CN106330885A - Cloud terminal system and method for enforcing security - Google Patents
Cloud terminal system and method for enforcing security Download PDFInfo
- Publication number
- CN106330885A CN106330885A CN201610694053.7A CN201610694053A CN106330885A CN 106330885 A CN106330885 A CN 106330885A CN 201610694053 A CN201610694053 A CN 201610694053A CN 106330885 A CN106330885 A CN 106330885A
- Authority
- CN
- China
- Prior art keywords
- cloud terminal
- cloud
- server
- security
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
Abstract
The invention provides a cloud terminal system for enforcing security. The cloud terminal system comprises a remote cloud server and a plurality of cloud terminals, wherein the remote cloud server is rich in hardware resources and software resources, the cloud terminals are connected with the remote cloud server via the Internet, relevant operations are completed by using the software and hardware resources of the remote cloud server, and relevant processing information is fed back to the cloud terminals; and the cloud terminals are provided with a security environment and a common environment. The cloud terminal system improves the security of cloud terminal communication, and simultaneously eliminates the security risk of the remote server.
Description
Technical field
The present invention relates to security system technical field, particularly relate to a kind of force safe cloud terminal system and force peace
Full method.
Background technology
SSH is a kind of procotol, the encrypted login between computer.If a user is from local computer,
Using another remote computer of SSH protocol entry, we are just it is believed that this login is safe, even if being cut by midway
Obtaining, password also will not be revealed.
SSH software kit is made up of with client two parts server end.Server end is mainly arranged on controlled terminal, i.e.
We need the object remotely managed.And client is just mounted on the main frame of operation side.SSH uses based on key
Safety certification.Under this authentication, need to rely on key to be authenticated.Now, user needs to create one for oneself
To key.User will be by the way of other safety, PKI side on the server needing remotely management.When manager connects
The when of on SSH server, client can send request to server, it is desirable to it utilizes the key of client to carry out safety
Certification.After server receives the request of client, the PKI that you will be utilized to issue him in advance compares, distinguishes.As wanted two
If individual key agreement, server is just addressed inquires to public key encryption and sends it to client software.Client software receives
After the inquiry of server, it is possible to utilize private key to be decrypted and send the result to server.
Potential safety hazard, the double secret key of SSH can copy, and SSH private key is put on illegal terminal still can be with Connection Service device
The most dangerous.
Cloud terminal or thin client are the systems that software and hardware resources is limited, do not have powerful software and hardware resources to ensure communication
Safety.The security strategy that cloud terminal can be implemented also cans be counted on one's fingers.Cloud terminal communication safety, by malicious attack, is also remotely to take
The potential safety hazard that business device faces.
Prior art discloses one " safe terminal system and terminal safety method ", sees Application No.:
The Chinese patent of 200910106166.0, this invention relates to a kind of safe terminal system, connects including terminal and by data-interface
Receive the flash memory device of described terminal, described terminal include the trusted operating system that is loaded into from described flash memory device and
Safety management client modules, described trusted operating system module, for controlling the trusted operating system of the operation of terminal;Described
Safety management client modules, is used for collecting client identity information and collection and caching run case.This invention also provides for
A kind of terminal safety method of correspondence.Terminal is controlled by this invention by the trusted operating system being loaded on flash memory device
System, original system environments on thorough shield terminal, build a security terminal environment purely, realize the safety requirements of terminal
And high-performance.
Prior art also discloses " a kind of network security terminal " and sees the China of Application No.: 201310396181.X specially
Profit, this invention relates to the technical field of network engineering, specifically a kind of network security terminal.This terminal is by main frame, network
Module, unclassified data module, Network Security Device and private data module composition, described main frame is connected with mixed-media network modules mixed-media,
Described mixed-media network modules mixed-media is connected with unclassified data module and Network Security Device, described Network Security Device and private data mould
Block is connected, and described Network Security Device also includes encrypting module and control module;Described private data module also includes safety
Authentication module.The purpose of this invention is for above-mentioned deficiency, it is provided that one facilitates easy-to-use, the network security end that safety is high
End.The technical scheme that above-mentioned two patent is used and present patent application also differ, and the technique effect reached also differs.
Summary of the invention
One of the technical problem to be solved in the present invention, is that providing a kind of forces safe cloud terminal system, and the present invention carries
The high safety of cloud terminal communication, eliminates the potential safety hazard of remote server simultaneously.
One of technical problem of the present invention is achieved in that a kind of forces safe cloud terminal system, described cloud terminal
System includes remote cloud server and multiple cloud terminals, and described remote cloud server is a hardware resource and software resource richness
Remaining server, described cloud terminal through internet is connected with remote cloud server, utilizes the software and hardware of remote cloud server to provide
Source completes related work, and associated processing intelligence feeds back to cloud terminal;
Described cloud terminal is provided with security context and conventional environment,
Described security context includes: hardware security resources, and security kernel and safety drive, and hardware security API-service
End;Described security context is provided with SOS and general safe api interface;
Described hardware security API-service end is the service pool of security implementation, and safety operation is in hardware security API-service end
Complete, then result is fed back to client;
Described conventional environment includes: hardware platform cloud terminal, popular operating systems, hardware security API-client, and cloud is eventually
End security strategy and cloud terminal security strategy are implemented;
Described cloud terminal security strategy includes secure configuration file;
Described cloud terminal security strategy is implemented to include logging in the enforcement of safety and communication security;
Described hardware security API-client is the workbox of encryption and decryption;Hardware security API-client only serves pipeline rank
Connect effect, call encryption and decryption interface and obtain result.
Further, described hardware security resources includes trusted keypad, trusted UI, hardware KEY and safety storage.
Further, described hardware platform cloud terminal includes calculating equipment and peripheral hardware thereof;Described calculating equipment includes: electricity
Source, processor, internal memory, memorizer, user interface, network interface, keyboard, mouse and touch screen.
Further, described remote cloud server includes vpn server and application server, vpn server be virtual specially
With the webserver, safely cloud terminal-specific network can be carried out remote access connected mode by common network;Application
Server can process client request.
The two of the technical problem to be solved in the present invention, a kind of method being to provide cloud terminal system to force safety, improves
The safety of cloud terminal communication, eliminates the potential safety hazard of remote server simultaneously.
The two of the technical problem of the present invention are achieved in that a kind of method that cloud terminal system forces safety, use institute
The cloud terminal system stated, described method includes: pressure safety and the cloud terminal of the cloud terminal landing process of order is led in no particular order
The pressure safety of letter process;
The pressure of described cloud terminal landing process is safely:
Step 10, cloud terminal log in first, configuration/etc/ssh/sshd.conf file, described sshd.conf file energy
Improve the safety of remote login service;
Step 11, using safe api interface to generate PKI and private key, this double secret key is directly to access, and can only pass through
Safe api interface dereference;
Step 12, use safe api interface to upload PKI to remote cloud server, forbid the direct copying behaviour of double secret key
Make;
Step 13, cloud terminal use safe key to carry out logging in remote cloud server.
The pressure of described cloud terminal communication process is safely:
Step 20, cloud terminal communicate first, configure remote cloud server address;
Step 21, disable all of network connect;
Step 22, configuration vpn server;
Step 23, enable the network traffics through local VPN.
Further, described double secret key uses mailbox, numeral or character string to indicate.
Further, described remote cloud server includes vpn server and application server, vpn server be virtual specially
With the webserver, safely cloud terminal-specific network can be carried out remote access connected mode by common network;Application
Server can process client request.
Present invention have the advantage that the pressure safety that present invention achieves cloud terminal landing process, simplify and logged in
Journey, improves the safety logged in.Achieve the pressure safety of cloud terminal communication process, the resource-constrained system of cloud terminal,
Secure resources is less, is communicated and points to server by VPN, utilizes the ability of server to provide communications security.
Accompanying drawing explanation
Fig. 1 is the structural representation of present system.
Fig. 2 is the Organization Chart that the present invention forces safe cloud terminal inner.
Fig. 3 is the flow chart forcing safety of cloud terminal landing process of the present invention.
Fig. 4 is the flow chart forcing safety of cloud terminal communication process of the present invention.
Detailed description of the invention
Referring to shown in Fig. 1 and Fig. 2, a kind of of the present invention forces safe cloud terminal system, described cloud terminal system bag
Including remote cloud server and multiple cloud terminals, described remote cloud server is the clothes that a hardware resource and software resource are more than needed
Business device, described cloud terminal through internet is connected with remote cloud server, utilizes the software and hardware resources of remote cloud server to complete
Related work, and associated processing intelligence is fed back to cloud terminal;
Wherein remote cloud server is worth high and safety requirements is the highest, cloud terminal need special safety,
To ensure that the security risk of cloud terminal will not be transmitted in remote cloud server.
Described cloud terminal is provided with security context and conventional environment,
Described security context includes: hardware security resources, and security kernel and safety drive, and hardware security API-service
End;Described security context is provided with SOS and general safe api interface;
Described hardware security API-service end is the service pool of security implementation, and safety operation is in hardware security API-service end
Complete, then result is fed back to client;
It is prior art that described security kernel and safety drive;The flow process of this security kernel and safety driving interaction is: please
When asking encryption: hardware security API-client receives the CIPHERING REQUEST of cloud terminal;Hardware security API-client call is commonly grasped
The hardware security making system drives the secure hardware accessing cloud terminal, SOS response CIPHERING REQUEST in secure hardware,
Security request is transmitted to hardware security API-service end and processes by SOS;Hardware security API-service end processes encryption
Request, and encrypted result is returned according to original route.
Described hardware security resources includes trusted keypad, trusted UI, hardware KEY and safety storage.
Described conventional environment includes: hardware platform cloud terminal, popular operating systems (i.e. cloud terminal operating system), and hardware is pacified
Full API-client, cloud terminal security strategy and cloud terminal security strategy are implemented;
Described cloud terminal security strategy includes secure configuration file;
Described cloud terminal security strategy is implemented to include logging in the enforcement of safety and communication security;
Described hardware security API-client is the workbox of encryption and decryption.Substantially encryption and decryption is to take at hardware security API-
Business end does, and hardware security API-client only serves pipeline effect, calls encryption and decryption interface and obtains result;
Described hardware platform cloud terminal includes calculating equipment and peripheral hardware thereof;Described calculating equipment includes: power supply, processor,
Internal memory, memorizer, user interface, network interface, keyboard, mouse and touch screen.
Cloud terminal comprises the polycaryon processor with safe processor, or has the multiprocessor of safe processor.Cloud is eventually
End comprises normal operating system and SOS.
The SOS of cloud terminal is responsible for safe processor, safe storage and secure memory, and externally carries
For hardware security interface.SOS comprises: security kernel and safety drive, hardware security API-service end;In safety
Core and safety drive to be responsible for driving secure hardware (safe processor, safe storage and secure memory);Security kernel and safety
Driving also is responsible for calling hardware security API-service end.The effect of SOS is in response to the safety of normal operating system please
Asking, hardware security API-service end complete safety operation, safe handling result is fed back to normal operations by SOS
System.
The normal operating system of cloud terminal, in addition to the module that the general-purpose operating system (Linux/Android) has, has
Hardware security API-client, cloud terminal security strategy and cloud terminal security strategy are implemented.Hardware security API-client is
Normal operating system accesses the passage (software interface) of SOS.Cloud terminal security strategy is the configurable safety of user
Relevant configuration file.Cloud terminal security strategy is implemented to include logging in the enforcement of safety and communication security.Cloud terminal security
Strategy is implemented to be configured by cloud terminal security strategy, i.e. logs in the security strategy of safety and communication security, by cloud terminal security strategy
Configuration.Cloud terminal security strategy configuration can affect the configurable characteristic of fractional hardware safe API-client.
The normal operating system of cloud terminal communicates with employing message mechanism before the SOS of cloud terminal.
Described remote cloud server includes vpn server and application server, and vpn server is virtual private network services
Device, can carry out remote access connected mode to cloud terminal-specific network safely by common network;Application server can be located
Reason client request.Being also provided with external server in the present invention, this external server can be mutual with remote cloud server.
Referring to shown in Fig. 3 and Fig. 4, a kind of cloud terminal system of the present invention forces the method for safety, the cloud described in employing
Terminal system, described method includes: the pressure safety of cloud terminal landing process of order and cloud terminal communication process in no particular order
Pressure safety;
The pressure of described cloud terminal landing process is safely:
Step 10, cloud terminal log in first, configuration/etc/ssh/sshd.conf file, described sshd.conf file energy
Improve the safety of remote login service;
Step 11, using safe api interface to generate PKI and private key, this double secret key is directly to access, and can only pass through
Safe api interface dereference;
Step 12, use safe api interface to upload PKI to remote cloud server, forbid the direct copying behaviour of double secret key
Make;
Step 13, cloud terminal use safe key to carry out logging in remote cloud server.
The pressure of described cloud terminal communication process is safely:
Step 20, cloud terminal communicate first, configure remote cloud server address;
Step 21, disable all of network connect;
Step 22, configuration vpn server;
Step 23, enable the network traffics through local VPN.
In the present invention, described double secret key uses mailbox, numeral or character string to indicate.
In a word, present invention achieves the pressure safety of cloud terminal landing process, simplify landfall process, improve and log in
Safety.Achieving the pressure safety of cloud terminal communication process, the resource-constrained system of cloud terminal, secure resources is less, will
Its communication points to server by VPN, utilizes the ability of server to provide communications security.
The foregoing is only presently preferred embodiments of the present invention, all impartial changes done according to scope of the present invention patent with
Modify, all should belong to the covering scope of the present invention.
Claims (7)
1. force safe cloud terminal system for one kind, it is characterised in that: described cloud terminal system includes that remote cloud server is with many
Individual cloud terminal, described remote cloud server is the server that a hardware resource and software resource are more than needed, and described cloud terminal is led to
Cross the Internet to be connected with remote cloud server, utilize the software and hardware resources of remote cloud server to complete related work, and will be relevant
Process information feeds back to cloud terminal;
Described cloud terminal is provided with security context and conventional environment,
Described security context includes: hardware security resources, and security kernel and safety drive, and hardware security API-service end;
Described security context is provided with SOS and general safe api interface;
Described hardware security API-service end is the service pool of security implementation, and safety operation is complete in hardware security API-service end
Become, then result is fed back to client;
Described conventional environment includes: hardware platform cloud terminal, popular operating systems, hardware security API-client, and cloud terminal is pacified
Full strategy and cloud terminal security strategy are implemented;
Described cloud terminal security strategy includes secure configuration file;
Described cloud terminal security strategy is implemented to include logging in the enforcement of safety and communication security;
Described hardware security API-client is the workbox of encryption and decryption;Hardware security API-client only serves pipeline linking and makees
With, call encryption and decryption interface and obtain result.
The most according to claim 1 a kind of force safe cloud terminal system, it is characterised in that: described hardware security resources
Including trusted keypad, trusted UI, hardware KEY and safety storage.
The most according to claim 1 a kind of force safe cloud terminal system, it is characterised in that: described hardware platform cloud is eventually
End includes calculating equipment and peripheral hardware thereof;Described calculating equipment includes: power supply, processor, internal memory, memorizer, user interface, network
Interface, keyboard, mouse and touch screen.
The most according to claim 1 a kind of force safe cloud terminal system, it is characterised in that: described remote cloud server
Including vpn server and application server, vpn server is virtual special network server, can by common network safely
Cloud terminal-specific network is carried out remote access connected mode;Application server can process client request.
5. the method that a cloud terminal system forces safety, it is characterised in that: use cloud as claimed in claim 1 terminal system
System, described method includes: the pressure safety of cloud terminal landing process of order and the pressure of cloud terminal communication process in no particular order
Safety;
The pressure of described cloud terminal landing process is safely:
Step 10, cloud terminal log in first, configuration/etc/ssh/sshd.conf file, and described sshd.conf file can improve
The safety of remote login service;
Step 11, using safe api interface to generate PKI and private key, this double secret key is directly to access, and can only pass through safety
Api interface dereference;
Step 12, use safe api interface to upload PKI to remote cloud server, forbid the direct copying operation of double secret key;
Step 13, cloud terminal use safe key to carry out logging in remote cloud server.
The pressure of described cloud terminal communication process is safely:
Step 20, cloud terminal communicate first, configure remote cloud server address;
Step 21, disable all of network connect;
Step 22, configuration vpn server;
Step 23, enable the network traffics through local VPN.
A kind of cloud terminal system the most according to claim 5 forces the method for safety, it is characterised in that: described double secret key makes
Indicate by mailbox, numeral or character string.
A kind of cloud terminal system the most according to claim 5 forces the method for safety, it is characterised in that: described long-distance cloud takes
Business device includes vpn server and application server, and vpn server is virtual special network server, can be pacified by common network
Entirely cloud terminal-specific network is carried out remote access connected mode;Application server can process client request.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610694053.7A CN106330885A (en) | 2016-08-19 | 2016-08-19 | Cloud terminal system and method for enforcing security |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610694053.7A CN106330885A (en) | 2016-08-19 | 2016-08-19 | Cloud terminal system and method for enforcing security |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106330885A true CN106330885A (en) | 2017-01-11 |
Family
ID=57744534
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610694053.7A Pending CN106330885A (en) | 2016-08-19 | 2016-08-19 | Cloud terminal system and method for enforcing security |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106330885A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107481370A (en) * | 2017-08-15 | 2017-12-15 | 合肥爱吾宠科技有限公司 | Intelligent community control system based on industrial computer |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102413150A (en) * | 2010-09-20 | 2012-04-11 | 联想(北京)有限公司 | Server and virtual desktop control method and virtual desktop control system |
CN102546601A (en) * | 2011-12-19 | 2012-07-04 | 广州杰赛科技股份有限公司 | Auxiliary device of cloud computing terminal for accessing virtual machine |
CN103503426A (en) * | 2011-04-21 | 2014-01-08 | 信特尼有限公司 | Method for displaying information on a display device of a terminal |
CN103986786A (en) * | 2014-06-05 | 2014-08-13 | 江苏路海物联网科技有限公司 | Remote cloud desktop operation system |
CN103986837A (en) * | 2014-05-28 | 2014-08-13 | 天地融科技股份有限公司 | Information processing method and device |
CN104426650A (en) * | 2013-09-03 | 2015-03-18 | 天津鼎瑞德网络工程有限公司 | Network security terminal |
-
2016
- 2016-08-19 CN CN201610694053.7A patent/CN106330885A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102413150A (en) * | 2010-09-20 | 2012-04-11 | 联想(北京)有限公司 | Server and virtual desktop control method and virtual desktop control system |
CN103503426A (en) * | 2011-04-21 | 2014-01-08 | 信特尼有限公司 | Method for displaying information on a display device of a terminal |
CN102546601A (en) * | 2011-12-19 | 2012-07-04 | 广州杰赛科技股份有限公司 | Auxiliary device of cloud computing terminal for accessing virtual machine |
CN104426650A (en) * | 2013-09-03 | 2015-03-18 | 天津鼎瑞德网络工程有限公司 | Network security terminal |
CN103986837A (en) * | 2014-05-28 | 2014-08-13 | 天地融科技股份有限公司 | Information processing method and device |
CN103986786A (en) * | 2014-06-05 | 2014-08-13 | 江苏路海物联网科技有限公司 | Remote cloud desktop operation system |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107481370A (en) * | 2017-08-15 | 2017-12-15 | 合肥爱吾宠科技有限公司 | Intelligent community control system based on industrial computer |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11722465B2 (en) | Password encryption for hybrid cloud services | |
US11706205B2 (en) | Extending single-sign-on to relying parties of federated logon providers | |
US20200322170A1 (en) | Identity Authentication Method and System, and Computing Device | |
US10595202B2 (en) | Dynamic access to hosted applications | |
EP3742369A1 (en) | Systems and methods for establishing a channel between multiple devices | |
US11895096B2 (en) | Systems and methods for transparent SaaS data encryption and tokenization | |
JP6656157B2 (en) | Network connection automation | |
EP3011429B1 (en) | Multiple authority data security and access | |
CA2792707C (en) | Associating services to perimeters | |
US9240977B2 (en) | Techniques for protecting mobile applications | |
US7644434B2 (en) | Computer security system | |
EP3132559B1 (en) | Automatic log-in and log-out of a session with session sharing | |
CN111193698B (en) | Data processing method, device, terminal and storage medium | |
US20120254622A1 (en) | Secure Access to Electronic Devices | |
US11647025B2 (en) | Systems and methods for continuous authentication | |
CN109472130A (en) | Linux cipher management method, middle control machine, readable storage medium storing program for executing | |
US20210182440A1 (en) | System for preventing access to sensitive information and related techniques | |
CA3095060A1 (en) | Systems and methods for an embedded browser | |
US20200374372A1 (en) | Systems and methods for aggregating skills provided by a plurality of digital assistants | |
CN104519055A (en) | VPN (virtual private network) service implementation method, VPN service implementation device and VPN server | |
US11557016B2 (en) | Tracking image senders on client devices | |
CN102412969B (en) | Method for carrying out authentication by remotely using certificate and secret key, apparatus and system thereof | |
CN103152328B (en) | A kind of conferencing information control system based on wireless network and control method thereof | |
CN103269301A (en) | Desktop type IPSecVPN cryptographic machine and networking method | |
CN106330885A (en) | Cloud terminal system and method for enforcing security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170111 |
|
RJ01 | Rejection of invention patent application after publication |