CN102236607B - Data security protection method and data security protection device - Google Patents
Data security protection method and data security protection device Download PDFInfo
- Publication number
- CN102236607B CN102236607B CN 201010154217 CN201010154217A CN102236607B CN 102236607 B CN102236607 B CN 102236607B CN 201010154217 CN201010154217 CN 201010154217 CN 201010154217 A CN201010154217 A CN 201010154217A CN 102236607 B CN102236607 B CN 102236607B
- Authority
- CN
- China
- Prior art keywords
- module
- data
- security
- encrypting
- security module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a data security protection method and a data security protection device for protecting data security in a computer memory. The method comprises the following steps that: while starting computer equipment, a security module respectively distinguishes and authenticates a user identity and an encryption module, after passing through the distinguishing and the authentication, the security module transmits a data key to the encryption module, in the following use, the encryption module encrypts the memory data for protection, and if the distinguishing and the authentication are not passed, the computer cannot be started. The device comprises the security module and the encryption module, which are arranged in computer equipment, such as a PC host, a PDA, a mobile phone, a PMP or a digital photo frame and the like, and are connected with each other. The method and the device implement the transparent encryption for the memory data of computer equipment and the distinguishing of user identity, and simultaneously, separately store a key and an encryption algorithm, thereby implementing higher security.
Description
Technical field
The present invention relates to field of computer technology, relate in particular to a kind of data security protection method for the protection of the computer memory data security and data security protecting device.
Background technology
Arriving along with the information age, it is more and more important that data become, most of companies, industry, individual's significant data, information are all to leave in modern storage medium basically, the important data of part and may leave system terminal in as PC, PDA(Personal Digital Assistant, personal digital assistant), in the memory module of server or in other removable memory modules.Memory module and removable memory module in PC, PDA, server do not possess encrypted feature at present, once memory module loses, just may be obtained the raw data on memory module by the disabled user, serious threat individual privacy, trade secret, even finance, military project is secret.
All there is significant leak in the various cryptographic means for memory module that exist on the market at present, part finger print hard disc for example, in fact just by fingerprint, solve user's identity is differentiated to problem, once hard disk is disassembled, can read easily the data in hard disk by other approach.Other start the BitLocker(disk encryption bit lock of releasing from Vista operating system as Microsoft) function, realized user's identity is differentiated and data encryption, but the data ciphering method that it adopts is to carry out instruction by CPU to complete, its data encryption key is exposed in calculator memory, in current computer virus, year that wooden horse is popular, this data encryption key very easily is illegally accessed, and the security of this function is lower.And carry out instruction by CPU and will greatly reduce the performance of computer system to the data encryption and decryption.
Summary of the invention
Technical matters to be solved by this invention is; a kind of data security protection method is provided; in data encryption, the data of encrypting are only used the people of this enciphered data open to having the right, have no right to use the people of this enciphered data can't adopt illegal means to obtain raw data.
The technical scheme that the present invention solves the problems of the technologies described above is as follows:
A kind of data security protection method comprises the following steps:
Steps A: security module is differentiated user identity, if differentiate not by performing step B, otherwise performs step C;
Step B: the number of times that the security module judgement is differentiated user identity, if reaching limits value, number of times do not perform step A, otherwise execution step G;
Step C: security module is authenticated encrypting module, if authenticate not by performing step D, otherwise execution step E;
Step D: the number of times of security module judgement to the encrypting module authentication, if reaching limits value, number of times do not perform step C, otherwise execution step G;
Step e: security module will send to encrypting module through the data key of encryption, and execution step F, be specially,
Insert identical root key in production phase security module and encrypting module;
Security module generates random number x, and obtains x ' after encrypting with root key; Security module sends to encrypting module to x '; Encrypting module generates random number y, and obtains y ' after encrypting with root key, and encrypting module sends to security module to y ';
Encrypting module receives the x ' that security module sends, and obtains x with the root key deciphering, and x and y XOR are obtained to z; Security module receives the y ' that encrypting module sends, and obtains y with the root key deciphering, and x and y XOR are obtained to z;
The ciphertext that security module obtains after with z, data key being encrypted passes to encrypting module; Encrypting module is decrypted the ciphertext received from security module with z, obtains data key;
Step F: encrypting module is decrypted the data key through encryption received, and obtains data key, according to data key, the data that deposit storer in is encrypted and the data of taking out storer are decrypted;
Step G: refusal carries out the user identity discriminating.
Adopt the beneficial effect of above-mentioned data security protection method to be: security module is differentiated and is authenticated user identity and encrypting module respectively, guarantees the reliability of user identity and encrypting module simultaneously; Data key separates placement with encrypting module, has guaranteed the security of data key; Guaranteed the safety of data key during from security module, being sent to the encrypting module process, once the data key after encrypting is stolen, also can't be decrypted it.。
Further, in steps A, the mode that security module is differentiated user identity comprises user password comparison mode, fingerprint way of contrast, iris way of contrast.
Further, in steps A, security module is differentiated user identity by personal identification equipment.
Further, described personal identification equipment comprises second generation identity card and digital certificate.
Further, in step D, the number of times that user identity is differentiated is 3 times or 4 times.
Further, in step D, the number of times that encrypting module is authenticated is 3 times or 4 times.
Further, in step F, the cryptographic algorithm that encrypting module adopts is DES(Data Encryption Standard, data encryption standards), 3DES or AES(Advanced Encryption Standard, Advanced Encryption Standard).
Another technical matters to be solved by this invention is to provide a kind of data security protecting device; once the data place storer of encrypting through this device is lost; the disabled user also can't obtain the raw data on storer, protection individual privacy, trade secret, and even finance, military project are secret etc.
The technical scheme that the present invention solves the problems of the technologies described above is as follows: a kind of data security protecting device comprises security module and the encrypting module be electrically connected to it;
Described security module being for being differentiated and will be sent to encrypting module through the encryption data key user identity, and the process that wherein security module is encrypted the data key is,
Insert identical root key in production phase security module and encrypting module;
Security module generates random number x, and obtains x ' after encrypting with root key; Security module sends to encrypting module to x '; Encrypting module generates random number y, and obtains y ' after encrypting with root key, and encrypting module sends to security module to y ';
Encrypting module receives the x ' that security module sends, and obtains x with the root key deciphering, and x and y XOR are obtained to z; Security module receives the y ' that encrypting module sends, and obtains y with the root key deciphering, and x and y XOR are obtained to z;
The ciphertext that security module obtains after with z, data key being encrypted passes to encrypting module; Encrypting module is decrypted the ciphertext received from security module with z, obtains data key;
Described encrypting module is decrypted the data key through encryption received, and obtains data key, and then according to data key, the data that deposit storer in is encrypted and the data of taking out storer are decrypted.
Adopt the beneficial effect of above-mentioned data security protecting device to be: by security module independently, user identity to be differentiated, and by encrypting module independently, the data of storer are carried out to encryption and decryption, whole encryption and decryption process completes in encrypting module, do not affect the performance of computer system fully, both improved the computer memory data security, do not reduce again computer system performance, guaranteed the safety of raw data on the storer simultaneously; In addition, data key is kept at hardware, has guaranteed that data key can not be stolen.
Further, described security module is also for being authenticated encrypting module.
Adopt the beneficial effect of above-mentioned further scheme to be, security module is authenticated encrypting module, prevents that encrypting module is illegally modified or replaces, and has further protected the safety of enciphered data.
Further, described security module can be credible platform module.
Credible platform module in above-mentioned further scheme; be TPM(Trusted Platform Module); being one kind plants in computer-internal and provides the chip of trusted root for computing machine; the specification of this chip is formulated by credible calculating group (Trusted Computing Group); this chip is specifically designed to the security that improves computer platform; provide guard space by the mission critical that will carry out for key or computing machine, to guarantee the safety of computing machine.Credible platform module, can on most of computing machine, use, detect operating system when Main Function is computer starting and whether change, and the existence that helped detecting Botnet, hidden process and other suspect code before launch computer and interconnection network.Credible platform module is storage key, certificate and password safely.Adopt credible platform module as security module, its beneficial effect is, can protect the public and private cipher key with file encryption for volume, realizes the safeguard protection of safety identification authentication and user identity.
The accompanying drawing explanation
The process flow diagram that Fig. 1 is data security protection method embodiment of the present invention;
The logic diagram that Fig. 2 is the data security protecting device of realizing in the present invention that data security protection method is used.
In accompanying drawing, the list of parts of each label representative is as follows:
201, security module, 202, encrypting module, 203, storer
Embodiment
Below in conjunction with accompanying drawing, principle of the present invention and feature are described, example, only for explaining the present invention, is not intended to limit scope of the present invention.
Data security protection method of the present invention comprises the following steps:
Steps A: security module is differentiated user identity, if differentiate not by performing step B, otherwise performs step C;
Step B: the number of times that the security module judgement is differentiated user identity, if reaching limits value, number of times do not perform step A, otherwise execution step Z;
Step C: security module is authenticated encrypting module, if authenticate not by performing step D, otherwise execution step E;
Step D: the number of times of security module judgement to the encrypting module authentication, if reaching limits value, number of times do not perform step C, otherwise execution step Z;
Step e: security module will send to encrypting module through the data key of encryption, and execution step F;
Step F: encrypting module is decrypted the data key through encryption received, and obtains data key, according to data key, the data that deposit storer in is encrypted and the data of taking out storer are decrypted;
Step Z: refusal carries out the user identity discriminating.
The process flow diagram that Fig. 1 is above data security protection method embodiment.
The logic diagram that Fig. 2 is the data security protecting device of realizing that data security protection method of the present invention is used, the data security protecting device comprises security module 201 and encrypting module 202, between security module 201 and encrypting module 202, is electrically connected to; Wherein, security module 201 adopts credible platform module or safety chip, its role is to user identity is differentiated, encrypting module 202 is authenticated, after user identity being differentiated and 202 authentications are all passed through to encrypting module, data encryption key is sent to encrypting module 202; Encrypting module 202, according to the data key received from security module 201, is encrypted and the data of taking out storer 203 is decrypted the data that deposit storer 203 in.
Present embodiment by inserting security module 201 and encrypting module 202 in computer system; when the computer system electrifying startup; 201 pairs of user identity of security module are differentiated and encrypting module 202 are authenticated; take confirm the user as validated user and encrypting module 202 not by illegal replacement; continue again to start computer system, the data that deposit storer 203 in computer system in are encrypted to protection simultaneously.Data in storer 203 just are subject to encipherment protection like this, even be illegally accessed, the assailant also can't obtain clear data.
In present embodiment; security module 201 adopts credible platform module; credible platform module is one kind and plants in computer-internal and provide the chip of trusted root for computing machine; be specifically designed to the security that improves computer platform; provide guard space by the mission critical that will carry out for key or computing machine, to guarantee the safety of computing machine.Present embodiment adopts credible platform module, can protect the public and private cipher key with file encryption for volume, realizes the safeguard protection of safety identification authentication and user identity.
Now in conjunction with Fig. 1 and Fig. 2, data security protection method of the present invention is further described.
In Fig. 1 step 101, the computer system electrifying startup, and enter step 102; In step 102,201 pairs of user identity of security module are differentiated, and judge whether by; If differentiate and do not pass through in step 102, perform step 103; In step 103, security module 201 judgements differentiate whether number of times reaches the maximum number of times of differentiating; If in step 103, security module 201 judgements differentiate that number of times does not reach the maximum number of times of differentiating, re-executes step 102; If in step 103, security module 201 judgements differentiate that number of times has reached the maximum number of times of differentiating, enters step 106 and carries out the user identity discriminating with refusal; If in step 102, user identity is differentiated and is passed through, enters step 104; In step 104,201 pairs of encrypting modules 202 of security module are authenticated, and judge whether by; If in step 104, authentication is not passed through, perform step 105; In step 105, whether security module 201 judgement authentication number of times reach maximum authentication number of times; If in step 105, security module 201 judgement authentication number of times do not reach maximum authentication number of times, re-execute step 104; If in step 105, security module 201 judgement authentication number of times have reached maximum authentication number of times, enter step 106 and carry out the user identity discriminating with refusal; If in step 104, encrypting module 202 authentications are passed through, and enter step 107; In step 107, security module 201 sends to encrypting module 202 by data key, and enters step 108; In step 108, encrypting module 202, according to the data key received from security module 201, carries out the encryption and decryption operation to the data that deposit and take out storer 203 in.
Usually for the computer system starting process, before step 102, there is an original state, under this original state, the user identity to be entered such as security module 201.
Discriminating for 201 pairs of user identity of security module, the mode that the most simply can adopt the user to input password is differentiated, consider that user password is easy to forget or loses equiprobable generation, the discriminating of 201 pairs of user identity of security module can be used fingerprint way of contrast or iris way of contrast more reliably, the equipment that in addition, also can adopt second generation identity card or digital certificate etc. can identify personal identification is differentiated.Which kind of mode no matter security module 201 adopt carry out the user identity discriminating, all likely because certain reason, as the user password input error, and cause differentiating and pass through, but the too much user identity of number of times is differentiated, also often mean the danger that may lose of storage data, therefore, the number of times that user identity is differentiated be 3 times or 4 times comparatively suitable.Equally, the number of times for the encrypting module authentication also should be set to 3 times or 4 times.
In step e, be that security module in Fig. 2 sends to data key in encrypting module 207 steps, can adopt various ways, if but adopt the mode directly sent, tend to cause data key to be stolen, so that threat data safety, in the present embodiment, step e has adopted following methods to realize that the safety of data key sends:
At first, insert identical root key in production phase security module 201 and encrypting module 202;
In the process of execution step E, security module 201 generates random number x, and obtains x ' after encrypting with root key; Security module 201 sends to encrypting module 202 to x '; Encrypting module 202 generates random number y, and obtains y ' after encrypting with root key, and encrypting module 202 sends to security module 201 to y ';
Encrypting module 202 receives the x ' that security module 201 sends, and obtains x with the root key deciphering, and x and y XOR are obtained to z; Security module 201 receives the y ' that encrypting module 202 sends, and obtains y with the root key deciphering, and x and y XOR are obtained to z;
The ciphertext that security module 201 use z obtain after data key is encrypted passes to encrypting module 202; Encrypting module 202 use z are decrypted the ciphertext received from security module, obtain data key.
Encrypting module 202 can enter in step F after obtaining data keys, and the reading and writing data of storer 203 is carried out to corresponding encryption and decryption operation.The data of 202 pairs of storeies 203 of encrypting module are carried out the encryption and decryption operation, can adopt the cryptographic algorithm such as DES, 3DES or AES.Wherein, the des encryption algorithm comes from IBM(International Business Machines Corporation, International Business Machine Corporation (IBM)) design of company, at present at home, the des encryption algorithm is at POS(Point Of Sale, point-of-sale terminal), ATM(Automatic Teller Machine, ATM (Automatic Teller Machine)), the fields such as magnetic card and IC-card, refuelling station, freeway toll station are widely used, to realize maintaining secrecy of critical data; The 3DES cryptographic algorithm is a kind of pattern of des encryption algorithm, is the safer distortion of DES, and it take DES as basic module, by the combination group technology, designs block encryption algorithm; The AES cryptographic algorithm is more senior cryptographic algorithm, and speed is fast, level of security is higher, just day by day becomes the actual standard of encrypting various forms of electronic data at present.
Data security protection method in above present embodiment and the applied computer system of data security protecting device include but not limited to PC(Personal Computer; PC) main frame, PDA, mobile phone, PMP(Portable Media Player, portable electronic device), the equipment such as digital album (digital photo frame).
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (10)
1. a data security protection method, is characterized in that, comprises the following steps:
Steps A: security module is differentiated user identity, if differentiate not by performing step B, otherwise performs step C;
Step B: the number of times that the security module judgement is differentiated user identity, if reaching limits value, number of times do not perform step A, otherwise execution step G;
Step C: security module is authenticated encrypting module, if authenticate not by performing step D, otherwise execution step E;
Step D: the number of times of security module judgement to the encrypting module authentication, if reaching limits value, number of times do not perform step C, otherwise execution step G;
Step e: security module will send to encrypting module through the data key of encryption, and execution step F, be specially,
Insert identical root key in production phase security module and encrypting module;
Security module generates random number x, and obtains x ' after encrypting with root key; Security module sends to encrypting module to x '; Encrypting module generates random number y, and obtains y ' after encrypting with root key, and encrypting module sends to security module to y ';
Encrypting module receives the x ' that security module sends, and obtains x with the root key deciphering, and x and y XOR are obtained to z; Security module receives the y ' that encrypting module sends, and obtains y with the root key deciphering, and x and y XOR are obtained to z;
The ciphertext that security module obtains after with z, data key being encrypted passes to encrypting module; Encrypting module is decrypted the ciphertext received from security module with z, obtains data key;
Step F: encrypting module is decrypted the data key through encryption received, and obtains data key, according to data key, the data that deposit storer in is encrypted and the data of taking out storer are decrypted;
Step G: refusal carries out the user identity discriminating.
2. data security protection method according to claim 1 is characterized in that: in steps A, the mode that security module is differentiated user identity comprises user password comparison mode, fingerprint way of contrast, iris way of contrast.
3. data security protection method according to claim 1 and 2, it is characterized in that: in steps A, security module is differentiated user identity by personal identification equipment.
4. data security protection method according to claim 3, it is characterized in that: described personal identification equipment comprises second generation identity card and digital certificate.
5. data security protection method according to claim 1 is characterized in that: in step D, the number of times that user identity is differentiated is 3 times or 4 times.
6. data security protection method according to claim 1 or 5 is characterized in that: in step D, to the number of times of encrypting module authentication, be 3 times or 4 times.
7. data security protection method according to claim 1, it is characterized in that: in step F, the cryptographic algorithm that encrypting module adopts is DES, 3DES or AES.
8. a data security protecting device is characterized in that:
Comprise security module and the encrypting module be electrically connected to it;
Described security module being for being differentiated and will be sent to encrypting module through the data key of encryption user identity, and the process that wherein security module is encrypted the data key is,
Insert identical root key in production phase security module and encrypting module;
Security module generates random number x, and obtains x ' after encrypting with root key; Security module sends to encrypting module to x '; Encrypting module generates random number y, and obtains y ' after encrypting with root key, and encrypting module sends to security module to y ';
Encrypting module receives the x ' that security module sends, and obtains x with the root key deciphering, and x and y XOR are obtained to z; Security module receives the y ' that encrypting module sends, and obtains y with the root key deciphering, and x and y XOR are obtained to z;
The ciphertext that security module obtains after with z, data key being encrypted passes to encrypting module; Encrypting module is decrypted the ciphertext received from security module with z, obtains data key;
Described encrypting module is decrypted the data key through encryption received, and obtains data key, and then according to data key, the data that deposit storer in is encrypted and the data of taking out storer are decrypted.
9. data security protecting device according to claim 8, it is characterized in that: described security module is also for being authenticated encrypting module.
10. data security protecting device according to claim 8 or claim 9, it is characterized in that: described security module is credible platform module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010154217 CN102236607B (en) | 2010-04-23 | 2010-04-23 | Data security protection method and data security protection device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010154217 CN102236607B (en) | 2010-04-23 | 2010-04-23 | Data security protection method and data security protection device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102236607A CN102236607A (en) | 2011-11-09 |
| CN102236607B true CN102236607B (en) | 2013-12-18 |
Family
ID=44887273
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010154217 Active CN102236607B (en) | 2010-04-23 | 2010-04-23 | Data security protection method and data security protection device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102236607B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103902873A (en) * | 2014-04-01 | 2014-07-02 | 昆腾微电子股份有限公司 | Mobile device and method for authenticating identity by mobile device |
| CN106778326A (en) * | 2016-11-28 | 2017-05-31 | 福建升腾资讯有限公司 | A kind of method and system for realizing movable storage device protection |
| CN106686407B (en) * | 2016-12-13 | 2019-07-23 | 北京互动百科网络技术股份有限公司 | A kind of automatic identification encrypting and decrypting method and system for video data transmission |
| CN106778349B (en) * | 2016-12-28 | 2019-11-01 | 北京安天网络安全技术有限公司 | A kind of ATM security protection system and method based on virtual disk |
| CN109308417B (en) * | 2017-07-27 | 2022-11-01 | 阿里巴巴集团控股有限公司 | Unlocking method and device based on trusted computing |
| CN108256302B (en) * | 2018-01-10 | 2020-05-29 | 四川阵风科技有限公司 | Data security access method and device |
| CN113040729A (en) * | 2020-12-28 | 2021-06-29 | 中共黔南自治州纪律检查委员会 | Vital sign monitoring device for unmanned nursing |
| CN115242543A (en) * | 2022-08-04 | 2022-10-25 | 国网山东省电力公司日照供电公司 | Data security protection method and data security protection device |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1764109A (en) * | 2004-10-22 | 2006-04-26 | 乐金电子(沈阳)有限公司 | Protection method for wireless data receive and delivery and receive and delivery device |
| CN101122942B (en) * | 2007-09-21 | 2012-02-22 | 飞天诚信科技股份有限公司 | Data safe reading method and its safe storage device |
| CN101364984B (en) * | 2008-08-13 | 2011-10-05 | 西安鼎蓝通信技术有限公司 | Method for guarantee safety of electronic file |
| CN101483654A (en) * | 2009-02-09 | 2009-07-15 | 北京华大智宝电子系统有限公司 | Method and system for implementing authentication and data safe transmission |
| CN101582109A (en) * | 2009-06-10 | 2009-11-18 | 成都市华为赛门铁克科技有限公司 | Data encryption method and device, data decryption method and device and solid state disk |
-
2010
- 2010-04-23 CN CN 201010154217 patent/CN102236607B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN102236607A (en) | 2011-11-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102236607B (en) | Data security protection method and data security protection device | |
| EP2991267B1 (en) | Apparatus for providing puf-based hardware otp and method for authenticating 2-factor using same | |
| KR101878149B1 (en) | Device, system, and method of secure entry and handling of passwords | |
| US9043610B2 (en) | Systems and methods for data security | |
| US8683232B2 (en) | Secure user/host authentication | |
| CN101650693B (en) | Security control method for mobile hard disk and security mobile hard disk | |
| EP3320662B1 (en) | Method of securing authentication in electronic communication | |
| JP2003058840A (en) | Information protection management program utilizing rfid-loaded computer recording medium | |
| CN107908574B (en) | Safety protection method for solid-state disk data storage | |
| US8620824B2 (en) | Pin protection for portable payment devices | |
| CN107403109A (en) | Encryption method and encryption system | |
| WO2012050585A1 (en) | Authenticate a fingerprint image | |
| CN200993803Y (en) | Internet banking system safety terminal | |
| CN1331015C (en) | Computer security startup method | |
| CN103051593A (en) | Method and system for secure data ferry | |
| CN102346716A (en) | Encryption method and decryption method of hard disk storage device and encryption and decryption system used for hard disk storage device | |
| CN102568097B (en) | Method and system for improving safety of electronic wallets | |
| Nowroozi et al. | Cryptocurrency wallets: assessment and security | |
| CN102270182B (en) | Encrypted mobile storage equipment based on synchronous user and host machine authentication | |
| Daza et al. | FRoDO: Fraud resilient device for off-line micro-payments | |
| CN110532791A (en) | A kind of encryption and decryption method and system for movable storage medium | |
| CN115455497A (en) | Computer hard disk data encryption system and method | |
| CN103514540A (en) | USBKEY business realization method and system | |
| CN1271525C (en) | Computer system landing method | |
| Vachon | The identity in everyone's pocket |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |