CN109145628B - Data acquisition method and system based on trusted execution environment - Google Patents
Data acquisition method and system based on trusted execution environment Download PDFInfo
- Publication number
- CN109145628B CN109145628B CN201811039301.XA CN201811039301A CN109145628B CN 109145628 B CN109145628 B CN 109145628B CN 201811039301 A CN201811039301 A CN 201811039301A CN 109145628 B CN109145628 B CN 109145628B
- Authority
- CN
- China
- Prior art keywords
- application
- trusted
- control
- key
- client application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
Abstract
The application discloses a data acquisition method and system based on a trusted execution environment, and relates to the field of information security. The main technical scheme of the application is as follows: calling a CA control interface, and establishing a secure channel between the client application and the trusted application; and acquiring the security data of the trusted application through the security channel. By adopting the technical scheme, the safe transmission of data can be ensured, and the remote identity authentication requirement of a specific industry can be met; and the CA control interface is unified, so that the development of client application is reduced.
Description
Technical Field
The present application relates to the field of information security, and in particular, to a data acquisition method and system based on a trusted execution environment.
Background
With the popularization of smart phones and the development of mobile internet applications, various applications, such as WeChat scanning payment, Paibao scanning payment, two-dimensional code promotion information scanning, application two-dimensional code downloading and the like, which scan bar codes or two-dimensional codes through cameras appear in the market.
Because the common intelligent terminal equipment is developed based on an open operating system, particularly an Android open system, certain potential safety hazards exist, the common intelligent terminal equipment is easy to attack, and various safety problems are caused. Therefore, certain potential safety hazards also exist in applications (such as camera shooting, scanning and the like) based on the open system, the collected information has the possibility of being tampered in the collection process, certain potential safety hazards exist, and particularly the applications related to financial payment are related, and the safety risks are higher.
Therefore, how to ensure the security of data acquisition of biological identification equipment such as a camera or fingerprint acquisition is a problem to be solved urgently in the existing financial payment scene.
Disclosure of Invention
The application aims to provide a data acquisition method and a data acquisition system based on a trusted execution environment, which ensure the safe transmission of data of biological identification equipment such as a camera or fingerprint acquisition.
In order to achieve the above object, the present application provides a data acquisition method based on a trusted execution environment, which is applied to a system comprising an application server and a mobile terminal; the mobile terminal comprises a client application and a CA control which run in a rich execution environment, and a trusted application which runs in a trusted execution environment, and the method comprises the following steps: the application server calls a CA control interface through the client application to establish a secure channel between the application server and the trusted application; and the application server uses the secure channel to collect data through the trusted application in the trusted execution environment.
As above, wherein, establishing a secure channel between the client application and the trusted application includes the following sub-steps:
calling a CA control interface, responding to an initialization request sent by a client application, and executing initialization operation; and establishing a secure channel according to the initialization request.
As above, wherein the initialization is performed, comprising the sub-steps of:
loading a trusted application, and mutually verifying the validity of the trusted application and the CA control;
the CA control verifies the legitimacy of the client application.
As above, the establishing of the secure channel specifically includes: the client application negotiates a session key with the trusted application.
The application also provides a data acquisition terminal based on the trusted execution environment, including: the mobile terminal comprises a client application and a CA control which run in a rich execution environment, and a trusted application which runs in a trusted execution environment;
the application server calls the CA control interface through the client application to establish a secure channel between the application server and the trusted application;
and the trusted application collects the security data and sends the security data to the application server through the security channel.
As above, the client application further includes an operation module, which calls the CA control according to the initialization request;
the CA control comprises an initialization module, executes initialization operation and establishes a secure channel according to an initialization request.
As above, the initialization module is specifically configured to verify the legitimacy of the trusted application and the client application.
As above, wherein the trusted application further comprises a storage module for storing the session key negotiated with the client application.
The application server further includes a storage module, configured to store the session key negotiated with the trusted application.
The beneficial effect that this application realized is as follows: according to the method, the biological identification equipment is used as a safety application TA in a TEE safety environment of the mobile equipment, and the data is ensured to be transmitted safely by acquiring data in the safety application and performing bidirectional authentication on the TA and a background service system; all service transmission is completely processed by a background system, so that the application of a specific industry is met; and the CA control interface is unified, so that the development of client application is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings can be obtained by those skilled in the art according to the drawings.
FIG. 1 is a diagram of a trusted execution environment based data collection system provided herein;
FIG. 2 is a flowchart of a trusted execution environment based data collection method provided in the present application;
fig. 3 is a flowchart illustrating a specific operation of establishing a secure channel between a client application and a trusted application.
FIG. 4 is a flowchart illustrating the specific operations of performing initialization;
FIG. 5 is a flowchart illustrating the operation of establishing a secure channel;
fig. 6 is a flowchart illustrating a specific operation of the client application to collect the camera data.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
With the rapid development of network technology and intelligent terminals, a user can download a large amount of applications into a terminal device, and in order to ensure the security of data collected by the applications, the application provides a data collection system based on a trusted execution environment, which is applied to a system composed of an application server 11 and a terminal device 12, as shown in fig. 1.
The application server 11 is a background service processing system of a client application CA (client application), embeds a key and a key algorithm, calculates a random number and the key using the key algorithm, generates an application ciphertext, and provides the application ciphertext and the key as initialization request data to the client application CA.
The processor of the terminal device 12 is provided with two execution environments, which are a rich execution Environment 121 (refer Environment, hereinafter) and a trusted execution Environment 122 (trustexecution Environment, hereinafter, referred to as TEE).
The REE is a generic insecure execution environment, may include a plurality of client applications, and executes a generic rich instruction operating system, such as an Andriod system. The TEE is a trusted secure execution environment that includes multiple trusted applications ta (trusted application) and executes a more secure trusted operating system. The trusted application TA in the TEE includes various application services, such as a security camera, a security fingerprint collector, and the like.
In order to reduce the development of client application when accessing a trusted application TA in the TEE, a CA control interface is configured in a unified manner, and the CA control interface can be a child control in the client application CA and an independent control provided by an agent.
And calling a CA control interface to establish a secure channel between the REE and the TEE, and then a client application in the REE can acquire the secure data of the trusted application TA in the TEE through the secure channel without being tampered in the transmission process.
Examples
An embodiment of the present application provides a data acquisition method based on a trusted execution environment, as shown in fig. 2, including:
step 21: calling a CA control interface, and establishing a secure channel between an application server and a trusted application;
referring to fig. 3, in this embodiment, establishing a secure channel between an application server and a trusted application specifically includes:
step 310: the client application calls a CA control interface and sends an initialization request;
each client application comprises a unique client application identifier, and a plurality of client application identifiers are stored in the trusted application and used for distinguishing client application types for sending acquisition requests.
Specifically, the client application sends an initialization request to the application server first, and receives initialization data returned by the application server; and then the client application calls a CA control interface and sends an initialization request containing initialization data and a client identifier to the CA control, namely, the initialization data and the client identifier are used as parameters and are transmitted into the CA control interface.
The sent initialization request comprises a client application identifier, and the received initialization data comprises a random number and an application ciphertext generated by an application server;
specifically, in response to an initialization request of a client application, an application server generates a random number, and performs hash operation on a built-in first sub-key, a built-in second sub-key and the random number to obtain an encryption key; then, encrypting the client application identifier in the initialization request by using the encryption key to obtain an application ciphertext;
preferably, the application server performs sha256 operation on the random number, the first sub-key and the second sub-key, and the first 16 bytes of the obtained numerical value are taken as the encryption key.
Step 320: the CA control executes initialization operation and establishes a secure channel according to the initialization request;
referring to fig. 4, in the present embodiment, the executing the initialization operation specifically includes:
step 410, loading a trusted application TA, and mutually verifying the validity of the trusted application TA and the CA control;
specifically, the CA control calls a corresponding TA through system service, and the TA passes through a signature of a TEE of a mobile phone manufacturer when being issued, so that the CA control verifies the validity of the trusted application TA by verifying the signature information of the trusted application TA, and loads the trusted application TA in a TEE trusted execution environment after the validity is verified;
the TA is internally provided with the package name of the CA control and the hash value of the signature certificate, and after the TA is successfully loaded, the validity of the CA control is verified through the internally provided information.
Step 420, the CA control verifies the validity of the client application;
after the CA control passes the validity verification, further verifying the validity of the client application;
the key in the application server is divided into a first sub-key and a second sub-key, and the first sub-key of the application server is preset in the trusted application TA; presetting a second sub-key of the application server in the CA control;
calling a CA control interface, sending the received initialization data and the second sub-key to a trusted application TA by the CA control, generating a decryption key by the trusted application TA by using the built-in first sub-key, the received second sub-key and a random number in the initialization data, decrypting an application ciphertext in the initialization data by using the decryption key, and when the data obtained by decryption is judged to be matched with a client application identifier preset in the trusted application TA, passing the legitimacy authentication of the client application, and returning an authentication passing response to the client application through the CA control.
Referring to fig. 5, in the present embodiment, the operation of establishing the secure channel includes:
step 510, the client application initiates a request for establishing a secure channel to the application server;
step 520, the application server generates a session key, encrypts the session key by using the encryption key, and sends an encryption result to the trusted application through the client application and the CA control;
step 530, the trusted application decrypts the received encryption result by using the decryption key, and saves the data obtained by decryption as a session key;
step 540, the trusted application generates a random number, encrypts the random number and the client application identifier by using the session key, and sends an encryption result and the random number to the application server through the CA control and the client application;
step 550, the application server decrypts the received encryption result by using the session key, and when the decrypted data matches the client application identifier and the received random number, the validity verification of the trusted application is passed, and the secure channel is successfully established;
in the embodiment, when the client application is initialized, the trusted application already verifies the validity of the client application, so that only the client application needs to verify that the trusted application is legal when the security channel is established;
and the client application and the trusted application verify that the validity is passed, which shows that the session keys stored by the client application and the trusted application are the same, namely the establishment of the secure channel is successful.
With continued reference to fig. 2, step 22: collecting security data of the trusted application through a security channel;
as shown in fig. 6, in this embodiment, taking the case that the client application acquires the camera data as an example, the specific operation of acquiring the data is as follows:
step 610, the client application calls a CA control interface and sends a data acquisition command to the CA control;
step 620, the CA control calls a trusted application interface and sends a data acquisition command to the trusted application;
step 630, the trusted application starts the security camera and collects security data in the security camera;
step 640, the trusted application encrypts the acquired security data by using the negotiated session key, and returns the obtained ciphertext data to the application server through the secure channel via the CA control and the client application;
step 650, the application server decrypts the received ciphertext data by using the negotiated session key, and obtains the security data of the security camera after the decryption is successful;
after the application server decrypts the security data, the security data is used for subsequent operations, for example, face recognition is required for login of a mobile phone bank, the mobile phone bank collects face data of a security camera in the trusted application after the operations, then face data verification operation is continued, a verification success response is sent to the mobile phone bank application after verification is successful, and the mobile phone bank login is successful.
Preferably, after the client application finishes executing the acquisition operation, the CA control interface is called, the trusted application is unloaded, and the CA control resource and the trusted application resource are released.
Illustratively, the present application applies to the following scenarios:
(1) based on the biometric feature collection such as fingerprints of the TEE safe environment, a user in a special industry (such as a remote login intranet) collects the fingerprint of a local user when a VPN (Virtual Private Network) is connected, and the identity authentication and related service processing of remote login can be realized.
(2) For example, in a scene with a high requirement on the security level of the system, a plurality of pieces of fingerprint information can be collected at the same time.
The beneficial effect that this application realized is as follows:
(1) the information acquisition CA control based on the TEE safety environment can be called by a third-party client application, can support camera acquisition and also can support biological information acquisition such as fingerprints, the difficulty of the third-party client application in developing the TEE environment-based application is reduced, the third-party client application can be used without concerning specific application details as long as related encrypted information is obtained.
(2) The information acquisition based on the TEE safety environment ensures that the source of the information is not tampered in the acquisition process, the acquired data is encrypted in the TEE environment and then transmitted to the application server, and the information of the transmission path is not replaced or changed.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application. It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.
Claims (10)
1. A data acquisition method based on a trusted execution environment is characterized by being applied to a system consisting of an application server and a mobile terminal; the mobile terminal comprises a client application and a CA control which run in a rich execution environment, and a trusted application which runs in a trusted execution environment, and the method comprises the following steps:
the application server calls a CA control interface through the client application to establish a secure channel between the application server and the trusted application;
the application server uses the secure channel to collect data through the trusted application under the trusted execution environment;
the method specifically comprises the following steps of verifying the validity between the mobile terminal and the application server and verifying the validity inside the mobile terminal:
verifying the validity between the mobile terminal and the application server, specifically comprising:
the key in the application server is divided into a first sub key and a second sub key, the first sub key is preset in the trusted application, and the second sub key is preset in the CA control;
responding to an initialization request sent by a client, an application server generates a random number, performs hash operation on a built-in first sub-secret key, a built-in second sub-secret key and the random number to obtain an encryption secret key, and encrypts a client identifier in the initialization request by using the encryption secret key to obtain an application ciphertext;
calling a CA control interface, sending the received initialization data and the second sub-key to the trusted application by the CA control, generating a decryption key by the trusted application by using the built-in first sub-key, the received second sub-key and a random number in the initialization data, decrypting an application ciphertext by using the decryption key, and when the data obtained by decryption is judged to be matched with a client application identifier preset in a trusted application TA, passing the legitimacy authentication of the client application, and returning an authentication passing response to the client application through the CA control;
verifying the validity of the interior of the mobile terminal specifically comprises the following steps:
the CA control calls a corresponding TA through system service, and the TA passes through a signature of a TEE of a mobile phone manufacturer when being issued, so that the CA control verifies the validity of the trusted application TA by verifying the signature information of the trusted application TA, and loads the trusted application TA in a TEE trusted execution environment after the validity is verified;
the TA is internally provided with the package name of the CA control and the hash value of the signature certificate, and after the TA is successfully loaded, the validity of the CA control is verified through the internally provided information.
2. A data acquisition method as claimed in claim 1, wherein establishing a secure channel between the application server and the trusted application comprises the sub-steps of:
the application server responds to an initialization request sent by the client application, calls a CA control interface through the client application and executes initialization operation;
and establishing a secure channel according to the initialization request.
3. A data acquisition method as claimed in claim 2, wherein the initialization is performed comprising the sub-steps of:
loading a trusted application, and mutually verifying the validity of the trusted application and the CA control;
the CA control verifies the legitimacy of the client application.
4. The data collection method of claim 3, wherein verifying the validity of the client application specifically comprises:
the application server responds to an initialization request sent by the client application to generate an encryption key, encrypts a client application identifier in the initialization request by using the encryption key to obtain an application ciphertext and sends the application ciphertext to the client application;
the client application calls a CA control, and the CA control sends the application cryptograph and the client application identification to the trusted application;
and the trusted application generates a decryption key, decrypts the application ciphertext by using the decryption key, and if the decrypted data is matched with the received client application identifier, the client application validity authentication is passed.
5. The data acquisition method as claimed in claim 2, wherein the establishing of the secure channel specifically comprises: the client application negotiates a session key with the trusted application.
6. A trusted execution environment based data acquisition system, wherein the system performs the data acquisition method of any one of claims 1-5, the acquisition system comprising: the mobile terminal comprises a client application and a CA control which run in a rich execution environment, and a trusted application which runs in a trusted execution environment;
the application server calls the CA control interface through the client application to establish a secure channel between the application server and the trusted application;
and the trusted application collects the security data and sends the security data to the application server through the security channel.
7. The data acquisition system of claim 6,
the client application also comprises an operation module which calls the CA control according to the initialization request;
the CA control comprises an initialization module, executes initialization operation and establishes a secure channel according to an initialization request.
8. The data collection system of claim 7, wherein the initialization module is specifically configured to verify legitimacy of the trusted application and the client application.
9. The data acquisition system of claim 6, wherein the trusted application further comprises a storage module for storing session keys negotiated with the application server.
10. The data acquisition system of claim 6, wherein the application server further comprises a storage module to store the session key negotiated with the trusted application.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811039301.XA CN109145628B (en) | 2018-09-06 | 2018-09-06 | Data acquisition method and system based on trusted execution environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811039301.XA CN109145628B (en) | 2018-09-06 | 2018-09-06 | Data acquisition method and system based on trusted execution environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109145628A CN109145628A (en) | 2019-01-04 |
| CN109145628B true CN109145628B (en) | 2020-08-25 |
Family
ID=64827375
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811039301.XA Active CN109145628B (en) | 2018-09-06 | 2018-09-06 | Data acquisition method and system based on trusted execution environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109145628B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110175457B (en) * | 2019-04-08 | 2021-07-30 | 全球能源互联网研究院有限公司 | Trusted operating system and method of dual-architecture |
| CN110474874B (en) * | 2019-07-11 | 2023-02-17 | 中国银联股份有限公司 | Data security processing terminal, system and method |
| CN110677261B (en) * | 2019-09-29 | 2023-05-12 | 四川虹微技术有限公司 | Trusted two-dimensional code generation method and device, electronic equipment and storage medium |
| CN111382713B (en) * | 2020-03-12 | 2022-10-04 | 展讯通信(上海)有限公司 | Biometric identification method, biometric identification system, electronic device, and storage medium |
| CN112187734B (en) * | 2020-09-09 | 2021-12-14 | 中国科学院信息工程研究所 | IPSec component architecture and VPN tunnel establishment method |
| CN113486411A (en) * | 2021-07-19 | 2021-10-08 | 上海擎昆信息科技有限公司 | Security chip and design method and initialization method thereof |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105591791A (en) * | 2015-04-10 | 2016-05-18 | 中国银联股份有限公司 | Equipment for exchanging security information |
| CN107426174A (en) * | 2017-06-09 | 2017-12-01 | 武汉果核科技有限公司 | A kind of access control system and method for credible performing environment |
| CN107679858A (en) * | 2017-10-24 | 2018-02-09 | 恒宝股份有限公司 | Mobile terminal and method of mobile payment |
| CN109905350A (en) * | 2017-12-08 | 2019-06-18 | 阿里巴巴集团控股有限公司 | A kind of data transmission method and system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105307163B (en) * | 2015-12-01 | 2019-03-19 | 恒宝股份有限公司 | A kind of safety communicating method and device |
| CN106936774B (en) * | 2015-12-29 | 2020-02-18 | 中国电信股份有限公司 | Authentication method and system in trusted execution environment |
| CN108322907B (en) * | 2017-01-17 | 2021-03-09 | 中国移动通信有限公司研究院 | Card opening method and terminal |
| CN107689868B (en) * | 2017-09-12 | 2021-09-07 | 北京握奇智能科技有限公司 | Communication method and device for client application and trusted application and terminal |
-
2018
- 2018-09-06 CN CN201811039301.XA patent/CN109145628B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105591791A (en) * | 2015-04-10 | 2016-05-18 | 中国银联股份有限公司 | Equipment for exchanging security information |
| CN107426174A (en) * | 2017-06-09 | 2017-12-01 | 武汉果核科技有限公司 | A kind of access control system and method for credible performing environment |
| CN107679858A (en) * | 2017-10-24 | 2018-02-09 | 恒宝股份有限公司 | Mobile terminal and method of mobile payment |
| CN109905350A (en) * | 2017-12-08 | 2019-06-18 | 阿里巴巴集团控股有限公司 | A kind of data transmission method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109145628A (en) | 2019-01-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109145628B (en) | Data acquisition method and system based on trusted execution environment | |
| CN109150835B (en) | Cloud data access method, device, equipment and computer readable storage medium | |
| US20180082050A1 (en) | Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device | |
| CN111431719A (en) | Mobile terminal password protection module, mobile terminal and password protection method | |
| AU2020412566A1 (en) | Contactless card personal identification system | |
| CN113114668B (en) | Information transmission method, mobile terminal, storage medium and electronic equipment | |
| CN111401901B (en) | Authentication method and device of biological payment device, computer device and storage medium | |
| CN108319857B (en) | Trusted application locking and unlocking method and system | |
| CN112232814A (en) | Encryption and decryption method of payment key, payment authentication method and terminal equipment | |
| CN113395406B (en) | Encryption authentication method and system based on power equipment fingerprint | |
| CN105577619B (en) | Client login method, client and system | |
| CN110838919B (en) | Communication method, storage method, operation method and device | |
| CN107026730B (en) | Data processing method, device and system | |
| WO2021007472A1 (en) | Methods and systems for securing and utilizing a personal data store on a mobile device | |
| CN114501431A (en) | Message transmission method and device, storage medium and electronic equipment | |
| CN113872989A (en) | Authentication method and device based on SSL protocol, computer equipment and storage medium | |
| US11431514B1 (en) | Systems for determining authenticated transmissions of encrypted payloads | |
| US9977907B2 (en) | Encryption processing method and device for application, and terminal | |
| CN112118209A (en) | Account number operation method and device of vehicle equipment | |
| CN108574658B (en) | Application login method and device | |
| CN109936522B (en) | Equipment authentication method and equipment authentication system | |
| CN112131597A (en) | Method and device for generating encrypted information and intelligent equipment | |
| CN114007218B (en) | Authentication method, authentication system, terminal and digital identity authentication functional entity | |
| CN116866093B (en) | Identity authentication method, identity authentication device, and readable storage medium | |
| CN113506390B (en) | Access control method, device, equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP02 | Change in the address of a patent holder | ||
| CP02 | Change in the address of a patent holder |
Address after: 801, 8 / F, building 4a, international R & D headquarters park, 68 Olympic street, Jianye District, Nanjing City, Jiangsu Province 210019 Patentee after: JIANGSU HENGBAO INTELLIGENT SYSTEM TECHNOLOGY Co.,Ltd. Address before: Hengtang Industrial Park, Yunyang town, Danyang City, Zhenjiang City, Jiangsu Province Patentee before: JIANGSU HENGBAO INTELLIGENT SYSTEM TECHNOLOGY Co.,Ltd. |