CN103106366B - A kind of sample database dynamic maintaining method based on cloud - Google Patents
A kind of sample database dynamic maintaining method based on cloud Download PDFInfo
- Publication number
- CN103106366B CN103106366B CN201310039473.8A CN201310039473A CN103106366B CN 103106366 B CN103106366 B CN 103106366B CN 201310039473 A CN201310039473 A CN 201310039473A CN 103106366 B CN103106366 B CN 103106366B
- Authority
- CN
- China
- Prior art keywords
- program
- behavior
- black
- white list
- performance
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000004458 analytical method Methods 0.000 claims description 12
- 230000006698 induction Effects 0.000 abstract description 2
- 230000006399 behavior Effects 0.000 description 87
- 241000700605 Viruses Species 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 238000012423 maintenance Methods 0.000 description 5
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 238000010835 comparative analysis Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000003542 behavioural effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000003066 decision tree Methods 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000035772 mutation Effects 0.000 description 1
- 210000004218 nerve net Anatomy 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a kind of sample database dynamic maintaining method based on cloud, first by client computer collection procedure feature and corresponding program behavior thereof, and be sent to server end; Then in server-side database, record different performance of program and corresponding program behavior thereof, and black/white list; In conjunction with the performance of program in existing known black/white list and corresponding program behavior thereof, unknown program feature and program behavior are analyzed, to upgrade black/white list. The present invention is by the behavior of client collection procedure and be associated with performance of program, thereby logging program feature and corresponding program behavior thereof in database, according to the incidence relation of the program behavior of collecting and performance of program, can in database, carry out analytic induction to sample, thereby contribute to software or program to carry out the discriminant classification of black and white, can also formulate corresponding removal or restoration measure for the Malware in blacklist.
Description
Patent application of the present invention is to be that on 08 18th, 2010, application number are the applying date201010256958.9, name is called the middle promulgated by the State Council of " a kind of sample database dynamic maintaining method based on cloud "The divisional application of bright patent application.
Technical field
The present invention relates to field of information security technology, relate in particular to a kind of sample database based on cloud securityDynamic maintaining method.
Background technology
Along with the computer technology extensive utilization of every field in social life, rogue program (Malwar,Malicioussoftware, refers to that any intentional establishment is used for carrying out the soft of harmful act without permission and normallyPart program) also as its accessory, come one after another. The infectivity that has due to these rogue programs,Replicability and destructiveness, it has become the significant problem that puzzlement computer uses, therefore, at networkToday that threat is risen violently, upgrading virus signature becomes the work of enterprise and netizen's indispensability every day, from weeklyOnce arrive once a day, until moment renewal, and traditional antivirus software is that virus base is placed on to client meterCalculation machine, carries out the analytical work of file in client, can be repeatedly in local virus library in scanning processCompare, take a large amount of system resource, and along with the continuous upgrading of virus base, the capacity of virus baseIncreasing, the time spent when Study document is also more and more longer, allows client computer use slower and slower,Therefore, anti-virus industry must be found new technological break-through.
" cloud security (CloudSecurity) " plan is the up-to-date embodiment of information security cybertimes, itThe emerging technology concepts such as parallel processing, grid computing, unknown virus behavior judgement are merged, by " cloud meterCalculate " theory be applied to security fields.
The realization of " cloud security " plan is closely bound up with the structure of its sample database, therefore, asWhat is effectively organized and safeguards becomes industry problem demanding prompt solution by sample database then.
Summary of the invention
Technical problem to be solved by this invention is to provide a kind of sample database Dynamic Maintenance based on cloudMethod, to improve the efficiency of database maintenance and process analysis, help to program carry out black and white differentiation withAnd the recovery of file.
For solving the problems of the technologies described above, the invention provides a kind of sample database Dynamic Maintenance side based on cloudMethod, comprises the steps:
By client computer collection procedure feature and corresponding program behavior thereof, and be sent to server end;
In server-side database, record different performance of program and corresponding program behavior thereof, and black/White list;
In conjunction with the performance of program in existing known black/white list and corresponding program behavior thereof, to unknown programFeature and program behavior are analyzed, to upgrade black/white list.
Wherein, the described step that unknown program feature and program behavior thereof are analyzed, can comprise:
If unknown program feature is identical with the known procedure feature in existing black/white list, by this unknownPerformance of program and program behavior thereof are listed black/white list in.
Wherein, the described step that unknown program feature and program behavior thereof are analyzed, can comprise:
If unknown program behavior is identical or approximate with the known procedure behavior in existing black/white list, willThis unknown program behavior and performance of program thereof are listed black/white list in.
Wherein, described method may further include:
Between the program with identical or approximate behavior, set up the incidence relation of behavior and feature;
According to the incidence relation between the described program with identical or approximate behavior, to unknown program featureAnd program behavior analyzes, to upgrade black/white list.
Wherein, the described step that unknown program feature and program behavior thereof are analyzed, can comprise:
In the time that certain program behavior is put into black/white list, in database by program corresponding this program behaviorFeature is listed black/white list in, and by other program behaviors and the program spy relevant with this program behaviorLevy and also list black/white list in.
Wherein, the described step that unknown program feature and program behavior thereof are analyzed, can comprise:
In the time that certain performance of program is put into black/white list, in database by program corresponding this performance of programBlack/white list is listed in behavior in, and by other program behaviors and the program spy relevant with this performance of programLevy and also list black/white list in.
Wherein, described method may further include:
In database, for the program being put on the blacklist, further record the reverse behavior of this program,With in the time confirming to exist or moved in client computer the program that this is put on the blacklist, described in executionReverse behavior.
Wherein, described method may further include:
In database, for the program being put on the blacklist, according to the behavior of this program, determine clientThe information of the infected file of computer;
According to the information of infected file, the intact respective file of portion being stored in database is downloadedTo client computer, cover infected file.
Wherein, described method may further include:
In database, be further recorded in the phase of being collected by different clients computer in a Preset TimeThe number change of same performance of program;
According to the number change of described performance of program, unknown program feature and program behavior are analyzed,To upgrade black/white list.
Wherein, described according to the number change of performance of program, unknown program feature and program behavior are carried outThe step of analyzing, can comprise:
If in a Preset Time, certain unknown program feature of being collected by different clients computerQuantity increase and decrease exceed threshold value, in database, this performance of program and corresponding program behavior thereof are listed inBlacklist.
The present invention is by the behavior of client collection procedure and be associated with performance of program, thereby remembers in databaseRecord performance of program and corresponding program behavior thereof, associated according to the program behavior of collecting and performance of programRelation can be carried out analytic induction to sample in database, thereby contributes to software or program to carry outThe discriminant classification of black and white, can also formulate corresponding removing or recover to arrange for the Malware in blacklistExecute.
Brief description of the drawings
Fig. 1 is Implementation Modes schematic diagram of the present invention;
Fig. 2 is according to the sample database dynamic maintaining method flow process based on cloud described in the embodiment of the present inventionFigure;
Fig. 3 is according to the incidence relation schematic diagram described in the embodiment of the present invention;
Fig. 4 recovers flow chart according to the file described in the embodiment of the present invention;
Fig. 5 is according to the analysis process schematic diagram described in the embodiment of the present invention.
Detailed description of the invention
The present invention is described further with reference to the accompanying drawings.
Cloud structure is exactly a large-scale client/server (CS) framework, as shown in Figure 1, is thisBright Implementation Modes schematic diagram. Core concept of the present invention is to receive by a large amount of client computers 102Collect the behavior (can be single behavior, can be also the combination of one group of behavior) of various programs, particularlyThe behavior of suspicious program, and program behavior is associated with to the feature of this program, and in the data of server endIn storehouse 104, can record feature and the corresponding behavior record thereof of a program. Like this, at serverEnd, can be according to program behavior or performance of program or batch processing behavior and performance of program, in databaseConclude and analyze, thereby contribute to software or program to carry out the discriminant classification of black and white. Further,Can also formulate corresponding removal or restoration measure for the Malware in blacklist.
Said procedure behavior, can be for example drive load behavior, file generated behavior, journey logic bombLoading behavior, the behavior of add-on system startup item, or the act of revision of file or program etc., or oneThe combination of serial behavior.
Said procedure feature can be via MD5(Message-DigestAlgorithm5, information-summaryAlgorithm) the MD5 identifying code that draws of computing, or SHA1 code, or CRC(CyclicRedundancyCheck, CRC) code wait can unique identification original program condition code.
As shown in Figure 2, for according to the sample database Dynamic Maintenance based on cloud described in the embodiment of the present inventionMethod flow diagram, first, by client computer collection procedure feature and corresponding program behavior thereof, andBe sent to server end (step 202); Then in server-side database, record different performance of programAnd corresponding program behavior, and black/white list (step 204); In conjunction with existing known black/white listIn performance of program and corresponding program behavior, unknown program feature and program behavior are analyzed,To upgrade black/white list (step 206).
Owing to having recorded performance of program and behavior record corresponding to this feature in database, therefore can tieClosing known black/white list analyzes unknown program.
For example, if unknown program feature is identical with the known procedure feature in existing black/white list, willThis unknown program feature and program behavior thereof are all listed black/white list in.
If unknown program behavior is identical or approximate with the known procedure behavior in existing black/white list, willThis unknown program behavior and performance of program thereof are all listed black/white list in.
Because some virus is by mutation or add the technology such as shell and can change condition code, but its behavior can notHave very large change, therefore, the comparative analysis of recording by program behavior, can determine one comparatively easilyWhether a little unknown programs are rogue program. This comparative analysis does not sometimes even need the behavior to programItself does follow-up analysis, only needs the known procedure behavior in simple and existing black/white list to compareCan judge the character of unknown program.
By the record analysis in database, we can find have the behavior of some programs identical or nearSeemingly, but performance of program difference, at this moment, as long as we build between the program with identical or approximate behaviorThe incidence relation of vertical behavior and feature, and according to this incidence relation, just can be more easily to unknown journeySequence characteristics and program behavior are analyzed, to upgrade black/white list.
As shown in Figure 3, for according to the incidence relation schematic diagram described in the embodiment of the present invention. Suppose unknown journeyThe feature of order A, B and C is respectively A, B and C, and its each self-corresponding program behavior is A1~A4,B1~B4, C1~C4. If the analysis found that program behavior A1~A4, B1~B4, C1~C4Between identical in fact or very approximate, so just can be at feature A, B, C and behavior A1~A4,B1~B4, sets up the incidence relation of feature and behavior between C1~C4.
By this incidence relation, under certain condition can be more efficiently from expand database be enteredRow is safeguarded. For example,, when program behavior B1~B4 of program B is confirmed to be rogue program behavior and is listed asWhile entering blacklist, can in database, automatically the performance of program B corresponding with this program behavior be listed in blackList, meanwhile, according to incidence relation, can be automatically by the program line relevant with this program behaviorFor A1~A4, C1~C4 and corresponding performance of program A, feature C also lists black/white list in.
Again for example, if program A, B and C belong to the program of black and white the unknown when initial, and via itHis checking and killing virus approach, first performance of program B is confirmed to be the feature that belongs to rogue program, in dataIn storehouse, not only can automatically the combination of behavior B1~B4 be piped off, can also be according to incidence relation,Automatically feature A and the C with identical or approximate behavior are also piped off, and by program behavior A1~A4, C1~C4 also pipes off.
The present invention owing to having recorded behavior corresponding to performance of program in database, and this just makes unknown journeyThe behavioural analysis of order provides great convenience. For example, if time interested in the behavior of load driver,Can will all recall comprehensive analysis with the program behavior of load driver behavior, if existing blacklistIn in model with load driver behavior, after load driver, generally all follow a special fileGeneration behavior, so for just listing in the program behavior of similar behavior combination equally in unknown programIndicating risk or directly pipe off.
The adoptable analytical method of the present invention is not limited to above-mentioned, can also utilize and be similar to decision tree, pattra leavesThis algorithm, the methods such as nerve net territory calculating, or use simple Threshold Analysis, can be in the present inventionBasis of Database on well applied.
In addition, can also, for the program being put on the blacklist in database, further record this programReverse behavior, with confirming in client computer to have or moved the program that this is put on the blacklistTime, carry out described reverse behavior.
For example, the information of collecting according to foreground, is finding as condition code mode according to cloud killing or otherAfter certain program is rogue program, can carries out and recover action according to the reverse behavior of described record.
The file that cannot be restored by carrying out reverse behavior for some, can also be by the side replacingFormula is restored, as shown in Figure 4, and for recovering flow chart, head according to the file described in the embodiment of the present inventionElder generation for the program being put on the blacklist, according to the behavior of this program, determines client meter in databaseThe information (step 402) of the infected file of calculation machine; Then according to the information of infected file, will be stored inThe intact respective file of portion in database is downloaded to and in client computer, covers infected file (stepRapid 404).
For obtaining of the information of infected file, can pass through file path, system version, is associatedTo the information such as application component in database, inquire about and determine.
In addition, utilize the side of the behavior of a large amount of client computer collection procedure and performance of program due to the present inventionFormula is recorded in relevant information in database, therefore, and can also be by a certain program of monitoring analysis in short-termSpread speed in phase is carried out the attribute of decision procedure. Please refer to Fig. 5, for according to described in the embodiment of the present inventionAnalysis process schematic diagram is first further recorded in a Preset Time by different clients in databaseThe number change (step 502) of the identical performance of program that computer is collected; Then according to described programThe number change of feature, analyzes unknown program feature and program behavior, to upgrade black/white list (stepRapid 504).
For example, if in a Preset Time, certain unknown journey of being collected by different clients computerThe quantity increase and decrease of sequence characteristics exceedes threshold value, in database by this performance of program and corresponding program line thereofFor piping off.
In this way, the program information that foreground is collected passes to background server cluster to profit, if thisIndividual program is a trojan horse program, but it no longer does any propagation, is a quiet dead horse,At this moment just can think that this wooden horse does not threaten, if but this wooden horse propagates into again a new machineThe inside, utilizes the present invention just can perceive very soon, because this client computer also can be to serviceDevice report, when 100,500,1000 machines have been reported, server database will statistics collection arrivesThe information of quantity growth, and analyze and feed back, the increased numbers of this program within a very short timeAmount has exceeded threshold value, or has occurred much having to the behavior of this program the deformation procedure of similar behavior,Utilize the present invention just can analyze automatically and judge, once judge and just can add blacklistIn, and utilize the present invention dynamically from the more new database blacklist of expansion, to improve greatlyThe efficiency of database maintenance and process analysis.
Claims (8)
1. the sample database dynamic maintaining method based on cloud, is characterized in that, comprises following stepRapid:
By client computer collection procedure feature and corresponding program behavior thereof, and be sent to serverEnd;
In server-side database, record different performance of program and corresponding program behavior thereof, and black/ white list;
In conjunction with the performance of program in existing known black/white list and corresponding program behavior thereof, to unknown journeySequence characteristics and program behavior are analyzed, to upgrade black/white list;
Wherein, the described step that unknown program feature and program behavior thereof are analyzed, comprising:
If unknown program feature is identical with the known procedure feature in existing black/white list, by this notKnow that performance of program and program behavior thereof list black/white list in;
If unknown program behavior is identical or approximate with the known procedure behavior in existing black/white list,List this unknown program behavior and performance of program thereof in black/white list.
2. the method for claim 1, is characterized in that, further comprises:
If by identical or approximate the behavior that has program after the record analysis in database but performance of program notBetween the program with identical or approximate behavior, set up the incidence relation of behavior and feature together;
According to the incidence relation between the described program with identical or approximate behavior, to unknown program featureAnd program behavior analyzes, to upgrade black/white list.
3. method as claimed in claim 2, is characterized in that, described to unknown program feature andThe step that program behavior is analyzed, comprising:
In the time that certain program behavior is put into black/white list, in database by journey corresponding this program behaviorSequence characteristics is listed black/white list in, and by other program behavior and the journeys relevant with this program behaviorSequence characteristics is also listed black/white list in.
4. method as claimed in claim 2, is characterized in that, described to unknown program feature andThe step that program behavior is analyzed, comprising:
In the time that certain performance of program is put into black/white list, in database by journey corresponding this performance of programBlack/white list is listed in order behavior in, and by other program behavior and the journeys relevant with this performance of programSequence characteristics is also listed black/white list in.
5. the method for claim 1, is characterized in that, further comprises:
In database, for the program being put on the blacklist, further record the reverse behavior of this program,With in the time confirming to exist or moved in client computer the program that this is put on the blacklist, described in executionReverse behavior.
6. the method for claim 1, is characterized in that, further comprises:
In database, for the program being put on the blacklist, according to the behavior of this program, determine clientThe information of the infected file of computer;
According to the information of infected file, the intact respective file of portion being stored in database is downloadedTo client computer, cover infected file.
7. the method for claim 1, is characterized in that, further comprises:
In database, be further recorded in and collected by different clients computer in a Preset TimeThe number change of identical performance of program;
According to the number change of described performance of program, unknown program feature and program behavior are analyzed,To upgrade black/white list.
8. method as claimed in claim 7, is characterized in that, described according to the quantity of performance of programChange, the step that unknown program feature and program behavior are analyzed, comprising:
If in a Preset Time, certain unknown program feature of being collected by different clients computerQuantity increase and decrease exceed threshold value, in database, this performance of program and corresponding program behavior thereof are listed inBlacklist.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310039473.8A CN103106366B (en) | 2010-08-18 | 2010-08-18 | A kind of sample database dynamic maintaining method based on cloud |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102569589A CN101923617B (en) | 2010-08-18 | 2010-08-18 | Cloud-based sample database dynamic maintaining method |
| CN201310039473.8A CN103106366B (en) | 2010-08-18 | 2010-08-18 | A kind of sample database dynamic maintaining method based on cloud |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102569589A Division CN101923617B (en) | 2010-08-18 | 2010-08-18 | Cloud-based sample database dynamic maintaining method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103106366A CN103106366A (en) | 2013-05-15 |
| CN103106366B true CN103106366B (en) | 2016-05-04 |
Family
ID=48314217
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310039473.8A Active CN103106366B (en) | 2010-08-18 | 2010-08-18 | A kind of sample database dynamic maintaining method based on cloud |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103106366B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103500305A (en) * | 2013-09-04 | 2014-01-08 | 中国航天科工集团第二研究院七〇六所 | System and method for malicious code analysis based on cloud computing |
| CN104966018A (en) * | 2015-06-18 | 2015-10-07 | 华侨大学 | Windows system-based software program abnormal behavior analysis method |
| CN109815696A (en) * | 2018-12-29 | 2019-05-28 | 360企业安全技术(珠海)有限公司 | Terminal device system protection method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1936910A (en) * | 2005-11-16 | 2007-03-28 | 白杰 | Method for identifying unknown virus programe and clearing method thereof |
| CN101039177A (en) * | 2007-04-27 | 2007-09-19 | 珠海金山软件股份有限公司 | Apparatus and method for on-line searching virus |
| CN101350052A (en) * | 2007-10-15 | 2009-01-21 | 北京瑞星国际软件有限公司 | Method and apparatus for discovering malignancy of computer program |
| CN101645125A (en) * | 2008-08-05 | 2010-02-10 | 珠海金山软件股份有限公司 | Method for filtering and monitoring behavior of program |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2007164338A (en) * | 2005-12-12 | 2007-06-28 | Isamu Kiyu | Virus intrusion prevention system |
-
2010
- 2010-08-18 CN CN201310039473.8A patent/CN103106366B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1936910A (en) * | 2005-11-16 | 2007-03-28 | 白杰 | Method for identifying unknown virus programe and clearing method thereof |
| CN101039177A (en) * | 2007-04-27 | 2007-09-19 | 珠海金山软件股份有限公司 | Apparatus and method for on-line searching virus |
| CN101350052A (en) * | 2007-10-15 | 2009-01-21 | 北京瑞星国际软件有限公司 | Method and apparatus for discovering malignancy of computer program |
| CN101645125A (en) * | 2008-08-05 | 2010-02-10 | 珠海金山软件股份有限公司 | Method for filtering and monitoring behavior of program |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103106366A (en) | 2013-05-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101923617B (en) | Cloud-based sample database dynamic maintaining method | |
| Bayer et al. | Scalable, behavior-based malware clustering. | |
| CN103078864B (en) | A kind of Initiative Defense Ile repair method based on cloud security | |
| US8561193B1 (en) | Systems and methods for analyzing malware | |
| CN101924761B (en) | Method for detecting malicious program according to white list | |
| CN102754104B (en) | The system and method for shared computation operating result between associated computing system | |
| CN106371975B (en) | A kind of O&M automation method for early warning and system | |
| CN101777062B (en) | Context-aware real-time computer-protection systems and methods | |
| US8108931B1 (en) | Method and apparatus for identifying invariants to detect software tampering | |
| EP2975873A1 (en) | A computer implemented method for classifying mobile applications and computer programs thereof | |
| Garcia et al. | Obfuscation-resilient, efficient, and accurate detection and family identification of android malware | |
| CN107123047B (en) | Data acquisition system based on bond transaction and data acquisition method thereof | |
| CN103839003A (en) | Malicious file detection method and device | |
| CN102413142A (en) | Active defense method based on cloud platform | |
| CN103701783B (en) | Preprocessing unit, data processing system consisting of same, and processing method | |
| CN103942491A (en) | Internet malicious code disposal method | |
| Huang et al. | Android malware development on public malware scanning platforms: A large-scale data-driven study | |
| Vadrevu et al. | Maxs: Scaling malware execution with sequential multi-hypothesis testing | |
| CN103475671A (en) | Method for detecting rogue programs | |
| CN103106366B (en) | A kind of sample database dynamic maintaining method based on cloud | |
| CN105844162B (en) | A kind of method of windows virtual machine vulnerability scanning under virtual platform | |
| CN103646213A (en) | Method and device for classifying malicious software | |
| CN105162765B (en) | A kind of cloud data security implementation method sought survival based on docking | |
| CN111309986A (en) | Big data acquisition and sharing system | |
| CN116226865A (en) | Security detection method, device, server, medium and product of cloud native application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220708 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co., Ltd |
|
| TR01 | Transfer of patent right |