CN101119195B - Method and system for remote access authorization and identification - Google Patents
Method and system for remote access authorization and identification Download PDFInfo
- Publication number
- CN101119195B CN101119195B CN2006100619642A CN200610061964A CN101119195B CN 101119195 B CN101119195 B CN 101119195B CN 2006100619642 A CN2006100619642 A CN 2006100619642A CN 200610061964 A CN200610061964 A CN 200610061964A CN 101119195 B CN101119195 B CN 101119195B
- Authority
- CN
- China
- Prior art keywords
- remote access
- home network
- access
- information
- movable equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Selective Calling Equipment (AREA)
Abstract
The present invention discloses a remote visit authorization and authentication method. The method includes the following procedures: a. A remote visit agent sends a remote visit request to a family network A after receiving the information that the family network needs according to a mobile device in the family network A; B. The visit authority of the family network A is authenticated with the remote visit request with an authorization server. The technical proposal of the present invention makes the mobile device needs not input and log in the address or domain name information, or information such as user name and password of logging, etc, which the family network needs by hand in the remote visit process. Besides, after the mobile device completes the remote visit to the family network, the device needs not clear the logging information of the device,thus greatly simplifying the operations of users for the remote visits to family networks.
Description
Technical field
The present invention relates to technical field of domestic networks, specifically, relate to home network is carried out remote access technology.
Background technology
The universalness of in consumer electronics product, using along with the digitlization and the digital information technology of consumer electronics product, digital home network connects into the household internal local area network (LAN) with digitized consumer electronics product in wired or wireless mode, share to realize that the Internet inserts, or realize easily function such as control mutually.
Insert the home network of the Internet by home gateway, can realize Long-distance Control, make the user can be in family's network-external, the equipment of long-range understanding and control home network inside, for example: air-conditioning is opened in remote control in advance on the road of coming off duty, understand in office how much food in the refrigerator also remains in the family, check ruuning situation of home security system or the like.
The process that realizes Long-distance Control in the prior art scheme mainly comprises the steps:
1, the user is by the mode of IP addressing of address or domain name addressing, signs in to the main control device-home gateway of family from Internet, and the user need import the data of landing such as username and password in this process.
2, home gateway calling related application programs, read the present state information of the inner various device of home network by certain medium, the processing of being correlated with produces interface data (for example information that can collect each equipment by UPnPUniversal Plug and Play general plug-and-play protocol).
3, then, home gateway sends these interface data to user by Internet, the user can see the state information of various device in the own home like this, and the button that can be associated by the equipment various and home network inside on the click browser page is controlled these equipment.
From above-mentioned description to the prior art scheme as can be seen, there is following deficiency in the scheme of existing telemanagement:
The information such as username and password that the user needs manually input to land the required address of home network or domain-name information and land in remote access process, and, the user finish home network carried out remote access after, the logon information of oneself need be removed, to prevent that other users from usurping these information, these operations will be made troubles to the Long-distance Control of home network to the user.
Summary of the invention
The object of the present invention is to provide a kind of method and system thereof of remote access authorization and identification, the problem of complex operation when solving the long-range remote access home network of user in the prior art.
For achieving the above object, the present invention adopts following technical scheme:
A kind of method of remote access authorization and identification, described method comprises the steps:
Initiate remote access request to described home network A after the required information of the described home network A of remote access that a, remote access agency obtains according to the movable equipment from home network A;
Access authorization among b, the described home network A and certificate server carry out authentication to described remote access agency's remote access request.
Wherein also comprise before the step a:
Access authorization and the certificate server request remote access mandate of movable equipment among a0, the described home network A in described home network A, described access authorization and the described movable equipment of certificate server mandate can the described home network A of remote access, and the required information of described remote access home network A is sent to movable equipment.
The required information of wherein said remote access home network A specifically comprises the address of the remote access interface of home network A, the authentication information of visiting needed port numbers, the needed agreement of visit and authenticating needs.
The authentication information that wherein said authentication needs is authentication code or digital signature or device id.
The required information of wherein said remote access home network A also comprises: one or more in time limits three category information of the permission type of granted access, the equipment of granted access or resource and granted access.
Wherein step a specifically comprises:
A1, the movable equipment request described remote access home network A required information of described remote access agency in described home network A, described movable equipment returns the required information of remote access home network A to described remote access agency;
A2, described remote access agency according to the described home network A of described remote access the required remote access interface request of information in described home network A carry out remote access.
Wherein step a1 specifically comprises:
The movable equipment request described remote access home network A required information of described remote access agency in described home network A, described movable equipment selectively returns the required information of remote access home network A to described remote access agency according to prefabricated strategy or user's operation.
Wherein step b specifically comprises:
The authentication information that requires described remote access agency to provide remote access to authenticate after the remote access request of its remote access interface forwarding is provided for access authorization among b1, the described home network A and certificate server;
The authentication information that b2, described remote access are acted on behalf of in the information that described remote access home network A is required sends to described access authorization and certificate server, and described access authorization and certificate server carry out authentication according to described authentication information.
Wherein said remote access interface is the home gateway among the home network A.
The invention also discloses a kind of system of remote access authorization and identification, described system comprises remote access agency, home network A and movable equipment wherein and access authorization and certificate server, wherein:
Movable equipment among the described home network A is used in described home network A access authorization and certificate server request remote access mandate and obtain the required information of the described home network A of remote access;
Described remote access agency is used for asking remote access according to the required described movable equipment of information agency of the described home network A of described remote access that obtains from described movable equipment to described home network A.
Wherein said remote access agency belongs to home network B, is used for acting on behalf of equipment among the described home network B and initiates remote access request to described home network A.
The present invention overcomes the deficiencies in the prior art, employing is obtained home network is carried out remote access mandate and carries out the required information of remote access by movable equipment, and will carry out the remote access information needed and send remote access agency to, the remote access agency is according to the remote access of the information initiation of obtaining to home network, home network carries out the technical scheme of authentication to remote access agency's remote access, make movable equipment in remote access process, not need manually input to land required address of home network or domain-name information, and the information of landing such as username and password, and movable equipment finish home network carried out remote access after, do not need manually to remove the logon information of oneself, thus the operation when having simplified user's remote access home network greatly.
Description of drawings
Fig. 1 is an embodiment of the invention system diagram;
Fig. 2 is an embodiment of the invention flow chart;
Embodiment
Basic principle of the present invention is at first access authorization in home network and certificate server request remote access mandate of movable equipment, visit can be carried out remote access with certificate server mandate movable equipment, and the information that needs that remote access is required is sent on the movable equipment, movable equipment sends to the remote access agency with the needed information of remote access, then by the remote access request of remote access agency initiation to home network, access authorization and certificate server carry out authentication to remote access agency's access request, and whether decision continues remote access flow process according to authenticating result.
Be elaborated below in conjunction with the drawings and specific embodiments.
The system diagram of the embodiment of the invention as shown in Figure 1, wherein, movable equipment A belongs to home network A, remote access agency is independent of movable equipment A, is deployed among the home network B.
The equipment of home network A shown in Fig. 1 and B inside comprises movable equipment, PC, intelligent appliance or the like, family's bearer network can adopt various networking technologys, for example wired networking: HomePNA (Home Phoneline Networking Alliance HPNA Home Phoneline Networking Alliance) technology, PLC (communication of Power Line Communications circuitry lines) technology, IEEE1394, Ethernet etc., wireless networking: WLAN (Wireless LAN WLAN (wireless local area network)) technology, UWB (Ultra WideBand ultra broadband) technology.
Access authorization among the home network A and certificate server are used for authorizing the access rights of designated equipment to home network A, and the equipment of having authorized is authenticated, and guarantee to have only the equipment of having authorized could visit the equipment and the resource of home network inside.Specifically, can use various access authorizations and authentication techniques, for example UPnP safe access control technology, digital signature authorization and identification technology, based on access authorization and authentication techniques or the device id access authorization and the authentication techniques of authentication code.
Access authorization and certificate server can be a self-existent equipment in concrete realization, also can be positioned at home network A and go up on other equipment, such as being positioned on the home gateway A.
Remote access agency of the present invention can be to be deployed on the movable equipment, also can be deployed in the remote household network (home network B), when remote access agency department is deployed among the home network B, after the remote access agency obtains the needed address of remote access information such as (perhaps domain names) and the needed information of authentication, according to the situation of access authorization and certificate server mandate, the equipment among the home network B also can carry out remote access to home network A.
Access agent function after authentication process when remote access agency is used for realizing that home network A carried out remote access and authentication are passed through, the equipment of movable equipment A or home network B inside is acted on behalf of by remote access, according to the mandate of access authorization and certificate server among the home network A equipment among the home network A and resource is conducted interviews.
Home gateway A and home gateway B realize the function of remote access interface, insert for the equipment in the home network separately provides Internet, also are the remote access home network function that provides access.
Concrete realization flow has omitted Internet and family's bearer network as shown in Figure 2 in Fig. 2, because these two parts all are simple transparent transmission contents.
Wherein, movable equipment A belongs to home network A, and be authorized in family's network A can remote access home network A, afterwards, movable equipment A moves to home network B temporarily, allowed to be linked into home network B by interim mandate of home network B, the remote access information that provides by movable equipment A is provided in remote access among the home network B then, finish remote access authentication and agency, like this equipment and the resource that the equipment among the home network B can conditional visit home network A to home network A.
Specifically comprise following step:
1. movable equipment A is linked into home network A.
2. movable equipment A request access authorization and certificate server carry out the remote access mandate
Access authorization and certificate server in the movable equipment A request home network A carry out the remote access mandate to it, by the facility information of oneself is issued the authorization and identification server, ask to authorize can the remote access home network authority.
From the angle of easy expansion, the request message that movable equipment A sends can use such form:
The visit time limit that the equipment of the authorization type of device id+request+request granted access or resource+request is authorized
Specifically can be like this:
Xxx_223344+ " remote access "+" PC "+" 1 hour "
3. access authorization and certificate server mandate movable equipment A can remote access home network A
Access authorization and certificate server are operated according to prefabricated strategy or by the user, authorize the movable equipment A can remote access home network A, access authorization simultaneously and certificate server be with the needed address of remote access information such as (perhaps domain names) and authenticate needed information and be sent on the movable equipment A.The authentication information that access authorization and certificate server provide can comprise multiple effective authentication information, and every kind of authentication information can comprise different remote access authorities, can also comprise the visit time limit of this authentication information.
Access authorization and certificate server send to the angle of the information of movable equipment A from easy expansion, can use such form:
Be used for the equipment of access rights type+granted access of authentication code+mandate of remote access domain name+device id+remote authentication or the visit time limit of resource+mandate
In concrete implementation process, concrete message can be as follows:
Authorization messages 1:
Www.myhome.sz.com+xxx_2223344+1234567+ " remote access "+" PC "+5 minute
Authorization messages 2:
Www.myhome.sz.com+xxx_2223344+7684234+ " remote access "+" all devices "+2010 are before 10, on July
In step 3, if access authorization and certificate server refusal authorisation device A remote access home network A, then flow process finishes.
4. movable equipment A moves to home network B, is linked into home network B temporarily.
5. the agency of the remote access among the home network B is to the needed information of movable equipment A request remote access home network A
The movable equipment A of remote access among home network B agency in being linked into home network B asks it that remote access home network A is provided needed information, required authentication information etc. when specifically comprising the port numbers, the needed agreement of visit of the IP address of home gateway A or domain name addresses, visit and authentication.
Before this step, the relation that can also break the wall of mistrust earlier between movable equipment A and the home network B remote access agency specifically can be finished this process by prior art such as UPnP security protocol, can further improve fail safe like this.The relation if both can't break the wall of mistrust, then flow process leaves it at that.
6. the remote access agency of movable equipment A in home network B returns the needed information of remote access home network A of its request
Movable equipment A can operate according to prefabricated strategy or by the user, appropriate information is returned to remote access agency among the home network B, required authentication information the etc. when information of returning comprises the port numbers, the needed agreement of visit of the IP address of home gateway A or domain name addresses, visit and authentication.
Movable equipment A can select appropriate information to return according to prefabricated strategy or by user's operation, and is general such as trusting degree, then returns
Authorization messages 1:
Www.myhome.sz.com+xxx_2223344+1234567+ " remote access "+" PC "+5 minute
If the trusting degree height then returns
Authorization messages 2:
Www.myhome.sz.com+xxx_2223344+7684234+ " remote access "+" all devices "+2010 are before 10, on July
If movable equipment A refusal returns remote access and acts on behalf of institute's information requested, then flow process finishes.
7. the agency of the remote access among the home network B is according to the information that obtains in the step 6, and the home gateway A in home network A asks to carry out remote access
Remote access agency among the home network B is according to the information that obtains in the step 6, home gateway A request carrying out remote access in home network A, can also comprise the device id of authorisation device (movable equipment A) in the access request message that sends, with further raising fail safe.
8. the home gateway A among the home network A is transmitted to access authorization and certificate server among the home network A with the remote access request of receiving.
9. access authorization among the home network A and certificate server judge whether to carry out authentication
Access authorization among the home network A and certificate server are according to prefabricated strategy, the remote access request of receiving judged (can use device id to authenticate if require low intensive security strategy, such as according to the device id of mentioning in the step 7 that is included in the movable equipment A in the remote access, can use mode such as authentication code to authenticate if require high-intensity security strategy), whether decision sends the message that requires to carry out authentication.
If adopt the mode of authentication code authentication to carry out authentication, then change step 10.
If carry out authentication according to the device id information in the remote access request, then change step 15.
10. access authorization among the home network A and certificate server send the message that requires to carry out authentication to its home gateway.
11. the home gateway A among the home network A gives the agency of the remote access among the home network B with the forwards that requires to carry out authentication.
12. the home gateway of information in home network A that the agency of the remote access among the home network B obtains according to step 6 sent out A and sent the authentication information that is used for remote access home network A.
The home gateway A of remote access agency in home network A among the home network B sends the authentication information of remote access home network A, and the message of transmission comprises the authentication code of remote authentication, can also comprise the device id of authorisation device (movable equipment A).
13. the home gateway among the home network A is transmitted to access authorization and authentication proxy among the home network A with the authentication information of receiving.
Whether 14. access authorization among the home network A and certificate server carry out authentication according to the remote authentication information of receiving, it is legal to see.
15. if authentication is passed through, access authorization among the home network A and certificate server are by the home gateway A among the management interface notice home network A.
16. sending authentication, access authorization among the home network A and certificate server pass through information.
17. the information that home gateway A passes through authentication among the home network A is transmitted to home network B remote access agency.
After the remote access authentication was passed through, the equipment among the home network B can use prior art by the visit of remote access agency realization to equipment and resource among the home network A, realizes as UPnP.
In access process, if the effective time limit in the authentication information that the remote access agency provides arrives, the access authorization server will point out home network B remote access agency that new effective authentication information is provided among the home network A, if remote access the agency can provide new effective authentication information, then remote access can continue, otherwise remote access will be rejected.
In concrete implementation process, except authentication modes such as above-mentioned device id, authentication code, can also use authentication modes such as digital certificate signature authentication.
Higher if desired fail safe, be preferably in movable equipment A and go up the function that realizes the remote access agency, like this in the process of whole authentication, the mutual information of movable equipment A and remote access agency no longer appears on the home network B, and the equipment on the home network B also can't obtain and keep the authentication information on the movable equipment A.
Claims (10)
1. the method for a remote access authorization and identification is characterized in that, described method comprises the steps:
Initiate remote access request to described home network A after the required information of the described home network A of remote access that a, remote access agency obtains according to the movable equipment from home network A;
Access authorization among b, the described home network A and certificate server carry out authentication to described remote access agency's remote access request,
Wherein also comprise before the step a:
Access authorization and the certificate server request remote access mandate of movable equipment among a0, the described home network A in described home network A, the described home network A of the described movable equipment remote access of described access authorization and certificate server mandate, and the required information of described remote access home network A is sent to movable equipment.
2. method according to claim 1, it is characterized in that the required information of described remote access home network A specifically comprises the address of the remote access interface of home network A, the authentication information of visiting needed port numbers, the needed agreement of visit and authenticating needs.
3. method according to claim 2 is characterized in that, the authentication information that described authentication needs is authentication code or digital signature or device id.
4. method according to claim 2, it is characterized in that the required information of described remote access home network A also comprises: one or more in time limits three category information of the permission type of granted access, the equipment of granted access or resource and granted access.
5. method according to claim 1 is characterized in that, wherein step a specifically comprises:
A1, described remote access are acted on behalf of to the required information of described movable equipment request described remote access home network A, and described movable equipment returns the required information of remote access home network A to described remote access agency;
A2, described remote access agency according to the described home network A of described remote access the required remote access interface request of information in described home network A carry out remote access.
6. method according to claim 5 is characterized in that, wherein step a1 specifically comprises:
Described remote access agency is to the required information of described movable equipment request described remote access home network A, and described movable equipment selectively returns the required information of remote access home network A to described remote access agency according to prefabricated strategy or user's operation.
7. method according to claim 1 is characterized in that, wherein step b specifically comprises:
The authentication information that requires described remote access agency to provide remote access to authenticate after the remote access request of its remote access interface forwarding is provided for access authorization among b1, the described home network A and certificate server;
The authentication information that b2, described remote access are acted on behalf of in the information that described remote access home network A is required sends to described access authorization and certificate server, and described access authorization and certificate server carry out authentication according to described authentication information.
8. according to claim 6 or 7 described methods, it is characterized in that described remote access interface is the home gateway among the home network A.
9. the system of a remote access authorization and identification is characterized in that, described system comprises remote access agency, home network A and movable equipment wherein and access authorization and certificate server, wherein:
Movable equipment among the described home network A is used for access authorization and certificate server request remote access mandate in described home network A, the described home network A of the described movable equipment remote access of described access authorization and certificate server mandate, described movable equipment also obtains the required information of the described home network A of remote access;
Described remote access agency is used for asking remote access according to the required described movable equipment of information agency of the described home network A of described remote access that obtains from described movable equipment to described home network A.
10. system according to claim 9 is characterized in that, described remote access agency belongs to home network B, is used for acting on behalf of equipment among the described home network B and initiates remote access request to described home network A.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2006100619642A CN101119195B (en) | 2006-08-01 | 2006-08-01 | Method and system for remote access authorization and identification |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2006100619642A CN101119195B (en) | 2006-08-01 | 2006-08-01 | Method and system for remote access authorization and identification |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201110298106.0A Division CN102333119B (en) | 2006-08-01 | 2006-08-01 | Remote access authorization and authentication method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101119195A CN101119195A (en) | 2008-02-06 |
CN101119195B true CN101119195B (en) | 2011-09-21 |
Family
ID=39055151
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2006100619642A Active CN101119195B (en) | 2006-08-01 | 2006-08-01 | Method and system for remote access authorization and identification |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101119195B (en) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101335586B (en) * | 2008-08-04 | 2011-01-19 | 中兴通讯股份有限公司 | Method and mobile terminal for playing mobile phone television service on multimedia playing equipment |
CN101873245B (en) * | 2009-04-27 | 2013-04-24 | 华为终端有限公司 | Method, device and network for establishing connections between home networks |
CN101720090B (en) * | 2009-06-16 | 2015-06-03 | 中兴通讯股份有限公司 | Method and device for realizing remote access control of home base station |
CN102026170B (en) * | 2009-09-16 | 2014-04-30 | 中兴通讯股份有限公司 | Method and system for realizing remote access to household base station |
US8769630B2 (en) * | 2009-12-18 | 2014-07-01 | France Telecom | Monitoring method and device |
CN103326938B (en) * | 2013-06-19 | 2016-05-18 | 清华大学 | Support gateway and the operation method thereof of ubiquitous equipment and sensor plug and play |
US9900301B2 (en) * | 2015-12-14 | 2018-02-20 | Amazon Technologies, Inc. | Device management with tunneling |
CN109962919A (en) * | 2019-03-29 | 2019-07-02 | 联想(北京)有限公司 | System access method and network system |
EP3832402A1 (en) * | 2019-12-06 | 2021-06-09 | Tissot S.A. | Method for secure connection of a watch to a remote server |
WO2022226794A1 (en) * | 2021-04-27 | 2022-11-03 | 华为技术有限公司 | Access method, apparatus and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1337645A (en) * | 2000-08-04 | 2002-02-27 | 上海普德科技发展有限公司 | Commodity network scanning anti-fake system and its electronic identification label |
CN1430855A (en) * | 2000-05-22 | 2003-07-16 | 西门子公司 | Method and system for logging subscriber station onto packet service-service state control function CSCF in communications system |
US6607439B2 (en) * | 1995-06-30 | 2003-08-19 | Walker Digital, Llc | Off-line remote system for lotteries and games of skill |
CN1601983A (en) * | 2003-09-22 | 2005-03-30 | 联想(北京)有限公司 | Method of realizing auto netting of family network environment |
-
2006
- 2006-08-01 CN CN2006100619642A patent/CN101119195B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6607439B2 (en) * | 1995-06-30 | 2003-08-19 | Walker Digital, Llc | Off-line remote system for lotteries and games of skill |
CN1430855A (en) * | 2000-05-22 | 2003-07-16 | 西门子公司 | Method and system for logging subscriber station onto packet service-service state control function CSCF in communications system |
CN1337645A (en) * | 2000-08-04 | 2002-02-27 | 上海普德科技发展有限公司 | Commodity network scanning anti-fake system and its electronic identification label |
CN1601983A (en) * | 2003-09-22 | 2005-03-30 | 联想(北京)有限公司 | Method of realizing auto netting of family network environment |
Also Published As
Publication number | Publication date |
---|---|
CN101119195A (en) | 2008-02-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101119195B (en) | Method and system for remote access authorization and identification | |
US7680878B2 (en) | Apparatus, method and computer software products for controlling a home terminal | |
CN100456739C (en) | Remote access vpn mediation method and mediation device | |
CN101155227B (en) | Method, system and device for providing context control in inter-person communication | |
EP2291979B1 (en) | Remote access between upnp devices | |
CN101971570B (en) | For the method and apparatus of long-range access local network | |
EP1566939B1 (en) | Media streaming home network system and method for operating the same | |
CN100456729C (en) | Personal remote firewall | |
US20060288227A1 (en) | Management of access control in wireless networks | |
US20120072727A1 (en) | Multi-isp controlled access to ip networks, based on third-party operated untrusted access stations | |
US20080189393A1 (en) | Remote Access to Secure Network Devices | |
FI125972B (en) | Equipment arrangement and method for creating a data transmission network for remote property management | |
CN101212374A (en) | Method and system for remote access to campus network resources | |
JP2004505383A (en) | System for distributed network authentication and access control | |
JP2004523828A (en) | System and method for communicating with a network enabled device using session initiation protocol (SIP) | |
US20080013554A1 (en) | Gateway for controlling electric equipment connected to lan through wan | |
WO2008023934A1 (en) | Outdoor remote control system and method for home network device | |
CN105763658B (en) | For being addressed method, addressable server and the system of equipment dynamic IP addressing | |
US20040243837A1 (en) | Process and communication equipment for encrypting e-mail traffic between mail domains of the internet | |
US20040125813A1 (en) | Gateway and its communicating method | |
JP2006121533A (en) | Relay device, communication terminal, communication system | |
US20030046411A1 (en) | Service provision method, relay device, and service provision apparatus | |
CN101335647A (en) | Family network access method and family network management system | |
CN102333119B (en) | Remote access authorization and authentication method and device | |
US20030226037A1 (en) | Authorization negotiation in multi-domain environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |