CN101453423B - Flow linkage control method, apparatus and system - Google Patents
Flow linkage control method, apparatus and system Download PDFInfo
- Publication number
- CN101453423B CN101453423B CN2008102269040A CN200810226904A CN101453423B CN 101453423 B CN101453423 B CN 101453423B CN 2008102269040 A CN2008102269040 A CN 2008102269040A CN 200810226904 A CN200810226904 A CN 200810226904A CN 101453423 B CN101453423 B CN 101453423B
- Authority
- CN
- China
- Prior art keywords
- network
- illegitimate traffic
- flow
- traffic
- security device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 20
- 230000002159 abnormal effect Effects 0.000 claims abstract description 56
- 238000004458 analytical method Methods 0.000 claims description 9
- 239000010410 layer Substances 0.000 abstract 4
- 239000002356 single layer Substances 0.000 abstract 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a method, a device and a system for controlling flow in a linked mode. The method comprises the following steps: acquiring network flow data of each network layer; judging whether the abnormal flow belongs to illegal flows required to be controlled if an abnormal flow exists in the network flow data; and triggering network safety devices on each network layer related to the illegal flows to perform linked control on the illegal flows according to the types and the flow directions of the illegal flows if the abnormal flow belongs to the illegal flow. The device comprises an acquiring module, a first judging module and a processing module. The system comprises a network safety decision device and a network safety device. The method, the device and the system solve the problem that the network safety device positioned on a single layer cannot perform comprehensive control on the illegal flows when the illegal flows flow among high/low network layers, and adopt a linked control mode of a high/low network layer safety device to achieve the comprehensive control on the illegal flows.
Description
Technical field
The present invention relates to network security technology, relate in particular to a kind of flow linkage control method, Apparatus and system, belong to networking technology area.
Background technology
The IP metropolitan area network can be divided into according to network configuration: Access Layer, convergence-level and backbone layer, Access Layer are positioned at the low level network layer, directly connect user terminal usually, and customer flow is introduced network; Convergence-level is positioned at the network intermediate layer, handles all traffics from access layer equipment, is provided to the up link of backbone layer; Backbone layer is positioned at high-order network layer, carries out message transmission at a high speed.When network is subjected to the illegitimate traffic attack of malice or invades, under a lot of situations, these illegitimate traffic all are to flow to high-order network layer or flow to the low level network layer from high-order network layer from the low level network layer, as flowing to backbone layer from Access Layer or flowing to Access Layer from backbone layer.
Prior art adopts usually at the processing of illegitimate traffic and inserts data acquisition equipment and Network Security Device respectively in each network layer, each layer be the collection network data on flows respectively, and the illegitimate traffic that has malicious attack removed or tackle, and generally, illegitimate traffic all is to flow to high-order network layer or flow to the low level network layer from high-order network layer from the low level network layer, prior art can't be handled and flow to the illegitimate traffic that this layer network safety means compass of competency precognition in addition flows to, thereby caused to realize comprehensive control, reduced the security protection ability of network illegitimate traffic.
Summary of the invention
The objective of the invention is in order to solve the prior art illegitimate traffic problem that the caused Network Security Device that is positioned on the individual layer can't be controlled illegitimate traffic when the network interflow of high/low position comprehensively.
For achieving the above object, the invention provides a kind of flow linkage control method, comprising:
Obtain the network traffics data of each network layer;
If have abnormal flow in the described network traffics data, judge then whether described abnormal flow belongs to the illegitimate traffic that need control;
If described abnormal flow belongs to described illegitimate traffic, then according to the type and the flow direction of described illegitimate traffic, trigger Network Security Device on each network layer relevant with described illegitimate traffic to the control that links of described illegitimate traffic, described Network Security Device is distributed in and exists in each network layer that illegitimate traffic and illegitimate traffic will flow to.
The present invention also provides a kind of flow linkage control device, comprising:
Acquisition module is used to obtain the network traffics data of each network layer;
First judge module is used for judging whether described abnormal flow belongs to the illegitimate traffic that need control if there is abnormal flow in described network traffics data;
Processing module, be used for if described abnormal flow belongs to described illegitimate traffic, then according to the type and the flow direction of described illegitimate traffic, trigger Network Security Device on each network layer relevant with described illegitimate traffic to the control that links of described illegitimate traffic, described Network Security Device is distributed in and exists in each network layer that illegitimate traffic and illegitimate traffic will flow to.
The present invention provides a kind of flow coordinated control system again, comprising:
Network Security Device is used for described illegitimate traffic is handled, and described Network Security Device is distributed in and exists in each network layer that illegitimate traffic and illegitimate traffic will flow to;
The network security decision device, be used to obtain the network traffics data of each network layer, if have abnormal flow in the described network traffics data, judge then whether described abnormal flow belongs to the illegitimate traffic that need control, if described abnormal flow belongs to described illegitimate traffic, then according to the type and the flow direction of described illegitimate traffic, trigger Network Security Device on relevant each network layer with described illegitimate traffic to the control that links of described illegitimate traffic.
The present invention passes through network traffics data acquisition, analysis in each layer network safety means compass of competency, gather into network security control decision device, trigger each layer network safety means to the illegitimate traffic control that links, realize the mode of operation of high/low position Network Security Device teamwork, thereby remove comprehensively or tackle the illegitimate traffic in the network, improve the fail safe of network and the ability that the opposing malicious traffic stream is attacked.
Description of drawings
Fig. 1 is the flow chart of flow linkage control method first embodiment of the present invention;
Fig. 2 is the flow chart of flow linkage control method second embodiment of the present invention;
Fig. 3 is the structure chart of flow linkage control device first embodiment of the present invention;
Fig. 4 is the structure chart of flow linkage control device second embodiment of the present invention;
Fig. 5 is the structure chart of flow coordinated control system first embodiment of the present invention;
Fig. 6 is the structure chart of flow coordinated control system second embodiment of the present invention.
Embodiment
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Fig. 1 is the flow chart of flow linkage control method first embodiment of the present invention, and as shown in Figure 1, flow linkage control method of the present invention comprises:
If have abnormal flow in the network traffics data of each network layer that step 101 gets access to, then the network security decision device judges whether this abnormal flow belongs to the illegitimate traffic that need control;
Wherein, abnormal flow may be divided into multiple situation, such as, if this abnormal flow only be flow greatly but do not have the malicious attack situation, then this abnormal flow does not belong to illegitimate traffic, do not need it is controlled,, need control it if flow size is normal but exist malicious attack then to belong to illegitimate traffic.
If this abnormal flow of step 102 belongs to the illegitimate traffic that need control, then the network security decision device is according to the type and the flow direction of this illegitimate traffic, triggers Network Security Device on each network layer relevant with this illegitimate traffic to the control that links of this illegitimate traffic.
The network security decision device is obtained the network traffics data of each network layer in the present embodiment, when the abnormal flow in the network traffics data is the illegitimate traffic that need control, the Network Security Device that the network security decision device triggers on each network layer relevant with this illegitimate traffic is handled this illegitimate traffic, because illegitimate traffic may flow to the low level network layer or flow to high-order network layer from the low level network layer from high-order network layer, therefore, trigger the Network Security Device that inserts on the heterogeneous networks layer simultaneously by the network security decision device, realized the jointly controlling and processing simultaneously of each layer network safety means at illegitimate traffic.
Fig. 2 is the flow chart of flow linkage control method second embodiment of the present invention, and as shown in Figure 2, on the basis of first embodiment, further, flow linkage control method can be specially following steps:
Wherein, analyzing the network layer relevant with illegitimate traffic and the type of this illegitimate traffic is specially: analyze which network layer is this illegitimate traffic be present in and which network layer the source is, this illegitimate traffic is which network layer to flow to which network layer from, analyzes the size and the type of this illegitimate traffic.According to the result who analyzes, be the illegitimate traffic particular type and the flow direction, specify the Network Security Device that participates in handling this illegitimate traffic, these Network Security Devices are distributed in and exist in each network layer that illegitimate traffic or illegitimate traffic will flow to, according to specifying the Network Security Device that participates in handling illegitimate traffic, generate the Network Security Device inventory of this illegitimate traffic of control, generate these Network Security Devices simultaneously and carry out the operational order of handling operation.
Present embodiment is at dissimilar, the illegitimate traffic that flows to is specified corresponding Network Security Device, carry out the operation of handling illegitimate traffic according to specific operational order, make illegitimate traffic flow into the low level network layer or when the low level network layer flows into high-order network layer from high-order network layer, Network Security Device in high-order network layer and the low level network layer by the appointment of network security decision device, can handle the operation of illegitimate traffic according to the operational order that the network security decision device sends simultaneously, make the network safety equipment linkage control of heterogeneous networks layer, realize illegitimate traffic has been carried out comprehensive control.
Fig. 3 is the structure chart of flow linkage control device first embodiment of the present invention, as shown in Figure 3, the flow linkage control device of present embodiment comprises: acquisition module 301, first judge module 302 and processing module 303, wherein, acquisition module 301 is used to obtain the network traffics data of each network layer, and the network traffics data on each network layer are gathered; First judge module 302 is used for if there is abnormal flow in the network traffics data, judges whether abnormal flow belongs to the illegitimate traffic of needs control, and this deterministic process is referring to a last embodiment; Processing module 303 is used for if abnormal flow belongs to illegitimate traffic, then according to the type and the flow direction of this illegitimate traffic, triggers Network Security Device on each network layer relevant with this illegitimate traffic to the control that links of this illegitimate traffic.
The flow linkage control device of present embodiment gathers the network traffics data of each network layer, by triggering the Network Security Device on each relevant network layer of illegitimate traffic, the illegitimate traffic that the needs that exist are handled is handled, thereby make the problem that the Network Security Device on each layer may flow between high and low network layer at illegitimate traffic carry out interlock control, make illegitimate traffic obtain comprehensive control.
Fig. 4 is the structure chart of flow linkage control device second embodiment of the present invention, as shown in Figure 4, the flow linkage control device comprises acquisition module 301, first judge module 302 and processing module 303, on this basis, the flow linkage control device can also comprise: second judge module 304, analysis module 305, instruction generation module 306 and sending module 307, wherein, second judge module 304 is used for judging whether the network traffics data exist abnormal flow, analysis module 305 is used to analyze the network layer relevant with illegitimate traffic and the type of illegitimate traffic, instruction generation module 306 is used for generating the Network Security Device inventory of each network layer of handling illegitimate traffic and the operational order that Network Security Device is handled illegitimate traffic according to analysis result, sending module 307 is used for Network Security Device inventory and operational order are sent to each Network Security Device, to trigger Network Security Device on each network layer relevant with illegitimate traffic to the illegitimate traffic control that links.
Present embodiment is by analyzing dissimilar, the flow direction of illegitimate traffic, specify the Network Security Device of corresponding each network layer, control the operation of illegitimate traffic according to specific operational order, make illegitimate traffic when the heterogeneous networks interflow, thereby reached the interlock of the Network Security Device of heterogeneous networks layer, the illegitimate traffic of malice has been carried out comprehensive control.
Fig. 5 is the structure chart of flow coordinated control system first embodiment of the present invention, as shown in Figure 5, flow coordinated control system of the present invention comprises: Network Security Device 501 and network security decision device 502, wherein, Network Security Device 501 is used for illegitimate traffic is handled, network security decision device 502 is used to obtain the network traffics data of each network layer, if have abnormal flow in these network traffics data, judge then whether abnormal flow belongs to the illegitimate traffic that need control, if abnormal flow belongs to illegitimate traffic, then according to the type and the flow direction of illegitimate traffic, trigger the control that links of 501 pairs of illegitimate traffic of Network Security Device on each network layer relevant with illegitimate traffic.
In the present embodiment, because equal access network safety means on each network layer, after the network security decision device has been obtained the network traffics data of each network layer, the Network Security Device that triggers on each network layer is handled the network traffics data that have illegitimate traffic, promptly trigger the Network Security Device of heterogeneous networks layer simultaneously by the network security decision device, make each layer network safety means linkage control illegitimate traffic, realize comprehensive control illegitimate traffic.
Fig. 6 is the structure chart of flow coordinated control system second embodiment of the present invention, as shown in Figure 6, the flow coordinated control system comprises Network Security Device 501 and network security decision device 502, on this basis, the flow coordinated control system can also comprise: data acquisition equipment 503, be used to gather the network traffics data on each network layer, and the network traffics data are sent to network security decision device 502, be that the network traffics data that the data acquisition equipment 503 on each network layer collects on the network layer separately gather to network security decision device 502, further, network security decision device 502 can also comprise: acquisition module 511, first judge module 512 and processing module 513, acquisition module 511 is used to obtain the network traffics data of each network layer, first judge module 512 is used for if there is abnormal flow in the network traffics data, judge whether abnormal flow belongs to the illegitimate traffic that need control, processing module 513 is used for if abnormal flow belongs to the illegitimate traffic that need control, then according to the type and the flow direction of illegitimate traffic, trigger the control that links of 501 pairs of illegitimate traffic of Network Security Device on each network layer relevant with illegitimate traffic.
In the present embodiment, the network traffics data that collected by the data acquisition equipment in each network layer all are aggregated into the network security decision device, the network security decision device is analyzed the network traffics data that have illegitimate traffic that receive, and the Network Security Device that triggers each layer is comprehensively controlled illegitimate traffic.
It should be noted last that, above embodiment is only unrestricted in order to technical scheme of the present invention to be described, although the present invention is had been described in detail with reference to preferred embodiment, those of ordinary skill in the art is to be understood that, can make amendment or be equal to replacement technical scheme of the present invention, and not break away from the spirit and scope of technical solution of the present invention.
Claims (12)
1. a flow linkage control method is characterized in that, comprising:
Obtain the network traffics data of each network layer;
If have abnormal flow in the described network traffics data, judge then whether described abnormal flow belongs to the illegitimate traffic that need control;
If described abnormal flow belongs to described illegitimate traffic, then according to the type and the flow direction of described illegitimate traffic, trigger Network Security Device on each network layer relevant with described illegitimate traffic to the control that links of described illegitimate traffic, described Network Security Device is distributed in and exists in each network layer that illegitimate traffic and illegitimate traffic will flow to.
2. flow linkage control method according to claim 1 is characterized in that, the described network traffics data of obtaining each network layer comprise: obtain the described network traffics data of being gathered by the data acquisition equipment of described each network layer.
3. flow linkage control method according to claim 2 is characterized in that, if having abnormal flow in the described network traffics data, judges then whether described abnormal flow belongs to the illegitimate traffic that need control and specifically comprise:
Judge in the described network traffics data and whether have abnormal flow;
If do not exist, then continue to judge in the described network traffics data whether have described abnormal flow;
If have described abnormal flow in the described network traffics data, judge then whether described abnormal flow belongs to the illegitimate traffic that need control.
4. according to claim 1,2 or 3 described flow linkage control methods, it is characterized in that, according to the type and the flow direction of described illegitimate traffic, trigger on each network layer relevant with described illegitimate traffic Network Security Device to described illegitimate traffic link control specifically comprise:
Analyze the network layer relevant and the type of described illegitimate traffic, and generate the Network Security Device inventory of each network layer of handling described illegitimate traffic and the operational order that described Network Security Device is handled described illegitimate traffic according to analysis result with described illegitimate traffic;
Described Network Security Device inventory and described operational order are sent to each Network Security Device, to trigger Network Security Device on each network layer relevant to the control that links of described illegitimate traffic with described illegitimate traffic.
5. flow linkage control method according to claim 4 is characterized in that, also comprises: if described abnormal flow does not belong to described illegitimate traffic, then continue to judge whether described abnormal flow belongs to described illegitimate traffic.
6. flow linkage control method according to claim 4, it is characterized in that the Network Security Device on described triggering each network layer relevant with described illegitimate traffic links to described illegitimate traffic and also comprises after the control: described Network Security Device is resetted.
7. a flow linkage control device is characterized in that, comprising:
Acquisition module is used to obtain the network traffics data of each network layer;
First judge module is used for judging whether described abnormal flow belongs to the illegitimate traffic that need control if there is abnormal flow in described network traffics data;
Processing module, be used for if described abnormal flow belongs to described illegitimate traffic, then according to the type and the flow direction of described illegitimate traffic, trigger Network Security Device on each network layer relevant with described illegitimate traffic to the control that links of described illegitimate traffic, described Network Security Device is distributed in and exists in each network layer that illegitimate traffic and illegitimate traffic will flow to.
8. flow linkage control device according to claim 7 is characterized in that, also comprises:
Second judge module is used for judging whether described network traffics data exist described abnormal flow.
9. according to claim 7 or 8 described flow linkage control devices, it is characterized in that, also comprise:
Analysis module is used to analyze the network layer relevant with described illegitimate traffic and the type of described illegitimate traffic;
The instruction generation module is used for generating the Network Security Device inventory of each network layer of handling described illegitimate traffic and the operational order that described Network Security Device is handled described illegitimate traffic according to analysis result;
Sending module is used for described Network Security Device inventory and described operational order are sent to each Network Security Device, to trigger Network Security Device on each network layer relevant with described illegitimate traffic to the control that links of described illegitimate traffic.
10. a flow coordinated control system is characterized in that, comprising:
Network Security Device is used for described illegitimate traffic is handled, and described Network Security Device is distributed in and exists in each network layer that illegitimate traffic and illegitimate traffic will flow to;
The network security decision device, be used to obtain the network traffics data of each network layer, if have abnormal flow in the described network traffics data, judge then whether described abnormal flow belongs to the illegitimate traffic that need control, if described abnormal flow belongs to described illegitimate traffic, then according to the type and the flow direction of described illegitimate traffic, trigger Network Security Device on each network layer relevant to the control that links of described illegitimate traffic with described illegitimate traffic.
11. flow coordinated control system according to claim 10 is characterized in that, also comprises: data acquisition equipment is used to obtain the described network traffics data on each network layer, and described network traffics data is sent to described network security decision device.
12. flow coordinated control system according to claim 10 is characterized in that, described network security decision device comprises:
Acquisition module is used to obtain the network traffics data of each network layer;
First judge module is used for judging then whether described abnormal flow belongs to the illegitimate traffic that need control if there is described abnormal flow in described network traffics data;
Processing module is used for if described abnormal flow belongs to described illegitimate traffic, then according to the type and the flow direction of described illegitimate traffic, triggers Network Security Device on each network layer relevant with described illegitimate traffic to the control that links of described illegitimate traffic.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008102269040A CN101453423B (en) | 2008-11-19 | 2008-11-19 | Flow linkage control method, apparatus and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008102269040A CN101453423B (en) | 2008-11-19 | 2008-11-19 | Flow linkage control method, apparatus and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101453423A CN101453423A (en) | 2009-06-10 |
| CN101453423B true CN101453423B (en) | 2011-06-01 |
Family
ID=40735451
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008102269040A Active CN101453423B (en) | 2008-11-19 | 2008-11-19 | Flow linkage control method, apparatus and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101453423B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067384B (en) * | 2012-12-27 | 2016-12-28 | 华为技术有限公司 | Threaten processing method and system, linkage client, safety equipment and main frame |
| CN107360194A (en) * | 2017-09-07 | 2017-11-17 | 北京邮电大学 | The treating method and apparatus of network attack |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1668015A (en) * | 2004-12-20 | 2005-09-14 | 华中科技大学 | Cooperative intrusion detection based large-scale network security defense system |
| CN101022360A (en) * | 2007-03-16 | 2007-08-22 | 北京工业大学 | Local network safety management method based on IEEE 802.1X protocol |
-
2008
- 2008-11-19 CN CN2008102269040A patent/CN101453423B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1668015A (en) * | 2004-12-20 | 2005-09-14 | 华中科技大学 | Cooperative intrusion detection based large-scale network security defense system |
| CN101022360A (en) * | 2007-03-16 | 2007-08-22 | 北京工业大学 | Local network safety management method based on IEEE 802.1X protocol |
Non-Patent Citations (1)
| Title |
|---|
| 陈灏.NetFlow原理以及在互联网流量分析中的应用.《中国优秀博硕士学位论文全文数据库(硕士) 信息科技辑》.2007,(第03期), * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101453423A (en) | 2009-06-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103036733B (en) | Unconventional network accesses monitoring system and the monitoring method of behavior | |
| CN106921666B (en) | DDoS attack defense system and method based on cooperative theory | |
| KR101070614B1 (en) | Malicious traffic isolation system using botnet infomation and malicious traffic isolation method using botnet infomation | |
| CN108040057B (en) | Working method of SDN system suitable for guaranteeing network security and network communication quality | |
| CN101431449B (en) | Network flux cleaning system | |
| US8001601B2 (en) | Method and apparatus for large-scale automated distributed denial of service attack detection | |
| CN101026505B (en) | Method and apparatus for monitoring malicious traffic in communication networks | |
| CN103067192B (en) | A kind of analytical system of network traffics and method | |
| CN101399711B (en) | Network monitoring system and network monitoring method | |
| CN101197715B (en) | Method for centrally capturing mobile data service condition | |
| CN107819633B (en) | Method for rapidly discovering and processing network fault | |
| CN103491060B (en) | A kind of method, apparatus and system of defence Web attacks | |
| CN104468631A (en) | Network intrusion identification method based on anomaly flow and black-white list library of IP terminal | |
| US20070234425A1 (en) | Multistep integrated security management system and method using intrusion detection log collection engine and traffic statistic generation engine | |
| KR20140088340A (en) | APPARATUS AND METHOD FOR PROCESSING DDoS IN A OPENFLOW SWITCH | |
| CN111049843A (en) | Intelligent substation network abnormal flow analysis method | |
| CN109462621A (en) | Network safety protective method, device and electronic equipment | |
| CN1725709A (en) | Method of linking network equipment and invading detection system | |
| CN101286896A (en) | IPSec VPN protocol drastic detecting method based on flows | |
| JP4380710B2 (en) | Traffic anomaly detection system, traffic information observation device, and traffic information observation program | |
| Neu et al. | Lightweight IPS for port scan in OpenFlow SDN networks | |
| TW201124876A (en) | System and method for guarding against dispersive blocking attacks | |
| CN102130792A (en) | Communication amount monitoring system | |
| CN101453423B (en) | Flow linkage control method, apparatus and system | |
| JP2005210601A (en) | Intrusion detector |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| ASS | Succession or assignment of patent right |
Owner name: CHINA LINKED NETWORK COMMUNICATION GROUP CO.,LTD. Free format text: FORMER OWNER: CHINA NETWORK COMMUNICATIONS GROUP CORPORATION Effective date: 20090605 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20090605 Address after: 21, Finance Street, Xicheng District, Beijing, zip code: 100000 Applicant after: China Joint Network Communication Group Co., Ltd. Co-applicant after: Beijing Telecom Planning & Designing Institute Co., Ltd. Address before: 21, Finance Street, Xicheng District, Beijing, zip code: 100000 Applicant before: China Network Communication Group Corporation Co-applicant before: Beijing Telecom Planning & Designing Institute Co., Ltd. |
|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |