory district, library district etc., also can be divided into more rough or finer login territory according to the actual management needs, for example dormitory Sector East, dormitory Westbound are even down to certain dormitory building etc.In each login territory one or more access servers 2 can be arranged, each access server 2 can connect one or more user PC1, the access server 2 in each login territory is connected to convergence switch 3, convergence switch 3 is convergent points of many access servers 2, it must handle all traffics from access server 2, and the data uplink link is provided; While convergence switch 3 Connection Service end systems 4 and fire compartment wall 5.The user uses client login access server on user PC1, transmit authentification of user mandate accounting information and give access server 2, access server 2 sends to service end system 4 after this authentification of user mandate accounting information is converged through convergence switch 3, carry out subregion login authentication and other authentication by service end system 4, after authentication was passed through, the user promptly can obtain access authority.
But native system also has following feature: native system can write down the access servers all in the login territory and the corresponding relation in this login territory, this relation can be recorded as a kind of of access server can be different from the unique attribute of other access servers and the corresponding relation in login territory, also can the recording user account number and the corresponding relation in login territory, access server has this access server unique attribute of interpolation in login authentication information, generate the function of authentication information, whether service end system has according to mating corresponding to the unique attribute of the unique attribute of the access server in user account number login territory and the access server that takes out from authentication information is judged whether the user can be in the function of specific region online.
Among the present invention, setting and acquisition methods for subregion authentication management information are similar to general Certificate Authority accounting system, the setting of its authentication information, storage and acquisition methods are as shown in Figure 3, the operator logins Service Synthesis Management System by the mode of Telnet, set up and revise Certificate Authority book keeping operation database, this database has comprised the necessary information of subregion login authentication, has generally comprised and has respectively logined domain name, each login the territory group name with and the login domain name that comprises, each unique attribute of logining the access server in the territory with and with the corresponding relation in login territory, user account number, user's initial password, information such as the login territory group name of user's correspondence or login domain name.The method of described operator's Telnet can be to be undertaken by the mode of web browser.The user can be by the mode login user self-aid system of Telnet, visit this database, carry out the modification in some user right scopes, for example revise user cipher etc., the method for described user's Telnet also can be to be undertaken by the mode of web browser.When needs carry out the subregion login authentication, service end system taking-up information from above-mentioned Certificate Authority billing database is carried out login authentication, judge whether the user surfs the Net in its specific region, service end system can also carry out the authentication and the processing of other information as required in addition.If authentification of user mandate accounting system adopts the mode of radius protocol to carry out, then this service end system is called the RADUIS server.
As the preferred embodiments of the present invention, the method of subregion login authentication adopts the mode of radius protocol to carry out among the present invention, this method comprises operator's foresee steps and user partition territory login authentication step, and wherein the flow process of operator's foresee steps comprises following substep as shown in Figure 4:
(301) operator is divided into several logins territory with school, to each login territory name, such as: school is divided into dormitory area, teaching district, laboratory district, library district.Certainly the operator can continue the segmentation zone, and the division in login territory is customized by operator oneself, such as: can continue the dormitory area is divided into dormitory Sector East, dormitory Westbound, dormitory North Area, dormitory South Area etc.;
(302) bind in unique attribute and this login territory that the one or more access servers in each login territory is different from other access server, this unique attribute can be the IP address of access server, also can be the attribute field by each access server of energy unique identification of operator's setting;
(303) a plurality of logins territory can be combined into a login territory group as required, the compound mode of this login territory group can be divided with reference to the online zone of class of subscriber and the required correspondence of each class of subscriber, such as, according to user property the user is included into different user groups, for example the undergraduate is included into undergraduate course zone group, all masters, the doctoral candidate is included into the master, doctor's group, all teachers are included into teacher's group etc., the access authority that is had according to each user's group will land composition login territory, territory group then, for example stipulate that undergraduate course zone group can be in the dormitory area, the online of library district; Master, doctor group can be in the dormitory area, laboratory district and the online of library district; Teacher group can be in the dormitory area, teaching district, laboratory district, the online of library district, if the operator is provided with all users or user's group all can only then not need to set login territory group a particular login territory group, this substep can omit at this moment;
(304) as required can be with user or user's group binding login territory group or a login territory;
(305) will login domain name, deposit in the database with the login domain information of user account number binding and the unique attribute of the login access server that the territory comprised.
Correspondingly, user partition territory login authentication step includes following substep:
(401) user is by user PC login self-help serving system, send the RADIUS authentication packet to access server, access server sends the RADIUS message bag through convergence switch to service end system, and in bag, insert the unique attribute of access server, this unique attribute can be the IP address of access server, also can be chosen in and be provided with one in the RADIUS message bag and can identify the unique attribute field of access server by subregion debarkation authentication system, this unique attribute should select with operator's foresee steps in identical type, access server passes to radius server with this message by convergence switch and handles;
(402) radius server takes out this user's the account number and the unique attribute of access server from authentication data packet;
(403), from database, take out login territory group or login domain name that this account number is bound according to this user's account number;
(404) take out each login domain name according to login territory group name, if what taken out in the step (403) is single login domain name, then this substep can omit;
(405) can take out the unique attribute that each logins a plurality of access servers in territory according to each login domain name of being taken out;
(406) unique attribute of all access servers of the unique attribute of the access server in the step (402) and the taking-up in the step (405) is mated, so-called coupling refers to is exactly to check the unique attribute that whether includes in the unique attribute of access server in the step (405) in the step (402), if include then the match is successful;
(407) if coupling is unsuccessful, just illustrate that the user does not surf the Net in the zone of his defined;
(408), just can't obtain to return at subscription client " in the zone of regulation, not surfing the Net " information at this regional access authority if the user does not surf the Net in the zone of his defined;
(409), just illustrate that the user surfs the Net in the zone of his defined if the match is successful;
(410) if the user surfs the Net in the zone of his defined, also to carry out otherwise authentication, for example whether user account number and user cipher be correct, and whether user balance is zero, and whether user account number is expired, and whether User Status is normal etc.
The above is preferred embodiment of the present invention only, is not to be used for limiting protection scope of the present invention.Those skilled in that art should be able to associate; select for use the method for other agreements to realize subregion login authentication function; or comprise the more users information content in login authentication information or the authentication information; perhaps otherwise identify the unique attribute of access server, perhaps more accurate region partitioning method is adopted all and should be belonged to protection scope of the present invention.
Claims (7)
1, a kind of control the user can only be in the method for specific region online, this method comprises:
A, division login territory, the corresponding relation in access server and this login territory in the record login territory, this relation record is that a kind of of access server can be different from the unique attribute of other access servers and the corresponding relation in login territory, and with user account number and the binding of login territory;
The login authentication information that B, user will comprise user account number is sent to access server, access server adds the unique attribute of this access server in login authentication information, generate authentication information, then authentication information is sent to service end system, service end system takes out the unique attribute of access server from authentication information, if include the access server that takes out in the definite access server corresponding to user account number login territory of service end system from authentication information, then user's subregion login authentication is passed through.
2, control user according to claim 1 can only is characterized in that in the method for specific region online, and the foundation of dividing the operation in login territory in the described steps A is to set up different logins territory according to the difference in geographical position.
3, control user according to claim 1 can only is characterized in that in the method for specific region online, further comprises after the described steps A: several login territories are combined into a login territory group, with user account number and login territory group binding; Correspondingly, user described in the step B is sent to subregion login authentication information after the service end system, also comprises: take out each login domain name from the group of the pairing login of user account number territory, take out the unique attribute of respectively logining access server that domain name comprises.
4, control user according to claim 1 can only is characterized in that in the method for specific region online: further comprise after the described steps A: will login domain name, deposit in the database with the login domain information of user account number binding and the unique attribute of the login access server that the territory comprised; Correspondingly, user described in the step B is sent to subregion login authentication information after the service end system, also comprise: service end system is obtained the pairing login domain name of user account number from database, and the unique attribute of the access server that comprised of this login territory.
5, can only be according to each described control user in the claim 1 to 4 in the method for specific region online, it is characterized in that: the unique attribute of described access server comprises the IP address of access server.
6, can only be according to each described control user in the claim 1 to 4 in the method for specific region online, it is characterized in that: described user log-in authentication information is sent to service end system according to the mode of remote customer dialing authentication service agreement, and the unique attribute of described access server is included in the Attribute domain of remote customer dialing authentication service data bag.
7, a kind ofly control the user and can only it is characterized in that this system comprises in the system of specific region online: user PC, access server and service end system,
Described user PC is used for sending the login authentication information that comprises user account number to access server;
Described access server is used for adding in described login authentication information the unique attribute of this access server, generates authentication information, and sends this authentication information to service end system;
Described service end system is used for taking out from authentication information the unique attribute of access server, and when determining to include the access server that takes out in the access server corresponding to user account number login territory from authentication information, user PC is by the subregion login authentication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101110174A CN101056179B (en) | 2007-06-13 | 2007-06-13 | Method and system for controlling the user to visit the network at the specific area |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101110174A CN101056179B (en) | 2007-06-13 | 2007-06-13 | Method and system for controlling the user to visit the network at the specific area |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101056179A true CN101056179A (en) | 2007-10-17 |
| CN101056179B CN101056179B (en) | 2010-06-09 |
Family
ID=38795807
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007101110174A Expired - Fee Related CN101056179B (en) | 2007-06-13 | 2007-06-13 | Method and system for controlling the user to visit the network at the specific area |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101056179B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102685093A (en) * | 2011-12-08 | 2012-09-19 | 陈易 | Mobile-terminal-based identity authentication system and method |
| CN103746995A (en) * | 2014-01-03 | 2014-04-23 | 汉柏科技有限公司 | User management and control method and system for security network |
| CN104335523A (en) * | 2014-04-15 | 2015-02-04 | 华为技术有限公司 | Access control method, client and server |
| CN104796293A (en) * | 2015-04-28 | 2015-07-22 | 河海大学常州校区 | Individualized campus network access management system and individualized campus network access management method based on course timetables and points |
| CN110445873A (en) * | 2019-08-14 | 2019-11-12 | 睿云联(厦门)网络通讯技术有限公司 | A kind of cloud platform service cut-in method and Redirect Server |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1223140C (en) * | 2002-06-24 | 2005-10-12 | 华为技术有限公司 | Method for implementing broad band pre-payment based on authentication, authorization and charging protocol |
| CN1152333C (en) * | 2002-07-31 | 2004-06-02 | 华为技术有限公司 | Method for realizing portal authentication based on protocols of authentication, charging and authorization |
| JP2004326580A (en) * | 2003-04-25 | 2004-11-18 | Mitsubishi Electric Corp | Authentication method and authentication system |
| CN1303791C (en) * | 2003-07-19 | 2007-03-07 | 华为技术有限公司 | A method for implementing campus network |
| CN100474825C (en) * | 2003-09-12 | 2009-04-01 | 华为技术有限公司 | Method and system for unified process of domain authentication and user network authority control |
| JP4078289B2 (en) * | 2003-11-10 | 2008-04-23 | 京セラコミュニケーションシステム株式会社 | Authentication system |
| US20050154886A1 (en) * | 2004-01-12 | 2005-07-14 | International Business Machines Corporation | Declarative trust model between reverse proxy server and websphere application server |
| CN1972320B (en) * | 2005-11-24 | 2010-09-22 | 华为技术有限公司 | Method for packet network acquiring geographic location information of subscriber access terminal on fixed network |
-
2007
- 2007-06-13 CN CN2007101110174A patent/CN101056179B/en not_active Expired - Fee Related
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102685093A (en) * | 2011-12-08 | 2012-09-19 | 陈易 | Mobile-terminal-based identity authentication system and method |
| CN102685093B (en) * | 2011-12-08 | 2015-12-09 | 陈易 | A kind of identity authorization system based on mobile terminal and method |
| CN103746995A (en) * | 2014-01-03 | 2014-04-23 | 汉柏科技有限公司 | User management and control method and system for security network |
| CN103746995B (en) * | 2014-01-03 | 2017-09-26 | 汉柏科技有限公司 | User's management-control method and system for secure network |
| CN104335523A (en) * | 2014-04-15 | 2015-02-04 | 华为技术有限公司 | Access control method, client and server |
| WO2015157924A1 (en) * | 2014-04-15 | 2015-10-22 | 华为技术有限公司 | Authorization control method, client and server |
| CN104335523B (en) * | 2014-04-15 | 2018-08-21 | 华为技术有限公司 | A kind of authority control method, client and server |
| US10237267B2 (en) | 2014-04-15 | 2019-03-19 | Huawei Technologies Co., Ltd. | Rights control method, client, and server |
| CN104796293A (en) * | 2015-04-28 | 2015-07-22 | 河海大学常州校区 | Individualized campus network access management system and individualized campus network access management method based on course timetables and points |
| CN110445873A (en) * | 2019-08-14 | 2019-11-12 | 睿云联(厦门)网络通讯技术有限公司 | A kind of cloud platform service cut-in method and Redirect Server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101056179B (en) | 2010-06-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7596804B2 (en) | Seamless cross-site user authentication status detection and automatic login | |
| US9576146B2 (en) | Service oriented secure collaborative system for compartmented networks | |
| CN101669128B (en) | Cascading authentication system | |
| WO2010138910A1 (en) | Secure collaborative environment | |
| CN104363207A (en) | Multi-factor security enhancement authorization and authentication method | |
| CN101056179B (en) | Method and system for controlling the user to visit the network at the specific area | |
| US20080131860A1 (en) | Security and tamper resistance for high stakes online testing | |
| CN101547097B (en) | Digital media management system and management method based on digital certificate | |
| CN101540757A (en) | Method and system for identifying network and identification equipment | |
| CN110990858B (en) | Cross-cloud resource sharing system and method based on distributed information flow control | |
| Kausar et al. | Fog-assisted secure data exchange for examination and testing in E-learning system | |
| CN107733842A (en) | Method for authenticating and device based on cloud platform | |
| CN103188208B (en) | Authority control method, system and the call center of web page access | |
| Leitold | Challenges of eID interoperability: The STORK project | |
| EP1723487A1 (en) | Method for access management | |
| Reno et al. | Securing certificate management system using hyperledger based private blockchain | |
| CN111488449A (en) | Student at school information evidence storing method based on permission block chain | |
| Aldheleai et al. | User security in e-learning system | |
| CN109558527A (en) | College entrance examination Score Inquiry method, apparatus and computer equipment based on block chain | |
| JP2008287359A (en) | Authentication apparatus and program | |
| CN112035809B (en) | Unified access authorization platform based on education cloud | |
| CN113973006A (en) | Intranet data access management method and system | |
| Schiller et al. | Distributing Access to Data, not Data | |
| Besimi et al. | Managing security in a new Learning Management System (LMS) | |
| US20130275753A1 (en) | System and method for verifying credentials |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100609 Termination date: 20190613 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |