CN102624744A - Authentication method, device and system of network device and network device - Google Patents

Authentication method, device and system of network device and network device Download PDF

Info

Publication number
CN102624744A
CN102624744A CN201210100152XA CN201210100152A CN102624744A CN 102624744 A CN102624744 A CN 102624744A CN 201210100152X A CN201210100152X A CN 201210100152XA CN 201210100152 A CN201210100152 A CN 201210100152A CN 102624744 A CN102624744 A CN 102624744A
Authority
CN
China
Prior art keywords
certificate
network equipment
equipment
message
upstream
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201210100152XA
Other languages
Chinese (zh)
Other versions
CN102624744B (en
Inventor
陈泽龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Star Net Ruijie Networks Co Ltd
Original Assignee
Beijing Star Net Ruijie Networks Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Star Net Ruijie Networks Co Ltd filed Critical Beijing Star Net Ruijie Networks Co Ltd
Priority to CN201210100152.XA priority Critical patent/CN102624744B/en
Publication of CN102624744A publication Critical patent/CN102624744A/en
Application granted granted Critical
Publication of CN102624744B publication Critical patent/CN102624744B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention provides an authentication method, device and system of a network device and a network device. The authentication method comprises the following steps of: after the network device is communicated with an upstream device of the network device physically, receiving the upstream device a transmitted challenge message after the authentication of the upstream device succeeds; and transmitting an authentication request message to the upstream device. Wherein the authentication request message transmitted by the network device carries a certificate obtained by the network device; and receiving an authentication response message transmitted by the upstream device, and forwarding the received data message by the network device when the authentication response message carries indication information of authentication success. According to the authentication method, device and system of the network device and the network device, disclosed by the invention, the authority of the network device can be realized, and the safety of a network is improved; in addition, the certificate obtained by the network device is conveniently transmitted to a certificate verifying device to be verified through network, and the usability is higher.

Description

The authentication method of the network equipment, device, system and the network equipment
Technical field
The present invention relates to information security technology, relate in particular to a kind of authentication method, device, system and network equipment of the network equipment, belong to communication technical field.
Background technology
PKIX (Public Key Infrastructure; Hereinafter to be referred as: PKI) be a kind of key management platform of following set standard; Can use cryptographic service and necessary key and certificate management systems such as encryption and digital signature are provided for all-network; In simple terms, PKI is exactly the infrastructure that security service is provided of utilizing the PKI theory and technology to set up.The core technology of PKI round the application of digital certificate, whole life such as issue, use and cancel launch.
Above-mentioned digital certificate is by certificate granting (Certificate Authority; Hereinafter to be referred as: CA) provide for each user who uses public-key at the center, and the effect of digital certificate is the legal PKI of listing in the certification of listing in the certificate that has of user.The form of above-mentioned digital certificate is followed X.509 standard.
In network security protection,, anyly can get into physical interface that these regional personnel can utilize these exposures and insert internal network easily and attack because the physical interface of internal network is dispersed throughout the different location of building.
Strick precaution major part to network security at present a lot of networks is passed through equipment such as fire compartment wall, and these all are based on the strick precaution of external attack, if will carry out safeguard protection to internal network, important means realize network ID authentication exactly; The equipment identities authentication is a kind of network authentication method that prior art provides.
The equipment identities authentication all is based on the CA center at present and issues digital certificate to trusting the user, is mainly used in ecommerce and the Email, local application is carried out the behavior of encryption and decryption.But existing equipment identities authentication is not supported the authority of the network equipment is carried out authentication, and internet security is lower; And existing equipment identities authentication can only artificial be delivered to the CA center with digital certificate, by the CA center digital certificate is carried out verification, implements very inconvenience, and ease for use is lower.
Summary of the invention
The present invention provides a kind of authentication method, device, system and network equipment of the network equipment, to realize that the authority of the network equipment is carried out authentication, improves internet security.
One aspect of the present invention provides a kind of authentication method of the network equipment, comprising:
After the upstream equipment physical connection of the network equipment and the said network equipment, receive the challenge message that said upstream equipment sends after said upstream equipment authentication success;
The said network equipment sends authentication request packet to said upstream equipment, and the authentication request packet that the said network equipment sends carries the certificate that the said network equipment obtains;
The said network equipment receives the authentication response message that said upstream equipment sends, and when carrying the indication information of authentication success in the said authentication response message, the said network equipment is transmitted the data message that the said network equipment receives; The authentication response message that said upstream equipment sends is that said upstream equipment sends to the certificate calibration equipment with the certificate that the said network equipment obtains; For said certificate calibration equipment the certificate that the said network equipment obtains is carried out verification, and after receiving the said authentication response message that said certificate calibration equipment sends, send to the said network equipment.
The present invention provides a kind of authenticate device of the network equipment on the other hand, and the authenticate device of the said network equipment is arranged in the network equipment, and the authenticate device of the said network equipment comprises:
Receiver module is used for after the upstream equipment physical connection of the network equipment and the said network equipment, receives the challenge message that said upstream equipment sends after said upstream equipment authentication success; And the authentication response message that receives said upstream equipment transmission; The authentication response message that said upstream equipment sends is that said upstream equipment sends to the certificate calibration equipment with the certificate that the said network equipment obtains; For said certificate calibration equipment the certificate that the said network equipment obtains is carried out verification, and after the said authentication response message that receives said certificate calibration equipment transmission, send;
Sending module is used for sending authentication request packet to said upstream equipment, and the authentication request packet that said sending module sends carries the certificate that the said network equipment obtains; And when carrying the indication information of authentication success in the said authentication response message that said receiver module receives, transmit the data message that the said network equipment receives.
Further aspect of the present invention provides a kind of network equipment, comprises the authenticate device of the aforesaid network equipment.
Another aspect of the invention provides a kind of Verification System of the network equipment, comprising: at least two interconnective aforesaid network equipments and certificate calibration equipment.
The technique effect of one aspect of the present invention is: after the upstream equipment physical connection of the network equipment and this network equipment; Receive the challenge message that upstream equipment sends after this upstream equipment authentication success; Network equipment upstream device is sent the authentication request packet of the certificate that carries network equipment acquisition then; And receive the authentication response message that upstream equipment sends, when carrying the indication information of authentication success in the authentication response message, the network equipment is transmitted the data message that this network equipment receives; Thereby can realize the authority of the network equipment is carried out authentication, improve internet security, and the certificate that the network equipment obtained through network of the present invention sends to the certificate calibration equipment and carry out verification, it is convenient to realize, ease for use is higher.
Description of drawings
Fig. 1 is the flow chart of an embodiment of authentication method of the network equipment of the present invention;
Fig. 2 is the flow chart of another embodiment of authentication method of the network equipment of the present invention;
Fig. 3 is the sketch map of an embodiment of application scenarios of the present invention;
Fig. 4 is the structural representation of an embodiment of authenticate device of the network equipment of the present invention;
Fig. 5 is the structural representation of another embodiment of authenticate device of the network equipment of the present invention;
Fig. 6 is the structural representation of an embodiment of Verification System of the network equipment of the present invention.
Embodiment
Fig. 1 is the flow chart of an embodiment of authentication method of the network equipment of the present invention, and as shown in Figure 1, the authentication method of this network equipment can comprise:
Step 101 after the upstream equipment physical connection of the network equipment and the network equipment, receives the challenge message that this upstream equipment sends after this upstream equipment authentication success.
Step 102, network equipment upstream device is sent authentication request packet, and the authentication request packet that this network equipment sends carries the certificate that this network equipment obtains.
Step 103, the network equipment receives the authentication response message that upstream equipment sends, and when carrying the indication information of authentication success in this authentication response message, the network equipment is transmitted the data message that this network equipment receives.
In the present embodiment; The authentication response message that above-mentioned upstream equipment sends is that upstream equipment sends to the certificate calibration equipment with the certificate that the network equipment obtains; For the certificate calibration equipment certificate that the network equipment obtains is carried out verification, and after receiving the authentication response message that the certificate calibration equipment sends, send to the network equipment.
In a kind of implementation of present embodiment; The initial value that the global state of the network equipment can be set is a un-authenticated state; When global state was in un-authenticated state, the message that this network equipment can only be transmitted the CA type (for example: message identifying) or address resolution protocol (Address Resolution Protocol; Hereinafter to be referred as: ARP) message, the message of other types all can not be transmitted; When carrying the indication information of authentication success in the authentication response message that receives; The network equipment changes to the authentication success state with the global state of this network equipment; At this moment this network equipment can be transmitted the data message that this network equipment receives; That is to say that behind the authentication success, this network equipment can be transmitted all types of messages that this network equipment receives;
Message identifying) or the ARP message in the another kind of implementation of present embodiment, the network equipment also can be set before authentication success, (for example:, the message of other types all can not be transmitted can only to transmit the message of CA type; When carrying the indication information of authentication success in the authentication response message that receives; The network equipment is known self authentication success; At this moment, this network equipment can be transmitted the data message that this network equipment receives, and that is to say; Behind the authentication success, this network equipment can be transmitted all types of messages that this network equipment receives.
In the present embodiment, above-mentioned certificate calibration equipment is used to carry out the certificate verification, and this certificate calibration equipment can be the upstream equipment of network internal, for example: gateway etc.
In the present embodiment, above-mentioned challenge message can comprise CA message identification position and CA type of message field; The protocol number of the tunneling that the value of CA message identification position is adopted for this challenge message in the above-mentioned challenge message; The value of CA type of message field is first preset value in the above-mentioned challenge message; For example: " 00 ", this first preset value are used to represent that type of message is the challenge message;
Above-mentioned authentication request packet can comprise CA message identification position, CA type of message field, two three-layer equipment identification fields, medium access control (Media Access Control; Hereinafter to be referred as: MAC)/Internet Protocol (Internet Protocol; Hereinafter to be referred as: IP) address field and CA certificate information field; The value of CA message identification position is the protocol number of the tunneling that this authentication request packet adopted in the above-mentioned authentication request packet; The value of CA type of message field can be second preset value in the above-mentioned authentication request packet, and for example: " 01 ", this second preset value are used to represent that type of message is an authentication request packet; The value of two three-layer equipment identification fields is used to represent that the above-mentioned network equipment is two-layer equipment or three-layer equipment in the above-mentioned authentication request packet; When the above-mentioned network equipment of the value representation of two three-layer equipment identification fields was two-layer equipment, the value of MAC/IP address field was the MAC Address of the above-mentioned network equipment; When the above-mentioned network equipment of the value representation of two three-layer equipment identification fields was three-layer equipment, the value of MAC/IP address field was the IP address of the above-mentioned network equipment; CA certificate information field in the above-mentioned authentication request packet carries the certificate that this network equipment obtains.
In the foregoing description; After the upstream equipment physical connection of the network equipment and this network equipment; Receive the challenge message that upstream equipment sends after this upstream equipment authentication success, network equipment upstream device is sent the authentication request packet of the certificate that carries network equipment acquisition then, and receives the authentication response message that upstream equipment sends; When carrying the indication information of authentication success in the authentication response message, the network equipment is transmitted the data message that this network equipment receives; Thereby can realize the authority of the network equipment is carried out authentication, improve internet security, and the certificate that the network equipment obtained through network of present embodiment sends to the certificate calibration equipment and carry out verification, it is convenient to realize, ease for use is higher.
Fig. 2 is the flow chart of another embodiment of authentication method of the network equipment of the present invention, and as shown in Figure 2, the authentication method of this network equipment can comprise:
Step 201 after the upstream equipment physical connection of the network equipment and the network equipment, receives the challenge message that this upstream equipment sends after this upstream equipment authentication success.
In the present embodiment; After the upstream equipment physical connection of the network equipment and the network equipment; If this upstream equipment is authentication success; Then the state of the port that in this upstream equipment of perception, is connected with the network equipment of this upstream equipment changes, for example: become after the up by down, send the challenge message to the network equipment; If the also unverified success of this upstream equipment; Then the state of the port that in this upstream equipment of perception, is connected with the network equipment of this upstream equipment changes; For example: become up by down, and wait for after this upstream equipment authentication success, send the challenge message to the network equipment.
Wherein, the form of above-mentioned challenge message can be as shown in table 1.
Table 1
Figure BDA0000150874950000051
In the above-mentioned challenge message, target MAC (Media Access Control) address is full F in the Ethernet header fields; Purpose IP address is 255.255.255.255 in the IP header fields; The value of CA message identification position is a protocol number, and this protocol number is the protocol number of the challenge tunneling that message adopted; The value of CA type of message field can be first preset value, and for example: " 00 ", this first preset value are used to represent that type of message is the challenge message; When the value of two three-layer equipment identification fields was " 0 ", the equipment that this challenge message is sent in expression was three-layer equipment, and when the value of two three-layer equipment identification fields was " 1 ", the equipment that this challenge message is sent in expression was two-layer equipment; The value of ttl field is " 1 ".
Step 202, the network equipment confirm whether this network equipment has obtained certificate.If then execution in step 204; If the network equipment is confirmed this network equipment and is not obtained certificate as yet that then execution in step 203.
Particularly; The network equipment can be searched in storage mediums such as the flash memory (Flash) of this network equipment or hard disk, if find certificate, confirms that then this network equipment has obtained certificate; If do not find, can confirm that then this network equipment does not obtain certificate as yet; Perhaps,
The network equipment can be at USB (the Universal Serial Bus of this network equipment; Hereinafter to be referred as: USB) after interface access USB flash disk or the portable hard drive; In USB flash disk that inserts or portable hard drive, search,, confirm that then this network equipment has obtained certificate if find certificate; If do not find, can confirm that then this network equipment does not obtain certificate as yet.
More than be merely the network equipment and confirm whether this network equipment has obtained several kinds of examples of certificate, and the present invention is not limited to this certainly, the present invention confirms that to the network equipment mode whether this network equipment has obtained certificate does not limit.
Step 203, the network equipment are confirmed this network device authenticates failure.
Whether step 204, the network equipment confirm this network equipment authentication success.If then execution in step 205; If the network equipment is confirmed the also unverified success of this network equipment, then execution in step 206.
In a kind of implementation of present embodiment; The initial value that the global state of the network equipment can be set is a un-authenticated state; When global state is in un-authenticated state; Message identifying) or the ARP message this network equipment can only be transmitted the message of CA type, and (for example:, the message of other types all can not be transmitted; Behind the authentication success, the network equipment changes to the authentication success state with the global state of this network equipment, and under the authentication success state, this network equipment can be transmitted the data message that this network equipment receives.Particularly, in this step, after definite this network equipment had obtained certificate, this network equipment can confirm that the global state of this network equipment is a un-authenticated state, or the authentication success state.If global state is a un-authenticated state, then the network equipment can be confirmed the also unverified success of this network equipment; If global state is the authentication success state, then the network equipment can be confirmed this network equipment authentication success.
Message identifying) or the ARP message in the another kind of implementation of present embodiment, the network equipment also can be set before authentication success, (for example:, the message of other types all can not be transmitted can only to transmit the message of CA type; After authentication success, this network equipment can be transmitted the data message that this network equipment receives, and that is to say, behind the authentication success, this network equipment can be transmitted all types of messages that this network equipment receives.Particularly; In this step, after definite this network equipment had obtained certificate, this network equipment can confirm whether this network equipment can transmit data message; If this network equipment can be transmitted data message, then this network equipment can be confirmed this network equipment authentication success; If this network equipment cannot be transmitted data message, then this network equipment can be confirmed the also unverified success of this network equipment.
In this implementation; When concrete the realization; The network equipment can receive through the interface that this network equipment of inquiry is connected with other network equipments except that this network equipment and the number-of-packet of transmission, if the number-of-packet of above-mentioned interface reception is not 0, but the number-of-packet of transmission is 0; This this network equipment of explanation cannot be transmitted data message, and then can confirm the also unverified success of this network equipment; If the number-of-packet that above-mentioned interface receives is not 0, and the number-of-packet of sending is not 0 yet, and this this network equipment of explanation can be transmitted data message, and then can confirm this network equipment authentication success.
Below only be whether the network equipment confirms this network equipment two kinds of examples of authentication success, the present invention is not limited to this, the present invention to the network equipment confirm this network equipment whether the mode of authentication success do not limit.
Step 205, the network equipment is transmitted the data message that this network equipment receives.
In the present embodiment, after the network equipment was confirmed this network device authenticates success, the network equipment can be transmitted the data message that this network equipment receives.
For instance, if the network equipment causes the network equipment to be connected with the upstream equipment disconnection because line becomes flexible, after then line being seated; This network equipment again with the upstream equipment physical connection; At this moment the upstream equipment state that can perceive the port that is connected with the network equipment in this upstream equipment equally changes, for example: become up by down, so upstream equipment can send the challenge message to the network equipment equally; After but the network equipment receives this challenge message; Obtained certificate and after the authentication success, the network equipment can directly be transmitted the data message that this network equipment receives, and does not need the repetition authentication at definite this network equipment.
Step 206, network equipment upstream device is sent authentication request packet.
In the present embodiment, the authentication request packet that this network equipment sends carries the certificate that the network equipment obtains, and particularly, the form of authentication request packet can be as shown in table 2.
Table 2
Figure BDA0000150874950000081
In the above-mentioned authentication request packet; Source MAC and target MAC (Media Access Control) address are transmitted encapsulation according to normal two layers in the Ethernet header fields; In the present embodiment, the source MAC in this Ethernet header fields is the MAC Address of the network equipment, and target MAC (Media Access Control) address is the MAC Address of upstream equipment; Source IP address is the IP address of the network equipment in the IP header fields, and purpose IP address is the IP address of upstream equipment; The value of CA message identification position is a protocol number, and this protocol number is the protocol number of the tunneling that authentication request packet adopted; The value of CA type of message field can be second preset value, and for example: " 01 ", this second preset value are used to represent that type of message is an authentication request packet; When the value of two three-layer equipment identification fields is " 0 "; The equipment of this authentication request packet is sent in expression; Be that the network equipment in the present embodiment is a three-layer equipment; When the value of two three-layer equipment identification fields was " 1 ", the equipment of this authentication request packet was sent in expression, and promptly the network equipment in the present embodiment is a two-layer equipment; When the value of two three-layer equipment identification fields was " 0 ", the value of MAC/IP address field was the IP address of the network equipment, and when the value of two three-layer equipment identification fields was " 1 ", the value of MAC/IP address field was the MAC Address of the network equipment; The CA certificate information field carries the certificate that the network equipment obtains; The value of ttl field is " 255 ".
Step 207, upstream equipment receive after the authentication request packet of network equipment transmission, the authentication request packet that the decapsulation network equipment sends.
In the present embodiment, the outer source address of the authentication request packet that the network equipment sends is the address of the network equipment, and the outer destination address of the authentication request packet that the network equipment sends is the address of upstream equipment; Reference table 2, the outer source address of the authentication request packet that the network equipment sends, promptly the source IP address in the IP header fields is the IP address of the network equipment; The outer destination address of the authentication request packet that the network equipment sends, promptly the purpose IP address in the IP header fields is the IP address of upstream equipment.
The outer source address of the authentication request packet that step 208, upstream equipment are sent the network equipment changes to the address of upstream equipment, and the outer destination address of the authentication request packet that the network equipment is sent changes to the address of certificate calibration equipment.
Reference table 2, in this step, upstream equipment changes to the IP address of this upstream equipment with the source IP address in the IP header fields, the purpose IP address in the IP header fields is changed to the IP address of certificate calibration equipment.
In the present embodiment, above-mentioned certificate calibration equipment is used to carry out the certificate verification, and this certificate calibration equipment can be the upstream equipment of network internal, for example: gateway etc.
The authentication request packet that step 209, upstream equipment will be changed behind above-mentioned outer source address and the above-mentioned outer destination address sends to the certificate calibration equipment.
In the present embodiment, the authentication request packet that this upstream equipment sends carries the certificate that the network equipment obtains.
Step 210, the certificate calibration equipment carries out verification to the certificate that the network equipment obtains.
Particularly, the certificate calibration equipment is searched the certificate that the certificate that obtains with the network equipment has the identical credentials sign in the certificate repository of this certificate calibration equipment; If find, then the certificate calibration equipment carries out verification according to the certificate that finds to the certificate that the network equipment obtains; If in the certificate repository of certificate calibration equipment, do not find the certificate that the certificate that obtains with the network equipment has the identical credentials sign; Then the certificate calibration equipment sends the certificate download request of carrying above-mentioned certificates identified to the CA center; And after receiving the certificate that sends according to above-mentioned certificates identified at the CA center, the certificate that the network equipment obtains is carried out verification according to the certificate that receives.
In the present embodiment; Certificate can comprise: certificate version, certificate index, have MAC Address and the information such as person liable of this equipment of the equipment of this certificate; Information that can this certificate of unique identification in the information that above-mentioned certificates identified can comprise for certificate, for example: the certificate index.
Step 211, certificate calibration equipment upstream device is sent the authentication response message.
In the present embodiment, if the certificate calibration equipment confirms that the AES of the certificate that the network equipment obtains is correct, the certificate content is not forged, and this certificate is not out of date, carries the indication information of authentication success in the authentication response message that then the certificate calibration equipment sends; If the certificate calibration equipment confirms that the AES of the certificate that the network equipment obtains is incorrect, the certificate content for forge, this certificate is out of date or this certificate has been revoked, carries the indication information of authentification failure in the authentication response message that then the certificate calibration equipment sends.
Step 212, upstream equipment sends to the network equipment with above-mentioned authentication response message.
In the present embodiment; The value of MAC/IP address field is the address of the network equipment in the authentication response message that the certificate calibration equipment sends; When the network equipment was two-layer equipment, the value of MAC/IP address field was the MAC Address of the network equipment in the authentication response message that the certificate calibration equipment sends; When the network equipment was three-layer equipment, the value of MAC/IP address field was the IP address of the network equipment in the authentication response message that the certificate calibration equipment sends.
Particularly, upstream equipment can send to the network equipment with this authentication response message according to the value of MAC/IP address field in the authentication response message of certificate calibration equipment transmission.
Step 213, when carrying the indication information of authentication success in the above-mentioned authentication response message, the network equipment is transmitted the data message that this network equipment receives.
The foregoing description can be realized the authority of the network equipment is carried out authentication, improves internet security, and the certificate that the network equipment obtained through network of present embodiment sends to the certificate calibration equipment and carry out verification, and it is convenient to realize, ease for use is higher.
In addition, authentication method that present embodiment provides and user do not have and contact directly, and need or not consider the compatibility of software environment by user's install software voluntarily yet; And only after authentication success; The network equipment just can be transmitted the data message that this network equipment receives; Can prevent access network device privately, and prevent dilatation number of network node voluntarily, thereby can control the node number of putting in order net equipment; Prevent the potential safety hazard brought thus from further to improve internet security.In addition, certificate is not easy to be forged, thereby also can improve internet security.And; In the present embodiment; Authentication request packet adopts the mode of double address (being the address of all carrying the network equipment in IP header fields and the MAC/IP address field); The message identifying forward-path of having avoided unverified preceding route to fail to set up and having caused is unreachable, has solved the forwarding problems of the preceding message identifying of network device authenticates success.
During the present invention was embodiment illustrated in fig. 2, the certificate calibration equipment can also receive the certificate revocation message that send at the CA center, and this certificate revocation message carries the index of being revoked certificate; The certificate that has above-mentioned index then in the certificate repository of this certificate calibration equipment of certificate calibration equipment deletion, and indication has equipment that this quilt revokes certificate self state is changed to un-authenticated state.
In addition, the certificate calibration equipment can also receive the certificate repository that sends at the CA center and upgrade message, upgrades the more certificate repository of new authentication calibration equipment of message according to this certificate repository then.
The form of above-mentioned certificate revocation message and certificate repository renewal message can be as shown in table 3.
Table 3
In the table 3; Source MAC and target MAC (Media Access Control) address are transmitted according to normal two layers and are provided with in the Ethernet header fields; In the present embodiment, source MAC can be the MAC Address at CA center in the Ethernet header fields, and target MAC (Media Access Control) address can be the MAC Address of certificate calibration equipment in the Ethernet header fields; Source IP address in the IP header fields can be the IP address at CA center, and the purpose IP address in the IP header fields can be the IP address of certificate calibration equipment; The value of CA message identification position is a protocol number, and this protocol number is the protocol number of the tunneling that message adopted; The value of CA type of message field is the 3rd preset value, and for example: when " 02 ", the expression type of message is the certificate revocation message, and the value of CA type of message field is the 4th preset value, and for example: when " 03 ", the expression type of message is that certificate repository upgrades message; When the value of CA type of message field is the 3rd preset value; The CA certificate information field carries index, certificate content and the term of validity of the certificate of being revoked; When the value of CA type of message field was the 4th preset value, the CA certificate information field carried index, certificate content and the term of validity of the certificate after the renewal; The value of ttl field is " 255 ".
The method that the present invention embodiment illustrated in figures 1 and 2 provides can be applied in the application scenarios shown in Figure 3, and Fig. 3 is the sketch map of an embodiment of application scenarios of the present invention, and among Fig. 3, (Switch 1 for CA center, gateway, switch 1; Hereinafter to be referred as: SW1) form a network with SW2.SW1 is connected to the physical interface 1 of gateway; SW2 is connected to the physical interface 2 of gateway; SW1 and SW2 are connected to network through gateway, and the USB interface of SW1 inserts USB flash disk, and SW1 can obtain to be kept at the certificate of the CA central authority in the USB flash disk; Method according to the present invention embodiment illustrated in figures 1 and 2 provides is carried out authentication, and the network host behind the authentication success under the SW1 can accessing network resources; SW2 is then through the physical interface 2 that exposes access network privately, because not having that certificate or certificate are illegal can't access network, thereby greatly improved the network internal fail safe.
Particularly, among Fig. 3, gateway is the outlet of network, is generally the upstream equipment of network internal, and the gateway here is the certificate calibration equipment among the present invention embodiment illustrated in figures 1 and 2; Gateway at first can send to the CA center with oneself certificate through network (for example: internet (internet)) and carry out verification, and after verification was passed through, the state of gateway became forwarding state; When SW1 is connected to the physical interface 1 of gateway, the state that gateway perceives physical interface 1 changes, for example: become after the up by down; Send the challenge message to SW1; After SW1 received the challenge message, the certificate that SW1 is obtained was carried at and sends to gateway in the authentication request packet, and the source IP address in the IP header fields of this authentication request packet is the IP address of SW1; Purpose IP address is the IP address of gateway; And when the value of two three-layer equipment identification fields of this authentication request packet was " 0 ", the value of MAC/IP address field was the IP address of SW1, when the value of two three-layer equipment identification fields is " 1 "; The value of MAC/IP address field is the MAC Address of SW1, and being equivalent to this authentication request packet has double-deck address.The SW1 here is the network equipment among the present invention embodiment illustrated in figures 1 and 2.
Gateway receives after the authentication request packet; The certificate that SW1 is obtained carries out verification; Verification through after then send the indication information carry authentication success the authentication response message give SW1; After SW1 received above-mentioned authentication response message, the global state of this SW1 changed to the authentication success state, and SW1 can transmit the data message that this SW1 receives.
Among Fig. 3, the physical interface 2 of gateway is exposed to the outside, and SW2 is by the non-network management personnel or the hacker inserts physical interface 2 privately, and certificate or certificate are not illegal owing to having, even after the physics UNICOM, SW2 still can't communicate in network.
One of ordinary skill in the art will appreciate that: all or part of step that realizes above-mentioned each method embodiment can be accomplished through the relevant hardware of program command.Aforesaid program can be stored in the computer read/write memory medium.This program the step that comprises above-mentioned each method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
Fig. 4 is the structural representation of an embodiment of authenticate device of the network equipment of the present invention; The authenticate device of the network equipment in the present embodiment is arranged in the network equipment; Can realize the flow process that the present invention is embodiment illustrated in fig. 1; As shown in Figure 4, the authenticate device of this network equipment can comprise: receiver module 41 and sending module 42;
Particularly, receiver module 41 is used for after the upstream equipment physical connection of the network equipment and the network equipment, receives the challenge message that upstream equipment sends after this upstream equipment authentication success; And the authentication response message that receives the upstream equipment transmission; The authentication response message that this upstream equipment sends is that upstream equipment sends to the certificate calibration equipment with the certificate that the network equipment obtains; For the certificate calibration equipment certificate that the network equipment obtains is carried out verification, and after the authentication response message that receives the transmission of certificate calibration equipment, send;
Sending module 42 is used for upstream device and sends authentication request packet, and the authentication request packet that sending module 42 sends carries the certificate that the network equipment obtains; And when carrying the indication information of authentication success in the authentication response message that receiver module 41 receives, the data message that forwarding network appliance receives.
In the present embodiment, the certificate calibration equipment is used to carry out the certificate verification, and this certificate calibration equipment can be the upstream equipment of network internal, for example: gateway etc.
In the foregoing description; After the upstream equipment physical connection of the network equipment and this network equipment; Receiver module 41 receives the challenge message that upstream equipment sends after this upstream equipment authentication success; Sending module 42 upstream device are sent the authentication request packet of the certificate that carries network equipment acquisition then; And receive the authentication response message that upstream equipments send by receiver module 41, and when carrying the indication information of authentication success in the authentication response message, the data message that sending module 42 forwarding network appliances receive; Thereby can realize the authority of the network equipment is carried out authentication, improve internet security, and the certificate that the network equipment obtained through network of said apparatus sends to the certificate calibration equipment and carry out verification, it is convenient to realize, ease for use is higher.。
Fig. 5 is the structural representation of another embodiment of authenticate device of the network equipment of the present invention, compares with the authenticate device of the network equipment shown in Figure 4, and difference is that the authenticate device of the network equipment shown in Figure 5 can also comprise: determination module 43;
Determination module 43 is used for confirming whether the network equipment has obtained certificate;
At this moment, sending module 42 specifically is used for confirming that when determination module 43 network equipments have obtained certificate, and the network equipment is also unverified when successful, and upstream device is sent authentication request packet.
Sending module 42 also is used for confirming that when determination module 43 network equipments have obtained certificate, and the network equipment is transmitted the data message that this network equipment receives during authentication success.
In addition, determination module 43 also is used for when definite network equipment does not obtain certificate as yet, confirms the network device authenticates failure.
Further, the authenticate device of the above-mentioned network equipment can also comprise: address conversion module 44;
Sending module 42 also is used for when the authentication response message of receiver module 41 receptions carries the indication information of authentication success, after the upstream device and this network equipment physical connection of the network equipment, to the upstream device transmission challenge message of the network equipment; And the authentication request packet behind address conversion module 44 outer source addresses of change and the outer destination address sent to the certificate calibration equipment, this authentication request packet carries the certificate that above-mentioned upstream device obtains;
Receiver module 41; Also be used to receive the authentication request packet that the upstream device of the network equipment sends; The authentication request packet that this upstream device of decapsulation sends; The outer source address of the authentication request packet that this upstream device sends is the address of upstream device, and the outer destination address of the authentication request packet that upstream device sends is the address of the above-mentioned network equipment, and the authentication request packet that this upstream device sends carries the certificate that upstream device obtains;
Address conversion module 44, the outer source address of the authentication request packet that is used for upstream device is sent changes to the address of the network equipment, and the outer destination address of the authentication request packet that upstream device is sent changes to the address of certificate calibration equipment.
The authenticate device of the above-mentioned network equipment can be realized the authority of the network equipment is carried out authentication, improves internet security, and the certificate that the network equipment obtained through network of said apparatus sends to the certificate calibration equipment and carry out verification, and it is convenient to realize, ease for use is higher.
In addition, the authenticate device of the above-mentioned network equipment and user do not have and contact directly, and need or not consider the compatibility of software environment by user's install software voluntarily yet; And only after authentication success; The network equipment just can be transmitted the data message that this network equipment receives; Can prevent access network device privately, and prevent dilatation number of network node voluntarily, thereby can control the node number of putting in order net equipment; Prevent the potential safety hazard brought thus from further to improve internet security.In addition, certificate is not easy to be forged, thereby also can improve internet security.
The present invention also provides a kind of network equipment, and this network equipment can be realized through the authenticate device of the Fig. 4 of the present invention or the network equipment that provides embodiment illustrated in fig. 5.
Fig. 6 is the structural representation of the embodiment of Verification System of the network equipment of the present invention, and as shown in Figure 6, the Verification System of this network equipment can comprise: at least two interconnective network equipments 61 and certificate calibration equipment 62.
Particularly, the network equipment 61 can be realized through the authenticate device of the Fig. 4 of the present invention or the network equipment that provides embodiment illustrated in fig. 5; Certificate calibration equipment 62 is used to carry out the certificate verification, and this certificate calibration equipment 62 can be the upstream equipment of network internal, for example: gateway etc.
Fig. 6 comprises that with the Verification System of the network equipment two network equipments 61 are that illustration goes out; Be expressed as 61A and 61B respectively; In the Verification System of the network equipment shown in Figure 6; Network equipment 61B is the upstream equipment of network equipment 61A, and network equipment 61A, network equipment 61B and certificate calibration equipment 62 can carry out repeating no more at this alternately according to Fig. 1 of the present invention or the flow process that provides embodiment illustrated in fig. 2.
What should explain at last is: above each embodiment is only in order to explaining technical scheme of the present invention, but not to its restriction; Although the present invention has been carried out detailed explanation with reference to aforementioned each embodiment; Those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, perhaps to wherein part or all technical characteristic are equal to replacement; And these are revised or replacement, do not make the scope of the essence disengaging various embodiments of the present invention technical scheme of relevant art scheme.

Claims (16)

1. the authentication method of a network equipment is characterized in that, comprising:
After the upstream equipment physical connection of the network equipment and the said network equipment, receive the challenge message that said upstream equipment sends after said upstream equipment authentication success;
The said network equipment sends authentication request packet to said upstream equipment, and the authentication request packet that the said network equipment sends carries the certificate that the said network equipment obtains;
The said network equipment receives the authentication response message that said upstream equipment sends, and when carrying the indication information of authentication success in the said authentication response message, the said network equipment is transmitted the data message that the said network equipment receives; The authentication response message that said upstream equipment sends is that said upstream equipment sends to the certificate calibration equipment with the certificate that the said network equipment obtains; For said certificate calibration equipment the certificate that the said network equipment obtains is carried out verification, and after receiving the said authentication response message that said certificate calibration equipment sends, send to the said network equipment.
2. method according to claim 1 is characterized in that, the said network equipment also comprised before said upstream equipment sends authentication request packet:
The said network equipment confirms whether the said network equipment has obtained certificate;
The said network equipment sends authentication request packet to said upstream equipment and comprises:
Confirm the said network equipment when the said network equipment and obtained certificate, and the said network equipment is also unverified when successful, the said network equipment sends authentication request packet to said upstream equipment.
3. method according to claim 2 is characterized in that, the said network equipment also comprised before said upstream equipment sends authentication request packet:
Confirm the said network equipment when the said network equipment and obtained certificate, and the said network equipment is during authentication success, the said network equipment is transmitted the data message that the said network equipment receives.
4. method according to claim 1 is characterized in that, the said network equipment receives after the authentication response message of said upstream equipment transmission, also comprises:
When carrying the indication information of authentication success in the said authentication response message, after the upstream device and said network equipment physical connection of the said network equipment, the said network equipment sends the challenge message to the upstream device of the said network equipment;
The said network equipment receives the authentication request packet of the upstream device transmission of the said network equipment; The authentication request packet that the said upstream device of decapsulation sends; The outer source address of the authentication request packet that said upstream device sends is the address of said upstream device; The outer destination address of the authentication request packet that said upstream device sends is the address of the said network equipment, and the authentication request packet that said upstream device sends carries the certificate that said upstream device obtains;
The outer source address of the authentication request packet that the said network equipment sends said upstream device changes to the address of the said network equipment, and the outer destination address of the authentication request packet that said upstream device is sent changes to the address of said certificate calibration equipment;
The authentication request packet that the said network equipment will be changed behind said outer source address and the said outer destination address sends to said certificate calibration equipment, and the authentication request packet that the said network equipment sends carries the certificate that said upstream device obtains.
5. according to any described method of claim 1-4, it is characterized in that said challenge message comprises certificate granting CA message identification position and CA type of message field; The value of CA message identification position is the protocol number of the tunneling that adopted of said challenge message in the said challenge message, and the value of CA type of message field is first preset value in the said challenge message, and said first preset value is used to represent that type of message is the challenge message;
Said authentication request packet comprises CA message identification position, CA type of message field, two three-layer equipment identification fields, medium access control/Internet Protocol address field and CA certificate information field; The value of CA message identification position is the protocol number of the tunneling that said authentication request packet adopted in the said authentication request packet; The value of CA type of message field can be second preset value in the said authentication request packet, and said second preset value is used to represent that type of message is an authentication request packet; The value of two three-layer equipment identification fields is used to represent that the said network equipment is two-layer equipment or three-layer equipment in the said authentication request packet; When the said network equipment of the value representation of said two three-layer equipment identification fields was two-layer equipment, the value of said medium access control/Internet Protocol address field was the Media Access Control Address of the said network equipment; When the said network equipment of the value representation of said two three-layer equipment identification fields was three-layer equipment, the value of said medium access control/Internet Protocol address field was the Internet Protocol address of the said network equipment; CA certificate information field in the said authentication request packet carries the certificate that the said network equipment obtains.
6. according to any described method of claim 1-4, it is characterized in that the certificate that said certificate calibration equipment obtains the said network equipment carries out verification and comprises:
Said certificate calibration equipment is searched the certificate that the certificate that obtains with the said network equipment has the identical credentials sign in the certificate repository of said certificate calibration equipment;
If find, then said certificate calibration equipment carries out verification according to the certificate that finds to the certificate that the said network equipment obtains, and after verification succeeds, sends the authentication response message of the indication information that carries said authentication success to said upstream equipment;
If in the certificate repository of said certificate calibration equipment, do not find the certificate that the certificate that obtains with the said network equipment has the identical credentials sign; Then said certificate calibration equipment sends the certificate download request of carrying said certificates identified to the certificate granting center; And after receiving the certificate that sends according to said certificates identified at said certificate granting center; According to the certificate that receives the certificate that the said network equipment obtains is carried out verification; And after verification succeeds, send the authentication response message of the indication information that carries said authentication success to said upstream equipment.
7. method according to claim 6 is characterized in that, also comprises:
Said certificate calibration equipment receives the certificate revocation message that send at said certificate granting center, and said certificate revocation message carries the index of being revoked certificate;
Said certificate calibration equipment is deleted the certificate that has said index in the certificate repository of said certificate calibration equipment, and indication has the said equipment of being revoked certificate self state is changed to un-authenticated state.
8. method according to claim 7 is characterized in that, said certificate revocation message comprises CA message identification position, CA type of message field and CA certificate information field; The value of CA message identification position is the protocol number of the tunneling that adopted of said certificate revocation message in the said certificate revocation message; The value of CA type of message field is the 3rd preset value in the said certificate revocation message, and said the 3rd preset value is used to represent that type of message is the certificate revocation message; CA certificate information field in the said certificate revocation message carries the index of the certificate of being revoked.
9. method according to claim 6 is characterized in that, also comprises:
Said certificate calibration equipment receives the certificate repository that sends at said certificate granting center and upgrades message, upgrades the certificate repository that message upgrades said certificate calibration equipment according to said certificate repository.
10. method according to claim 9 is characterized in that, said certificate repository upgrades message and comprises CA message identification position, CA type of message field and CA certificate information field; The value that said certificate repository upgrades CA message identification position in the message is the protocol number that said certificate repository upgrades the tunneling that message adopted; The value that said certificate repository upgrades CA type of message field in the message is the 4th preset value, and said the 4th preset value is used to represent that type of message is that certificate repository upgrades message; CA certificate information field in the said certificate repository renewal message carries index, certificate content and the term of validity of the certificate after the renewal.
11. the authenticate device of a network equipment is characterized in that, the authenticate device of the said network equipment is arranged in the network equipment, and the authenticate device of the said network equipment comprises:
Receiver module is used for after the upstream equipment physical connection of the network equipment and the said network equipment, receives the challenge message that said upstream equipment sends after said upstream equipment authentication success; And the authentication response message that receives said upstream equipment transmission; The authentication response message that said upstream equipment sends is that said upstream equipment sends to the certificate calibration equipment with the certificate that the said network equipment obtains; For said certificate calibration equipment the certificate that the said network equipment obtains is carried out verification, and after the said authentication response message that receives said certificate calibration equipment transmission, send;
Sending module is used for sending authentication request packet to said upstream equipment, and the authentication request packet that said sending module sends carries the certificate that the said network equipment obtains; And when carrying the indication information of authentication success in the said authentication response message that said receiver module receives, transmit the data message that the said network equipment receives.
12. device according to claim 11 is characterized in that, also comprises: determination module;
Said determination module is used for confirming whether the said network equipment has obtained certificate;
Said sending module specifically is used for confirming that the said network equipment has obtained certificate when said determination module, and the said network equipment is also unverified when successful, sends authentication request packet to said upstream equipment.
13. device according to claim 12 is characterized in that,
Said sending module also is used for confirming that the said network equipment has obtained certificate when said determination module, and the said network equipment is transmitted the data message that the said network equipment receives during authentication success.
14. device according to claim 11 is characterized in that, also comprises: address conversion module;
Said sending module; Also be used for when the said authentication response message of said receiver module reception carries the indication information of authentication success; After the upstream device and said network equipment physical connection of the said network equipment, to the upstream device transmission challenge message of the said network equipment; And the authentication request packet that said address conversion module is changed behind said outer source address and the said outer destination address sends to said certificate calibration equipment, and said authentication request packet carries the certificate that said upstream device obtains;
Said receiver module; Also be used to receive the authentication request packet that the upstream device of the said network equipment sends; The authentication request packet that the said upstream device of decapsulation sends; The outer source address of the authentication request packet that said upstream device sends is the address of said upstream device, and the outer destination address of the authentication request packet that said upstream device sends is the address of the said network equipment, and the authentication request packet that said upstream device sends carries the certificate that said upstream device obtains;
Said address conversion module; The outer source address of the authentication request packet that is used for said upstream device is sent changes to the address of the said network equipment, and the outer destination address of the authentication request packet that said upstream device is sent changes to the address of said certificate calibration equipment.
15. a network equipment is characterized in that, comprises the authenticate device like any described network equipment of claim 11-14.
16. the Verification System of a network equipment is characterized in that, comprising: at least two interconnective network equipments as claimed in claim 15 and certificate calibration equipment.
CN201210100152.XA 2012-04-06 2012-04-06 Authentication method, device and system of network device and network device Active CN102624744B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210100152.XA CN102624744B (en) 2012-04-06 2012-04-06 Authentication method, device and system of network device and network device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210100152.XA CN102624744B (en) 2012-04-06 2012-04-06 Authentication method, device and system of network device and network device

Publications (2)

Publication Number Publication Date
CN102624744A true CN102624744A (en) 2012-08-01
CN102624744B CN102624744B (en) 2014-09-10

Family

ID=46564428

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210100152.XA Active CN102624744B (en) 2012-04-06 2012-04-06 Authentication method, device and system of network device and network device

Country Status (1)

Country Link
CN (1) CN102624744B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105743863A (en) * 2014-12-12 2016-07-06 华为技术有限公司 Method and device used for processing message
CN109155915A (en) * 2016-05-18 2019-01-04 华为技术有限公司 Communication means, network side equipment and user equipment
CN109800579A (en) * 2018-12-25 2019-05-24 苏州科达科技股份有限公司 A kind of integrity checking method of software, device and electronic equipment
CN110324290A (en) * 2018-03-30 2019-10-11 贵州白山云科技股份有限公司 Method, network element device, medium and the computer equipment of network equipment certification
CN111654464A (en) * 2015-12-31 2020-09-11 华为技术有限公司 Access control method, authentication device and system
CN111903098A (en) * 2018-03-22 2020-11-06 华为技术有限公司 Method, device and system for processing message fragment
CN112383555A (en) * 2020-11-17 2021-02-19 宏图智能物流股份有限公司 Network request validity verification method in logistics network
CN112565182A (en) * 2020-10-28 2021-03-26 锐捷网络股份有限公司 Data processing method and system, electronic equipment and gateway equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1901448A (en) * 2005-07-21 2007-01-24 华为技术有限公司 Connecting identification system in communication network and realizing method
CN101136748A (en) * 2006-08-31 2008-03-05 普天信息技术研究院 Identification authentication method and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1901448A (en) * 2005-07-21 2007-01-24 华为技术有限公司 Connecting identification system in communication network and realizing method
CN101136748A (en) * 2006-08-31 2008-03-05 普天信息技术研究院 Identification authentication method and system

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105743863A (en) * 2014-12-12 2016-07-06 华为技术有限公司 Method and device used for processing message
CN111654464A (en) * 2015-12-31 2020-09-11 华为技术有限公司 Access control method, authentication device and system
CN109155915A (en) * 2016-05-18 2019-01-04 华为技术有限公司 Communication means, network side equipment and user equipment
CN111903098A (en) * 2018-03-22 2020-11-06 华为技术有限公司 Method, device and system for processing message fragment
CN111903098B (en) * 2018-03-22 2022-01-28 华为技术有限公司 Method, device and system for processing message fragment
US11411892B2 (en) 2018-03-22 2022-08-09 Huawei Technologies Co., Ltd. Packet fragment processing method and apparatus and system
CN110324290A (en) * 2018-03-30 2019-10-11 贵州白山云科技股份有限公司 Method, network element device, medium and the computer equipment of network equipment certification
CN109800579A (en) * 2018-12-25 2019-05-24 苏州科达科技股份有限公司 A kind of integrity checking method of software, device and electronic equipment
CN112565182A (en) * 2020-10-28 2021-03-26 锐捷网络股份有限公司 Data processing method and system, electronic equipment and gateway equipment
CN112565182B (en) * 2020-10-28 2023-06-27 锐捷网络股份有限公司 Data processing method, system, electronic device and gateway device
CN112383555A (en) * 2020-11-17 2021-02-19 宏图智能物流股份有限公司 Network request validity verification method in logistics network
CN112383555B (en) * 2020-11-17 2022-06-03 宏图智能物流股份有限公司 Network request validity verification method in logistics network

Also Published As

Publication number Publication date
CN102624744B (en) 2014-09-10

Similar Documents

Publication Publication Date Title
CN102624744B (en) Authentication method, device and system of network device and network device
JP6684930B2 (en) Blockchain-based identity authentication method, device, node and system
KR100739781B1 (en) Method and apparatus for transmitting message to each of wireless device groups
US7774594B2 (en) Method and system for providing strong security in insecure networks
CN101123811B (en) Apparatus and method for managing stations associated with WPA-PSK wireless network
JP5641618B2 (en) Method, control point, apparatus and communication system for setting access right
WO2018177143A1 (en) Identity authentication method and system, server and terminal
KR102325725B1 (en) Digital certificate management method and device
JP2006115502A (en) Method and apparatus for cross-certification using portable security token among certifying bodies
JP2004274193A (en) Radio communication system, terminal, processing method therein and program for executing the method by terminal
CN102984045B (en) The cut-in method and Virtual Private Network client of Virtual Private Network
KR20160127167A (en) Multi-factor certificate authority
CN103190130A (en) Registration server, gateway apparatus and method for providing a secret value to devices
TW200534653A (en) Communication system using TCP/IP protocols
JP4245972B2 (en) Wireless communication method, wireless communication device, communication control program, communication control device, key management program, wireless LAN system, and recording medium
JP2006065660A (en) Terminal equipment, information delivery server, and information delivery method
US20030188012A1 (en) Access control system and method for a networked computer system
JP6056970B2 (en) Information processing apparatus, terminal, information processing system, and information processing method
JP2006025010A (en) Communication system, service providing method, and computer program
KR101816582B1 (en) Vehhicle and control method thereof
WO2018172776A1 (en) Secure transfer of data between internet of things devices
JP5282795B2 (en) Information communication system, information processing method, node device, and program
CN101656661B (en) Method, system and equipment for implementing transmission of trusted information
JP2006197094A (en) Communication system
WO2021039676A1 (en) Wireless communication system, wireless communication method, and non-transitory computer-readable medium having stored wireless communication program therein

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant