CN1411199A - Content safe monitoring system based on digital label and its method - Google Patents

Content safe monitoring system based on digital label and its method Download PDF

Info

Publication number
CN1411199A
CN1411199A CN 02145112 CN02145112A CN1411199A CN 1411199 A CN1411199 A CN 1411199A CN 02145112 CN02145112 CN 02145112 CN 02145112 A CN02145112 A CN 02145112A CN 1411199 A CN1411199 A CN 1411199A
Authority
CN
China
Prior art keywords
content
label
server module
module
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN 02145112
Other languages
Chinese (zh)
Other versions
CN1194498C (en
Inventor
陈璐艺
施建俊
李建华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Jiaotong University
Original Assignee
Shanghai Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Jiaotong University filed Critical Shanghai Jiaotong University
Priority to CNB021451125A priority Critical patent/CN1194498C/en
Publication of CN1411199A publication Critical patent/CN1411199A/en
Application granted granted Critical
Publication of CN1194498C publication Critical patent/CN1194498C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

A safety monitor system based on digital label content includes a customer end and a server end which contain agent server module, label office module, tactics server module, verified server module, network information server module, the label office module; tactics server module connects with the agent server module and verified server module via network, the network information server module is connected to the back of the agent server module, the agent server module, verified server module are connected with the customer terminal via network. The method is to add labels to information content to be managed via safety tactics based on label in content distribution process and vertified auditing process to be processed in sequence.

Description

Content safety supervisory control system and method based on digital label
Technical field
What the present invention relates to is a kind of information content safety monitoring system and method, and particularly a kind of content safety supervisory control system and method based on digital label belong to filed of network information security.
Background technology
Specifically content safety in the information security, is to prevent client terminal download malice or harmful information content, confidential information safe transmission and issue, information content access control and audit.Because relate to the contents supervision, computer need be discerned automatically to the information content.Yet that is that all right is ripe for technology such as natural language understanding, is not enough to finish this task.Even the algorithm that some are comparatively ripe also is at English document.More immature for Chinese document text-processing technology.In this case, we bring into use the mode of digital label to carry out the contents supervision.The application number of submitting to the applicant is in the patent documentation of 01139014.X, we are at the method for digital label, designed a kind of web page server of expansion, the difference of this server and traditional server is, it is in content distributed, can insert webpage to digital label then by inquiring about a server that is referred to as label office.Like this, the webpage of issue has just had digital label, does not provide client or how other application program makes digital label play a role but do not mention.The patent of the applicant's application, number of patent application is: 01139015.8, name is called: based on the network information content grading management method of PKIX, this patent documentation at the content safety monitoring Demand Design on the Internet a kind of information content management method based on PKIX, in this method, proposition utilizes PKIX to sign and issue and the administering digital label, and this method utilizes the mode of multi-zone supervision to come a large amount of certificate centers at different levels are managed.But this mode is applicable to public network, rather than is used for enterprises concerning security matters network, because generally be not equipped with certificate center on Intranet, moreover the certificate center quantity on the Internet is few at present, the technology imperfection.
Summary of the invention
The present invention is directed to the deficiencies in the prior art and defective, a kind of content safety supervisory control system and method based on digital label is provided, make it be applicable to the enterprises classified network, certificate of necessity center is not supported, by network information medium being added the method for label, the transmission of important content on the managerial grid internet avoids data to be abused.The present invention is achieved through the following technical solutions, system of the present invention comprises: the client and server end, server end passes through proxy modules, the authentication server module is connected with client, server end is except common network information server, increased acting server, label office, strategic server, four modules of authentication server, label office module is connected with the authentication server module with proxy modules by network with the strategic server module, the network information server module is connected the rear end of proxy modules, avoids directly being visited by client.
Client has also increased a miscellaneous function module except generic browser, browser and miscellaneous function module are positioned at same computer, is connected with proxy modules, the authentication server module of server end by network.
Proxy modules is actually an enhancing version that common proxy modules has been increased new function.It can carry out the inquiry of searching label and control strategy after receiving user's request, and can whether send this information to client according to label and strategy decision, perhaps before information is sent to client content is encrypted.Proxy modules can be finished access control function, and when the user asked some pages, proxy modules is the label and the access control policy of this page of inquiry earlier, if strategy allows, then finish user's requested operation, otherwise, return show the operation unaccepted html page.
The later security strategy of information content issue is implemented by the authentication server module, in fact asks after a certain page as the user, and proxy modules returns to client is the page after encrypting.Deciphering to the page realizes by browser plug-in.Guaranteed in the time of insert design that the user can't preserve the page of plain code in this locality, but can preserve the page after the encryption.In the time of resource after user capture is downloaded like this, still need be by the checking of authentication server, and obtain decruption key.To guarantee to decipher the back when it is pointed out that insert design here and destroy key, by the authentication server module can guarantee user's download Internet resources still can continue to implement security strategy later on.
With above-mentioned similar, the user also finishes by the authentication server module the audit of resource access operations, because the user is when accesses network resource (resource and the local encrypt asset of preserving that comprise the access server end) all needs to obtain content key through the authentication server module.Therefore, the solicit operation of content key be can be used as the foundation of information content accessing operation audit.
After the user side download message, the strategy on the strategic server module can dynamic-configuration, and comes into force in real time by the authentication server module.Dynamically change policy configurations and realize that by strategic server module and authentication server module because the user is to the visit of Internet resources each time, online or off-line all needs current strategy is inquired about.Therefore, Ce Lve change can come into force.So-called online and off-line is said at information server, even but the local resource of visit, the user still needs to visit the authentication server module, according to system design of the present invention, even after content is downloaded, security strategy in the strategic server module still can dynamically change, and effectively.
Deposited user's information and resource access control tabulation in the strategic server module, it is equivalent to a LIST SERVER on function, and directory service is provided on network.
The resource description label is mainly stored and issued to label office module, and comprising unique content key of corresponding needs with each Internet resources, this content key can play encryption and decryption in workflow.
Browser can send to authentication module together with label with user authentication information, and is decrypted later on obtaining content key, and auto-destruct key after deciphering if browser can not obtain content key, then can't show the encryption webpage.An acting server is arranged between common network information server and user browser, be used for finishing user's variety of protocol request.Acting server can be tabulated from strategic server searching user's information and resource access, and can encrypt information from label office inquiry tag information.
The miscellaneous function module of client at first is used for limiting the performance constraint of client to the important information content, and it can shield printing, the hold function of browser, can also copy the screen function by the SHIELDING CALCULATION machine.In addition, it also needs to finish the function of deciphering.
The present invention is on the basis of this system, propose to realize contents supervision's method, by the information content is added label, and manage by security strategy based on label, method is divided into two parts: content distribution flow and checking audit process, these two flow processs are carried out in order, and concrete steps are as follows:
1) content distribution flow:
1. browser sends request;
2. proxy modules is from network information server module downloading page;
3. proxy modules is from label office module inquiry tag;
4. proxy modules is obtained Access Control List (ACL) from the strategic server module;
5. proxy modules is encrypted the page;
6. the page and label thereof after proxy modules will be encrypted send to browser.
2) checking audit process:
1. browser sends to the authentication server module with user authentication information and resource tag;
2. the authentication server module obtains content key from label office module;
3. the authentication server module obtains Access Control List (ACL) from the strategic server module;
4. authentication server module verification user right;
5. the authentication server module sends to browser to content key;
6. browser is deciphered the page.
Below the inventive method is further described:
● at first need to add digital label for the information content important in the network information server module, the title that contains resource in the digital label of the present invention, the founder, summary, and and unique content key of being associated of content, digital label can adopt many methods to describe, no matter what it adopted is any form, it does not change its essence, wherein method is to adopt the form of resource description framework (RDF) to be described preferably, benefit with resource description framework (RDF) is can integrated many existing description vocabulary, dublin core (Dublin Core) etc. as previously mentioned.
● the step of content distribution flow is 3. and 4., and proxy modules is obtained resource access control tabulation and digital label according to user's request respectively from strategic server module and label office module, and according to security strategy decision subsequent step;
Security strategy of the present invention is to formulate at the rating information that contains in the digital label, the description of strategy comprises following content: unified resource location (URL), blacklist, classified filtering strategy, Access Control List (ACL), audit content, wherein the classified filtering strategy selects the situation of platform (Platform for Internet Content Selection) classification vocabulary to formulate at containing internet content in the label.
● the step of content distribution flow is 5. and 6., if user's information conforms security strategy, the content key that the proxy modules utilization is obtained from digital label is encrypted information, and information and key after the encryption send to client together, if user's information does not meet the requirement of security strategy, proxy modules refusing user's request then, and send the page of Reason For Denial to client;
Described key is a content key, and it is the unique key that is associated with specific information content, and it is to generate when adding label.Proxy modules is all undertaken by this key contents decryption content-encrypt and browser plug-in, because this key and information content direct correlation, so can regard accessing operation to the information content as to the solicit operation of this key.
● the step of checking audit process 1. in, browser obtains encrypting after the page, and user profile and digital label are sent to the authentication server module, the authentication server module is according to user's mandate decision subsequent operation;
● checking audit process step is 5. and 6., if user's information conforms security strategy, then the authentication server module sends content key to browser, the miscellaneous function module is after obtaining key, be decrypted encrypting webpage, if user's information does not meet security strategy, then the authentication server module does not send key to browser, and browser can't show encrypted content.
The present invention has substantive distinguishing features and marked improvement, after having adopted native system and method thereof, can improve the monitoring to important content aspect three:
1. can realize access control and operation audit to important content.The user need be undertaken by proxy modules the request of information, proxy modules can be according to the security strategy control that conducts interviews, and in addition, the user needs the information of enabling decryption of encrypted, also need by the authentication server module, be equivalent to and increased controlled function one.Because the user visits secret content each time all needs to obtain content key, therefore, the authentication server module can be operated audit to the request of content key according to the user.
2. the security strategy of overall process.Common content delivering system, after being downloaded, content just lost control to information, and native system continues to realize security strategy by the authentication server module after content is downloaded, thereby has realized from content release until the security strategy of inefficacy overall process.
3. dynamic security strategy.Common supervisory control system leaves strategy in client terminal local, and strategy just can not dynamically change like this, and native system is issued strategy with the form of service, can real time altering, and come into force.
Description of drawings
Fig. 1 entire system structural representation of the present invention
Embodiment
As shown in Figure 1, the present invention mainly comprises: client 1 and server end 2, the proxy modules 6 of server end 2, authentication server module 9 is connected with client 1 by network 3, server end 2 comprises that 5 are formed module: proxy modules 6, label office module 7, strategic server module 8, authentication server module 9, network information server module 10, its connected mode is: label office module 7, strategic server module 8 is by network 3 and proxy modules 6, authentication server module 9 is connected, and network information server module 10 is connected the rear end of proxy modules 5.
Client 1 comprises 2 modules: browser 4, miscellaneous function module 5, browser 4 and miscellaneous function module 5 are positioned at same computer, are connected with proxy modules 6, the authentication server module 9 of server end 2 by network 3.
Browser 4 sends to authentication server module 9 with user authentication information together with label, and is decrypted auto-destruct key after deciphering later on obtaining content key.
Deposit user's information and resource access control tabulation in the strategic server module 8,7 storages of label office module and issue resource description label, comprising with the corresponding unique content key of each Internet resources.
Provide following examples in conjunction with content of the present invention:
Dispose the confidential information delivery system of an enterprises classified network in concrete network environment, client also increases a browser plug-in except normally used browser.If use Microsoft's browser (IE), the ActiveX that then uses Microsoft to provide writes browser component, and this browser component is a kind of block that depends on browser, is used for finishing the restriction of deciphering and function.
A complete information issue flow process can be divided into two parts, and they are content release flow process and checking audit process.The concrete steps of these two flow processs are as follows: 1) content distribution flow: 1. browser 4 sends request to acting server 6; 2. acting server 6 is from network information server 10 downloading page; 3. acting server 6 is from label office 7 inquiry tags; 4. acting server 6 obtains Access Control List (ACL) from strategic server 8; 5. acting server 6 is encrypted the page; 6. the page and label thereof after acting server 6 will be encrypted send to browser 4.
2) checking audit process: 1. browser 4 sends to authentication server module 9 modules with user authentication information and resource tag; 2. authentication server module 9 obtains content key from label office module 7; 3. authentication server module 9 obtains Access Control List (ACL) from strategic server module 8; 4. authentication server module 9 is verified user rights; 5. authentication server module 9 sends to browser 4 to content key; 6. browser supplementary module 5 is deciphered the pages.General user's browse operation relates to the process 1 that order is carried out) and process 2), if user capture is kept at local encryption webpage, then only relate to the checking audit process.Need to guarantee secure communication between each module of server end, therefore need to adopt secure communication protocols (SSL).In addition, before work, need earlier authenticating identity mutually between browser and the certificate server.Existing subscriber identity information has resource access control tabulation again in the strategic server, and what it provided is the function of a directory service basically, therefore can adopt LDAP (LDAP) agreement to realize query manipulation, also can adopt other modes.
Adopt such method to carry out the information issue, just can realize management capsule information.Specifically, can obtain following effect: the user that the data of concerning security matters is merely able to be hoped visits, and can stipulate his operating right, such as printing, preserve and the copy screen, can carry out detailed audit to his accessing operation; Still can monitor later in the confidential data granting it, such as, hope changes this user's operating right after providing, and then can dynamically change authorization conditions by strategic server.

Claims (8)

1, a kind of content safety supervisory control system based on digital label, mainly comprise: client (1) and server end (2), it is characterized in that server end (2) comprising: proxy modules (6), label office module (7), strategic server module (8), authentication server module (9), network information server module (10), its connected mode is: label office module (7), strategic server module (8) is by network (3) and proxy modules (6), authentication server module (9) is connected, network information server module (10) is connected the rear end of proxy modules (5), the proxy modules (6) of server end (2), authentication server module (9) is connected with client (1) by network (3).
2, this content safety supervisory control system according to claim 1 based on digital label, it is characterized in that depositing in the strategic server module (8) user's information and resource access control tabulation, label office module (7) storage and issue resource description label, comprising with the corresponding unique content key of each Internet resources.
3, this content safety supervisory control system according to claim 1 based on digital label, it is characterized in that client (1) comprising: browser (4), miscellaneous function module (5), browser (4) and miscellaneous function module (5) are positioned at same computer, are connected with proxy modules (6), the authentication server module (9) of server end (2) by network (3).
4, this content safety supervisory control system according to claim 2 based on digital label, it is characterized in that browser (4) sends to authentication server module (9) with user authentication information together with label, and be decrypted auto-destruct key after deciphering later on obtaining content key.
5, a kind of content safety method for supervising based on digital label, it is characterized in that: by the information content is added label, and manage by security strategy based on label, method is divided into content distribution flow and two parts of checking audit process, these two flow processs are carried out in order, and concrete steps are as follows:
1) content distribution flow:
1. browser (4) sends request;
2. proxy modules (6) is from network information server (10) downloading page;
3. proxy modules (6) is from label office module (7) inquiry tag;
4. proxy modules (6) is obtained Access Control List (ACL) from strategic server module (8);
5. proxy modules (6) is encrypted the page;
6. the page and label thereof after proxy modules (6) will be encrypted send to browser (4);
2) checking audit process:
1. browser (4) sends to authentication server module (9) with user authentication information and resource tag;
2. authentication server module (9) obtains content key from label office module (7);
3. authentication server module (9) obtains Access Control List (ACL) from strategic server module (8);
4. authentication server module (9) is verified user right;
5. authentication server module (9) sends to browser (4) to content key;
6. browser (4) is deciphered the page.
6, this content safety method for supervising based on digital label according to claim 5 is characterized in that the following further description that method is done:
● at first need to add digital label for the information content important in the network information server module (10), contain in the described digital label resource title, founder, summary and and unique content key of being associated of content, digital label adopts several different methods to describe, and wherein method is to adopt the form of resource description framework to be described preferably;
● the step of content distribution flow is 3. and 4., proxy modules (6) is according to user's request, obtain resource access control tabulation and digital label respectively from strategic server module (8) and label office module (7), and according to security strategy decision subsequent step;
● the step of content distribution flow is 5. and 5., if user's information conforms security strategy, the content key that proxy modules (6) utilization is obtained from digital label is encrypted information, and information and key after the encryption send to client (1) together, if user's information does not meet the requirement of security strategy, proxy modules (6) refusing user's request then, and send the page of Reason For Denial to client (1);
● the step of checking audit process 1. in, browser (4) obtains encrypting after the page, and user profile and digital label are sent to authentication server module (9), authentication server module (9) is according to user's mandate decision subsequent operation;
● the step of checking audit process is 5. and 6., if user's information conforms security strategy, then authentication server module (9) sends content key to browser (4), miscellaneous function module (5) is after obtaining key, be decrypted encrypting webpage, otherwise browser (4) can't show encrypted content.
7, this content safety supervisory control system according to claim 6 based on digital label, it is characterized in that described security strategy is to formulate at the rating information that contains in the digital label, the description of strategy comprises following content: unified resource location, blacklist, classified filtering strategy, Access Control List (ACL), audit content, wherein the classified filtering strategy selects the situation of platform classification vocabulary to formulate at containing internet content in the label.
8, according to claim 5 or 6 described this content safety supervisory control systems based on digital label, it is characterized in that described key is a content key, it is the unique key that is associated with specific information content, it is to generate when adding label, and proxy modules (6) is all undertaken by this key contents decryption content-encrypt and browser (4) plug-in unit.
CNB021451125A 2002-11-07 2002-11-07 Content safe monitoring system based on digital label and its method Expired - Fee Related CN1194498C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB021451125A CN1194498C (en) 2002-11-07 2002-11-07 Content safe monitoring system based on digital label and its method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB021451125A CN1194498C (en) 2002-11-07 2002-11-07 Content safe monitoring system based on digital label and its method

Publications (2)

Publication Number Publication Date
CN1411199A true CN1411199A (en) 2003-04-16
CN1194498C CN1194498C (en) 2005-03-23

Family

ID=4750774

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB021451125A Expired - Fee Related CN1194498C (en) 2002-11-07 2002-11-07 Content safe monitoring system based on digital label and its method

Country Status (1)

Country Link
CN (1) CN1194498C (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005046118A1 (en) * 2003-11-07 2005-05-19 Huawei Technologies Co., Ltd. A method for verifying the subscriber's validity
CN100450009C (en) * 2003-06-17 2009-01-07 华为技术有限公司 Method for distributing universal label of network node
CN1633065B (en) * 2004-12-28 2010-05-12 华中师范大学 Method and system for secure distribution of network digital books with content monitoring
CN1703001B (en) * 2004-05-26 2010-05-26 索尼株式会社 Program, communication device, data processing method, and communication system
CN101193035B (en) * 2006-11-24 2011-04-20 中国电信股份有限公司 A system and method for deploying virtual private network service based on IP secure protocol
CN102509057A (en) * 2011-10-18 2012-06-20 国网电力科学研究院 Mark-based method for safely filtering unstructured data
CN105162793A (en) * 2015-09-23 2015-12-16 上海云盾信息技术有限公司 Method and apparatus for defending against network attacks
CN105339923A (en) * 2013-05-01 2016-02-17 格罗方德半导体公司 Context-aware permission control of hybrid mobile applications
CN107528827A (en) * 2017-07-27 2017-12-29 曲立东 It is a kind of based on digital label can trace back data connection method and platform
CN108183915A (en) * 2018-01-15 2018-06-19 中国科学院信息工程研究所 It is a kind of to realize frame towards the safety label of high safety grade business and application demand

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101778108B (en) * 2010-01-22 2012-10-24 蓝盾信息安全技术股份有限公司 Method and device for preventing falsification of homepage of server
US20160098574A1 (en) * 2014-10-07 2016-04-07 Cynny Spa Systems and methods to manage file access

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100450009C (en) * 2003-06-17 2009-01-07 华为技术有限公司 Method for distributing universal label of network node
WO2005046118A1 (en) * 2003-11-07 2005-05-19 Huawei Technologies Co., Ltd. A method for verifying the subscriber's validity
US7941121B2 (en) 2003-11-07 2011-05-10 Huawei Technologies Co., Ltd. Method for verifying the validity of a user
CN1703001B (en) * 2004-05-26 2010-05-26 索尼株式会社 Program, communication device, data processing method, and communication system
CN1633065B (en) * 2004-12-28 2010-05-12 华中师范大学 Method and system for secure distribution of network digital books with content monitoring
CN101193035B (en) * 2006-11-24 2011-04-20 中国电信股份有限公司 A system and method for deploying virtual private network service based on IP secure protocol
CN102509057A (en) * 2011-10-18 2012-06-20 国网电力科学研究院 Mark-based method for safely filtering unstructured data
CN102509057B (en) * 2011-10-18 2015-05-13 国网电力科学研究院 Mark-based method for safely filtering unstructured data
CN105339923A (en) * 2013-05-01 2016-02-17 格罗方德半导体公司 Context-aware permission control of hybrid mobile applications
CN105339923B (en) * 2013-05-01 2017-10-27 格罗方德半导体公司 The context aware control of authority of mixed act application program
CN105162793A (en) * 2015-09-23 2015-12-16 上海云盾信息技术有限公司 Method and apparatus for defending against network attacks
CN107528827A (en) * 2017-07-27 2017-12-29 曲立东 It is a kind of based on digital label can trace back data connection method and platform
CN108183915A (en) * 2018-01-15 2018-06-19 中国科学院信息工程研究所 It is a kind of to realize frame towards the safety label of high safety grade business and application demand
CN108183915B (en) * 2018-01-15 2020-02-11 中国科学院信息工程研究所 Security label implementation system for high security level service and application requirements

Also Published As

Publication number Publication date
CN1194498C (en) 2005-03-23

Similar Documents

Publication Publication Date Title
CN101207485B (en) System and method of unification identification safety authentication for users
EP1680727B1 (en) Distributed document version control
CN1290014C (en) Method and apparatus for serving content from semi-trusted server
CN104767834B (en) System and method for the transmission for accelerating to calculate environment to remote user
CN1787513A (en) System and method for safety remote access
CN101751712B (en) Centralized invoice authentication system and authentication method
CN101064717A (en) Safety protection system of information system or equipment and its working method
US20020046350A1 (en) Method and system for establishing an audit trail to protect objects distributed over a network
US20030079120A1 (en) Web environment access control
CN1930850A (en) An apparatus, computer-readable memory and method for authenticating and authorizing a service request sent from a service client to a service provider
CN1547343A (en) A Single Sign On method based on digital certificate
CN1713106A (en) System and method for providing security to an application
US20030051172A1 (en) Method and system for protecting digital objects distributed over a network
CN1194498C (en) Content safe monitoring system based on digital label and its method
CN1878170A (en) Method and device for managing session identifiers
CN1960255A (en) Distributed access control method in multistage securities
CN1694555A (en) Dynamic cipher system and method based on mobile communication terminal
CN1943166A (en) Method for transmitting secured contents via internet
CN101729541B (en) Method and system for accessing resources of multi-service platform
CN112583887B (en) Data credible sharing method based on block chain
US20020129239A1 (en) System for secure communication between domains
CN1635738A (en) General authentication authorization service system and method
CN1889081A (en) Data base safety access method and system
CN2891503Y (en) Security protection system for information system or equipment
CN106529216B (en) Software authorization system and software authorization method based on public storage platform

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C19 Lapse of patent right due to non-payment of the annual fee
CF01 Termination of patent right due to non-payment of annual fee