CN101039225A - Method for realizing data safe transmission of distribution cooperating intrusion detection system - Google Patents
Method for realizing data safe transmission of distribution cooperating intrusion detection system Download PDFInfo
- Publication number
- CN101039225A CN101039225A CN 200710065116 CN200710065116A CN101039225A CN 101039225 A CN101039225 A CN 101039225A CN 200710065116 CN200710065116 CN 200710065116 CN 200710065116 A CN200710065116 A CN 200710065116A CN 101039225 A CN101039225 A CN 101039225A
- Authority
- CN
- China
- Prior art keywords
- transmission
- intrusion detection
- detection system
- warning message
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an implementation method of distributed cooperation intrusion detection system data security transmission, which belongs the computer network security technology field. By adopting data code, message exchange and key management of the intrusion alarm information, the method ensures the security of information transmission from end to end in distributed cooperation intrusion detection system, solves the problems of maintenance and key management for data encryption and data discrimination, and data integrality, realizes an security transmission of intrusion detection system alarm information, and provides a reliable transmission service for monitoring cooperation.
Description
Technical field
The present invention relates to the computer network security technology field, particularly a kind of implementation method of distributed collaboration intruding detection system data security transmission.
Background technology
Network invasion monitoring (Intrusion Detection) is realizing intrusion behavior.It therefrom finds whether to have in network or the system behavior of violating security strategy and the sign of being attacked by analyzing to the some key point acquisition of information in computer network or the computer system and to it.Along with the development of express network and the development of various distributed network technology, the means and the technology of invasion have also had " progress and development ".The development of invasion technology mainly is reflected in following several aspect with evolution:
Invasion or the synthesization of attacking and complicated.The means of invasion have multiple, and the invador often takes a kind of attack means.Because multipleization of network precautionary technology, difficulty of attacking increases, make the invador when implementing to invade or attack, often take the means of multiple invasion simultaneously,, and can cover the true purpose of attacking or invading at the initial stage of attacking enforcement with the chance of success of assurance invasion.
Indirectization of invasion agent object, i.e. hiddenization of the main body of enforcement invasion and attack.By certain technology, can cover source address and the main frame position of attacking main body.After promptly having used concealing technology, can't directly determine for the main body of being attacked by object of attack.
Invasion or the scale of attacking enlarge.For the invasion and the attack of network, be directed to certain company or a website often at its initial stage, the purpose of its attack may be some network technology fan's the behavior of hunting for novelty, and does not also get rid of commercial theft and destruction.Because war is increasing to the dependence of electronic technology and network technology, produces, develops, progressively is upgraded to electronic warfare and information war thereupon.For information war, its scale and technology all can not be mentioned in the same breath with attacking with the invasion of in general sense computer network.The success or failure of information war with the safety of national trunk communication network are and the same national security of any sovereign state territorial security.
The distribution of invasion or attack technology.Chang Yong invasion and attack in the past often carried out by unit.Because the development of precautionary technology makes this class behavior not prove effective.So-called distributed denial of service (DDoS) can cause the paralysis of being attacked main frame in very short time.And the single machine information pattern of this type of distributed attack and proper communication indifference, so often be difficult for being identified at the initial stage that attack is started.Distributed attack is recent the most frequently used attack means.
The transfer of object of attack.Invasion is the main body of invading with the network with attacking normal, but the change of tactic has taken place in the attack that comes in the recent period, changes the guard system of attacking network into by attacking network, and the trend that grows in intensity is arranged.The now existing report of doing attack specially at IDS.Audit measure, feature description, the communication pattern that the assailant has at length analyzed IDS found out the weakness of IDS, attacked then.
The classification of intruding detection system at present has:
(1) based on network intrusion detection.
Based on network intrusion detection product (NIDS) is placed in the important network segment, ceaselessly monitors the various packets in the network segment.Each packet or suspicious packet are carried out signature analysis.If some built-in rule of packet and product is coincide, intruding detection system will give the alarm even directly cut off network and connect.
(2) Host Based intrusion detection
Host Based intrusion detection product (HIDS) normally is installed on the main frame that is detected by emphasis, connects when mainly being the network implementation to this main frame and intellectual analysis and judgement are carried out in the system audit daily record.If wherein subject activity is very suspicious (feature or violation statistical law), intruding detection system will be taked corresponding measure.
These original network invasion monitorings are that engine is independent to be detected intrusion behavior by detecting, and can not handle complicated attack, are difficult to adapt to present situation.
Summary of the invention
In order to overcome deficiency of the prior art, the object of the present invention is to provide a kind of implementation method of distributed collaboration intruding detection system data security transmission, guarantee information security transmission end to end.
For finishing the foregoing invention purpose, the invention provides a kind of implementation method of distributed collaboration intruding detection system data security transmission, this method may further comprise the steps:
1) each intrusion detection engine is encoded to warning message;
2) communicating pair authenticates mutually, and warning message is encrypted;
3) safe transmission of warning message between intrusion detection engine and centre management controlling platform;
4) the centre management controlling platform stores warning message into the warning message database;
5) the centre management controlling platform is analyzed, is responded warning message.
The present invention has tangible advantage and good effect.Compare with traditional intruding detection system, the present invention can guarantee the DIDS safety of message transmission end to end, comprise problems such as the maintenance of data encryption, discriminating, data integrity and key management, realize the safe transmission of intruding detection system warning message, work in coordination with the reliable transmission service that provides for realizing monitoring.
Description of drawings
Fig. 1 forms according to distributed collaboration Network Intrusion Detection System of the present invention;
Fig. 2 is according to a kind of distributed collaboration intruding detection system workflow diagram of the present invention;
Fig. 3 is according to distributed collaboration intruding detection system data security transfer process figure of the present invention;
Fig. 4 is according to information exchange flow chart of the present invention;
Fig. 5 is according to certificate verification flow chart of the present invention;
Fig. 6 is according to data encryption of the present invention, deciphering and checking flow chart.
Embodiment
The invention provides a kind of implementation method of distributed collaboration intruding detection system data security transmission.Below in conjunction with Figure of description the specific embodiment of the present invention is described.
Figure 1 shows that distributed collaboration Network Intrusion Detection System composition schematic diagram of the present invention and Figure 2 shows that distributed collaboration intruding detection system system works flow process figure of the present invention, the back will be described in detail distributed collaboration intruding detection system workflow of the present invention in conjunction with Fig. 1, Fig. 2.
At first,, the invasion information in the data collection engine collection network is arranged, and send warning message or suspicious actions message to intrusion detection engine 101 in step 201.
In step 202, if intrusion detection engine 101 is received warning message, then find invasion, send warning message to centre management controlling platform 102; If receive suspicious actions message, then send to the centre management controlling platform, assess by 102 pairs of suspect message of centre management controlling platform, if surpass alarming threshold value, then think and find invasion.
In step 203, centre management controlling platform 102 deposits warning message in intrusion event database 103.
In step 204, the warning message that centre management controlling platform 102 is sent all intrusion detection engines 101 is analyzed, and can detect complicated intrusion behavior, and whether decision takes responsive measures according to analysis result.
Fig. 3 is according to distributed collaboration intruding detection system data security transfer process figure of the present invention, hereinafter will distributed collaboration intruding detection system data security transmission workflow of the present invention be described in detail with reference to figure 3.
At first, in step 301,101 pairs of transmission of each intrusion detection engine data are encoded.Because the platform difference of each intrusion detection engine 101 operation in the distributed collaboration intruding detection system, the detection algorithm difference, the data format that is produced reporting to the police is also inequality, therefore, for satisfying the message transmission demand between the different intrusion detection engines, adopt the intrusion detection message interchange format of intrusion detection working group (IDWG) formulation, and realize intrusion detection message interchange format with XML, each intrusion detection engine information transmitted all will be through the XML coding.The initiator of transmission is that intrusion detection engine 101 is after finding intrusion event, at first warning message is carried out the XML coding, send centre management controlling platform 102 to by intrusion detection secure exchange agreement, 102 pairs of intruding detection systems of centre management controlling platform are sent the information analysis of decoding.
In step 302, finish the safe transmission and the exchange of intrusion detection engine 101 and 102 warning messages of centre management controlling platform.Transmit owing to the network based on TCP/IP can not ensure the information security between each intruding detection system, all message all should be carried out encryption, and therefore, this method adopts intrusion detection secure exchange agreement.Intrusion detection secure exchange agreement is a connection-oriented application layer protocol that encryption, discriminating, integrity protection can be provided; it is mainly used at the information of intrusion detection inter-entity transmission intrusion detection message interchange format, binary stream etc.; therefore, utilize intrusion detection secure exchange agreement to finish the safe transmission of warning message between detection engine and centre management controlling platform.In the method, use a plurality of channels that information transmitted is classified, keep the passage of a channel as control information transmission, other passage is used for transmitting data information, different passages transmits dissimilar warning messages, and the priority of each channel is set as required, satisfy the message transmission of the high channel of rank earlier.Adopt the control protocol of Transport Layer Security (TLS) as safe transmission.According to the communication mode that communicating pair is consulted, carry out the safe transmission of information, and the alarm agreement of employing Transport Layer Security is carried out the mistake control in the transmission course.Therefore, any unusual if the side that communicates by letter is taken place in transmission course, then can send the alarm information announcement to the other side.The type of alarm is divided into two kinds: a kind of is fatal error message, and when this situation took place, both sides were interrupted session, the corresponding conversation recording of clear buffer, second kind is general alert message, when this situation takes place, communicating pair is a log, can not exert an influence to communication process.
In step 303, the key management of data security transmission.Comprise negotiation, generation, the transmission of session key, the protection of private key, the work such as obtain of certificate management, PKI and certificate policy and certificate revocation list (CRL).
Fig. 4 is the information exchange flow chart of distributed collaboration intruding detection system data safe transmission method of the present invention, and with reference to figure 4, the information exchange workflow of distributed collaboration intruding detection system data safe transmission method of the present invention is as follows:
At first, in step 401,101 pairs of transmission of each intrusion detection engine data are encoded.The initiator of transmission is an intrusion detection engine 101 after finding intrusion event, at first warning message is carried out the XML coding, sends centre management controlling platform 102 to by intrusion detection secure exchange agreement.
Secondly, in step 402, centre management controlling platform 102 stores warning message into warning message database 103.
At last, in step 403,102 pairs of XML coded messages from intrusion detection engine 101 of centre management controlling platform are decoded, are analyzed and respond.
Fig. 5 is a certificate verification flow chart of the present invention, and with reference to figure 5, certificate verification flow process of the present invention is as follows:
In step 501, communicating pair must carry out mutual authentication before carrying out transmission of Information, adopted the CA of authentication center (Certificate Authority) centralization that key is managed.A delivers to CA to the PKI PKA of oneself, communicating pair all will be from certificate repository the certificate of access authentication center issue, and regularly downloadable authentication strategy and certificate revocation list (CRL).At the local maintenance certificate repository, discern X.509 certificate, before communicating, differentiate both sides' identity with certificate.Local certificate policy and the certificate revocation list of having downloaded of inspection judges whether certificate is effective.In user applies and when having downloaded new certificate, should produce the key certificate of expenditure earlier, suppose that like this private key file is corrupted or deleted, the user just can produce a statement of abolishing key, and it is delivered to authentication center.
In step 502, the private key of CA usefulness oneself and the PKI of A generate the certificate of A, comprise the digital signature of CA in the certificate.Signature object comprises the content that need illustrate in certificate, such as the PKI of A, timestamp, sequence number etc., in order to simplify PKI PKA, time stamp T IME1, the sequence number IDA that might as well suppose to have only in the certificate three content: A here.
In step 503, M delivers to CA to the PKI PKM of oneself equally.
In step 504, M obtains the certificate CertM of CA issue.
In step 505, A informs M certificate CertA.
In step 506, M informs A certificate CertM.
After A, M obtained the other side's certificate separately, utilization verified from the PKI (the self signed certificate of CA) that CA obtains whether the other side's certificate is effective each other, if effectively, so just obtained PKI each other.Utilize the other side's PKI, can enciphered data, also can be used for verifying the other side's digital signature.
Fig. 6 is according to data encryption of the present invention, deciphering and checking flow chart, and with reference to figure 6, data encryption, deciphering and checking flow process are as follows:
After the both sides of communication adopt the unsymmetrical key system to finish authentication, consult to produce a 3DES key, adopt RSA Algorithm that this 3DES key is encrypted, use the 3DES algorithm that information itself is encrypted then, promptly adopt the mode of one-time pad, all adopt different working keys for each communication, guaranteed the fail safe of communication, prevent man-in-the-middle attack.The information process of communicating pair M and B is: M produces informative abstract Td with the MD5 algorithm to text message T, with the private key of oneself Td is encrypted again, obtain digital signature Tds (step 601,603), produce the key K of a 3DES then at random, as working key, by the 3DES algorithm information T is encrypted and to obtain ciphertext Tc (step 602), with the PKI employing RSA Algorithm of B working key K is encrypted and obtain Kc, the working key Kc after then encrypting, text message Tc and the digital signature Tds after the encryption send to B.B obtains working key K after using the private key of oneself that Kc is deciphered; use K that ciphertext Tc is decrypted (step 605); obtain text message T (step 607); again to text message T MD5 algorithm computation informative abstract; obtain Td_new; B uses the PKI of M to be decrypted to Tds again and obtains Td_old then; if Td_new is identical with Td_old; then can send (step 604) from M by acknowledge information; therefore adopt in such a way and can carry out safeguard protection, thereby finish the data security transmission information.
Claims (7)
1. the implementation method of distributed collaboration intruding detection system data security transmission is characterized in that this method may further comprise the steps:
1) each intrusion detection engine is encoded to warning message;
2) communicating pair authenticates mutually, and warning message is encrypted;
3) safe transmission of warning message between intrusion detection engine and centre management controlling platform;
4) the centre management controlling platform stores warning message into the warning message database;
5) the centre management controlling platform is analyzed, is responded warning message.
2. the implementation method of distributed collaboration intruding detection system data security transmission according to claim 1, it is characterized in that, the intrusion detection message interchange format of the intrusion detection IDWG of working group formulation is adopted in warning message is encoded in the described step 1, and realize intrusion detection message interchange format with XML, each intrusion detection engine information transmitted adopts the XML coding.
3. the implementation method of distributed collaboration intruding detection system data security transmission according to claim 1 is characterized in that, the communicating pair in the described step 2 authenticates mutually and adopts the CA of authentication center centralization that key is managed.
4. the implementation method of distributed collaboration intruding detection system data security transmission according to claim 1 is characterized in that the symmetric key system is adopted in the information encryption in the described step 2, and promptly session key adopts the symmetric key system.
5. information encryption according to claim 4, it is characterized in that, information encryption mode in the described step 2 is after the both sides of communication adopt the unsymmetrical key system to finish authentication, consult to produce a 3DES key, adopt RSA Algorithm that this 3DES key is encrypted, use the 3DES algorithm that information itself is encrypted then, promptly adopt the mode of one-time pad, all adopt different working keys for each communication.
6. the implementation method of distributed collaboration intruding detection system data security transmission according to claim 1, it is characterized in that, the safe transmission mode of the warning message in the described step 3 is for being to use a plurality of channels and information transmitted being classified, keep the passage of a channel as control information transmission, other passage is used for transmitting data information, different passages is used for transmitting dissimilar warning messages, and the priority of each channel is set as required, satisfy the message transmission of the high channel of rank earlier, communication mode according to the communicating pair negotiation, the safe transmission of the information of carrying out, and the alarm agreement that adopts Transport Layer Security is carried out the mistake control in the transmission course, when fatal error took place, both sides were interrupted session, the corresponding conversation recording of clear buffer.
7. the implementation method of distributed collaboration intruding detection system data security transmission according to claim 1 is characterized in that, the safe transmission of the warning message in the described step 3 adopts the control protocol of Transport Layer Security (TLS) as safe transmission.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 200710065116 CN101039225A (en) | 2007-04-04 | 2007-04-04 | Method for realizing data safe transmission of distribution cooperating intrusion detection system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 200710065116 CN101039225A (en) | 2007-04-04 | 2007-04-04 | Method for realizing data safe transmission of distribution cooperating intrusion detection system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101039225A true CN101039225A (en) | 2007-09-19 |
Family
ID=38889881
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 200710065116 Pending CN101039225A (en) | 2007-04-04 | 2007-04-04 | Method for realizing data safe transmission of distribution cooperating intrusion detection system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101039225A (en) |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101889423A (en) * | 2007-12-19 | 2010-11-17 | 诺基亚公司 | Methods, apparatuses, system, and related computer program products for handover security |
CN102111420A (en) * | 2011-03-16 | 2011-06-29 | 上海电机学院 | Intelligent NIPS framework based on dynamic cloud/fire wall linkage |
CN102148691A (en) * | 2010-02-08 | 2011-08-10 | 北京启明星辰信息技术股份有限公司 | Distributed intrusion detection system and connecting method of centralized management in same |
CN101789885B (en) * | 2009-01-23 | 2012-09-05 | 英业达股份有限公司 | Network intrusion detection system |
CN102821100A (en) * | 2012-07-25 | 2012-12-12 | 河南省信息中心 | Method for realizing streaming file system based on security gateway of network application layer |
CN103209202A (en) * | 2012-01-16 | 2013-07-17 | 联想(北京)有限公司 | Method and device for transmitting data |
CN104468600A (en) * | 2014-12-18 | 2015-03-25 | 北京奇虎科技有限公司 | Data collection method and client-side |
CN104683127A (en) * | 2013-11-27 | 2015-06-03 | 北京神州泰岳软件股份有限公司 | Method and system for centrally checking weak passwords of equipment |
CN105592562A (en) * | 2014-10-20 | 2016-05-18 | 中国科学院沈阳自动化研究所 | Asynchronous multi-channel industrial wireless network scheduling method for emergency data |
CN106506482A (en) * | 2016-11-02 | 2017-03-15 | 合肥微梦软件技术有限公司 | A kind of conversation management system based on network detection engine |
CN108055265A (en) * | 2017-12-13 | 2018-05-18 | 常州卡灵克软件有限公司 | Vehicle-mounted appStore downloads authentication mechanism and system |
CN108322464A (en) * | 2018-01-31 | 2018-07-24 | 中国联合网络通信集团有限公司 | A kind of secret key verification method and equipment |
CN109150906A (en) * | 2018-09-29 | 2019-01-04 | 贵州大学 | A kind of real-time data communication safety method |
CN117705720A (en) * | 2024-02-04 | 2024-03-15 | 石家庄铁道大学 | Double-block sleeper appearance size and defect synchronous rapid detection system |
-
2007
- 2007-04-04 CN CN 200710065116 patent/CN101039225A/en active Pending
Cited By (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101889423A (en) * | 2007-12-19 | 2010-11-17 | 诺基亚公司 | Methods, apparatuses, system, and related computer program products for handover security |
CN101889423B (en) * | 2007-12-19 | 2013-07-24 | 诺基亚公司 | Methods, apparatuses, system for handover security |
CN101789885B (en) * | 2009-01-23 | 2012-09-05 | 英业达股份有限公司 | Network intrusion detection system |
CN102148691A (en) * | 2010-02-08 | 2011-08-10 | 北京启明星辰信息技术股份有限公司 | Distributed intrusion detection system and connecting method of centralized management in same |
CN102148691B (en) * | 2010-02-08 | 2015-04-29 | 北京启明星辰信息技术股份有限公司 | Distributed intrusion detection system and connecting method of centralized management in same |
CN102111420A (en) * | 2011-03-16 | 2011-06-29 | 上海电机学院 | Intelligent NIPS framework based on dynamic cloud/fire wall linkage |
CN103209202A (en) * | 2012-01-16 | 2013-07-17 | 联想(北京)有限公司 | Method and device for transmitting data |
CN103209202B (en) * | 2012-01-16 | 2016-03-02 | 联想(北京)有限公司 | For transmitting the method and apparatus of data |
CN102821100A (en) * | 2012-07-25 | 2012-12-12 | 河南省信息中心 | Method for realizing streaming file system based on security gateway of network application layer |
CN102821100B (en) * | 2012-07-25 | 2014-10-29 | 河南省信息中心 | Method for realizing streaming file system based on security gateway of network application layer |
CN104683127A (en) * | 2013-11-27 | 2015-06-03 | 北京神州泰岳软件股份有限公司 | Method and system for centrally checking weak passwords of equipment |
CN105592562A (en) * | 2014-10-20 | 2016-05-18 | 中国科学院沈阳自动化研究所 | Asynchronous multi-channel industrial wireless network scheduling method for emergency data |
CN105592562B (en) * | 2014-10-20 | 2018-12-07 | 中国科学院沈阳自动化研究所 | A kind of asynchronous multichannel industry wireless network dispatching method towards emergency data |
CN104468600A (en) * | 2014-12-18 | 2015-03-25 | 北京奇虎科技有限公司 | Data collection method and client-side |
CN106506482A (en) * | 2016-11-02 | 2017-03-15 | 合肥微梦软件技术有限公司 | A kind of conversation management system based on network detection engine |
CN108055265A (en) * | 2017-12-13 | 2018-05-18 | 常州卡灵克软件有限公司 | Vehicle-mounted appStore downloads authentication mechanism and system |
CN108322464A (en) * | 2018-01-31 | 2018-07-24 | 中国联合网络通信集团有限公司 | A kind of secret key verification method and equipment |
CN108322464B (en) * | 2018-01-31 | 2020-11-17 | 中国联合网络通信集团有限公司 | Key verification method and device |
CN109150906A (en) * | 2018-09-29 | 2019-01-04 | 贵州大学 | A kind of real-time data communication safety method |
CN117705720A (en) * | 2024-02-04 | 2024-03-15 | 石家庄铁道大学 | Double-block sleeper appearance size and defect synchronous rapid detection system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101039225A (en) | Method for realizing data safe transmission of distribution cooperating intrusion detection system | |
CA3190899A1 (en) | Federated key management | |
CN1694395A (en) | Data authentication method and agent based system | |
CN113824705B (en) | Safety reinforcement method for Modbus TCP (transmission control protocol) | |
CN112417494A (en) | Power block chain system based on trusted computing | |
CN111274578A (en) | Data safety protection system and method for video monitoring system | |
Gmiden et al. | Cryptographic and Intrusion Detection System for automotive CAN bus: Survey and contributions | |
CN117040896A (en) | Internet of things management method and Internet of things management platform | |
CN112804215A (en) | Video acquisition safety processing system and method based on zero trust mechanism | |
US20220038478A1 (en) | Confidential method for processing logs of a computer system | |
CN112202773B (en) | Computer network information security monitoring and protection system based on internet | |
CN113872751A (en) | Service data monitoring method, device, equipment and storage medium | |
CN116132989B (en) | Industrial Internet security situation awareness system and method | |
US7920705B1 (en) | System and method for convert channel detection | |
KR20190027207A (en) | System and method for verifying integrity of personal information | |
CN116684875A (en) | Communication security authentication method for electric power 5G network slice | |
Feng et al. | Autonomous Vehicles' Forensics in Smart Cities | |
CN110933028B (en) | Message transmission method, device, network equipment and storage medium | |
CN114143028A (en) | Data cross-region safe transmission method and system based on electric power spot transaction service scene | |
Lacroix et al. | Vehicular ad hoc network security and privacy: A second look | |
CN1595880A (en) | Method of information integrity protection in multicast/broadcast | |
Takemori et al. | In-vehicle network security using secure element | |
CN1592195A (en) | Method for protecting information integrity | |
CN117294528B (en) | Ukey-based security authentication method, device and system | |
CN115225415B (en) | Password application platform for new energy centralized control system and monitoring and early warning method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |