CN1190924C - Method of isolating user in radio local network - Google Patents
Method of isolating user in radio local network Download PDFInfo
- Publication number
- CN1190924C CN1190924C CNB021537305A CN02153730A CN1190924C CN 1190924 C CN1190924 C CN 1190924C CN B021537305 A CNB021537305 A CN B021537305A CN 02153730 A CN02153730 A CN 02153730A CN 1190924 C CN1190924 C CN 1190924C
- Authority
- CN
- China
- Prior art keywords
- packet
- access point
- radio access
- wireless
- mac
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Small-Scale Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention discloses a method for isolating users in a radio local network. The method firstly sends radio data packets which are originally relayed and forwarded by an IEEE802.11MAC firmware to a radio bridge module at a radio access point, then, the source address information and the target MAC address information of the received packets are judged, whether the data packets are forwarded or discarded is decided according to the forwarding items of a bridge and the filtering items of MAC data packets, and radio users in the same distribution system (DS) are isolated. The method adopts a double-layer radio firewall mechanism. The present invention can be used for isolating the radio users as well as can filter and forward the MAC data packets by rule match and processing method definition, and realizes the functions of a firewall.
Description
Technical field
The present invention relates generally to the communications field based on the WLAN (wireless local area network) WLAN of IEEE 802.11 standards (WirelessLAN), relates in particular to a kind of method that user in the WLAN (wireless local area network) WLAN is isolated.
Background technology
In the application system that the WLAN (wireless local area network) WLAN technology that adopts at present based on IEEE 802.11 standards inserts and covers, typical collocation form is formed Basic Service Set BSS (Basic Service Set) wireless coverage unit by radio access point AP (Access Point) 1 and user site 2, both constituted a Basic Service Set BSS as shown in Figure 1, the communication between a plurality of wireless user's websites 2 at this moment need be carried out relaying by radio access point (AP) 1 and transmit.Then on the basis of Basic Service Set BSS, a plurality of Basic Service Set BSS can connect into a compartment system DS (Distribution System) that coverage is bigger by wired or wireless mode, as shown in Figure 2, radio access point 1 among the Basic Service Set BSS-A and the radio access point 1 among the Basic Service Set BSS-B are connected on the bus 3 of compartment system DS by wired mode.The communication that wireless user's website under wherein different radio accessing points (AP) 1 covers is 2 all needs the radio access point (AP) 1 by its access, and radio access point at this moment (AP) 1 has played the effect of wireless transparent bridge.
As shown in Figure 3, based on above-mentioned compartment system DS, at many public places or hot zones, as airport, hotel, conference centre etc., link service provider or telecom operators can focus on the outlet of this compartment system DS on certain access controller 4, and then, dispose the public wireless access network, for the user offers wireless internet services by router five access the Internet.Like this, radio access point (AP) 1 covers the radio access point 1 of wireless user's website down 2 by its access, through compartment system DS bus 3, is linked on the Internet by router five by the access controller 4 in exit, thereby realizes wireless Internet access.
Existing all radio access points (AP) 1 equipment is in above-mentioned wireless Internet access system, served as two roles: the one, realized the relaying forwarding capability of communicating by letter between wireless user's website in the Basic Service Set BSS wireless coverage unit, as shown in Figure 4, single-threaded cell S TA-1 will send to packet single-threaded cell S TA-2, at first single-threaded cell S TA-1 sends to radio access point 1 with packet, there is contingency table 7 in the wireless network card 6 in the radio access point 1, the corresponding relation that has single-threaded cell S TA-1 and STA-2 in the contingency table 7, call the BSS relaying forwarding module 8 in the wireless network card 6 then, received packet is delivered to single-threaded cell S TA-2, and then oppositely send " affirmation " message to STA-1; The 2nd, do the bridge in wireless user's website 2 access compartment system DS processes, as shown in Figure 5, single-threaded cell S TA-1 will send to packet in the process of single-threaded cell S TA-2, at first STA-1 is sent to packet the radio access point A of its access, search by the bridge learning table module 9 among the radio access point A, insert radio access point B by compartment system DS again, carry out credit verification by the bridge learning table module 10 among the radio access point B, send to single-threaded cell S TA-2 again, STA-2 oppositely sends " affirmation " message again and gives STA-1 then.When link service provider or telecom operators offer wireless internet services for the wireless user, directly carry out transfer of data between the user who does not wish in fact in compartment system DS, to surf the Net, so that protection subscriber computer data resource improves communications security.
For making the user when getting online without being tethered to a cable, forbid the direct data communication between the user, we need forbid the relaying forwarding capability of radio access point (AP) 1 in Basic Service Set BSS inside, do not allow the directly intercommunication mutually of all wireless users in the compartment system DS simultaneously.Because the relaying forwarding capability of radio access point (AP) 1 is the standard feature of IEEE802.11, and be in the firmware (Firmware) of IEEE802.11 MAC chip, to realize, and main radio access point (AP) 1 equipment manufacturers do not have the ability of revising IEEE802.11 MAC chip firmware at present, do not wish that simultaneously IEEE802.11 MAC chip deletion relaying transmits this function yet, therefore need take other way to address this problem.
Summary of the invention
A kind of relaying forwarding capability in not deleting IEEE802.11 MAC chip firmware that The present invention be directed to above-mentioned problems of the prior art and propose, and can realize method that user in the WLAN (wireless local area network) is isolated.
Technical scheme of the present invention is as follows:
(1) at first be provided with in the driver of IEEE 802.11 MAC chips in the bridge module that the wireless data packet that meets IEEE 802.11 agreements that former cause IEEE802.11 MAC chip firmware is directly transmitted all sends to radio access point AP and handle, described wireless data packet comprises source address and target MAC (Media Access Control) address;
(2) the bridge module of radio access point AP is after receiving wireless data packet, inquiry is corresponding to the wireless bridge forwarding-table item of the target MAC (Media Access Control) address of this packet, the target MAC (Media Access Control) address of seeing this packet whether on identical radio access point AP port, if this data packet discarding would be fallen to disregard;
(3) in the bridge module of radio access point AP, create MAC Packet Filtering table, at each wireless data packet of receiving, all pass through this Packet Filtering table of inquiry, retrieve " rule " that match in order, find out and this " rule " corresponding " processing method " according to this list item then, make corresponding processing.
The bridge module of radio access point AP also comprises receiving port number from each packet that the IEEE802.11 wave point receives.
The packet that the bridge module of radio access point AP receives will guarantee it is that port from radio access point AP receives into.
The bridge module of radio access point AP is after receiving wireless data packet, inquiry is corresponding to the wireless bridge forwarding-table item of the target MAC (Media Access Control) address of this packet, whether the target MAC (Media Access Control) address of seeing this packet is on identical radio access point AP port, if this data packet discarding fallen to disregard would be to add one section code in the function that filters by the wireless bridge module achieve frame at radio access point AP to realize, and run duration can dynamic-configuration be open and closed.
Described MAC Packet Filtering table mainly comprises the data filter static table of being formulated by the user, each in the table all corresponding one " matched rule ", and one " processing method ".
Described " matched rule " is or multinomial combination in mac source matching addresses, MAC matching destination address, IP source address coupling, IP matching destination address, Transmission Control Protocol coupling, udp protocol coupling, data-in port coupling, data-out port coupling, other special matched.
Above-mentioned described " processing method " includes reception to packet, operation such as transmits and abandon.
By using the partition method of two layers of firewall system of above-mentioned employing, can no thoroughfare directly carry out data communication between wireless user's website of radio access point AP online in the same compartment system DS, thereby realize isolation, improve communications security the wireless user; But also can carry out two layers Packet Filtering and forwarding, realize the function of two layers of fire compartment wall.
Description of drawings
Fig. 1 is the Basic Service Set composition frame chart of WLAN (wireless local area network);
Fig. 2 is the compartment system composition frame chart in the WLAN (wireless local area network);
Fig. 3 is the topological diagram of public wireless access network;
Fig. 4 is the relaying forwarding capability schematic diagram of radio access point;
Fig. 5 is the bridge functional schematic of radio access point;
Fig. 6 is the flow chart that the inventive method realizes;
Fig. 7 is the simple examples that the present invention realizes two layers of firewall system.
Embodiment
Below in conjunction with accompanying drawing embodiment of the present invention are made further sets forth in detail.
As shown in Figure 6, in step 100, in order not allow the firmware of IEEE 802.11 MAC chips directly transmit the communication data packet between the wireless user in the Basic Service Set BSS, need in the driver of IEEE 802.11 MAC chips, be provided with all packets that meets 802.11 agreements are all sent in the bridge module of radio access point AP and handle, rather than adopt original method directly to transmit by 802.11 MAC firmwares.And at present, this function can both be set in the driver of all IEEE 802.11 MAC chips, and all get radio access point AP and also all must adopt wireless transparent bridge module, thus this just guaranteed should invention realization prerequisite.
In step 110, wherein each packet of receiving of the bridge module of radio access point AP all comprises the information of source address and target MAC (Media Access Control) address, if the packet that receives from IEEE 802.11 wave points also will obtain receiving port number.Stop will receive from radio access point AP port from the packet of single-threaded cell S TA1 after, port by same radio access point AP sends among the single-threaded cell S TA2 again, only need guarantee that the packet that receive is under the situation of coming in from radio access point AP port, inquire about the wireless bridge forwarding-table item in 802.11 wireless network cards of this radio access point AP corresponding to the target MAC (Media Access Control) address of this packet, whether the source address of seeing this target MAC (Media Access Control) address and this packet in step 120 is on identical radio access point AP port, if would forward step 130 to, this data packet discarding is fallen to disregard.Like this, the packet that communicates between the wireless user of Basic Service Set BSS inside all can't send to the targeted customer by same radio access point AP.The realization of this function can realize by add one section code in the filtering frames function of the wireless bridge module of radio access point AP, and is the state of opening or closing at the relaying forwarding capability that run duration can dynamically arrange radio access point AP.
If the source address of this packet and target MAC (Media Access Control) address be not on identical radio access point AP port then forward step 140 in step 120, further inquire about the MAC Packet Filtering table in the radio access point AP wireless bridge module, retrieve " rule " with this packet characteristic matching, as then not using default in the table, make corresponding processing according to " processing method " of this list item correspondence then.Port numbers as the access controller of the source MAC of this packet and target MAC (Media Access Control) address is identical, and the respective handling of then making is for abandoning this packet, if inequality then do to transmit and handle.
Create more complicated MAC Packet Filtering table mechanism in the wireless bridge module of radio access point AP, i.e. " the wireless fire compartment wall of the second layer " is used for forbidding directly carrying out data communication between the different radio website under the same compartment system DS.In this media interviews control MAC packet filtering system, key is that three key elements will be arranged: table, rule and processing; Wherein table is meant the Packet Filtering static table of customization, each in the table all corresponding one " matched rule ", and each " matched rule " all corresponding one corresponding " processing method ".Wherein matched rule can be one or more following combinations: one or multinomial combination in media interviews control mac source matching addresses, MAC matching destination address, Internet protocol IP source address matches, IP matching destination address, transmission control protocol Transmission Control Protocol coupling, User Datagram Protoco (UDP) udp protocol coupling, data-in port coupling, data-out port coupling, other special matched.Wherein corresponding with above-mentioned " matched rule " processing method has reception, transmit, abandon etc.
As in the public wireless access network, for preventing directly to carry out data communication between the different radio user site among the same compartment system DS, in MAC Packet Filtering table, can add one " AP can be forwarded to the data of AP port, and its data source address MAC Address must be the MAC Address of the access control equipment in wireless network exit; And must be the MAC Address of the access control equipment in wireless network exit by the wireless data target MAC (Media Access Control) address that the AP port receives " matched rule; and be " abandoning "; then when a packet that meets this matched rule; both carried out the packet of relaying; when transmitting; then radio access point AP can abandon this packet, will not transmit through radio access point AP by an access controller to processing method that should matched rule.Utilize this method just can filter out direct data communication between the wireless user, thereby just realized isolation the wireless user by the MAC Packet Filtering table of bridge module among the radio access point AP.
The second layer that this MAC Packet Filtering table is used between wireless user's website is isolated, also have an important characteristic, because every in the table come into force according to order, this specific character can be used for reaching the unification of general and specific (special) requirements.For example, if system wishes to have only the computer user of particular mac address or IP address just can have access to the WEB configuration page of this radio access point AP, then can be " requiring given MAC of source address matches or IP address; the address of matching destination address AP itself; destination interface coupling 80 (HTTP) ", and the processing method of corresponding this occurrence is " reception " by in MAC Packet Filtering table, increasing a matched rule; And then behind table, add one, and " source address is any, the address of matching destination address AP own, destination interface coupling 80 (HTTP) ", corresponding this processing method is " abandoning ".If the user disposes the page from specific terminal login radio access point AP, then article one taking effect rules is no longer retrieved the second rule, and packet is received processing; And if the user attempts to visit this radio access point AP configuration page from other terminal, the connection request packet of its initiation article one rule that do not match is but mated the second rule, according to this rule process, this request data package should be discarded.This function is very similar with general IP layer fire compartment wall, but owing to it is realized on two layers, is a kind of " two layers of fire compartment wall " therefore.
Wherein the Packet Filtering table of two layers of fire compartment wall implements also difference of complexity according to practical application request.As Fig. 7 is two layers of fire compartment wall to a simple examples based on the user isolation of WLAN (wireless local area network), does not wherein relate to complex rule and method, but only based on the transmission direction of MAC Address control data bag.Radio access point can realize that the wireless user data between same AP inside and the different AP is isolated by this method.
At first, set up a MAC control table in radio access point AP, each is opened the MAC control table and all comprises:
(1) target MAC (Media Access Control) address: the MAC Address that specifies radio website 2 can only have access to;
(2) permission/prohibitory sign: control wireless site 2 is to the opening and closing of this MAC Address communication.
If the user isolation pattern that insert radio access point AP this moment is opened, when when website-2 has upstream data to pass through AP (radio port one〉cable port), AP searches this address list item according to the target MAC (Media Access Control) address of packet earlier from MAC control table 12.If no, then with data packet discarding; If this MAC Address list item is arranged, and permission/prohibitory sign is " permission ", and the port numbers of searching this target MAC (Media Access Control) address from the bridge learning table of AP then mails to this packet the AP port at this MAC Address place.
Same under the situation that the user isolation pattern is opened, to mail to wireless site-1 o'clock (cable port-radio port) as downlink data by AP, AP checks the port numbers of packet rs destination MAC Address earlier from the bridge learning table, if this target MAC (Media Access Control) address not in the bridge learning table, or the port numbers of target MAC (Media Access Control) address is cable port, then with data packet discarding; If the port numbers of target MAC (Media Access Control) address is a radio port, then continues to check the source MAC of this packet, and from MAC control table 11, search this address list item.If this list item not is then with data packet discarding; If this MAC Address list item is arranged, and permission/prohibitory sign is " permission ", then this packet mail to radio port, thereby packet is sent to wireless site-1.
What describe among Fig. 7 is that the typical case of radio access point AP need carry out user isolation the time uses.Add the MAC Address list item of access controller 4 this moment in the MAC control table, and open it, and all wireless users under then radio access point AP covers can only surf the Net by access controller 4, and can't have access to other wireless site.If in local area network (LAN), also have other public server to allow user capture, also can in the MAC control table, add this MAC address of server list item, so that some public resources of user capture.
Two layers of fire compartment wall have many complicated more and useful safety functions based on different realizations.But basic principle all is that the MAC packet is used various predefine rules and method, and the flow direction of control data bag reaches the purpose of data security.Because data are wrapped in two layers just to be filtered and handle, and needn't arrive three layers or the more high-rise data filter that carries out again, therefore two layers of fire compartment wall can more effectively be isolated user data, and can reduce network burden.
Claims (7)
1, a kind of method that user in the WLAN (wireless local area network) is isolated is characterized in that performing step is as follows:
(1) at first be provided with in the driver of IEEE802.11MAC chip in the bridge module that the wireless data packet that meets the IEEE802.11 agreement that former cause IEEE802.11MAC chip firmware is directly transmitted all sends to radio access point AP and handle, described wireless data packet comprises source address and target MAC (Media Access Control) address;
(2) the bridge module of radio access point AP is after receiving wireless data packet, inquiry is corresponding to the wireless bridge forwarding-table item of the target MAC (Media Access Control) address of this packet, the target MAC (Media Access Control) address of seeing this packet whether on identical radio access point AP port, if this data packet discarding would be fallen to disregard;
(3) in the bridge module of radio access point AP, create MAC Packet Filtering table, at each wireless data packet of receiving, all pass through this Packet Filtering table of inquiry, retrieve " rule " that match in order, find out and this " rule " corresponding " processing method " according to this list item then, make corresponding processing.
2, the method that user in the WLAN (wireless local area network) is isolated according to claim 1 is characterized in that, the bridge module of radio access point AP also comprises receiving port number from each packet that the IEEE802.11 wave point receives.
3, the method that user in the WLAN (wireless local area network) is isolated according to claim 1 is characterized in that, the packet that the bridge module of radio access point AP receives will guarantee it is that port from radio access point AP receives into.
4, the method that user in the WLAN (wireless local area network) is isolated according to claim 1, it is characterized in that, the bridge module of radio access point AP is after receiving wireless data packet, inquiry is corresponding to the wireless bridge forwarding-table item of the target MAC (Media Access Control) address of this packet, whether the target MAC (Media Access Control) address of seeing this packet is on identical radio access point AP port, if this data packet discarding fallen to disregard would be to add one section code in the function that filters by the wireless bridge module achieve frame at radio access point AP to realize, and run duration can dynamic-configuration be open and closed.
5, the method that user in the WLAN (wireless local area network) is isolated according to claim 1, it is characterized in that, described MAC Packet Filtering table mainly comprises the data filter static table of being formulated by the user, in the table each all corresponding one " matched rule ", and one " processing method ".
6, the method that user in the WLAN (wireless local area network) is isolated according to claim 5, it is characterized in that described " matched rule " is or multinomial combination in mac source matching addresses, MAC matching destination address, IP source address coupling, IP matching destination address, Transmission Control Protocol coupling, udp protocol coupling, data-in port coupling, data-out port coupling, other special matched.
7, the method that user in the WLAN (wireless local area network) is isolated according to claim 5 is characterized in that, described " processing method " includes reception to packet, transmits, abandons.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB021537305A CN1190924C (en) | 2002-12-03 | 2002-12-03 | Method of isolating user in radio local network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB021537305A CN1190924C (en) | 2002-12-03 | 2002-12-03 | Method of isolating user in radio local network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1414742A CN1414742A (en) | 2003-04-30 |
CN1190924C true CN1190924C (en) | 2005-02-23 |
Family
ID=4752342
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB021537305A Expired - Fee Related CN1190924C (en) | 2002-12-03 | 2002-12-03 | Method of isolating user in radio local network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN1190924C (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102547708A (en) * | 2012-02-22 | 2012-07-04 | 深圳市共进电子股份有限公司 | Method for isolating wireless virtual access points |
Families Citing this family (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100366026C (en) * | 2003-07-06 | 2008-01-30 | 华为技术有限公司 | A method for implementing message forwarding control in routing equipment |
US7672318B2 (en) * | 2003-11-06 | 2010-03-02 | Telefonaktiebolaget L M Ericsson (Publ) | Adaptable network bridge |
CN100373874C (en) * | 2004-06-30 | 2008-03-05 | 智邦科技股份有限公司 | Method for searching initial inlet end of target medium access control address |
CN1735072B (en) * | 2004-08-13 | 2010-04-21 | 中兴通讯股份有限公司 | Improved realization process for WLAN net bridge transparent bridge |
CN100362792C (en) * | 2005-08-16 | 2008-01-16 | 浙江中控技术有限公司 | Intelligent gate bridge and its method for realizing network isolation control ' |
US7966654B2 (en) * | 2005-11-22 | 2011-06-21 | Fortinet, Inc. | Computerized system and method for policy-based content filtering |
CN100459583C (en) * | 2006-04-28 | 2009-02-04 | 杭州华三通信技术有限公司 | Data forwarding controlling method and apparatus |
US9137663B2 (en) | 2006-11-02 | 2015-09-15 | Cisco Technology, Inc. | Radio frequency firewall coordination |
CN101582880B (en) * | 2008-05-14 | 2012-06-06 | 北京启明星辰信息技术股份有限公司 | Method and system for filtering messages based on audited object |
CN102098269A (en) * | 2009-12-15 | 2011-06-15 | 中兴通讯股份有限公司 | Method for filtering MAC (Media Access Control) addresses in broadband access system |
CN101827366B (en) * | 2010-03-24 | 2013-03-13 | 北京星网锐捷网络技术有限公司 | Method, unit and device for isolating wireless network user |
CN102594791A (en) * | 2011-12-15 | 2012-07-18 | 江苏亿通高科技股份有限公司 | Implementation method of multimedia over Coax Alliance (MoCA) system frame filtering |
CN105897712A (en) * | 2016-04-11 | 2016-08-24 | 深圳市信锐网科技术有限公司 | Packet forwarding method and device based on wireless hotspot |
CN106878986B (en) * | 2017-01-05 | 2021-03-26 | 新华三技术有限公司 | User isolation method and device |
CN108200617A (en) * | 2018-01-26 | 2018-06-22 | 上海康斐信息技术有限公司 | A kind of method and system of double frequency relaying |
CN109981462B (en) * | 2019-03-28 | 2021-06-22 | 新华三技术有限公司 | Message processing method and device |
CN113612697A (en) * | 2021-08-19 | 2021-11-05 | 迈普通信技术股份有限公司 | Message forwarding control method and device, network equipment and wireless network system |
-
2002
- 2002-12-03 CN CNB021537305A patent/CN1190924C/en not_active Expired - Fee Related
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102547708A (en) * | 2012-02-22 | 2012-07-04 | 深圳市共进电子股份有限公司 | Method for isolating wireless virtual access points |
Also Published As
Publication number | Publication date |
---|---|
CN1414742A (en) | 2003-04-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN1190924C (en) | Method of isolating user in radio local network | |
KR100372403B1 (en) | Remote proxy system and method | |
CA2272054C (en) | A method and apparatus for filtering packets using a dedicated processor | |
US20020107961A1 (en) | Secure internet communication system | |
US7362763B2 (en) | Apparatus and method for classifying traffic in a distributed architecture router | |
US6158008A (en) | Method and apparatus for updating address lists for a packet filter processor | |
CN1153416C (en) | MAC address based telecommunication limiting method | |
US7355970B2 (en) | Method and apparatus for enabling access on a network switch | |
JP4166942B2 (en) | Internet protocol traffic filter for mobile radio networks | |
CN100437550C (en) | Ethernet confirming access method | |
US7325058B1 (en) | Method and system for controlling subscriber access in a network capable of establishing connections with a plurality of domain sites | |
US20130208592A1 (en) | Traffic-control-based data transmission method and communication system | |
US9154404B2 (en) | Method and system of accessing network for access network device | |
WO2017186069A1 (en) | Data transmission method and network device | |
CN101198946A (en) | VoIP proxy server | |
CN104363231A (en) | Network security isolation and information exchange method and system based on one-way channel | |
Chirillo | Hack attacks revealed: A complete reference with custom security hacking toolkit | |
CN1521993A (en) | Network control method and equipment | |
CN101541038A (en) | Method and device for strengthening upper layer application stability loaded by wireless local area network | |
CN112367263A (en) | Multicast data message forwarding method and equipment | |
CN1581833A (en) | Public internet connecting service system and access line connecting device | |
WO2015061781A1 (en) | Network architecture with fixed routing | |
EP2073506B1 (en) | Method for resolving a logical user address in an aggregation network | |
CN103685310A (en) | Device and method for dynamic data injection in VPDN(Virtual Private Dial-up Network) | |
CN1444363A (en) | Method for implementing Ethernet local area network in public place |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C17 | Cessation of patent right | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20050223 Termination date: 20100104 |