CN111914267B - Soc framework data isolation system based on FPGA - Google Patents

Soc framework data isolation system based on FPGA Download PDF

Info

Publication number
CN111914267B
CN111914267B CN202010620292.4A CN202010620292A CN111914267B CN 111914267 B CN111914267 B CN 111914267B CN 202010620292 A CN202010620292 A CN 202010620292A CN 111914267 B CN111914267 B CN 111914267B
Authority
CN
China
Prior art keywords
module
data
state information
signature
data packet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010620292.4A
Other languages
Chinese (zh)
Other versions
CN111914267A (en
Inventor
洪蒙纳
葛卫敏
任炳宇
郑田丰
李继庚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Boyt Guangzhou Industrial Internet Co ltd
Original Assignee
Boyt Guangzhou Industrial Internet Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Boyt Guangzhou Industrial Internet Co ltd filed Critical Boyt Guangzhou Industrial Internet Co ltd
Priority to CN202010620292.4A priority Critical patent/CN111914267B/en
Publication of CN111914267A publication Critical patent/CN111914267A/en
Application granted granted Critical
Publication of CN111914267B publication Critical patent/CN111914267B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/76Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30098Register arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Mathematical Physics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to the technical field of data isolation. A Soc framework data isolation system based on an FPGA comprises an upper computer, a first device, a second device and an FPGA programmable logic circuit, wherein a data private protocol module, an encryption module, a signature module, a firewall module, a readable register module and a read-write register module are arranged on the FPGA programmable logic circuit, and data are mutually transmitted between the first device and the second device through the FPGA programmable logic circuit. The invention has the beneficial effects that: the system can realize data safety isolation in the data transmission and processing process, improves the safety and confidentiality of data transmission, achieves the real-time performance of the data transmission speed and the data processing speed, and has strong expansibility and adaptability.

Description

Soc framework data isolation system based on FPGA
Technical Field
The invention relates to the technical field of data isolation, in particular to a soc architecture data isolation system based on an FPGA.
Background
The coming of the industrial 4.0 era brings a development mode of on-demand production, more and more industrial control systems move from an original closed operation environment to an open internet + environment, security isolation is used as security guarantee of data transmission between devices, protection of device data can be achieved on the basis of not breaking an original physical isolation environment, the existing data isolation system generally uses a tailored linux system or other simulation systems and is achieved through software, but the tailored system can enable isolation of data transmission to be weak, all functions are achieved through the software, development flexibility is low, data transmission computing capacity is weak, and accordingly adaptability and low performance of a using platform are achieved.
Disclosure of Invention
The invention aims to provide a Soc architecture data isolation system based on an FPGA (field programmable gate array), which can realize data security isolation in the data transmission and processing processes, improves the security and confidentiality of data transmission, achieves the real-time performance of the data transmission speed and the data processing speed, and has stronger expansibility and adaptability.
In order to achieve the purpose, the invention adopts the following technical scheme:
a soc architecture data isolation system based on FPGA comprises an upper computer, a first device, a second device and an FPGA programmable logic circuit, wherein the FPGA programmable logic circuit is provided with a data private protocol module, an encryption module, a signature module, a firewall module, a readable register module and a read-write register module, and the first device and the second device mutually transmit data through the FPGA programmable logic circuit;
the upper computer is a control unit end based on a soc framework and integrates development control of multiple systems;
the data proprietary protocol module is used for forming a transmission format specification for negotiation between the first device and the FPGA programmable logic circuit and between the second device and the FPGA programmable logic circuit respectively;
the encryption module is used for executing encryption operation on an unencrypted data packet or executing decryption operation on an encrypted data packet;
the signature module is used for executing signature identification processing on an unsigned data packet and executing identification verification processing on a signed data packet;
the firewall module is used for aiming at Ethernet packet data, taking an IP address and an MAC address as safety judgment standards, when the IP address and the MAC address accord with a white list of the firewall module, continuing to transmit the data packet, otherwise, discarding the data packet, and aiming at the data packet of a non-Ethernet message, not using the firewall module;
the readable register module is used for receiving the state information of each functional module and transmitting the state information to the upper computer through a first data transmission channel, the upper computer can only acquire the state information but cannot change the state information, and the state information comprises data private module state information, encryption module state information, signature module state information and firewall module state information;
the upper computer inputs the parameter configuration of each functional module to the read-write register module through a second data transmission channel, so as to perform parameter configuration operation on each functional module, and simultaneously reads the current configuration of each functional module to confirm whether the configuration needs to be changed, the read-write register can be read and written by the upper computer, and randomly changes and inquires the built-in data information, and the configuration parameters comprise data private protocol parameter configuration, encryption module parameter configuration, signature module parameter configuration and firewall module parameter configuration.
Furthermore, the data private protocol module is provided with a data packet header setting, a data packet length setting, a data packet tail setting and a data packet verification setting, and one or more of the settings can be selected to form a data private protocol; the data private module state information refers to state information of the number of correct transmission type data packets and the number of error discarding type data packets under the operation state of the current data private protocol; the data private protocol parameter configuration refers to judging whether the type of the data private protocol needs bypass configuration.
Further, the encryption module adopts the SM4 algorithm or the SM9 algorithm of the national password to perform encryption operation on unencrypted data packets or decryption operation on encrypted data packets; the encryption module state information refers to the state information of the number of correct decryption packets and the number of error decryption packets in the running state of the current data private protocol; the encryption module parameter configuration refers to judging whether the parameter of the algorithm used by the encryption module needs bypass configuration.
Further, the signature module adopts SM4 algorithm or SM9 algorithm of national cipher to execute signature identification processing on the unsigned data packet and identification verification processing on the signed data packet; the signature module state information refers to the state information of the number of correct signature verification packets and the number of error signature verification packets in the running state of the current data private protocol; the signature module parameter configuration refers to judging whether the parameters of the algorithm used by the signature module need to be configured by bypass or not.
Furthermore, the firewall module state information refers to state information conforming to the number of the white list data packets and the number of the non-conforming white list data packets in the operating state of the current data private protocol; the firewall module parameter configuration refers to judging whether bypass is needed to be configured or not when the white list input of the firewall module is input.
The invention has the beneficial effects that: the system realizes data transmission, data safety isolation and data processing functions through the FPGA programmable logic circuit, and meanwhile, the upper computer effectively inquires the state information and parameter configuration of each functional module in the FPGA programmable logic circuit through each data transmission channel, so that the data isolation system based on the soc architecture is realized; the fpga programmable logic circuit is used for realizing main functional modules, so that the safety and flexibility of logic development are stronger; the data transmission and data processing are realized by an algorithm and a data private protocol which are built in the fpga programmable logic circuit, the data transmission speed and the data processing speed can achieve the real-time effect, the safety and the isolation of data are improved in the data transmission and data processing processes, and a data isolation system realized by utilizing the soc framework can have stronger expansibility and adaptability of a using platform.
Drawings
Fig. 1 is a schematic structural diagram of a soc architecture data isolation system based on an FPGA of the present invention.
Fig. 2 is a schematic diagram of the structure of a data proprietary protocol module in the present invention.
FIG. 3 is a flow chart of an embodiment of the soc architecture data isolation system based on FPGA of the present invention.
Detailed Description
The technical solution in the embodiments of the present invention will be described below with reference to the accompanying drawings.
As shown in fig. 1, an soc architecture data isolation system based on FPGA comprises an upper computer 1, a first device 2, a second device 3 and an FPGA programmable logic circuit 4, wherein the FPGA programmable logic circuit 4 is provided with a data private protocol module 5, an encryption module 6, a signature module 7, a firewall module 8, a readable register module 9 and a read-write register module 10, and the first device 2 and the second device 3 mutually transmit data through the FPGA programmable logic circuit 4;
the upper computer 1 is a control unit end based on a soc framework and integrates development control of multiple systems;
the data private protocol module 5 is a transmission format specification for forming negotiation between the first device 2 and the second device 3 and the FPGA programmable logic circuit 4 respectively;
the encryption module 6 is used for performing encryption operation on an unencrypted data packet or performing decryption operation on an encrypted data packet;
the signature module 7 is used for executing signature identification processing on an unsigned data packet and executing identification verification processing on a signed data packet;
the firewall module 8 is used for aiming at the data of the Ethernet packet, taking an IP address and an MAC address as safety judgment standards, when the IP address and the MAC address accord with a white list of the firewall module 8, continuing to transmit the data packet, otherwise, discarding the data packet, and aiming at the data packet of a non-Ethernet message, not using the firewall module 8;
the readable register module 9 is used for receiving state information of each functional module and transmitting the state information to the upper computer 1 through a first data transmission channel 11, the upper computer 1 can only obtain the state information and cannot change the state information, and the state information includes data private module state information 12, encryption module state information 13, signature module state information 14 and firewall module state information 15;
the read-write register module 10 is used for storing and forwarding configuration parameters of each functional module, the upper computer 1 inputs parameter configuration of each functional module to the read-write register module 10 through the second data transmission channel 16, further performs parameter configuration operation on each functional module, and reads current configuration of each functional module to confirm whether the configuration needs to be changed, the read-write register 10 can be read and written by the upper computer 1, and randomly changes and inquires built-in data information, and the configuration parameters include data private protocol parameter configuration 17, encryption module parameter configuration 18, signature module parameter configuration 19 and firewall module parameter configuration 20.
As shown in fig. 2, the data private protocol module 5 is provided with a packet header setting 21, a packet length setting 22, a packet trailer setting 23, and a packet verification setting 24, where one or more of the settings may be selected to form a data private protocol; the data private module state information 12 is state information of the number of correct transmission type data packets and the number of error discarding type data packets in the operating state of the current data private protocol; the data private protocol parameter configuration 17 is to determine whether the type of the data private protocol needs bypass configuration.
The encryption module 6 adopts SM4 algorithm or SM9 algorithm of national password to execute encryption operation on unencrypted data packets or decryption operation on encrypted data packets; the encryption module state information 13 is state information of the number of correct decryption packets and the number of incorrect decryption packets in the running state of the current data private protocol; the encryption module parameter configuration 18 is to determine whether the parameter of the algorithm used by the encryption module 6 needs bypass configuration.
The signature module 7 adopts SM4 algorithm or SM9 algorithm of national secret to execute signature identification processing on an unsigned data packet and identification verification processing on a signed data packet; the signature module state information 14 is state information of the number of correct signature verification packets and the number of error signature verification packets in the operating state of the current data private protocol; the signature module parameter configuration 19 is to determine whether the parameter of the algorithm used by the signature module 7 needs to be configured by bypass.
The firewall module state information 15 is state information of the number of data packets conforming to the white list and the number of data packets not conforming to the white list in the operating state of the current data private protocol; the firewall module parameter configuration 20 is to determine whether the white list input of the firewall module 8 needs bypass configuration.
Examples
As shown in fig. 1 and 3, in this embodiment, the first device 2 is a collection-side device, the second device 3 is a transmission-side device, and the upper computer 1 is a processing system integrated in the first device 2, and a data transmission process of the system includes the following steps:
the method comprises the following steps: the upper computer 1 is started to start to enter a normal working state;
step two: the upper computer 1 acquires the state information of each functional module through the readable register module 9, detects whether each functional module normally operates, resets the abnormal functional module if the abnormal functional module is detected, and executes the third step after all the functional modules are in the normal operation state;
step three: the upper computer 1 performs different parameter configurations on each functional module through the read-write register module 10, the transmission format specification of the data private protocol is selected to be a packet header, a data length, a data packet and a packet tail, a transmission public key is configured for an encryption algorithm in the encryption module 6 and a signature algorithm in the signature module 7, a white list is configured for the firewall module 8, and after parameter configurations of all the functional modules are completed, the fourth step is executed;
step four: the first device 2 sends a data packet with a data private protocol to the FPGA programmable logic circuit 4;
step five: the data private protocol module 5 executes judgment operation of a data private protocol for the received data packet, the data packet of which the data private protocol does not conform to the transmission format specification is directly discarded, and the data packet of which the data private protocol conforms to the transmission format specification is transmitted to the next functional module;
step six: the packet performs an encryption job in the encryption module 6 according to the SM4 algorithm;
step seven: the data packet performs a signing operation in the signing module 7 according to the SM4 algorithm;
step eight: judging the MAC address and the IP address of the data packet in the firewall module 8, directly discarding the data packet which does not conform to the white list, and transmitting the data packet which conforms to the white list to the second device 3;
step nine: the second device 3 executes the signature verification operation and the decryption operation on the received data packet, and obtains real data.
Similarly, the process of sending data to the first device 2 by the second device 3 is consistent with the above process, and data interaction between the first device 2 and the second device 3 is realized.
The beneficial effect of this system is as follows:
1. the system realizes the functions of data transmission, data safety isolation and data processing through the FPGA programmable logic circuit, and meanwhile, the upper computer effectively inquires the state information and parameter configuration of each functional module in the FPGA programmable logic circuit through each data transmission channel, so that the data isolation system based on the soc architecture is realized.
2. The fpga programmable logic circuit is used for realizing main functional modules, and the safety and flexibility of logic development are stronger.
3. The data transmission and data processing are realized by an algorithm and a data private protocol which are built in the fpga programmable logic circuit, the data transmission speed and the data processing speed can achieve the real-time effect, the safety and the isolation of data are improved in the data transmission and data processing processes, and a data isolation system realized by utilizing the soc framework can have stronger expansibility and adaptability of a using platform.

Claims (5)

1. The utility model provides a soc framework data isolation system based on FPGA, including host computer (1), first equipment (2), second equipment (3) and FPGA programmable logic circuit (4), its characterized in that: the FPGA programmable logic circuit (4) is provided with a data private protocol module (5), an encryption module (6), a signature module (7), a firewall module (8), a readable register module (9) and a read-write register module (10), and the first device (2) and the second device (3) mutually transmit data through the FPGA programmable logic circuit (4);
the upper computer (1) is a control unit end based on a soc framework and integrates development control of multiple systems;
the data private protocol module (5) is used for forming a transmission format specification for negotiation between the first device (2) and the second device (3) and the FPGA programmable logic circuit (4) respectively; the encryption module (6) is used for performing encryption operation on an unencrypted data packet or performing decryption operation on an encrypted data packet;
the signature module (7) is used for executing signature identification processing on an unsigned data packet and executing identification verification processing on a signed data packet;
the firewall module (8) is used for aiming at the data packet of the Ethernet message, taking an IP address and an MAC address as safety judgment standards, when the IP address and the MAC address accord with a white list of the firewall module (8), continuing to transmit the data packet, otherwise, discarding the data packet, and aiming at the data packet of the non-Ethernet message, not using the firewall module (8);
the readable register module (9) is used for receiving state information of each functional module and transmitting the state information to the upper computer (1) through a first data transmission channel (11), the upper computer (1) can only obtain the state information but cannot change the state information, and the state information comprises data private module state information (12), encryption module state information (13), signature module state information (14) and firewall module state information (15); the read-write register module (10) is used for storing and forwarding configuration parameters of each functional module, the upper computer (1) inputs the parameter configuration of each functional module to the read-write register module (10) through a second data transmission channel (16), further performs parameter configuration operation on each functional module, reads the current configuration of each functional module to confirm whether the change is needed, the read-write register module (10) can be used for the upper computer (1) to read and write, and randomly changes and inquires built-in data information, and the configuration parameters comprise data private protocol parameter configuration (17), encryption module parameter configuration (18), signature module parameter configuration (19) and firewall module parameter configuration (20).
2. The FPGA-based soc architecture data isolation system of claim 1, wherein: the data private protocol module (5) is provided with a data packet header setting (21), a data packet length setting (22), a data packet tail setting (23) and a data packet verification setting (24), and one or more of the settings can be selected to form a data private protocol; the data private module state information (12) refers to the state information of the number of correct transmission type data packets and the number of error discarding type data packets under the operation state of the current data private protocol; the data private protocol parameter configuration (17) is to judge whether the type of the data private protocol needs bypass configuration.
3. The FPGA-based soc architecture data isolation system of claim 2, wherein: the encryption module (6) adopts the SM4 algorithm or the SM9 algorithm of the national password to execute encryption operation on unencrypted data packets or decryption operation on encrypted data packets; the encryption module state information (13) refers to the state information of the number of correct decryption packets and the number of error decryption packets in the running state of the current data private protocol; the encryption module parameter configuration (18) is to judge whether the parameter of the algorithm used by the encryption module (6) needs bypass configuration.
4. The FPGA-based soc architecture data isolation system of claim 3, wherein: the signature module (7) adopts SM4 algorithm or SM9 algorithm of national secret to execute signature identification processing on an unsigned data packet and identification verification processing on a signed data packet; the signature module state information (14) refers to the state information of the number of correct signature verification packets and the number of error signature verification packets in the running state of the current data private protocol; the signature module parameter configuration (19) is to judge whether the parameters of the algorithm used by the signature module (7) need to be configured by bypass.
5. The FPGA-based soc architecture data isolation system of claim 4, wherein: the firewall module state information (15) refers to state information conforming to the quantity of the white list data packets and the quantity of the non-conforming white list data packets in the operating state of the current data private protocol; the firewall module parameter configuration (20) is to judge whether bypass is needed to be configured or not when the white list input of the firewall module (8) is input.
CN202010620292.4A 2020-07-01 2020-07-01 Soc framework data isolation system based on FPGA Active CN111914267B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010620292.4A CN111914267B (en) 2020-07-01 2020-07-01 Soc framework data isolation system based on FPGA

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010620292.4A CN111914267B (en) 2020-07-01 2020-07-01 Soc framework data isolation system based on FPGA

Publications (2)

Publication Number Publication Date
CN111914267A CN111914267A (en) 2020-11-10
CN111914267B true CN111914267B (en) 2022-04-05

Family

ID=73227112

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010620292.4A Active CN111914267B (en) 2020-07-01 2020-07-01 Soc framework data isolation system based on FPGA

Country Status (1)

Country Link
CN (1) CN111914267B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114884986A (en) * 2022-04-21 2022-08-09 武汉芯鑫微电子有限公司 Private protocol LoT control system and method based on SoC

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109446143A (en) * 2018-10-16 2019-03-08 武汉精立电子技术有限公司 A kind of data serial transmission control system and method based on FPGA
CN110941862A (en) * 2019-12-11 2020-03-31 博依特(广州)工业互联网有限公司 Data isolation system based on FPGA + ARM
CN110995726A (en) * 2019-12-11 2020-04-10 博依特(广州)工业互联网有限公司 Network isolation system of FPGA chip based on embedded ARM

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109446143A (en) * 2018-10-16 2019-03-08 武汉精立电子技术有限公司 A kind of data serial transmission control system and method based on FPGA
CN110941862A (en) * 2019-12-11 2020-03-31 博依特(广州)工业互联网有限公司 Data isolation system based on FPGA + ARM
CN110995726A (en) * 2019-12-11 2020-04-10 博依特(广州)工业互联网有限公司 Network isolation system of FPGA chip based on embedded ARM

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
具有PCI和并行接口的数据采集系统设计;刘艳云;《微计算机信息》;20080605(第16期);111-113 *
基于ZYNQ的千兆以太网数据包处理架构;诸俊辉等;《电子设计工程》;20200520(第10期);108-113+118 *

Also Published As

Publication number Publication date
CN111914267A (en) 2020-11-10

Similar Documents

Publication Publication Date Title
CN109842585B (en) Network information safety protection unit and protection method for industrial embedded system
US11709950B2 (en) Security system and method for protecting a vehicle electronic system
CN110430014B (en) Hardware encryption gateway and encryption method for field bus channel encryption
CN112291230B (en) Data security authentication transmission method and device for terminal of Internet of things
CN113194097B (en) Data processing method and device for security gateway and security gateway
King Investigating and securing communications in the Controller Area Network (CAN)
CN112910932B (en) Data processing method, device and system
CN111914267B (en) Soc framework data isolation system based on FPGA
WO2021042736A1 (en) Encryption method for application data unit in water conservancy industrial control system
US20210409388A1 (en) Method and Apparatus for Managing Reception of Secure Data Packets
CN106161386A (en) A kind of method and apparatus realizing that IPsec shunts
Khemissa et al. Centralized architecture for ECU security management in connected and autonomous vehicles
US11599649B2 (en) Method and apparatus for managing transmission of secure data packets
CN110995726B (en) Network isolation system of FPGA chip based on embedded ARM
CN210092965U (en) Power distribution terminal and power distribution network system
Luo et al. Routing and security mechanisms design for automotive tsn/can fd security gateway
CN112910646A (en) Data processing method and device of server cipher machine and server cipher machine
CN112804265A (en) Unidirectional network gate interface circuit, method and readable storage medium
CN118118235A (en) Internet of vehicles multi-data type encryption method and system based on FPGA
Feng et al. Design of a Miniature Communication Conversion Module Applied in the Power Internet of Things
CN115696497A (en) Communication method, system and terminal equipment between power distribution terminals based on 5G technology
Wang et al. An OTA-oriented Protocol for Security Protection
CN117439791A (en) Secret communication safety terminal device, method, medium and equipment
CN114329543A (en) Data isolation encryption system based on FSMC and AXI bus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant