CN105207778A - Method of realizing package identity identification and digital signature on access gateway equipment - Google Patents
Method of realizing package identity identification and digital signature on access gateway equipment Download PDFInfo
- Publication number
- CN105207778A CN105207778A CN201410317345.XA CN201410317345A CN105207778A CN 105207778 A CN105207778 A CN 105207778A CN 201410317345 A CN201410317345 A CN 201410317345A CN 105207778 A CN105207778 A CN 105207778A
- Authority
- CN
- China
- Prior art keywords
- packet
- user
- gateway equipment
- digital signature
- private key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 238000013507 mapping Methods 0.000 claims description 4
- 238000012795 verification Methods 0.000 abstract 1
- 238000013461 design Methods 0.000 description 4
- 238000000869 ion-assisted deposition Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 230000004308 accommodation Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method of realizing a package identity identification and a digital signature on access gateway equipment. The method comprises the following steps that an address analysis table of the access gateway equipment is expanded and a user identity identification and a user private key are stored; a user host initiates identity authentication, and after authentication is successful, an authentication server issues the user identity identification and the user private key to the access gateway equipment; the access gateway equipment carries out identity identification and digital signature adding on a data package sent by the user host under the condition that a setting condition is accorded with and then forwards the data package. By using the method, when a user identity verification mechanism is established, an existing network protocol is not influenced; and cost is less, which is good for incremental deployment.
Description
Technical field
The present invention relates to IP communication technical field, particularly relate to a kind of method realizing bag identify label and digital signature on accessing gateway equipment.
Background technology
Because the Internet only carries out addressing forwarding by destination address, and internet architecture itself lacks the authentication mechanism to packet IP source address, the existence of a large amount of attacks which results in the deception of packet IP source address and caused by source address spoofing, and be only according to being difficult to trace attack source with source address afterwards.Simultaneously, although IP address has the dual semanteme of position and identity simultaneously, but because the opening of the Internet lacks again subscriber authentication mechanism, and then causing the weak rigidity between IP address and user, being therefore difficult to reach according to reviewing the object that attack source identifies user identity.This also just causes the insincere property of internet data bag, anonymity and camouflage.
In fact, more existing scheme is by ensureing the credibility of IP source address, part or indirectly reach the object of carrying out authentication in territory, these schemes are mainly divided into source address encipherment scheme, agreement heavy design, protocol stack modification and packet filtering scheme etc.Source address encipherment scheme is encrypted source address mainly through symmetric encipherment algorithm, and by sharing the mode of encryption key, carries out at receiving terminal the authenticity verifying sender, but the fail safe that key is propagated limits the accommodation of this kind of scheme; The heavy design of agreement is the field utilizing less use in IP head, thus insert self-defined specific mark, in receiving terminal identification, these mark thus judge the true and false of source address, but this mechanism may have influence on QoS in other interior agreements or service, malicious user still can reach the object of pretending to be by copying mark simultaneously; Protocol stack modification is in the intermediate layer referring to set up " host identities " between IP layer and transport layer, by encryption and mapping mechanism, ensure relevance and the reliability of host identities mark and IP address maps, but the shortcoming of this mechanism needs to revise the protocol stack of end host, it is larger therefore to realize and dispose cost; Last packet filtering scheme, mainly on user's couple in router, utilize data source address reverse find routing table, thus differentiate whether the packet of this IP address can enter from incoming interface, and then reach the object preventing from this subnet from sending not belonging to this subnet of ip address range data bag, but due to the depositing of asymmetry of route, make the possibility that mechanism also exists error or fails to judge.
Summary of the invention
Main purpose of the present invention is to propose a kind of adding method realized on access device user data package identify label and digital signature, and while setting up subscriber authentication mechanism, do not affect existing network protocol, overhead cost is little, is conducive to incremental deploying.
Accessing gateway equipment realizes a method for bag identify label and digital signature, comprises the following steps:
The address resolution table (ARP table) of A1, expansion accessing gateway equipment is to store User Identity and private key for user;
Authentication initiated by A2, subscriber's main station, and after authentication success, certificate server issues User Identity and private key for user to accessing gateway equipment;
A3, accessing gateway equipment carry out identify label when meeting and imposing a condition to the packet that subscriber's main station is sent and digital signature is added, then forwards this packet.
Preferably, described expansion comprises increases and stores Autonomous Domain number, User Identity, signature private key and certification binding state four fields.
Preferably, steps A 2 comprises:
Subscriber's main station sends the IP address of user name, Crypted password, the IP address of main frame, MAC Address and gateway to certificate server;
If authenticating user identification success, certificate server according to the port numbers of its access of MAC Address reverse find, forms the complete best property of attribute mapping relation of main frame and registers on the equipment of user access networks pass;
Certificate server issues Autonomous Domain belonging to subscriber's main station number, User Identity and signature private key to the user access networks equipment that closes, and user access networks close the mode field of renewal of the equipment host record is simultaneously " authentication success ".
Preferably, steps A 3 comprises:
First accessing gateway equipment judges whether the current type of data packet sent of subscriber's main station is applicable to adding identify label, otherwise processes by general data bag;
Whether the record binding state judging this subscriber's main station in ARP table is " authentication success ", otherwise directly abandons;
Judge whether setting themselves rule allows this packet to be forwarded, otherwise directly abandon;
If above-mentioned judgement is all successful, targets option packet header is added to packet, and fill ASN and UID, simultaneously, adopt Digital Signature Algorithm, and utilize private key for user, upper-layer protocol unit and the current targets option packet header content except digital signature contents itself of packet is signed, the result of signature is updated in the signature field in targets option packet header;
The relevant field in the original packet header of packet is upgraded.
Preferably, in steps A 3, above-mentioned judgement judges successively.
Preferably, described setting rule comprises whether having forwarding authority.
Preferably, in steps A 3, judge whether type of data packet is applicable to adding identify label and comprises: judge whether packet belongs to specific protocol packet, is, think and be not suitable for adding, described specific protocol such as DNS, DHCP.
Preferably, described packet is IPv6 packet, and described accessing gateway equipment is switch or router.
Preferably, receiving device utilizes identify label and digital signature to verify identity of the sender when receiving packet.
Preferably, intermediate forwarding devices is ignored targets option packet header.
Beneficial effect of the present invention:
The present invention under the prerequisite not revising host protocol stack and main protocol, can realize the identity real name of packet, and can support cross-domain identify label identification and checking.The present invention can to the identify label of packet sender; effectively can prevent identify label, the distorting and denying of packet content; can also stop the reverse derivation of identify label thus the privacy of protection user identity, total complete machine system can reach the object reducing the Internet and attack, build secure and trusted the Internet simultaneously.Compared with adding scheme with other source address validation or identify label, the present invention has that to realize overhead cost little, and security reliability is high, and is beneficial to the feature of incremental deploying.
Accompanying drawing explanation
Fig. 1 is the ARP table expansion schematic diagram of the accessing gateway equipment in the embodiment of the present invention;
Fig. 2 is the targets option packet header design drawing comprising identify label and digital signature in the embodiment of the present invention;
Fig. 3 is the handling process schematic diagram of the accessing gateway equipment in the embodiment of the present invention to packet.
Embodiment
Contrast accompanying drawing below in conjunction with embodiment the present invention is described in further detail.It is emphasized that following explanation is only exemplary, instead of in order to limit the scope of the invention and apply.
It is considered herein that, believable source address is the necessary condition that in territory, data packet identity ownership identifies, and believable User Identity is the necessary condition that between territory, data packet identity ownership identifies.Therefore, making packet carry authentic and valid identity of the sender mark, allow recipient can verify the true or false of transmit leg identity, is effectively reduce the Internet attack, the believable important means of enhancing internet security.According to embodiments of the invention, can under IPv6 environment, utilize user three layer access net pass equipment (IAD switch or IAD router) to add the mechanism of User Identity and digital signature to user data package, comprise step: the address resolution table (ARP table) of expansion IAD switch or router is to store User Identity and private key for user; User initiates authentication, and after authentication success, certificate server issues User Identity and private key to accessing gateway equipment; Accessing gateway equipment carries out identify label to the nonspecific protocol data bag of user and digital signature is added, then carries out packet forwarding.Compare existing program, this method has better fail safe and realizability, and deployment cost is less, does not destroy existing any agreement, user rs host protocol stack and routing device framework, also has well incremental deployment simultaneously.
Further, embodiments of the invention can comprise the following steps:
1. expand the address resolution table (ARP table) of accessing gateway equipment:
1.1 on the basis of existing switch ARP table, and this method adds Autonomous Domain number, User Identity, signature private key and authentication state four fields, and as shown in Figure 1, rear four fields are for newly to add field;
2. authenticating user identification:
2.1 users carry out certification by client software to certificate server, send the IP address of user name, Crypted password, the IP address of main frame, MAC Address and gateway;
If 2.2 authenticating user identification successes, certificate server according to agreements such as SNMP, on the equipment of user access networks pass, according to the port numbers of its access of MAC Address reverse find, will be formed the complete best property of attribute mapping relation of main frame and registers;
2.3 certificate servers issue Autonomous Domain belonging to user number, identify label UID and private key by OpenFlow, SSL or snmp protocol to user's access switch, and accessing gateway equipment upgrades the mode field of host record is simultaneously " authentication success (AuthSucc) ";
3. accessing gateway equipment adds identify label and digital signature to packet, as shown in Figure 3:
First 3.1 IADs judge that user sends the current packet sent and whether is applicable to adding identify label, otherwise process by general data bag;
If 3.2 previous step successes, also should judge that whether user record binding state is successful, otherwise directly abandon;
If 3.3 previous step successes, also should judge whether self rule allows this packet to be forwarded, otherwise directly abandon;
3.4 pairs of IPv6 packets add targets option packet header, and fill ASN and UID, as shown in Figure 2.Simultaneously, adopt Digital Signature Algorithm, as RSA-SHA-256, RSA-SHA-512, ECDSA-SHA-256, ECDSA-SHA-512 etc. also utilize the private key of user to sign to the upper-layer protocol unit of packet and current targets option packet header content (not containing digital signature content itself), are updated in the signature field in targets option packet header by the result (256bit, or 512bit) of signature;
The relevant field in the original packet header of 3.5 couples of IPv6, as the relevant fields such as next packet header, packet header length upgrade.
4. accessing gateway equipment sends packet.
According to a kind of embodiment, after accessing gateway equipment forwards this packet, intermediate forwarding devices can be ignored targets option packet header, and receiving terminal can be verified the integrality of packet and identity of the sender accordingly.
Fig. 1 shows the one design of accessing gateway equipment expansion ARP table, for storing private key, the identify label of user after user authentication success, and the state of Autonomous Domain number and certification binding.
Fig. 2 shows and utilizes IPv6 targets option packet header and the self-defined package head format of one created.
Accessing gateway equipment sends the processing procedure of packet as shown in Figure 3 to user, namely the packet not being suitable for this method is first got rid of, secondly user's whether certification is judged, judge whether this packet has forwarding authority again, finally add by above option package head format and upgrade, finally forwarding.
Overall plan of the present invention does not revise any agreement, host client protocol stack, does not affect network existing capability yet, and for the renewal efficiency in packet header, existing commercial switch all can accomplish linear speed.For certification and the delivering key process of user, can accomplished in many ways be passed through, as 802.1x, SNMP etc.The hash algorithm with signature algorithm conbined usage is depended on as the option packet header overhead issues of adding, the length of digital signature is respectively for following concrete signature algorithm situation: RSA-MD5:128bit, RSA-SHA-1:160bit, RSA-SHA-256:256bit, RSA-SHA-512:512bit, the targets option packet header of therefore adding only accounts for (1500byte) 1.87% of MTU respectively, 2.13%, 2.93%, and 5.07%, therefore packet header expense is also little.
Above content, in conjunction with concrete/preferred embodiment further description made for the present invention, can not assert that specific embodiment of the invention is confined to these explanations.For general technical staff of the technical field of the invention; without departing from the inventive concept of the premise; its embodiment that can also describe these makes some substituting or modification, and these substitute or variant all should be considered as belonging to protection scope of the present invention.
Claims (10)
1. on accessing gateway equipment, realize a method for bag identify label and digital signature, it is characterized in that, comprise the following steps:
The address resolution table (ARP table) of A1, expansion accessing gateway equipment is to store User Identity and private key for user;
Authentication initiated by A2, subscriber's main station, and after authentication success, certificate server issues User Identity and private key for user to accessing gateway equipment;
A3, accessing gateway equipment carry out identify label when meeting and imposing a condition to the packet that subscriber's main station is sent and digital signature is added, then forwards this packet.
2. the method for claim 1, is characterized in that, described expansion comprises to be increased and store Autonomous Domain number, User Identity, signature private key and certification binding state four fields.
3. method as claimed in claim 2, it is characterized in that, steps A 2 comprises:
Subscriber's main station sends the IP address of user name, Crypted password, the IP address of main frame, MAC Address and gateway to certificate server;
If authenticating user identification success, certificate server according to the port numbers of its access of MAC Address reverse find, forms the complete best property of attribute mapping relation of main frame and registers on the equipment of user access networks pass;
Certificate server issues Autonomous Domain belonging to subscriber's main station number, User Identity and signature private key to the user access networks equipment that closes, and user access networks close the mode field of renewal of the equipment host record is simultaneously " authentication success ".
4. method as claimed in claim 2, it is characterized in that, steps A 3 comprises:
First accessing gateway equipment judges whether the current type of data packet sent of subscriber's main station is applicable to adding identify label, otherwise processes by general data bag;
Whether the record binding state judging this subscriber's main station in ARP table is " authentication success ", otherwise directly abandons;
Judge whether setting themselves rule allows this packet to be forwarded, otherwise directly abandon;
If above-mentioned judgement is all successful, targets option packet header is added to packet, and fill ASN and UID, simultaneously, adopt Digital Signature Algorithm, and utilize private key for user, upper-layer protocol unit and the current targets option packet header content except digital signature contents itself of packet is signed, the result of signature is updated in the signature field in targets option packet header;
The relevant field in the original packet header of packet is upgraded.
5. method as claimed in claim 4, it is characterized in that, in steps A 3, above-mentioned judgement judges successively.
6. method as claimed in claim 4, it is characterized in that, described setting rule comprises whether having forwarding authority.
7. method as claimed in claim 4, it is characterized in that, in steps A 3, judge whether type of data packet is applicable to adding identify label and comprises: judge whether packet belongs to specific protocol packet, think and be not suitable for adding, described specific protocol such as DNS, DHCP.
8. method as claimed in claim 4, it is characterized in that, described packet is IPv6 packet, and described accessing gateway equipment is switch or router.
9. the method as described in any one of claim 1 to 8, is characterized in that, receiving terminal utilizes identify label and digital signature to verify identity of the sender when receiving packet.
10. the method as described in any one of claim 1 to 9, is characterized in that, intermediate forwarding devices is ignored targets option packet header.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410317345.XA CN105207778B (en) | 2014-07-03 | 2014-07-03 | A method of realizing packet identity and digital signature on accessing gateway equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410317345.XA CN105207778B (en) | 2014-07-03 | 2014-07-03 | A method of realizing packet identity and digital signature on accessing gateway equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105207778A true CN105207778A (en) | 2015-12-30 |
| CN105207778B CN105207778B (en) | 2019-04-16 |
Family
ID=54955234
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410317345.XA Expired - Fee Related CN105207778B (en) | 2014-07-03 | 2014-07-03 | A method of realizing packet identity and digital signature on accessing gateway equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105207778B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105959308A (en) * | 2016-06-30 | 2016-09-21 | 中电长城网际***应用有限公司 | Internal network IP data packet management method and system, and devices |
| CN106254355A (en) * | 2016-08-10 | 2016-12-21 | 武汉信安珞珈科技有限公司 | The security processing of a kind of the Internet protocol data bag and system |
| CN106302386A (en) * | 2016-07-25 | 2017-01-04 | 深圳信息职业技术学院 | A kind of method promoting IPv6 protocol data bag safety |
| CN110087025A (en) * | 2019-03-18 | 2019-08-02 | 视联动力信息技术股份有限公司 | A kind of directory verfification method and apparatus |
| CN110266518A (en) * | 2019-05-22 | 2019-09-20 | 清华大学 | The address IPv6 source tracing method, device and electronic equipment based on SDN |
| CN111182497A (en) * | 2019-12-27 | 2020-05-19 | 国家计算机网络与信息安全管理中心 | V2X anonymous authentication method, device and storage medium |
| CN112565253A (en) * | 2020-12-02 | 2021-03-26 | 清华大学 | Method and device for verifying inter-domain source address, electronic equipment and storage medium |
| WO2024001645A1 (en) * | 2022-06-28 | 2024-01-04 | 中兴通讯股份有限公司 | Packet processing method, switching device, terminal, and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1620034A (en) * | 2003-11-21 | 2005-05-25 | 维豪信息技术有限公司 | Identification gateway and its data treatment method |
| CN1825853A (en) * | 2006-03-30 | 2006-08-30 | 迈普(四川)通信技术有限公司 | Method for increasing LAN communication safety |
| CN101304407A (en) * | 2007-05-09 | 2008-11-12 | 华为技术有限公司 | Method, system and apparatus for authentication of source address |
| CN101330494A (en) * | 2007-06-19 | 2008-12-24 | 瑞达信息安全产业股份有限公司 | Method for implementing computer terminal safety admittance based on credible authentication gateway |
| CN101710906A (en) * | 2009-12-18 | 2010-05-19 | 工业和信息化部电信传输研究所 | IPv6 address structure and method and device for allocating and tracing same |
| WO2013089396A1 (en) * | 2011-12-16 | 2013-06-20 | 주식회사 코닉글로리 | Method for preventing intrusion in real time in wired and wireless integration system |
-
2014
- 2014-07-03 CN CN201410317345.XA patent/CN105207778B/en not_active Expired - Fee Related
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1620034A (en) * | 2003-11-21 | 2005-05-25 | 维豪信息技术有限公司 | Identification gateway and its data treatment method |
| CN1825853A (en) * | 2006-03-30 | 2006-08-30 | 迈普(四川)通信技术有限公司 | Method for increasing LAN communication safety |
| CN101304407A (en) * | 2007-05-09 | 2008-11-12 | 华为技术有限公司 | Method, system and apparatus for authentication of source address |
| CN101330494A (en) * | 2007-06-19 | 2008-12-24 | 瑞达信息安全产业股份有限公司 | Method for implementing computer terminal safety admittance based on credible authentication gateway |
| CN101710906A (en) * | 2009-12-18 | 2010-05-19 | 工业和信息化部电信传输研究所 | IPv6 address structure and method and device for allocating and tracing same |
| WO2013089396A1 (en) * | 2011-12-16 | 2013-06-20 | 주식회사 코닉글로리 | Method for preventing intrusion in real time in wired and wireless integration system |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105959308A (en) * | 2016-06-30 | 2016-09-21 | 中电长城网际***应用有限公司 | Internal network IP data packet management method and system, and devices |
| CN105959308B (en) * | 2016-06-30 | 2019-03-15 | 中电长城网际***应用有限公司 | A kind of Intranet IP data package management method, apparatus and system |
| CN106302386A (en) * | 2016-07-25 | 2017-01-04 | 深圳信息职业技术学院 | A kind of method promoting IPv6 protocol data bag safety |
| CN106254355A (en) * | 2016-08-10 | 2016-12-21 | 武汉信安珞珈科技有限公司 | The security processing of a kind of the Internet protocol data bag and system |
| CN106254355B (en) * | 2016-08-10 | 2019-04-05 | 武汉信安珞珈科技有限公司 | A kind of security processing and system of the Internet protocol data packet |
| CN110087025A (en) * | 2019-03-18 | 2019-08-02 | 视联动力信息技术股份有限公司 | A kind of directory verfification method and apparatus |
| CN110266518A (en) * | 2019-05-22 | 2019-09-20 | 清华大学 | The address IPv6 source tracing method, device and electronic equipment based on SDN |
| CN110266518B (en) * | 2019-05-22 | 2020-05-15 | 清华大学 | IPv6 address tracing method and device based on SDN and electronic equipment |
| CN111182497A (en) * | 2019-12-27 | 2020-05-19 | 国家计算机网络与信息安全管理中心 | V2X anonymous authentication method, device and storage medium |
| CN112565253A (en) * | 2020-12-02 | 2021-03-26 | 清华大学 | Method and device for verifying inter-domain source address, electronic equipment and storage medium |
| WO2024001645A1 (en) * | 2022-06-28 | 2024-01-04 | 中兴通讯股份有限公司 | Packet processing method, switching device, terminal, and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105207778B (en) | 2019-04-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9602485B2 (en) | Network, network node with privacy preserving source attribution and admission control and device implemented method therfor | |
| Andersen et al. | Accountable internet protocol (AIP) | |
| KR101585936B1 (en) | System for managing virtual private network and and method thereof | |
| US8068414B2 (en) | Arrangement for tracking IP address usage based on authenticated link identifier | |
| CN105207778A (en) | Method of realizing package identity identification and digital signature on access gateway equipment | |
| Ahmed et al. | IPv6 neighbor discovery protocol specifications, threats and countermeasures: a survey | |
| JP4410791B2 (en) | Address spoofing check device and network system | |
| US8181014B2 (en) | Method and apparatus for protecting the routing of data packets | |
| CN103188351B (en) | IPSec VPN traffic method for processing business and system under IPv6 environment | |
| US8576845B2 (en) | Method and apparatus for avoiding unwanted data packets | |
| US8650397B2 (en) | Key distribution to a set of routers | |
| WO2010048865A1 (en) | A method and device for preventing network attack | |
| US9930049B2 (en) | Method and apparatus for verifying source addresses in a communication network | |
| WO2015174100A1 (en) | Packet transfer device, packet transfer system, and packet transfer method | |
| WO2010000171A1 (en) | Communication establishing method, system and device | |
| Jiang et al. | Secure DHCPv6 Using CGAs | |
| US20110055571A1 (en) | Method and system for preventing lower-layer level attacks in a network | |
| KR100856918B1 (en) | Method for IP address authentication in IPv6 network, and IPv6 network system | |
| Hu et al. | TrueID: A practical solution to enhance Internet accountability by assigning packets with creditable user identity code | |
| EP1836559A2 (en) | Apparatus and method for traversing gateway device using a plurality of batons | |
| ENISA | ENISA | |
| Chang et al. | Using resource public key infrastructure for secure border gateway protocol | |
| He et al. | Network-layer accountability protocols: a survey | |
| Jiang et al. | Security‐Oriented Network Architecture | |
| Tschofenig et al. | Traversing middleboxes with the host identity protocol |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20190416 |