CN100376092C - Firewall and invasion detecting system linkage method - Google Patents
Firewall and invasion detecting system linkage method Download PDFInfo
- Publication number
- CN100376092C CN100376092C CNB021556865A CN02155686A CN100376092C CN 100376092 C CN100376092 C CN 100376092C CN B021556865 A CNB021556865 A CN B021556865A CN 02155686 A CN02155686 A CN 02155686A CN 100376092 C CN100376092 C CN 100376092C
- Authority
- CN
- China
- Prior art keywords
- fire compartment
- compartment wall
- detection system
- key
- intruding detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Alarm Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention relates to a linkage method for firewalls and intrusion detection systems. After network intrusion behavior is detected by an intrusion detection system, the intrusion detection system and a firewall establish a linked security communication channel; the intrusion detection system sends linked content to the firewall through the linked security communication channel; the firewall generates a corresponding security rule according to the received linked content so as to cut off the aggressive behavior. The present invention can exert the special superiority of the intrusion detection system and the firewall, and can additionally lift the security defense capability of the intrusion detection system; the present invention lifts the integral protection capability of security products; the present invention can be completely suitable for current most linkage occasions because of the opened interface.
Description
Technical field:
The present invention relates to a kind of interlock method of Network Security Device, especially the method for fire compartment wall and intruding detection system (Intrude Detection System is called for short IDS) interlock belongs to the network security technology field.
Background technology:
Fire compartment wall is a kind of network security xegregating unit, comprising: gateway firewall and host firewall.The technology such as packet filtering, application proxy, address transition or state-detection that adopt fire compartment wall realize the access control to Internet resources.The access control of fire compartment wall belongs to static preventing mechanism, and it filters or limit specific packet according to the safety regulation of customization, also allows open certain service or protocol port simultaneously.Fire compartment wall can not be adjusted the security strategy of self automatically, and general being difficult to adapts to the network environment that constantly changes, and therefore, its protective action has certain limitation.
Network or host computer system are monitored, detected to intruding detection system in real time, find in time and the Control Network system in the invasion or other the suspicious behavior that exist, belong to a kind of network security defense system of intelligence.Intruding detection system adopts the access way of network bypass usually, feature detection is duplicated and done to the data packets in the network, and intruding detection system is not intervened to the communication in the network generally.Therefore, its protective action also has certain limitation.
In traditional joint-action mechanism, mostly do not adopt or adopted the lower linkage protocol of fail safe, perhaps linkage protocol is too complicated, efficient is lower, do not meet practical environment, perhaps adopt traditional security socket layer (Security Socket Layer is called for short SSL), be subjected to a lot of limitations.
The intruding detection system that has existed at present and the linkage protocol of fire compartment wall; substantially consider the protection of interlock information integrity and to the Replay Attack of interlock message at secure context; no key management functions is directly used a changeless master key for a long time, is easy to be attacked.
Summary of the invention:
Main purpose of the present invention is to provide the method for a kind of fire compartment wall and invasion detecting system interlink, realize the interlock of intruding detection system and fire compartment wall, improve the Prevention-Security ability of intruding detection system on extra level, also can bring into play simultaneously peculiar advantage separately, improve the integral protection ability of safety product.
Another purpose of the present invention is to provide the method for a kind of fire compartment wall and invasion detecting system interlink, can be applied to fire compartment wall and intruding detection system, and open interface is provided, and is fit to the occasion of overwhelming majority interlock at present fully.
The present invention is achieved by the following technical solutions:
The method of a kind of fire compartment wall and invasion detecting system interlink comprises the steps: at least
Step 1: after intruding detection system detects intrusion behavior in the network, set up the secure communication channel of interlock with fire compartment wall; The process of setting up of secure communication channel is: fire compartment wall and intruding detection system adopt the Handshake Protocol consulting session key, utilize this session key that interlock information is carried out encrypted transmission then;
Step 2: intruding detection system sends the interlock content by secure communication channel to fire compartment wall;
Step 3: fire compartment wall generates corresponding safety regulation according to the interlock content of receiving, the blocking-up attack.
The negotiations process that above-mentioned secure communication channel is set up the session key of process comprises at least:
Step 210: when setting up secure communication channel, intruding detection system produces an interim conversation key, and uses the master key of oneself to encrypt this session key, sends key negotiation request and authentication request to fire compartment wall;
Step 211: fire compartment wall receives after the key agreement and authentication request that intruding detection system is sent that the interim conversation key that deciphering is obtained produces the session key of this session, and with sending to intruding detection system after the interim conversation secret key encryption;
Step 212: after intruding detection system is obtained above-mentioned information, use the interim conversation secret key decryption, obtain the session key of this session.
Fire compartment wall is received after key agreement and the authentication request, when the interim conversation key is obtained in deciphering, checking Nonce (random number sequence) value, time stamp and hash result's integrality, concrete grammar is: before each interlock, fire compartment wall carries out session key agreement as transmit leg and intruding detection system purpose side, simultaneously, fire compartment wall sends to intruding detection system with the main frame time of oneself, and intruding detection system and fire compartment wall carry out time synchronized.
Intruding detection system is after receiving the session key that fire compartment wall sends, at first verify Nonce value, time stamp and hash result's integrality, concrete method foot: before each interlock, intruding detection system is carried out session key agreement as transmit leg and fire compartment wall purpose side, simultaneously, intruding detection system side sends to fire compartment wall with the main frame time of oneself, and fire compartment wall and intruding detection system are carried out time synchronized.
Between above-mentioned transmit leg and the purpose side checking Nonce value, time stamp and hash as a result the concrete steps of integrality comprise:
Transmit leg as input variable, after the calculating of hash hash function, forms message, Nonce value, timestamp and session key message digest or message authentication sign indicating number and sends to purpose side;
Purpose side at first with message, Nonce value, timestamp and session key as input variable, calculate with the hash hash function; Secondly, with comparing of receiving by the message digest of originating party generation and the hash function result of calculating; If two unanimities as a result, what show that purpose side receives is the message that originating party sends, and does not have victim to revise in communication process, thereby has verified the integrality of the other side's message; At last, the purpose root according to the transmit leg cipher key agreement process in time synchronized mechanism, the time that message is received in checking whether in the time range of predesignating, if, think that then this message is the normal message that transmit leg sends, otherwise think the message that the assailant resets.
The way to manage of above-mentioned key is that (key distributed Center is called for short KDC or digital certificate (Public Key Infrastructure-Certificate Authority is called for short PKI-CA) in KMC.
When adopting the mode of KDC, will provide certificate for each entity that links before interlock, distribution process is:
Step 200:KDC starts the back and produces the master key of oneself;
Step 201:KDC is that fire compartment wall and intruding detection system are set up the user respectively, and input password separately;
Step 202: fire compartment wall and intruding detection system utilize the password of oneself to generate a symmetrical key respectively, and utilize the master key of this secret key encryption KDC, generate the certificate file that each has certain term of validity:
Step 203: fire compartment wall and intruding detection system copy the certificate of oneself to this locality respectively.
Above-mentioned fire compartment wall and intruding detection system copy the certificate of oneself to this locality respectively by Email or file transfer protocol (FTP) (FileTransfer Protocol is called for short FTP) mode.
When adopting the PKI-CA mode, before interlock, for interlocking equipment fire compartment wall and intruding detection system distributing key certificate as master key.
Above-mentioned interlock content comprises at least: the source Internet protocol of the main frame of launching a offensive (InternetProtocol, be called for short IP) address, source port number, attacked purpose IP address, the destination slogan of main frame, and protocol type is blocked direction, the blocking-up time.
The present invention not only can bring into play peculiar advantage separately, and can promote the Prevention-Security ability of intruding detection system on extra level, improved the integral protection ability of safety product,, can also be fit to the occasion of overwhelming majority interlock at present fully owing to have open interface.
Description of drawings:
Fig. 1 is a structural representation of the present invention.
Fig. 2 is a schematic flow sheet of the present invention.
Embodiment:
Below by specific embodiment and accompanying drawing the present invention is described in detail:
Referring to Fig. 1 and Fig. 2, the method for a kind of fire compartment wall and invasion detecting system interlink the steps include:
Step 1: intruding detection system detects network system;
Step 2: after intruding detection system detects intrusion behavior in the network, set up the secure communication channel of interlock with fire compartment wall;
Step 3: under the protection of secure communication channel, intruding detection system sends the interlock content to fire compartment wall;
Step 4: under the protection of safe lane, fire compartment wall generates corresponding safety regulation according to the interlock content of receiving, the blocking-up attack.
Particularly, as Fig. 1, in the present embodiment, employing has the agreement of Client/Server structure and sets up secure communication channel, client (Client) is an intruding detection system, and server end (Server) is a fire compartment wall, when needs manage or link, client intruding detection system and server end fire compartment wall adopt the Handshake Protocol consulting session key, and the secure communication of using this session key to encrypt.In this escape way, utilize the session key that generates that interlock information is carried out encrypted transmission, and the preventing playback attack and the integrality that adopt mechanism such as random sequence Nonce value, time stamp and hashing algorithm to improve agreement are attacked.
This joint-action mechanism adopts 2 kinds of key management modes: one is based on KDC; Two are based on PKI-CA.
When adopting the KDC mode, before interlock, at first provide certificate for each interlock entity (as fire compartment wall or intruding detection system etc.), process is as follows:
Step 200:KDC starts the back and produces the master key of oneself;
Step 201:KDC is that fire compartment wall and intruding detection system are set up the user respectively, and requires input password separately;
Step 202: fire compartment wall and intruding detection system utilize the password of oneself to generate a symmetrical key respectively, and utilize the master key of this secret key encryption KDC, generate certificate file separately, and certain term of validity is arranged;
Step 203: fire compartment wall and intruding detection system copy the certificate of oneself to this locality respectively, can adopt multiple mode, as Email or ftp mode etc.
When adopting PKI-CA digital certificate mode, before interlock, CA mechanism is an interlocking equipment, i.e. fire compartment wall and intruding detection system, and distributing key certificate (PKI and private key certificate) is as master key.
When setting up secure communication channel, the session key agreement process is:
Step 210: when setting up secure communication channel, intruding detection system produces an interim conversation key (a random at random number), and use the master key (passing through certificate file) of own password deciphering to encrypt this session key, send key negotiation request and authentication request to fire compartment wall;
Step 211: fire compartment wall is received after key agreement and the authentication request, utilize oneself password and certificate file to take out same master key, the interim conversation key is obtained in deciphering, simultaneous verification Nonce value, time stamp and hash result's integrality, produce the session key of this session at last, and with sending to intruding detection system after the interim conversation secret key encryption;
Step 212: after intruding detection system is obtained above-mentioned information, at first verify Nonce value, time stamp and hash integrality as a result, and use the interim conversation secret key decryption, obtain the session key of this session.The content of transmitting in escape way will be carried out safeguard protection, and safeguard protection comprises: prevent the Replay Attack of the information of linking, integrity protection, encipherment protection.
After consulting to obtain session key, intruding detection system is utilized this session key and cryptographic algorithm to encrypt to fire compartment wall and is sent interlock information, and fire compartment wall also utilizes this session key and cryptographic algorithm to encrypt to intruding detection system and sends feedback information.In this process, the fail safe of adopting mechanism such as Nonce value, time stamp and hashing algorithm to improve agreement prevents the Replay Attack of assailant to interlock information, and the interlock information content is carried out integrity protection.
Fire compartment wall is received after key agreement and the authentication request, when the interim conversation key is obtained in deciphering, checking Nonce (random number sequence) value, time stamp and hash result's integrality, concrete grammar is: before each interlock, fire compartment wall carries out session key agreement as transmit leg and intruding detection system purpose side, simultaneously, fire compartment wall sends to intruding detection system with the main frame time of oneself, and intruding detection system and fire compartment wall carry out time synchronized.
Intruding detection system is after receiving the session key that fire compartment wall sends, at first verify Nonce value, time stamp and hash result's integrality, concrete method is: before each interlock, intruding detection system is carried out session key agreement as transmit leg and fire compartment wall purpose side, simultaneously, intruding detection system side sends to fire compartment wall with the main frame time of oneself, and fire compartment wall and intruding detection system are carried out time synchronized.
No matter intruding detection system or fire compartment wall be as transmit leg or purpose side, between transmit leg and the purpose side checking Nonce value, time stamp and hash as a result the concrete steps of integrality comprise:
Transmit leg as input variable, after the calculating of hash hash function, forms message, Nonce value, timestamp and session key message digest or message authentication sign indicating number and sends to purpose side;
Purpose side at first with message, Nonce value, timestamp and session key as input variable, calculate with the hash hash function; Secondly, with comparing of receiving by the message digest of originating party generation and the hash function result of calculating; If, two unanimities as a result, what show that purpose side receives is the message that originating party sends, and does not have victim to revise in communication process, thereby has verified the integrality of the other side's message; At last, the purpose root according to the transmit leg cipher key agreement process in time synchronized mechanism, the time that message is received in checking whether in the time range of predesignating, if, think that then this message is the normal message that transmit leg sends, otherwise think the message that the assailant resets.
In above-mentioned interlock content, comprise at least: the source IP address of the main frame of launching a offensive, source port number, attacked purpose IP address, the destination slogan of main frame, protocol type, blocking-up direction, blocking-up time or the like.Fire compartment wall generates the blocking-up rule automatically according to these information.
By above process, set up secure communication channel between fire compartment wall and the IDS, fire compartment wall can receive the interlock information that IDS sends by this safe lane, and fire compartment wall can generate the blocking-up rule automatically according to these information.
It should be noted that at last: above embodiment is only unrestricted in order to explanation the present invention, although the present invention is had been described in detail with reference to preferred embodiment, those of ordinary skill in the art is to be understood that, can make amendment or be equal to replacement the present invention, and not breaking away from the spirit and scope of the present invention, it all should be encompassed in the middle of the claim scope of the present invention.
Claims (10)
1. the method for fire compartment wall and invasion detecting system interlink is characterized in that: comprise the steps: at least
Step 1: after intruding detection system detects intrusion behavior in the network, set up the secure communication channel of interlock with fire compartment wall; The process of setting up of described secure communication channel is: fire compartment wall and intruding detection system adopt the Handshake Protocol consulting session key, utilize this session key that interlock information is carried out encrypted transmission then; The negotiations process of described session key comprises: when setting up secure communication channel, intruding detection system produces an interim conversation key, and uses the master key of oneself to encrypt this session key, sends key negotiation request and authentication request to fire compartment wall; After fire compartment wall was received key agreement and authentication request, the interim conversation key that utilizes the master key deciphering to obtain produced the session key of this session, and with sending to intruding detection system after the interim conversation secret key encryption; After intruding detection system is obtained above-mentioned information, use the interim conversation secret key decryption, obtain the session key of this session;
Step 2: intruding detection system sends the interlock content by secure communication channel to fire compartment wall;
Step 3: fire compartment wall generates corresponding safety regulation according to the interlock content of receiving, the blocking-up attack.
2. the method for fire compartment wall according to claim 1 and invasion detecting system interlink, it is characterized in that: fire compartment wall is received after key agreement and the authentication request, when the interim conversation key is obtained in deciphering, checking Nonce value, time stamp and hash result's integrality, concrete grammar is: before each interlock, fire compartment wall carries out session key agreement as transmit leg and intruding detection system purpose side, simultaneously, fire compartment wall sends to intruding detection system with the main frame time of oneself, and intruding detection system and fire compartment wall carry out time synchronized.
3. the method for fire compartment wall according to claim 1 and invasion detecting system interlink, it is characterized in that: intruding detection system is after receiving the session key that fire compartment wall sends, at first verify Nonce value, time stamp and hash result's integrality, concrete method is: before each interlock, intruding detection system is carried out session key agreement as transmit leg and fire compartment wall purpose side, simultaneously, intruding detection system side sends to fire compartment wall with the main frame time of oneself, and fire compartment wall and intruding detection system are carried out time synchronized.
4. according to the method for claim 2 or 3 described fire compartment walls and invasion detecting system interlink, it is characterized in that: between transmit leg and the purpose side checking Nonce value, time stamp and hash as a result the concrete steps of integrality comprise:
Transmit leg as input variable, after the calculating of hash hash function, forms message, Nonce value, timestamp and session key message digest or message authentication sign indicating number and sends to purpose side;
Purpose side at first with message, Nonce value, timestamp and session key as input variable, calculate with the hash hash function; Secondly, with comparing of receiving by the message digest of originating party generation and the hash function result of calculating; If, two unanimities as a result, what show that purpose side receives is the message that originating party sends, and does not have victim to revise in communication process, thereby has verified the integrality of the other side's message; At last, the purpose root according to the transmit leg cipher key agreement process in time synchronized mechanism, the time that message is received in checking whether in the time range of predesignating, if, think that then this message is the normal message that transmit leg sends, otherwise think the message that the assailant resets.
5. the method for fire compartment wall according to claim 1 and invasion detecting system interlink is characterized in that: the way to manage of described session key, described interim conversation key, described master key is KDC or PKI-CA.
6. the method for fire compartment wall according to claim 5 and invasion detecting system interlink is characterized in that: when adopting the mode of KDC, will provide certificate for each entity that links before interlock, distribution process is:
Step 200:KDC starts the back and produces the master key of oneself;
Step 201:KDC is that fire compartment wall and intruding detection system are set up the user respectively, and input password separately;
Step 202: fire compartment wall and intruding detection system utilize the password of oneself to generate a symmetrical key respectively, and utilize the master key of this secret key encryption KDC, generate the certificate file that each has certain term of validity;
Step 203: fire compartment wall and intruding detection system copy the certificate of oneself to this locality respectively.
7. the method for fire compartment wall according to claim 6 and invasion detecting system interlink is characterized in that: fire compartment wall and intruding detection system copy the certificate of oneself to this locality respectively by Email or ftp mode.
8. the method for fire compartment wall according to claim 5 and invasion detecting system interlink is characterized in that: when adopting the PKI-CA mode, before interlock, for interlocking equipment fire compartment wall and intruding detection system distributing key certificate as master key.
9. the method for fire compartment wall according to claim 1 and invasion detecting system interlink, it is characterized in that: described interlock content comprises at least: the source IP address of the main frame of launching a offensive, source port number, attacked purpose IP address, the destination slogan of main frame, protocol type, the blocking-up direction, the blocking-up time.
10. the method for fire compartment wall according to claim 9 and invasion detecting system interlink is characterized in that: described attack type comprises at least to the attack of host services software or to the attack of host computer system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB021556865A CN100376092C (en) | 2002-12-13 | 2002-12-13 | Firewall and invasion detecting system linkage method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB021556865A CN100376092C (en) | 2002-12-13 | 2002-12-13 | Firewall and invasion detecting system linkage method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1509006A CN1509006A (en) | 2004-06-30 |
| CN100376092C true CN100376092C (en) | 2008-03-19 |
Family
ID=34236029
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB021556865A Expired - Fee Related CN100376092C (en) | 2002-12-13 | 2002-12-13 | Firewall and invasion detecting system linkage method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100376092C (en) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1309214C (en) * | 2004-12-20 | 2007-04-04 | 华中科技大学 | Cooperative intrusion detection based large-scale network security defense system |
| CN100435513C (en) * | 2005-06-30 | 2008-11-19 | 杭州华三通信技术有限公司 | Method of linking network equipment and invading detection system |
| CN101521578B (en) * | 2009-04-03 | 2011-09-07 | 北京邮电大学 | Method for detecting computer illegal external connection in closed network |
| CN102164129A (en) * | 2011-03-19 | 2011-08-24 | 东北电力大学 | Linkage method for firewall and intrusion-detection system |
| CN102523218B (en) * | 2011-12-16 | 2015-04-08 | 北京神州绿盟信息安全科技股份有限公司 | Network safety protection method, equipment and system thereof |
| CN102523238B (en) * | 2012-01-04 | 2015-03-11 | 北京网御星云信息技术有限公司 | Method for accelerating bypass intrusion detection and device adopting same |
| CN110351179A (en) * | 2018-04-02 | 2019-10-18 | 蓝盾信息安全技术有限公司 | A kind of mail security access technique based on Net Strobe System |
| CN109120626A (en) * | 2018-08-28 | 2019-01-01 | 深信服科技股份有限公司 | Security threat processing method, system, safety perception server and storage medium |
| CN112583843A (en) * | 2020-12-23 | 2021-03-30 | 北京珞安科技有限责任公司 | Joint protection system and method and computer equipment |
| CN117201189B (en) * | 2023-11-03 | 2024-01-30 | 北京微步在线科技有限公司 | Firewall linkage method and device, computer equipment and storage medium |
| CN117201200B (en) * | 2023-11-07 | 2024-01-02 | 湖南密码工程研究中心有限公司 | Data safety transmission method based on protocol stack |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6052788A (en) * | 1996-10-17 | 2000-04-18 | Network Engineering Software, Inc. | Firewall providing enhanced network security and user transparency |
| CN1384639A (en) * | 2002-06-11 | 2002-12-11 | 华中科技大学 | Distributed dynamic network security protecting system |
-
2002
- 2002-12-13 CN CNB021556865A patent/CN100376092C/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6052788A (en) * | 1996-10-17 | 2000-04-18 | Network Engineering Software, Inc. | Firewall providing enhanced network security and user transparency |
| CN1384639A (en) * | 2002-06-11 | 2002-12-11 | 华中科技大学 | Distributed dynamic network security protecting system |
Non-Patent Citations (3)
| Title |
|---|
| 期于SSL的数据安全传输系统的设计与实现. 杨亚平,李伟琴.北京航空航天大学学报,第27卷第4期. 2001 * |
| 防火墙与入侵检测系统的联动分析. 姚兰,王新梅.信息安全与通信保密,第18卷. 2002 * |
| 防火墙与入侵检测系统的联动分析. 姚兰,王新梅.信息安全与通信保密,第18期. 2002 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1509006A (en) | 2004-06-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7987359B2 (en) | Information communication system, information communication apparatus and method, and computer program | |
| US8082574B2 (en) | Enforcing security groups in network of data processors | |
| US8104082B2 (en) | Virtual security interface | |
| CN101094394A (en) | Method for guaranteeing safe transmission of video data, and video monitoring system | |
| US20080080708A1 (en) | Key wrapping system and method using encryption | |
| US8370630B2 (en) | Client device, mail system, program, and recording medium | |
| CN102710605A (en) | Information security management and control method under cloud manufacturing environment | |
| EP1493243B1 (en) | Secure file transfer | |
| CN111988289B (en) | EPA industrial control network security test system and method | |
| CN100376092C (en) | Firewall and invasion detecting system linkage method | |
| Whitehurst et al. | Exploring security in ZigBee networks | |
| CN115001686B (en) | Global quantum security device and system | |
| Liyanage et al. | Securing virtual private LAN service by efficient key management | |
| CN113572788A (en) | BACnet/IP protocol equipment authentication safety method | |
| US20070287422A1 (en) | Communication System and Method for Providing a Mobile Communications Service | |
| CN112202773B (en) | Computer network information security monitoring and protection system based on internet | |
| CN210839642U (en) | Device for safely receiving and sending terminal data of Internet of things | |
| Zhuge et al. | Security mechanisms for wireless home network | |
| US20080059788A1 (en) | Secure electronic communications pathway | |
| KR0171003B1 (en) | Information protecting protocol | |
| JP7433620B1 (en) | Communication method, communication device and computer program | |
| CN117155717B (en) | Authentication method based on identification password, and cross-network and cross-domain data exchange method and system | |
| Budzko et al. | Analysis of the level of security provided by advanced information and communication technologies | |
| JP2001111612A (en) | Information leakage prevention method and system, and recording medium recording information leakage prevention program | |
| Jain | “Sec-KeyD” an efficient key distribution protocol for critical infrastructures |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: LEGEND WANGYU TECHNOLOGY (BEIJING) LTD. Free format text: FORMER OWNER: LIANXIANG (BEIJING) CO. LTD. Effective date: 20050218 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20050218 Address after: 100086, room 801-810, CLP information building, 6 South Avenue, Beijing, Haidian District, Zhongguancun Applicant after: Lenovo Wangyu Technology (Beijing) Ltd. Address before: 100085, No. 6, Pioneer Road, Haidian District information industry base, Beijing Applicant before: Lenovo (Beijing) Co., Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: BEIJING LEADSEC INFORMATION TECHNOLOGY CO., LTD. Free format text: FORMER NAME: LEADSEC TECHNOLOGY (BEIJING) CO., LTD. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 100086, room 801-810, CLP information building, 6 South Avenue, Beijing, Haidian District, Zhongguancun Patentee after: Beijing Leadsec Technology Co.,Ltd. Address before: 100086, room 801-810, CLP information building, 6 South Avenue, Beijing, Haidian District, Zhongguancun Patentee before: Lenovo Wangyu Technology (Beijing) Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080319 Termination date: 20161213 |