CN107294991B - Network function defense system based on output judgment and safety protection method - Google Patents

Network function defense system based on output judgment and safety protection method Download PDF

Info

Publication number
CN107294991B
CN107294991B CN201710537460.1A CN201710537460A CN107294991B CN 107294991 B CN107294991 B CN 107294991B CN 201710537460 A CN201710537460 A CN 201710537460A CN 107294991 B CN107294991 B CN 107294991B
Authority
CN
China
Prior art keywords
function
output
network
external network
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710537460.1A
Other languages
Chinese (zh)
Other versions
CN107294991A (en
Inventor
汤红波
游伟
赵星
王晓雷
赵宇
柏溢
黄开枝
金梁
朱可云
俞定玖
王领伟
陈云杰
秦小刚
冯莉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PLA Information Engineering University
Original Assignee
PLA Information Engineering University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PLA Information Engineering University filed Critical PLA Information Engineering University
Priority to CN201710537460.1A priority Critical patent/CN107294991B/en
Publication of CN107294991A publication Critical patent/CN107294991A/en
Application granted granted Critical
Publication of CN107294991B publication Critical patent/CN107294991B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention belongs to the technical field of network security, and particularly relates to a network function defense system and a security protection method based on output judgment, wherein the system comprises the following steps: n function executors, security agents and external networks for realizing the same network function; the method comprises the following steps: equally sending the input message of the external network to the N function executors; the information which needs to be output by the function executive body is synchronously processed; extracting effective output contents of the analyzed and synchronized output messages for comparison; receive at least
Figure DDA0001340978900000011
After the output messages with the same content are sent to the external network. The invention carries out safety verification on the output message sent by the function execution body to the external network, and at least after receiving the output message
Figure DDA0001340978900000012
After the output messages with the same content are transmitted to the external network, the success rate of secretly stealing sensitive data or sending attack messages to the external network by an attacker when a single or a small number of function executors are invaded or a backdoor with a bug exists is reduced.

Description

Network function defense system based on output judgment and safety protection method
Technical Field
The invention relates to the technical field of network security, in particular to a network function defense system and a security protection method based on output judgment.
Background
A network function executor in the cyberspace domain may be an instantiation of a network function entity or subnet to implement a certain function or a certain combination of functions in a network.
In the field of network space, a network function executor may exist in a master-standby mode or a load sharing mode in a pool form, but only a single function executor undertakes a specific task. The single function executive body has many potential safety hazards, an attacker can carry out intrusion to cause the attacker not to work normally, or send error or malicious messages, and even the invaded function executive body is taken as a springboard to attack other network equipment connected with the function executive body. Meanwhile, software and hardware of the function execution body cannot be completely controllable and credible, so that the possibility that an attacker secretly steals sensitive data in the function execution body by utilizing a bug or a backdoor exists. These are all issues that must be addressed in cyberspace security.
Disclosure of Invention
The invention provides a network function defense system and a safety protection method based on output judgment, aiming at the problems that the existing network function entity or subnet for realizing a certain network function or a certain network function combination has a bug backdoor, and an attacker can be used for secretly stealing private data or attacking an external network to threaten the safety of network space information.
The technical scheme of the invention is as follows: an output decision based network function defense system comprising: n function executors, security agents and external networks which realize the same network function, wherein the function executors communicate with the external networks through the security agents;
the function executor is an instantiation of a network function entity or a subnet and is used for communicating with an external network;
the safety agent is used for forwarding input messages sent by an external network and carrying out synchronous processing and safety verification on messages needing to be output by the function executive body;
the external network is used for communicating with the function execution body to realize corresponding network functions;
in the network function defense system based on output judgment, the function executors are instantiations of the network function entities or the subnet control parts, and other parts of the network function entities or the subnets are shared by the function executors.
The network function defense system based on output decision, the security agent includes:
the network function entity is used for encapsulating the N function executors, externally showing the N function executors as a network function entity or a subnet, and proxying and maintaining the connection relation between the function executors and an external network;
the function execution body is used for receiving input information sent by an external network to the function execution bodies and equally distributing the input information to the N function execution bodies;
the system is used for receiving the messages of the N function executors, synchronizing the messages to be output and extracting the effective output content of the messages.
In the network function defense system based on output judgment, the N function executors and the security agents are packaged in the same physical entity or distributed in different physical entities.
The network function safety protection method based on the output judgment comprises the following steps:
equally sending the input message of the external network to the N function executors;
the information which needs to be output by the function executive body is synchronously processed;
extracting effective output contents of the analyzed and synchronized output messages for comparison;
receive at least
Figure BDA0001340978880000021
After the output messages with the same content are sent to the external network.
Before the security agent compares the received output messages, the network function security protection method based on the output decision further comprises the following steps:
the security agent presets a waiting time window for the message to be output so as to synchronize the output messages of the N function executors;
the security agent starts timing after receiving a certain output message for the first time, and rejects the same output message exceeding the waiting time window;
the security agent only retains the first output message received when receiving a plurality of same output messages sent by the same function executive.
In the network function safety protection method based on output judgment, the number of output messages with the same content received by the safety agent is less than
Figure BDA0001340978880000031
And if the current time is short, the safety agent sends out a warning message and blocks all output messages.
The invention has the beneficial effects that: 1. the network function defense system based on output judgment, which is implemented by the invention, carries out safety verification on the output message sent by the function execution body to the external network, and after receiving at least
Figure BDA0001340978880000032
After the output messages with the same content are transmitted to the external network, the success rate of secretly stealing sensitive data or sending attack messages to the external network by an attacker when a single or a small number of function executors are invaded or a backdoor with a bug exists is reduced, even if N function executors all have the backdoors with the bug, the possibility of sending the same illegal messages at the same time is very low, and the safety of the system is effectively improved.
2. The invention adopts N function executors which can be integrated in the same physical entity or distributed in different physical entities; meanwhile, the security agent and the function executive body can be the same physical entity or can exist independently, and are used as an independent external entity for improving the network security, so that the complexity of network reconstruction is reduced, and the application flexibility is realized; the safety agent only extracts and compares the effective output content of the output message, has simple and relatively independent function and higher safety, and sends out warning messages and blocks all the output messages if the number of the output messages with the same content received by the safety agent is less than a preset value.
Drawings
For a clear explanation of the technical solutions of the embodiments of the present application, the drawings needed for describing the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
FIG. 1 is a schematic flow chart of the safety method of the present invention;
FIG. 2 is a schematic diagram of a network structure of a function executor in a conventional communication network;
FIG. 3 is a diagram illustrating an output decision based network function defense system according to an embodiment of the present invention;
fig. 4 is a flow chart of a security protection method according to an embodiment of the present invention.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The technical solution in the embodiment of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiment of the present invention. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
When the external network sends the input message to the function executors, the input message needs to be equally forwarded to the N function executors through the security agent. When the function execution body sends the output message to the external network, the safety agent is required to carry out safety verification, the output message which is verified to be safe can be forwarded to the external network, otherwise, the safety agent sends out an alarm and blocks the output message. The safety verification firstly sets a corresponding waiting time window, only carries out synchronous processing on output messages in the time window, and only selects the first message of repeated messages sent by the same function execution body as a judgment basis. Then, the effective output content of the received message in the time window is extracted. Finally, the safety is verified by adopting a multiple-selection judgment mechanism, and the simplest method is to compare whether the output messages sent by the N function executors have at least
Figure BDA0001340978880000051
Are identical. By the method provided by the invention, after the function executive body is attacked and invaded, an attacker is difficult to secretly steal the sensitive data of the function executive body through a preset loophole backdoor and send malicious output information to the function executive body for communicationThereby improving the security of the whole network.
Embodiment 1, with reference to fig. 3, a schematic structural diagram of a network function defense system based on output decision according to an embodiment of the present invention. As shown in fig. 3, the network function defense system based on output decision according to the embodiment of the present invention includes:
n function executors 31, a security agent 32, and an external network 33;
the function executor 31 is used for communicating with an external network to realize a corresponding network function;
the security agent 32 is used for forwarding the input message sent by the external network, and performing synchronization processing and security verification on the message to be output by the function execution body, and at least receiving the message
Figure BDA0001340978880000052
After the output messages with the same content, forwarding the output messages to a destination external network 33;
the external network 33 is used for communicating with the function execution body to realize corresponding network functions;
wherein N is an integer of 3 or more,
Figure BDA0001340978880000053
is composed of
Figure BDA0001340978880000054
The integer part of (2).
It can be understood that no matter how strict the protection measures of the network device are, the absolute safety of the device cannot be guaranteed, and because the device itself cannot be completely controllable and credible, the possibility that the software and hardware systems of the device have bugs or backdoors cannot be eliminated. The function executors in the current network face various security threats, one is vulnerability backdoor attack, and attackers use the vulnerability of the function executors and the backdoor to secretly steal the sensitive data; the other type is intrusion attack, after an attacker invades a function execution body, the function execution body is used as a springboard to send malicious output information to an external network, and the network security is damaged.
Output-based arbitration for implementation of the inventionThe network function defense system performs security verification on the output message sent by the function execution body to the external network, and after receiving at least
Figure BDA0001340978880000061
After the output messages with the same content are transmitted to the external network, the success rate of secretly stealing sensitive data or sending attack messages to the external network by an attacker when a single or a small number of function executors are invaded or a backdoor with a bug exists is reduced, even if N function executors all have the backdoors with the bug, the possibility of sending the same illegal messages at the same time is very low, and the safety of the system is effectively improved.
In practical application, the N function executors may be integrated in the same physical entity or distributed in different physical entities; meanwhile, the security agent and the function execution body are the same physical entity and can also exist independently, and the security agent and the function execution body are used as an independent external entity for improving the network security, so that the complexity of network reconstruction is reduced, and the security agent and the function execution body have application flexibility. Meanwhile, in a specific implementation, the function executors may be only instantiations of the network function control part, and other parts of the network function, such as forwarding, storing and the like, are shared by the function executors.
In order to achieve both the cost of implementing the function executer and the safety, N is equal to 3 in a practical case. The more function executors are set, the more secure the network device is, but the larger implementation cost and system overhead are required, which also poses a challenge to the performance of the synchronization process and security agent. The following examples illustrate the case where N is equal to 3, and the scheme is similar when the number of function executors is greater than 3.
Embodiment 2, with reference to fig. 4, fig. 4 is a flowchart illustrating a network function security protection method based on output decision according to an embodiment of the present invention. As shown in fig. 4, the network function defense system based on the output decision according to the security protection method of the embodiment of the present invention includes:
s41: when the security agent receives a first output message sent by the function execution body to the external network, setting a waiting time window and starting timing;
s42: the safety agent receives output messages sent by N function executors in a time window, extracts effective output contents of the output messages and compares the effective output contents;
s43: the security agent receives at least
Figure BDA0001340978880000071
After the output messages with the same content are sent, the same output messages are sent to an external network;
taking 3 function executors in the network as an example for explanation, when the network device sends an input message to the function executors, the input message is sent to the total agent-security agent outside the N function executors, and the security agent equally forwards the input message to the 3 function executors; when the function executive body sends out an output message, the safety agent sets a corresponding waiting time window after receiving a first message needing to be output, and if only the first received output message is in the time window, the safety agent directly discards the message and sends out an alarm; if 2 or 3 output messages with the same effective output content are received, the output messages are sent to the external network. And if the received output messages are different, blocking the transmission of the output messages and sending an alarm.
It will be appreciated that if the security agent receives less than the same number of outgoing messages
Figure BDA0001340978880000072
And (3) after the function execution body is subjected to intrusion attack or a software and hardware system has a bug backdoor, blocking all output messages participating in comparison at this time and sending a safety alarm.
Further, to enhance the security of the protection method, before the security agent compares the received outgoing messages, the method further comprises:
the security agent presets a waiting time window for the message to be output so as to synchronize the output messages of the N function executors;
the safety agent starts timing after receiving a certain output message for the first time, and does not receive the same output message exceeding the waiting time window;
if the security agent receives a plurality of same output messages sent by the same function execution body, only the first output message is retained.
Because of the difference of the package of the message packet and the difference of the output message given by the function executors of different software and hardware for realizing the same network function, the embodiment of the invention compares the effective output content obtained by analyzing the output message, namely the meaningful content really related to the network function in the output message, with the whole output message.
The embodiment of the invention effectively protects the network function in the network, so that the network function entity or the subnet is difficult to cause harm to the network or steal sensitive data no matter the network function entity or the subnet is subjected to intrusion attack, virus attack, illegal control, man-in-the-middle attack or under the condition that a preset bug backdoor exists. An attacker successfully attacks a certain function executor or a few function executors cannot cause serious influence on the protected network functional entity or subnet.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art. The general principles defined herein may be implemented in other examples without departing from the spirit or scope of embodiments of the invention. Thus, the present embodiments are not intended to be limited to the embodiments shown herein but are to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (5)

1. A system for defending against network functions based on output decisions, comprising:Nthe system comprises a function executive body, a safety proxy and an external network, wherein the function executive body realizes the same network function and communicates with the external network through the safety proxy;
the function executor is an instantiation of a network function entity or a subnet and is used for communicating with an external network;
the security agent is used for forwarding an input message sent by an external network, and performing synchronous processing and security verification on a message to be output by the function execution body, and is specifically used for:
the security agent presets a waiting time window for the message to be output, thereby synchronizingNOutput message of each function executor;
the security agent starts timing after receiving a certain output message for the first time, and rejects the same output message exceeding the waiting time window;
the security agent only retains the received first output message for receiving a plurality of same output messages sent by the same function executive body;
secure proxy receptionNThe output information sent by the function executive in the time window, and extracting the effective output content to compare; receive at least
Figure DEST_PATH_IMAGE001
After the output messages with the same content are transmitted to an external network;Nis an integer of 3 or more,
Figure 635778DEST_PATH_IMAGE001
is composed of
Figure 965740DEST_PATH_IMAGE002
The integer part of (1);
the external network is used for communicating with the function execution body to realize corresponding network functions.
2. The system of claim 1, wherein: the function executors are instantiations of network function entities or subnet control parts, and other parts of the network function entities or subnets are shared by the function executors.
3. The system of claim 1, wherein the security agent comprises:
for packagingNThe function executive body is externally shown as a network function entity or a subnet, and acts and maintains the connection relation between the function executive body and an external network;
for receiving an input message sent by an external network to a function executor and distributing it equally to the function executorNA function execution body;
for receivingNThe information of each function executive body is used for carrying out synchronous processing on the information needing to be output and extracting the effective output content of the information.
4. The system of claim 1, wherein: saidNThe function executer and the security agent are packaged in the same physical entity or distributed in different physical entities.
5. A security protection method based on the defense system of any one of claims 1 to 4, characterized in that the number of output messages with the same content received by the security agent is less than
Figure 452217DEST_PATH_IMAGE001
And if the current time is short, the safety agent sends out a warning message and blocks all output messages.
CN201710537460.1A 2017-07-04 2017-07-04 Network function defense system based on output judgment and safety protection method Active CN107294991B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710537460.1A CN107294991B (en) 2017-07-04 2017-07-04 Network function defense system based on output judgment and safety protection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710537460.1A CN107294991B (en) 2017-07-04 2017-07-04 Network function defense system based on output judgment and safety protection method

Publications (2)

Publication Number Publication Date
CN107294991A CN107294991A (en) 2017-10-24
CN107294991B true CN107294991B (en) 2020-03-31

Family

ID=60098661

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710537460.1A Active CN107294991B (en) 2017-07-04 2017-07-04 Network function defense system based on output judgment and safety protection method

Country Status (1)

Country Link
CN (1) CN107294991B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110545268A (en) * 2019-08-21 2019-12-06 之江实验室 multidimensional mimicry voting method based on process elements
CN110445803A (en) * 2019-08-21 2019-11-12 之江实验室 A kind of traffic smoothing moving method of isomery cloud platform
CN111585952A (en) * 2020-03-23 2020-08-25 浙江大学 Solution method for coping with virtual host layer attack by Web application on cloud

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104766025A (en) * 2015-03-23 2015-07-08 中国人民解放军信息工程大学 Mimicry tamper-proof method of distributed file system
CN104994104A (en) * 2015-07-06 2015-10-21 浙江大学 Server fingerprint mimicry and sensitive information mimicry method based on WEB security gateway
CN105610813A (en) * 2015-12-28 2016-05-25 中国人民解放军信息工程大学 Mobile communication inter-network honeypot system and method
CN105791279A (en) * 2016-02-29 2016-07-20 中国人民解放军信息工程大学 Mimic SDN controller construction method
CN106411937A (en) * 2016-11-15 2017-02-15 中国人民解放军信息工程大学 Mimicry defense architecture based zero-day attack detection, analysis and response system and method thereof

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012006578A2 (en) * 2010-07-08 2012-01-12 The Regents Of The University Of California End-to-end visual recognition system and methods

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104766025A (en) * 2015-03-23 2015-07-08 中国人民解放军信息工程大学 Mimicry tamper-proof method of distributed file system
CN104994104A (en) * 2015-07-06 2015-10-21 浙江大学 Server fingerprint mimicry and sensitive information mimicry method based on WEB security gateway
CN105610813A (en) * 2015-12-28 2016-05-25 中国人民解放军信息工程大学 Mobile communication inter-network honeypot system and method
CN105791279A (en) * 2016-02-29 2016-07-20 中国人民解放军信息工程大学 Mimic SDN controller construction method
CN106411937A (en) * 2016-11-15 2017-02-15 中国人民解放军信息工程大学 Mimicry defense architecture based zero-day attack detection, analysis and response system and method thereof

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
《基于拟态安全防御的LDoS攻击防御研究》;陈静;《福建电脑》;20170228;全文 *
《基于自动机理论的网络攻防模型与安全性能分析》;郭威等;《信息安全学报》;20161031;第1卷(第4期);全文 *
《网络空间拟态防御研究》;邬江兴;《信息安全学报》;20161031;第1卷(第4期);全文 *

Also Published As

Publication number Publication date
CN107294991A (en) 2017-10-24

Similar Documents

Publication Publication Date Title
Xenofontos et al. Consumer, commercial, and industrial iot (in) security: Attack taxonomy and case studies
Khan et al. Threat analysis of blackenergy malware for synchrophasor based real-time control and monitoring in smart grid
US10581803B1 (en) Application-aware connection rules for network access client
US9954820B2 (en) Detecting and preventing session hijacking
EP1895738B1 (en) Intelligent network interface controller
Hayes et al. Securing modbus transactions using hash-based message authentication codes and stream transmission control protocol
CN107294991B (en) Network function defense system based on output judgment and safety protection method
US9661006B2 (en) Method for protection of automotive components in intravehicle communication system
Kebande et al. How an IoT-enabled “smart refrigerator” can play a clandestine role in perpetuating cyber-crime
US10681057B2 (en) Device and method for controlling a communication network
Saeed et al. Ransomware: A framework for security challenges in internet of things
Elend et al. Cyber security enhancing CAN transceivers
US8763121B2 (en) Mitigating multiple advanced evasion technique attacks
EP3729739B1 (en) Message authentication based on a physical location on a bus
CN115051836A (en) APT attack dynamic defense method and system based on SDN
US10205738B2 (en) Advanced persistent threat mitigation
US20140344888A1 (en) Network security apparatus and method
Ahmed et al. A Linux-based IDPS using Snort
US20170346844A1 (en) Mitigating Multiple Advanced Evasion Technique Attacks
Koupaei et al. Security analysis threats attacks mitigations and its impact on the internet of things (IoT)
Albashir Detecting unknown vulnerabilities using honeynet
CN108833395B (en) External network access authentication system and authentication method based on hardware access card
KR101639428B1 (en) System for uni direction protocol control on board
Mishra et al. Defensive approach using blockchain technology against distributed denial of service attacks
Ranjith et al. Design and implementation of a defense system from TCP injection attacks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant