CN102833107B - Safety access method and system - Google Patents
Safety access method and system Download PDFInfo
- Publication number
- CN102833107B CN102833107B CN201210313824.5A CN201210313824A CN102833107B CN 102833107 B CN102833107 B CN 102833107B CN 201210313824 A CN201210313824 A CN 201210313824A CN 102833107 B CN102833107 B CN 102833107B
- Authority
- CN
- China
- Prior art keywords
- network
- equipment
- access
- change
- risk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a safety access method and a safety access system. A safety access device monitors the state of a device in a network and obtains the device information of the changed device when the state of the device in the network is changed; the safety access device carries out safety check on the changed device according to the device information and obtains the safety check result; the safety access device carries out risk evaluation on the changed device according to the safety check result and the preset risk evaluation algorithm and obtains risk evaluation result; the safety access device confirms whether the changed device is allowed to access to the network according to the risk evaluation result. The safety access method can improve the safety of the network when a new device is accessed or the device state is changed.
Description
Technical field
The embodiment of the present invention relates to network security technology, particularly relates to a kind of safety permission method and system.
Background technology
Along with the development of network technology and the continuous intensification of global IT application degree, strengthen information security work extremely urgent.Especially in commercial network, military security network and some specific network environment, for whether allowing the access of certain the whole network environment of equipment access particularly important.Equipment in new equipment access network or network, for this problem, normally directly to change by prior art, is slowly improved the fail safe of this equipment in follow-up use by modes such as patch installing.
Such scheme is the scheme that Most current producer adopts, but uses this scheme, and the huge potential safety hazard that may cause for current network when new equipment access or equipment state are changed, reduces the fail safe of whole network.
Summary of the invention
The object of the invention is to provide a kind of safety permission method and system, in order to improve new equipment access or equipment state change time network fail safe.
The invention provides a kind of safety permission method, comprising:
The state of safety permission assembly monitor equipment in network, when there being the state of equipment to occur to change in described network, obtains the facility information that the equipment changed occurs;
Described safety permission device, according to described facility information, carries out security check to the described equipment occurring to change, obtains security check result;
Described safety permission device carries out risk assessment according to described security check result and default risk assessment algorithm to the described equipment occurring to change, and obtains risk evaluation result;
Described safety permission device determines whether to permit network described in the described equipment access occurring to change according to described risk evaluation result.
Present invention also offers a kind of safety permission system, comprise safety permission device, described safety permission device comprises:
Device status monitoring module, the state of equipment in monitor network, when there being the state of equipment to occur to change in described network, obtains the facility information that the equipment changed occurs;
Security check module, for according to described facility information, carries out security check to the described equipment occurring to change, obtains security check result; Risk evaluation module, for carrying out risk assessment according to described security check result and default risk assessment algorithm to the described equipment occurring to change, obtains risk evaluation result;
Equipment Admission Control module, permits network described in the described equipment access occurring to change for determining whether according to described risk evaluation result.
The invention provides a kind of safety permission method and system, by the monitoring state of safety permission device to equipment in network, when there being the state of equipment to occur to change in described network, obtain the facility information that the equipment changed occurs, and according to described facility information, security check is carried out to the described equipment occurring to change, obtains security check result; And then according to described security check result and default risk assessment algorithm, risk assessment is carried out to the described equipment occurring to change, obtain risk evaluation result; Finally determine whether to permit network described in the described equipment access occurring to change according to described risk evaluation result, safety permission method provided by the invention can improve the fail safe of network when new equipment access or equipment state change.
Accompanying drawing explanation
The schematic flow sheet of a kind of safety permission method that Fig. 1 provides for one embodiment of the invention;
The structural representation of safety permission device in a kind of safety permission system that Fig. 2 provides for further embodiment of this invention.
Embodiment
The schematic flow sheet of the safety permission method that Fig. 1 provides for the embodiment of the present invention one, as shown in Figure 1, embodiments provides a kind of safety permission method, comprising:
Step 10: the state of safety permission assembly monitor equipment in network, when there being the state of equipment to occur to change in network, obtains the facility information that the equipment changed occurs.Mainly according to the information changing of equipment in network, the access of such as new equipment, the unloading of existing device, existing device state updating, makes regular check on the variation of various ways.Concrete facility information is some information routinely of equipment, and the CPU of such as equipment runs processing speed, the memory size etc. of equipment.The monitored object of the present embodiment is the equipment of controlled network inside, is exactly the equipment of local area network (LAN) inside specifically.
Step 20: safety permission device, according to facility information, carries out security check to the equipment occurring to change, and obtains security check result.Service, system, application, configuration etc. that concrete security check result comprises in controlled network/terminal may unsafe leak or vulnerability informations.Security check for equipment can be undertaken by various scanner, such as RSAS(Remote Security Assessment System, telesecurity evaluating system), BVS(BenchmarkVerification System, security configuration check system) etc., above-mentioned security check scanner can provide the verification of the concrete security information to individual equipment.
Step 30: safety permission device carries out risk assessment according to security check result and default risk assessment algorithm to the equipment occurring to change, and obtains risk evaluation result.Concrete risk assessment algorithm is relevant with the scene information preset, default risk assessment algorithm can be safety permission device using the overall risk coefficient of network and the security check result input parameter as default risk assessment algorithm, calculate the equipment risk factor in a network occurring to change, determine the safe class that the equipment changed occurs.
Such as: the risk factor adjusting certain equipment in network is P (E|U
i)=f (X
1x
n; P (E)).Wherein, X
1x
nfor BVS/RSAS for occur change equipment indices done by assessment result; P (E) is the risk factor of whole network before this equipment adds, and when netinit, this coefficient is set to 1, and whole network default is secure network, and this coefficient constantly changes along with the interpolation/remove/change of equipment in network; U
ifor the concrete mark of certain concrete equipment, U is the set U={A of danger classes, B, C ....
And concrete f function is relevant with the scene information preset, set data security is different with the specific requirement of safety behavior primarily of controlled network, such as same operation or leak are safe, low danger at bank network, process can be postponed or do not process, but may be dangerous in research institute or military network, by that analogy.So f function needs according to concrete default scene information, concrete operation or leak are set, such as SNMP(Simple Network Management Protocol, Simple Network Management Protocol) traceback, the leak of a kind of path backtracking, the leak of this type can be ignored in some scene, think that it belongs to the leak of network without impact, but this leak also can cause safety problem under the scene had.Again such as WEB server response visitor request and return some system informations of WEB server, this belongs to normal response in most cases, but this response also may provide some information for the invasion of assailant, thus causes potential safety hazard.So the present embodiment is mainly for different scene informations, concrete network environment, for the difference of the requirement of fail safe, designs f function, makes it meet the requirement of current network to scene information.
Such as, a kind of optional design to f function is: according to the scene information preset, and in conjunction with the overall risk situation of current network, if higher in overall network risk, then ignore the extremely low leak of some danger coefficient as traceback, there is emphasis to process according to the height of current network overall risk coefficient to the leak of a different stage point situation when scene information is preset, last tabulate statistics information, use average weighted mode to calculate the risk factor of equipment.Specific descriptions for algorithm are as follows:
First: make safe class according to current up-to-date vulnerability database information and the particular vulnerability of security expert to particular network and distinguish, safe class uses the priori risk factor of single leak to characterize.The concrete safe class of specific leak in current network conditions is distinguished and is exemplified as: current network conditions is the internal network of certain unit, intranet resources is controlled, but some terminal wherein has the demand of access outer net, be divided into as 4 grades according to vulnerability database information and security expert to safe class, be respectively A level, B level, C level, D level, wherein the danger coefficient of leak increases along with the increase of progression, and D level is the unacceptable leak type of current network conditions; Such as, in current network conditions, the danger coefficient of leak traceback is B level, and the request of leak WEB server response visitor the danger coefficient returning WEB server is D level.
Concrete, the admittable regulation of at least one safe class preset comprises:
A level: allow equipment access, manages and/or accesses internal network and external network;
B level: allow equipment access, access internal network and external network;
C level: allow equipment access, access external network;
D level: forbid any network of equipment access.
On the basis of above-mentioned leak classification of type, the first step: the security check result scanning this equipment, statistics is not wherein by the vulnerability information that present networks environment accepts, and namely the risk factor of single leak is the leak of D level.If this type of leak number >=1, then the risk factor of this equipment:
wherein X
ifor not certain leak of accepting by present networks, n is the sum of this kind of leak.Obviously this equipment is not allowed access in present networks environment, if without this leak, then proceed to next step in such cases.
Second step: existing vulnerability information is divided into m class according to different hazard types, as system vulnerability, software vulnerability, dangerous configuration etc., wherein the danger coefficient P (E) of whole network participates in computing as parameter, according to present networks environment, arranges corresponding weights γ to the leak of individual type
m, wherein
the now risk factor of this equipment
wherein n is the sum of m class leak.
Step 40: safety permission device determines whether according to risk evaluation result the type permitting occurring equipment access network and the access of changing.
The present embodiment provides a kind of safety permission method, by the monitoring state of safety permission device to equipment in network, when there being the state of equipment to occur to change in network, obtain the facility information that the equipment changed occurs, and according to facility information, security check is carried out to the equipment occurring to change, obtains security check result; And then according to security check result and default risk assessment algorithm, risk assessment is carried out to the equipment occurring to change, obtain risk evaluation result; Finally determine whether according to risk evaluation result the type permitting occurring equipment access network and the access of changing, safety permission method provided by the invention can improve the fail safe of network when new equipment access or equipment state change.
Dynamically security evaluation is carried out to the equipment of access network, and determines whether allow its access network in conjunction with concrete network environment on this basis.This scheme scheme of the prior art is compared, and has applied widely, real-time, and coefficient of safety is high and can handling strong advantage.
Preferred as technique scheme, network comprises internal network and external network;
Step 40: according to risk evaluation result, safety permission device determines whether that the type permitting occurring equipment access network and the access of changing comprises:
The admittable regulation of risk evaluation result and at least one default safe class compares by safety permission device, determines that the network type that the equipment occurring to change can be accessed by, admittable regulation comprise the safe class of admittable regulation and the network type of allowance access;
The network that the equipment access that safety permission device controls to occur to change is corresponding with the accessible network type determined.
Concrete, risk evaluation result P (E|U
i) determine after, the threshold value reached required for the safe class A in the default admittable regulation of present networks environment, B, C, D level equipment, determines whether the equipment access network permitting occurring to change and the type of access.
P (E|U
i) lower threshold of >=A level time, allow equipment access, management and/or access internal network and external network;
<P (the E|U during lower threshold of B level
i) lower threshold of <=A level time, allow equipment access, access internal network and external network;
<P (the E|U during lower threshold of C level
i) lower threshold of <=B level time, allow equipment access, access external network;
P (E|U
i) lower threshold of <=C level time, forbid any network of equipment access.
Such as: risk factor P (E|U
i) corresponding corresponding safe class B between safe class A, 0.4-0.6 between 0.1-0.3.
Preferred as technique scheme, comprises after there is the equipment access network changed:
According to equipment each in network risk factor in a network, and the proportion that in network, each safe class is corresponding, upgrade the overall risk coefficient of network;
Proportion corresponding for each safe class in the overall risk coefficient of the network after renewal and network is sent security state evaluation server, to assess the safe condition of current network.
The overall risk FACTOR P (E) of network is as follows at formula:
wherein parameter P (U) is the shared in the entire network proportion of U group, the proportion that namely safe class is corresponding, such as U={A, B, C, D}.
Concrete computing equipment weight P (U
i| E), computing formula is:
P (A), P (B), P (C) represents the proportion of equipment shared by current network type of three kinds of security types respectively, P (A)+P (B)+P (C)=1.
Calculate the complete result transmission security state evaluation server that will calculate.
The structural representation of safety permission device in a kind of safety permission system that Fig. 2 provides for further embodiment of this invention, as shown in Figure 2, a kind of safety permission system, comprises safety permission device, and described safety permission device comprises:
Device status monitoring module 100, the state of equipment in monitor network, when there being the state of equipment to occur to change in network, obtains the facility information that the equipment changed occurs;
Security check module 200, for according to facility information, carries out security check to the equipment occurring to change, obtains security check result;
Risk evaluation module 300, for carrying out risk assessment according to security check result and default risk assessment algorithm to the equipment occurring to change, obtains risk evaluation result;
Equipment Admission Control module 400, for determining whether the type permitting occurring equipment access network and the access of changing according to risk evaluation result.
The present embodiment provides a kind of safety permission device, by the monitoring state of device status monitoring module to equipment in network, when there being the state of equipment to occur to change in network, obtain the facility information that the equipment changed occurs, security check module is according to facility information, security check is carried out to the equipment occurring to change, obtains security check result; Risk evaluation module carries out risk assessment according to security check result and default risk assessment algorithm to the equipment occurring to change, and obtains risk evaluation result; Equipment Admission Control module determines whether the equipment access network permitting occurring to change and the type of access according to risk evaluation result, and safety permission device provided by the invention can improve the fail safe of network when new equipment access or equipment state change.
The specific implementation process of the safety permission device that the present embodiment provides is identical with the process of safety permission method in above-described embodiment, does not repeat them here.
Preferred as technique scheme, network comprises internal network and external network;
Equipment Admission Control module 400 comprises:
Equipment Risk coefficient calculation unit, for the admittable regulation of risk evaluation result and at least one default safe class is compared, determine that the network type that the equipment occurring to change can be accessed by, admittable regulation comprise the safe class of admittable regulation and permit the network type of access;
Equipment Risk coefficient transmitting element, the network that the equipment access for controlling to occur to change is corresponding with the accessible network type determined.
Preferred as technique scheme, risk evaluation module 300 specifically for:
According to the overall risk coefficient of network and security check result as the input parameter of default risk assessment algorithm, calculate the equipment risk factor in a network occurring to change, determine the safe class that the equipment changed occurs.
Preferred as technique scheme, the admittable regulation of at least one safe class preset comprises:
A level: allow equipment access, manages and/or accesses internal network and external network;
B level: allow equipment access, access internal network and external network;
C level: allow equipment access, access external network;
D level: forbid any network of equipment access.
Preferred as technique scheme, safety permission system also comprises the security state evaluation server communicated with described safety permission device;
Safety permission device also comprises and also comprising:
Network risks coefficients calculation block, for after there is the equipment access network changed, according to equipment each in network risk factor in a network, and the proportion that in network, each safe class is corresponding, upgrade the overall risk coefficient of network;
Network risks coefficient sending module, for sending to security state evaluation server, to assess the safe condition of current network by proportion corresponding for each safe class in the overall risk coefficient of the network after renewal and network; Wherein,
Security state evaluation server, for receiving the proportion that in the overall risk coefficient of the network after renewal and network, each safe class is corresponding, and the safe condition than reevaluating current network corresponding according to each safe class in the overall risk coefficient of described network and network.
One of ordinary skill in the art will appreciate that: all or part of step realizing above-mentioned each embodiment of the method can have been come by the hardware that program command is relevant.Aforesaid program can be stored in a computer read/write memory medium.This program, when performing, performs the step comprising above-mentioned each embodiment of the method; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium.
Last it is noted that above each embodiment is only in order to illustrate technical scheme of the present invention, be not intended to limit; Although with reference to foregoing embodiments to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein some or all of technical characteristic; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the scope of various embodiments of the present invention technical scheme.
Claims (6)
1. a safety permission method, is characterized in that, comprising:
The state of safety permission assembly monitor equipment in network, when there being the state of equipment to occur to change in described network, obtains the facility information that the equipment changed occurs;
Described safety permission device, according to described facility information, carries out security check to the described equipment occurring to change, obtains security check result; Described security check scanner provides the verification of the concrete security information to individual equipment;
Described safety permission device carries out risk assessment according to described security check result and default risk assessment algorithm to the described equipment occurring to change, and obtains risk evaluation result; Described acquisition risk evaluation result comprises: described safety permission device is using the overall risk coefficient of described network and the described security check result input parameter as described default risk assessment algorithm, calculate the described risk factor of equipment in described network occurring to change, determine the described safe class that the equipment changed occurs;
Described safety permission device determines whether to permit network described in the described equipment access occurring to change according to described risk evaluation result;
Comprise after network described in the described equipment access occurring to change:
According to the risk factor of equipment each in described network in described network, and the proportion that in described network, each safe class is corresponding, upgrade the overall risk coefficient of described network;
Proportion corresponding for each safe class in the overall risk coefficient of the described network after renewal and described network is sent to security state evaluation server, to assess the safe condition of current network.
2. safety permission method according to claim 1, is characterized in that, described network comprises internal network and external network;
According to described risk evaluation result, described safety permission device determines whether that permitting network described in the described equipment access occurring to change comprises:
The admittable regulation of described risk evaluation result and at least one default safe class compares by described safety permission device, determine that the network type that the described equipment occurring to change is accessible, described admittable regulation comprise the safe class of described admittable regulation and permit the network type of access;
Described safety permission device controls the described equipment access occurring the to change network corresponding with the described accessible network type determined.
3. safety permission method according to claim 2, is characterized in that, the admittable regulation of described at least one default safe class comprises:
A level: allow equipment access, manage and/or access described internal network and described external network;
B level: allow equipment access, access described internal network and described external network;
C level: allow equipment access, access described external network;
D level: forbid any network of equipment access.
4. a safety permission system, is characterized in that, comprises safety permission device, and described safety permission device comprises:
Device status monitoring module, the state of equipment in monitor network, when there being the state of equipment to occur to change in described network, obtains the facility information that the equipment changed occurs;
Security check module, for according to described facility information, carries out security check to the described equipment occurring to change, obtains security check result; Described security check module is specifically for the verification that provides the concrete security information to individual equipment with scanner;
Risk evaluation module, for carrying out risk assessment according to described security check result and default risk assessment algorithm to the described equipment occurring to change, obtains risk evaluation result; Described risk evaluation module specifically for: according to the overall risk coefficient of described network and the described security check result input parameter as described default risk assessment algorithm, calculate the described risk factor of equipment in described network occurring to change, determine the described safe class that the equipment changed occurs;
Equipment Admission Control module, permits network described in the described equipment access occurring to change for determining whether according to described risk evaluation result;
Described safety permission system also comprises the security state evaluation server communicated with described safety permission device;
Described safety permission device also comprises: network risks coefficients calculation block, for after network described in the described equipment access occurring to change, according to the risk factor of equipment each in described network in described network, and the proportion that in described network, each safe class is corresponding, upgrade the risk factor of the described equipment access occurring to change to described network after described network;
Network risks coefficient sending module, for sending to described security state evaluation server, to assess the safe condition of current network by proportion corresponding for each safe class in the overall risk coefficient of the described network after renewal and described network; Wherein,
Described security state evaluation server, for receiving the proportion that in the overall risk coefficient of the described network after renewal and described network, each safe class is corresponding, and the safe condition than reevaluating current network corresponding according to each safe class in the overall risk coefficient of described network and network.
5. safety permission system according to claim 4, is characterized in that, described network comprises internal network and external network;
Described equipment Admission Control module comprises:
Equipment Risk coefficient calculation unit, for the admittable regulation of described risk evaluation result and at least one default safe class is compared, determine that the network type that the described equipment occurring to change is accessible, described admittable regulation comprise the safe class of described admittable regulation and permit the network type of access;
Equipment Risk coefficient transmitting element, for controlling the described equipment access occurring the to change network corresponding with the described accessible network type determined.
6. safety permission system according to claim 5, is characterized in that,
The admittable regulation of described at least one default safe class comprises:
A level: allow equipment access, manage and/or access described internal network and described external network;
B level: allow equipment access, access described internal network and described external network;
C level: allow equipment access, access described external network;
D level: forbid any network of equipment access.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210313824.5A CN102833107B (en) | 2012-08-29 | 2012-08-29 | Safety access method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210313824.5A CN102833107B (en) | 2012-08-29 | 2012-08-29 | Safety access method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102833107A CN102833107A (en) | 2012-12-19 |
| CN102833107B true CN102833107B (en) | 2015-05-20 |
Family
ID=47336085
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210313824.5A Active CN102833107B (en) | 2012-08-29 | 2012-08-29 | Safety access method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102833107B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103905265B (en) * | 2012-12-27 | 2018-03-23 | ***通信集团公司 | The detection method and device of newly added equipment in a kind of network |
| CN107070951A (en) * | 2017-05-25 | 2017-08-18 | 北京北信源软件股份有限公司 | A kind of intranet security guard system and method |
| CN113037502B (en) * | 2021-05-25 | 2021-09-21 | 广东信通通信有限公司 | Switch safety access method, device, storage medium and network system |
| CN114039779A (en) * | 2021-11-09 | 2022-02-11 | 安天科技集团股份有限公司 | Method and device for safely accessing network, electronic equipment and storage medium |
| CN115277134A (en) * | 2022-07-13 | 2022-11-01 | 深圳铸泰科技有限公司 | Pre-access management system and method based on Internet of things security platform |
-
2012
- 2012-08-29 CN CN201210313824.5A patent/CN102833107B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN102833107A (en) | 2012-12-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| de Gusmão et al. | Cybersecurity risk analysis model using fault tree analysis and fuzzy decision theory | |
| CN102833107B (en) | Safety access method and system | |
| US20200233956A1 (en) | Framework for cyber-physical system protection of electric vehicle charging stations and power grid | |
| CN109495502B (en) | Industrial control network security and health index evaluation method and device | |
| US11982409B2 (en) | Safety monitoring methods and Internet of Things systems of pipe network reliability degree based on intelligent gas | |
| Sumalee et al. | Network capacity reliability analysis considering traffic regulation after a major disaster | |
| US8087090B2 (en) | Fuzzy multi-level security | |
| US20090106844A1 (en) | System and method for vulnerability assessment of network based on business model | |
| Robinson | Patrolling the borders of risk: the new bifurcation of probation services in England & Wales | |
| Donnot et al. | Optimization of computational budget for power system risk assessment | |
| Vargas et al. | Impacts of 5G on cyber-physical risks for interdependent connected smart critical infrastructure systems | |
| CN114362994B (en) | Multilayer different-granularity intelligent aggregation railway system operation behavior safety risk identification method | |
| Krundyshev et al. | The security risk analysis methodology for smart network environments | |
| Mohajerani et al. | Cyber-related risk assessment and critical asset identification within the power grid | |
| König et al. | Parametrization of Probabilistic Risk Models | |
| US9323271B2 (en) | Electricity management apparatus and electricity management method | |
| CN117763555A (en) | Power distribution network data safety protection and evaluation method based on block chain | |
| CN115801460B (en) | Power distribution information physical system security risk assessment method considering network attack vulnerability | |
| CN116170197A (en) | Risk control method and device for user behavior data | |
| CN113794682B (en) | Industrial Internet of things intrusion detection intelligent agent training method, device and equipment | |
| Wei | Application of Bayesian algorithm in risk quantification for network security | |
| Awiszus et al. | Building resilience in cybersecurity: An artificial lab approach | |
| CN115686756A (en) | Virtual machine migration method and device, storage medium and electronic equipment | |
| CN109766243B (en) | Multi-core host performance monitoring method based on power function | |
| CN106411707A (en) | Dual-scale trust perception method based on aid decision making in social network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100089 3rd floor, Yitai building, 4 Beiwa Road, Haidian District, Beijing Patentee after: NSFOCUS Technologies Group Co.,Ltd. Patentee after: NSFOCUS TECHNOLOGIES Inc. Address before: 100089 3rd floor, Yitai building, 4 Beiwa Road, Haidian District, Beijing Patentee before: NSFOCUS INFORMATION TECHNOLOGY Co.,Ltd. Patentee before: NSFOCUS TECHNOLOGIES Inc. |