CN103516511A - Method and device for detecting encryption algorithm and secret key - Google Patents
Method and device for detecting encryption algorithm and secret key Download PDFInfo
- Publication number
- CN103516511A CN103516511A CN201310412383.9A CN201310412383A CN103516511A CN 103516511 A CN103516511 A CN 103516511A CN 201310412383 A CN201310412383 A CN 201310412383A CN 103516511 A CN103516511 A CN 103516511A
- Authority
- CN
- China
- Prior art keywords
- algorithm
- tested terminal
- key
- cryptographic
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
- Remote Monitoring And Control Of Power-Distribution Networks (AREA)
Abstract
The invention provides a method and a device for detecting an encryption algorithm and a secret key. The method comprises the steps of identifying a detected terminal and obtaining the type of the detected terminal and password equipment used by the detected terminal; determining the detected algorithm type according to the password equipment used by the detected terminal; for the detected algorithm type, selecting a set correlation calculation example to carry out calculation, comparing the detected algorithm type with a cipher-text generated after the detected terminal carries out password calculation according to an input plaintext, and generating the detection result of the detected algorithm type; obtaining the length, the strength, the life cycle and the interaction protocol of the secret key used by the detected terminal, carrying out password calculation according to the set technical specification, and generating the detection result of the secret key. The method can automatically identify the algorithm used by terminal equipment, and checks whether the algorithm conforms to the specification of the national password authority, the device is compatible with all types of interfaces, compliance inspection of use of the encryption algorithm and management of the secret key is carried out on the terminal, and terminals breaking the rule and illegal terminals are prevented from being accessed.
Description
Technical field
The present invention relates to encryption technology, relate in particular to a kind ofly to the detection method of cryptographic algorithm and key and device, is a kind of unified cryptographic algorithm towards power grid enterprises' service application and key detection method and device concretely.
Background technology
Encryption technology is the core technology of information security field.It can effectively solve confidentiality, integrality and the authenticity problem of information.In current power business advanced IT application and intelligent grid technology constantly under universal background; increasing power equipment is progressively realized intellectuality; electric power enterprise especially in power grid enterprises interactive data information present geometric growth, use encryption technology protection critical data wherein to become problem demanding prompt solution.
The use of encryption technology has been deep into the various aspects of power grid enterprises' informatization at present, and the systems such as power transmission and transformation condition monitoring system, safe access platform, marketing user profile acquisition system generally adopt encryption technology protection key message safety.Concerning the information system of use encryption technology, its fail safe mainly depends on two aspects: the fail safe of the cryptographic algorithm that (1) is used.Cryptographic algorithm is the basic of safety information system, and cryptographic algorithm inferior can make whole system become to have no safety to say; (2) safety of encryption key.If the key of encrypting is lost, assailant not only can directly obtain critical data with key, can also pass through cipher key attacks cryptographic algorithm, and realization cracks algorithm, thereby operation system is implemented to attack.Therefore, strengthen particularly important to the test and appraisal of the lsafety level of cryptographic algorithm and encryption device key management mechanism, advanced key assessment method and contribute to strengthen the management that power grid enterprises are used key, strengthen the use safety of encryption technology and key.
Most of operation systems of applying in power grid enterprises are at present claimed and have been used the special-purpose cryptographic algorithm of the close office of state, but its validity and fail safe be not through checking; Meanwhile, the administrative staff of partial service system lack the understanding to cipher key application safety, cause the preservation of key and use to have hidden danger.Therefore, how the use of encryption technology and key is carried out to standard, effectively management, develop advanced cryptographic algorithm and key test and appraisal technology, the key of Erecting and improving detect authentication system be solve safety issue that current power grid enterprises operation system faces important channel.By cryptographic algorithm, encryption device, key management apparatus are carried out to fail safe evaluation and test, can provide safer environment for use for power grid enterprises' operation system.
Safety determination technology for cryptographic algorithm and key management is the important content of information security test and appraisal, and it is the basis that builds operation system information security system.Realize the unified test and appraisal of the automation for cryptographic algorithm and key management technology, for improving the ability of discovery of power grid enterprises to cryptographic algorithm and password product safety hidden danger, ensure that fail safe, elder generation's property of cryptographic algorithm and password product has important practical significance.
Current main flow encryption detection device can be divided into software realization and realize two classes with hardware implementation, the cryptographic algorithm coupling use-case storehouse of their common use standards, to carrying out white-box testing to the cryptographic algorithm of fixed system, by the plain/cipher text in comparison ciphering process to judging whether this system encryption algorithm meets design standard and security requirement.But, this system generally cannot be identified the cryptographic algorithm of system to be detected automatically, also cannot automatically according to the level of security of system to be detected, to the compliance of its cryptographic algorithm, provide evaluation, and lack the function that magnanimity key management level is evaluated, can not meet the requirement of power grid enterprises to cryptosystem evaluation and test.
Summary of the invention
The object of the invention is unified cryptographic algorithm and key management assessment method and device that design realizes a kind of service-oriented application, security level required for the types of applications system of using in power grid enterprises, automatically identify the operation system safe class of enterprise, and use the commercial cipher cryptographic algorithm of national regulation to carry out matching detection, realization detects the unified of operation system fail safe, to solve current operation system password equipment, lacks unified standard, the uneven problem of key management level.
In order to achieve the above object, the embodiment of the present invention provides a kind of method that cryptographic algorithm and key are detected, and described method comprises: tested terminal is identified, obtained the type of described tested terminal and the encryption device using thereof; The encryption device using according to described tested terminal, determines the algorithm types detecting; Algorithm types to described detection, selects the correlation computations example of setting to carry out computing, and compares with the ciphertext that described tested terminal carries out generating after cryptographic calculations according to the plaintext of input, generates the testing result to the algorithm types of described detection; Obtain length, intensity, life cycle and the interaction protocol of the key that described tested terminal used, according to the technical specification of setting, carry out cryptographic calculations, generate the testing result to described key.
Further, in one embodiment, described tested terminal is identified, obtained the type of described tested terminal and the encryption device using thereof, comprise: according to the type of described tested terminal, determine which kind of power distribution network security protection type is described tested terminal adopt; According to described power distribution network security protection type, determine the encryption device that described tested terminal is used.
Further, in one embodiment, the described encryption device using according to described tested terminal, determines the algorithm types detecting, and comprising: judge whether described tested terminal supports domestic cryptographic algorithm; If supported, determine the type of the domestic cryptographic algorithm that described tested terminal is used, be asymmetric arithmetic or digest algorithm.
Further, in one embodiment, the described algorithm types to described detection, select the correlation computations example of setting to carry out computing, and compare with the ciphertext that described tested terminal carries out generating after cryptographic calculations according to the plaintext of input, generate the testing result to the algorithm types of described detection, comprising: according to the algorithm types of described detection, select the correlation computations example of setting to carry out computing, generating standard ciphertext; According to relevant interface, to described tested terminal input expressly; Described tested equipment, according to the plaintext of described input, adopts corresponding cryptographic algorithm, completes cryptographic calculations, generates and detects ciphertext; Described detection ciphertext and the standard ciphertext obtaining according to the correlation computations example calculations of setting are compared, if consistent, the algorithm types that described detection is described is domestic cryptographic algorithm, if inconsistent, the algorithm types that described detection is described is non-domestic cryptographic algorithm.
Further, in one embodiment, described method also comprises: according to the type of described tested terminal, generation can be identified the unified interface of various tested terminal interface types.
In order to achieve the above object, the embodiment of the present invention also provides a kind of device that cryptographic algorithm and key are detected, and it is characterized in that, described device comprises: recognition of devices module, for tested terminal is identified, obtain the type of described tested terminal and the encryption device using thereof; Algorithm identified module, for the encryption device using according to described tested terminal, determines the algorithm types detecting; Algorithm detection module, for the algorithm types to described detection, select the correlation computations example of setting to carry out computing, and compare with the ciphertext that described tested terminal carries out generating after cryptographic calculations according to the plaintext of input, generate the testing result to the algorithm types of described detection; Key detection module, for obtaining length, intensity, life cycle and the interaction protocol of the key that described tested terminal used, carries out cryptographic calculations according to the technical specification of setting, and generates the testing result to described key.
Further, in one embodiment, described recognition of devices module is for identifying tested terminal, obtain the type of described tested terminal and the encryption device using thereof, comprise: power distribution network security protection type decision module, for according to the type of described tested terminal, determine which kind of power distribution network security protection type is described tested terminal adopt; Encryption device determination module, for according to described power distribution network security protection type, determines the encryption device that described tested terminal is used.
Further, in one embodiment, the encryption device of described algorithm identified module for using according to described tested terminal, determines the algorithm types detecting, and comprising: support determination module, for judging whether described tested terminal supports domestic cryptographic algorithm; Algorithm determination module, for determining the type of the domestic cryptographic algorithm that described tested terminal is used, is asymmetric arithmetic or digest algorithm.
Further, in one embodiment, described algorithm detection module is for the algorithm types to described detection, select the correlation computations example of setting to carry out computing, and compare with the ciphertext that described tested terminal carries out generating after cryptographic calculations according to the plaintext of input, generate the testing result to the algorithm types of described detection, comprise: standard ciphertext generation module, for according to the algorithm types of described detection, select the correlation computations example of setting to carry out computing, generating standard ciphertext; Expressly input module, for according to relevant interface, inputs expressly to described tested terminal; Detect ciphertext generation module, for described tested equipment, according to the plaintext of described input, adopt corresponding cryptographic algorithm, complete cryptographic calculations, generate and detect ciphertext; Ciphertext comparing module, for described detection ciphertext and the standard ciphertext obtaining according to the correlation computations example calculations of setting are compared, if consistent, the algorithm types that described detection is described is domestic cryptographic algorithm, if inconsistent, the algorithm types that described detection is described is non-domestic cryptographic algorithm.
Further, in one embodiment, the described device that cryptographic algorithm and key are detected also comprises: unified interface generation module, for according to the type of described tested terminal, generation can be identified the unified interface of various tested terminal interface types.
Method and the device that cryptographic algorithm and key are detected of the embodiment of the present invention, realized the input and output result of the national Password Management SM1 of office, SM2, SM3, SM4 algorithm has been furtherd investigate, automatically the algorithm that identification terminal equipment is used, and can carry out verification to algorithm, check the standard whether meet national Password Management office, guarantee to use the algorithm that correctly closes rule; Can evaluate and test magnanimity key management, management suggestion is provided, prevent that key from losing or abuse condition occurs; The present invention can compatible each class interface, terminal is encrypted to algorithm is used and the compliance check of key management, prevents that terminal and illegal terminal access in violation of rules and regulations; Whether the cryptographic algorithm that the present invention not only can sense terminals equipment uses meets the regulation of national Password Management office, also the key management level to whole system being evaluated, is that a cryptographic algorithm that integrates detects evaluating method and the system of evaluating with key management.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those skilled in the art, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is the method flow diagram of the embodiment of a kind of method that cryptographic algorithm and key are detected of the present invention;
Fig. 2 is the method flow diagram of the step S101 in embodiment illustrated in fig. 1;
Fig. 3 is the method flow diagram of the step S102 in embodiment illustrated in fig. 1;
Fig. 4 is the method flow diagram of the step S103 in embodiment illustrated in fig. 1;
Fig. 5 is the method flow diagram of another embodiment of a kind of method that cryptographic algorithm and key are detected of the present invention;
Fig. 6 is the structural representation of a kind of device that cryptographic algorithm and key are detected of the embodiment of the present invention;
Fig. 7 is the structural representation of the recognition of devices module 101 in embodiment illustrated in fig. 5;
Fig. 8 is the structural representation of the algorithm identified module 102 in embodiment illustrated in fig. 5;
Fig. 9 is the structural representation of the algorithm detection module 103 in embodiment illustrated in fig. 5;
Figure 10 is the structural representation of another embodiment of a kind of device that cryptographic algorithm and key are detected of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
The method that cryptographic algorithm and key are detected in the present invention and device have mainly been realized the cryptographic algorithm that the various terminal equipments to using in electric power networks use, unified detection is carried out in the fail safe of key, assess it and whether reached the requirement of regulation, for terminal equipment in violation of rules and regulations, do not allow in access network.
Fig. 1 is the method flow diagram that cryptographic algorithm and key are detected of the embodiment of the present invention.As shown in the figure, the method that cryptographic algorithm and key are detected of the present embodiment comprises: step S101, tested terminal is identified, and obtain the type of described tested terminal and the encryption device using thereof; Step S102, the encryption device using according to described tested terminal, determines the algorithm types detecting; Step S103, algorithm types to described detection, select the correlation computations example of setting to carry out computing, and compare with the ciphertext that described tested terminal carries out generating after cryptographic calculations according to the plaintext of input, generate the testing result to the algorithm types of described detection; Step S104, obtains length, intensity, life cycle and the interaction protocol of the key that described tested terminal used, and according to the technical specification of setting, carries out cryptographic calculations, generates the testing result to described key.
In the present embodiment, as shown in Figure 2, described, tested terminal is identified, obtain the type of described tested terminal and the step S101 of the encryption device that uses in, comprising:
Step S1011, according to the type of described tested terminal, determines which kind of power distribution network security protection type is described tested terminal adopt; Step S1012, according to described power distribution network security protection type, determines the encryption device that described tested terminal is used.
In the present embodiment, the electric power special equipment " low and medium voltage distribution network automated system security protection system " of take is example, the power distribution network security protection type of how to confirm equipment and the type of encryption device are described: the related request of 1) adjusting [2011] No. 168 " about strengthening the notice of distribution automation system security protection work " according to national grid, for the security protection of power distribution network, adopt one of unilateral authentication, unilateral authentication+symmetric cryptography, unilateral authentication+asymmetric encryption three classes; 2), according to the sense terminals type providing, can determine it adopts above-mentioned which class power distribution network security protection type; 3) according to determined power distribution network security protection type, can determine encryption device type used.
In the present embodiment, as shown in Figure 3, at the described encryption device using according to described tested terminal, determine in the step S102 of the algorithm types detecting, comprising: step S1021, judges whether described tested terminal supports domestic cryptographic algorithm; Step S1022, if supported, determines the type of the domestic cryptographic algorithm that described tested terminal is used, and is asymmetric arithmetic or digest algorithm.
In the present embodiment, the electric power special equipment " server password machine " of take is example, and the algorithm types that how to confirm detects is described: the 1) requirement for server password machine according to national grid, and this equipment need be supported domestic cryptographic algorithm; 2) domestic cryptographic algorithm comprises symmetry, asymmetric, digest algorithm, is respectively SM1/2/3, and unexposed in view of SM1 algorithm, native system is for asymmetric, digest algorithm, and SM1, SM2 complete detection; 3) domestic cryptographic algorithm, the algorithm examples being provided by relevant specification of country GM/T0003-2012 " SM2 ellipse curve public key cipher algorithm " and GM/T0004-2012 " SM3 cryptographic Hash algorithm " completes coherent detection.
In the present embodiment, as shown in Figure 4, in the described algorithm types to described detection, select the correlation computations example of setting to carry out computing, and compare with the ciphertext that described tested terminal carries out generating after cryptographic calculations according to the plaintext of input, generation, in the step S103 of the testing result of the algorithm types of described detection, comprising:
Step S1031, according to the algorithm types of described detection, selects the correlation computations example of setting to carry out computing, generating standard ciphertext; Step S1032, according to relevant interface, to described tested terminal input expressly; Step S1033, described tested equipment, according to the plaintext of described input, adopts corresponding cryptographic algorithm, completes cryptographic calculations, generates and detects ciphertext; Step S1034, described detection ciphertext and the standard ciphertext obtaining according to the correlation computations example calculations of setting are compared, if consistent, the algorithm types that described detection is described is domestic cryptographic algorithm, if inconsistent, the algorithm types that described detection is described is non-domestic cryptographic algorithm.
In step S1031, according to the algorithm types of described detection, the correlation computations example of select setting is carried out computing, and generating standard ciphertext refers to and selects to adopt the correlation computations example being provided by national Password Management office, completes calculating.Domestic cryptographic algorithm, by national algorithm responsible institution, national Password Management office releases.For symmetrical, asymmetric, digest algorithm, mainly follow standard and be: GM/T0002-2012 " SM4 block cipher ", GM/T0003-2012 " SM2 ellipse curve public key cipher algorithm ", GM/T0004-2012 " SM3 cryptographic Hash algorithm ".
In step S1032, according to relevant interface, to described tested terminal input expressly, to realize, the password of tested terminal is detected.Wherein, in the present embodiment, expressly referring to can be by the information of equipment Direct Recognition.Input object expressly, is by associated terminal, to complete cryptographic calculations to process, and is output as ciphertext.
In step S1033, described tested equipment is according to the plaintext of described input, adopt corresponding cryptographic algorithm, complete cryptographic calculations, generate and detect ciphertext, refer to: the relevant api interface providing according to terminal equipment, relies on crypto module, board or the chip of terminal self, the cryptographic algorithm that adopts response, completes cryptographic calculations.
In step S1034, described detection ciphertext and the standard ciphertext obtaining according to the correlation computations example calculations of setting are compared, if consistent, the algorithm types that described detection is described is domestic cryptographic algorithm, if inconsistent, the algorithm types that described detection is described is non-domestic cryptographic algorithm.In the present embodiment, the ciphertext of tested terminal output, is associated cryptographic module, board or the chip by tested terminal self, and the cryptographic algorithm according to calling, completes calculating, plaintext is calculated as to ciphertext, the result of output.This detection adopts bright, ciphertext comparison baseline, is all derived from " computing example " in following three standards that national Password Management office issues: GM/T0002-2012 " SM4 block cipher ", GM/T0003-2012 " SM2 ellipse curve public key cipher algorithm ", GM/T0004-2012 " SM3 cryptographic Hash algorithm "; Comparison result comprises consistent, non-uniform two kinds.If the consistent explanation algorithm that adopts is that domestic cryptographic algorithm is errorless, if the non-domestic cryptographic algorithm of response algorithm that inconsistent explanation adopts.
In step S104, obtain length, intensity, life cycle and the interaction protocol of the key that described tested terminal used, according to the technical specification of setting, carry out cryptographic calculations, generate the testing result to described key.In the present embodiment, the length of key, intensity, life cycle and interaction protocol, be the outer setting condition of algorithm, different algorithm classifications, and identical algorithm prototype, its said external configuration condition is have points of resemblance also more.Only have by cryptographic calculations, compare bright ciphertext correlation computations result, could to whether adopting related algorithm to complete judgement.
In another embodiment, as shown in Figure 5, the method that cryptographic algorithm and key are detected of the present invention also comprises: step S105, according to the type of described tested terminal, generation can be identified the unified interface of various tested terminal interface types.Sense terminals is followed the design that completes unified interface by the GM/T0018-2012 " encryption device Application Interface Specification " of the close office of state promulgation and GM/T0019-2012 " universal code service interface specification ", the associated cryptographic equipment that tested terminal adopts, follow above-mentioned standard, dock with checkout equipment.
Fig. 6 is the structural representation of a kind of device that cryptographic algorithm and key are detected of the embodiment of the present invention.As shown in the figure, the device that cryptographic algorithm and key are detected of the present embodiment comprises:
Recognition of devices module 101, for tested terminal is identified, obtains the type of described tested terminal and the encryption device using thereof; Algorithm identified module 102, for the encryption device using according to described tested terminal, determines the algorithm types detecting; Algorithm detection module 103, for the algorithm types to described detection, select the correlation computations example of setting to carry out computing, and compare with the ciphertext that described tested terminal carries out generating after cryptographic calculations according to the plaintext of input, generate the testing result to the algorithm types of described detection; Key detection module 104, for obtaining length, intensity, life cycle and the interaction protocol of the key that described tested terminal used, carries out cryptographic calculations according to the technical specification of setting, and generates the testing result to described key.
In the present embodiment, as shown in Figure 7, described recognition of devices module 101 is for identifying tested terminal, obtain the type of described tested terminal and the encryption device using thereof, comprise: power distribution network security protection type decision module 1011, for according to the type of described tested terminal, determine which kind of power distribution network security protection type is described tested terminal adopt; Encryption device determination module 1012, for according to described power distribution network security protection type, determines the encryption device that described tested terminal is used.
In the present embodiment, the electric power special equipment " low and medium voltage distribution network automated system security protection system " of take is example, the power distribution network security protection type of how to confirm equipment and the type of encryption device are described: the related request of 1) adjusting [2011] No. 168 " about strengthening the notice of distribution automation system security protection work " according to national grid, for the security protection of power distribution network, adopt one of unilateral authentication, unilateral authentication+symmetric cryptography, unilateral authentication+asymmetric encryption three classes; 2), according to the sense terminals type providing, can determine it adopts above-mentioned which class power distribution network security protection type; 3) according to determined power distribution network security protection type, can determine encryption device type used.
In the present embodiment, as shown in Figure 8, the encryption device of described algorithm identified module 102 for using according to described tested terminal, determines the algorithm types detecting, comprise: support determination module 1021, for judging whether described tested terminal supports domestic cryptographic algorithm; Algorithm determination module 1022, for determining the type of the domestic cryptographic algorithm that described tested terminal is used, is asymmetric arithmetic or digest algorithm.
In the present embodiment, the electric power special equipment " server password machine " of take is example, and the algorithm types that how to confirm detects is described: the 1) requirement for server password machine according to national grid, and this equipment need be supported domestic cryptographic algorithm; 2) domestic cryptographic algorithm comprises symmetry, asymmetric, digest algorithm, is respectively SM1/2/3, and unexposed in view of SM1 algorithm, native system is for asymmetric, digest algorithm, and SM1, SM2 complete detection; 3) domestic cryptographic algorithm, the algorithm examples being provided by relevant specification of country GM/T0003-2012 " SM2 ellipse curve public key cipher algorithm " and GM/T0004-2012 " SM3 cryptographic Hash algorithm " completes coherent detection.
In the present embodiment, as shown in Figure 9, described algorithm detection module 103 is for the algorithm types to described detection, select the correlation computations example of setting to carry out computing, and compare with the ciphertext that described tested terminal carries out generating after cryptographic calculations according to the plaintext of input, generate the testing result to the algorithm types of described detection, comprise: standard ciphertext generation module 1031, for according to the algorithm types of described detection, select the correlation computations example of setting to carry out computing, generating standard ciphertext; Expressly input module 1032, for according to relevant interface, inputs expressly to described tested terminal; Detect ciphertext generation module 1033, for described tested equipment, according to the plaintext of described input, adopt corresponding cryptographic algorithm, complete cryptographic calculations, generate and detect ciphertext; Ciphertext comparing module 1034, for described detection ciphertext and the standard ciphertext obtaining according to the correlation computations example calculations of setting are compared, if consistent, the algorithm types that described detection is described is domestic cryptographic algorithm, if inconsistent, the algorithm types that described detection is described is non-domestic cryptographic algorithm.
In the present embodiment, standard ciphertext generation module 1031 is according to the algorithm types of described detection, selects the correlation computations example of setting to carry out computing, and generating standard ciphertext refers to and selects to adopt the correlation computations example being provided by national Password Management office, completes calculating.Domestic cryptographic algorithm, by national algorithm responsible institution, national Password Management office releases.For symmetrical, asymmetric, digest algorithm, mainly follow standard and be: GM/T0002-2012 " SM4 block cipher ", GM/T0003-2012 " SM2 ellipse curve public key cipher algorithm ", GM/T0004-2012 " SM3 cryptographic Hash algorithm ".
In the present embodiment, expressly input module 1032, according to relevant interface, to described tested terminal input expressly, detects the password of tested terminal to realize.Wherein, in the present embodiment, expressly referring to can be by the information of equipment Direct Recognition.Input object expressly, is by associated terminal, to complete cryptographic calculations to process, and is output as ciphertext.
In the present embodiment, detect ciphertext generation module 1033 according to the plaintext of described input, adopt corresponding cryptographic algorithm, complete cryptographic calculations, generate and detect ciphertext, refer to: the relevant api interface providing according to terminal equipment, relies on crypto module, board or the chip of terminal self, the cryptographic algorithm that adopts response, completes cryptographic calculations.
In the present embodiment, ciphertext comparing module 1034 is compared described detection ciphertext and the standard ciphertext obtaining according to the correlation computations example calculations of setting, if consistent, the algorithm types that described detection is described is domestic cryptographic algorithm, if inconsistent, the algorithm types that described detection is described is non-domestic cryptographic algorithm.In the present embodiment, the ciphertext of tested terminal output, is associated cryptographic module, board or the chip by tested terminal self, and the cryptographic algorithm according to calling, completes calculating, plaintext is calculated as to ciphertext, the result of output.This detection adopts bright, ciphertext comparison baseline, is all derived from " computing example " in following three standards that national Password Management office issues: GM/T0002-2012 " SM4 block cipher ", GM/T0003-2012 " SM2 ellipse curve public key cipher algorithm ", GM/T0004-2012 " SM3 cryptographic Hash algorithm "; Comparison result comprises consistent, non-uniform two kinds.If the consistent explanation algorithm that adopts is that domestic cryptographic algorithm is errorless, if the non-domestic cryptographic algorithm of response algorithm that inconsistent explanation adopts.
In the present embodiment, key detection module 104 obtains length, intensity, life cycle and the interaction protocol of the key that described tested terminal used, and according to the technical specification of setting, carries out cryptographic calculations, generates the testing result to described key.In the present embodiment, the length of key, intensity, life cycle and interaction protocol, be the outer setting condition of algorithm, different algorithm classifications, and identical algorithm prototype, its said external configuration condition is have points of resemblance also more.Only have by cryptographic calculations, compare bright ciphertext correlation computations result, could to whether adopting related algorithm to complete judgement.
In another embodiment, as shown in figure 10, the described device that cryptographic algorithm and key are detected also comprises: unified interface generation module 105, for according to the type of described tested terminal, generation can be identified the unified interface of various tested terminal interface types.Sense terminals is followed the design that completes unified interface by the GM/T0018-2012 " encryption device Application Interface Specification " of the close office of state promulgation and GM/T0019-2012 " universal code service interface specification ", the associated cryptographic equipment that tested terminal adopts, follow above-mentioned standard, dock with checkout equipment.
The present invention has designed a kind of unified cryptographic algorithm and key detection and assessment method and device towards power business application, to solve the problems such as operation system encryption device shortage unified standard, key management level are uneven.Fail safe to operation system cryptographic algorithm and key management is tested and assessed comprehensively, foundation is applicable to the standardised generic evaluation system of each operation system of power grid enterprises, realizes the unified of operation system encryption device cipher key application security mechanism and cryptographic algorithm behavior detected.
The main advantage of the embodiment of the present invention is the following aspects:
1) for power industry, design specially
The present invention carries out detailed statistics and investigation to power industry especially power grid enterprises' business application system cryptographic algorithm situation, designs the special unified evaluating system for power industry.
2) specially for the cryptographic algorithm design of national Password Management office
The present invention furthers investigate the input and output result of the national Password Management SM1 of office, SM2, SM3, SM4 algorithm, automatically the algorithm that identification terminal equipment is used, and can carry out verification to algorithm, check the standard whether meet national Password Management office, guarantee to use the algorithm that correctly closes rule.
3) applicable magnanimity key management
Power industry system is huge, user is numerous, and each operation system all may produce the key of magnanimity, and system of the present invention can be evaluated and tested magnanimity key management, and management suggestion is provided, and prevents that key from losing or abuse condition occurs.
4) compatible strong, applicable various terminal interface devices
Power system network situation is complicated, and terminal situation is also very complicated, and Installed System Memory is being used the terminal of serial ports, Ethernet interface, the polytype interface such as wireless; The present invention can compatible each class interface, terminal is encrypted to algorithm is used and the compliance check of key management, prevents that terminal and illegal terminal access in violation of rules and regulations.
5) integrate cryptographic algorithm and detect the detection system of evaluating with key management
Whether the cryptographic algorithm that the present invention not only can sense terminals equipment uses meets the regulation of national Password Management office, also the key management level to whole system is evaluated, and be that a cryptographic algorithm that integrates detects the detection system of evaluating with key management.
6) hardware is realized, and performance is higher
The present invention uses hardware to realize testing process, adopts the chip of high speed processing to finish the work, and can reduce the time of detection, increases work efficiency.
7) dispose simply, terminal is transparent
System of the present invention is disposed simple, adopts automation installation script, configures simple to operation.Transparent to terminal during system works, do not change the original access way of terminal.Can reduce maintenance cost, the operability of improving product upgrade maintenance and ease for use.
At present in key context of detection, although academic theory has correlative study in automation context of detection, the special detection system of not applying for power industry; Power industry terminal situation, interface and algorithm are all comparatively complicated, the present invention is detection method and the device of developing for the special circumstances of power industry specially, it,, by filling up the blank of the aspects such as power industry heterogeneous system integration management, the detection of application close coupling key, possesses stronger practicality and novelty.And, from function, realize aspect, although can substitute the present invention program with being used in combination of multiple key management product and cryptographic algorithm detection system, but this substituting also cannot meet the needs of power industry completely, therefore the present invention has originality in power industry application, cannot use other products and technology to substitute.
Those skilled in the art should understand, embodiments of the invention can be provided as method, system or computer program.Therefore, the present invention can adopt complete hardware implementation example, implement software example or in conjunction with the form of the embodiment of software and hardware aspect completely.And the present invention can adopt the form that wherein includes the upper computer program of implementing of computer-usable storage medium (including but not limited to magnetic disc store, CD-ROM, optical memory etc.) of computer usable program code one or more.
The present invention is with reference to describing according to flow chart and/or the block diagram of the method for the embodiment of the present invention, equipment (system) and computer program.Should understand can be in computer program instructions realization flow figure and/or block diagram each flow process and/or the flow process in square frame and flow chart and/or block diagram and/or the combination of square frame.Can provide these computer program instructions to the processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device to produce a machine, the instruction of carrying out by the processor of computer or other programmable data processing device is produced for realizing the device in the function of flow process of flow chart or a plurality of flow process and/or square frame of block diagram or a plurality of square frame appointments.
These computer program instructions also can be stored in energy vectoring computer or the computer-readable memory of other programmable data processing device with ad hoc fashion work, the instruction that makes to be stored in this computer-readable memory produces the manufacture that comprises command device, and this command device is realized the function of appointment in flow process of flow chart or a plurality of flow process and/or square frame of block diagram or a plurality of square frame.These computer program instructions also can be loaded in computer or other programmable data processing device, make to carry out sequence of operations step to produce computer implemented processing on computer or other programmable devices, thereby the instruction of carrying out is provided for realizing the step of the function of appointment in flow process of flow chart or a plurality of flow process and/or square frame of block diagram or a plurality of square frame on computer or other programmable devices.
In the present invention, applied specific embodiment principle of the present invention and execution mode are set forth, the explanation of above embodiment is just for helping to understand method of the present invention and core concept thereof; , for one of ordinary skill in the art, according to thought of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention meanwhile.
Claims (10)
1. method cryptographic algorithm and key being detected, is characterized in that, described method comprises:
Tested terminal is identified, obtained the type of described tested terminal and the encryption device using thereof;
The encryption device using according to described tested terminal, determines the algorithm types detecting;
Algorithm types to described detection, selects the correlation computations example of setting to carry out computing, and compares with the ciphertext that described tested terminal carries out generating after cryptographic calculations according to the plaintext of input, generates the testing result to the algorithm types of described detection;
Obtain length, intensity, life cycle and the interaction protocol of the key that described tested terminal used, according to the technical specification of setting, carry out cryptographic calculations, generate the testing result to described key.
2. the method that cryptographic algorithm and key are detected according to claim 1, is characterized in that, described tested terminal is identified, and obtains the type of described tested terminal and the encryption device using thereof, and comprising:
According to the type of described tested terminal, determine which kind of power distribution network security protection type is described tested terminal adopt;
According to described power distribution network security protection type, determine the encryption device that described tested terminal is used.
3. the method that cryptographic algorithm and key are detected according to claim 1, is characterized in that, the described encryption device using according to described tested terminal is determined the algorithm types detecting, and comprising:
Judge whether described tested terminal supports domestic cryptographic algorithm;
If supported, determine the type of the domestic cryptographic algorithm that described tested terminal is used, be asymmetric arithmetic or digest algorithm.
4. the method that cryptographic algorithm and key are detected according to claim 1, it is characterized in that, the described algorithm types to described detection, select the correlation computations example of setting to carry out computing, and compare with the ciphertext that described tested terminal carries out generating after cryptographic calculations according to the plaintext of input, the testing result of generation to the algorithm types of described detection, comprising:
According to the algorithm types of described detection, select the correlation computations example of setting to carry out computing, generating standard ciphertext;
According to relevant interface, to described tested terminal input expressly;
Described tested equipment, according to the plaintext of described input, adopts corresponding cryptographic algorithm, completes cryptographic calculations, generates and detects ciphertext;
Described detection ciphertext and the standard ciphertext obtaining according to the correlation computations example calculations of setting are compared, if consistent, the algorithm types that described detection is described is domestic cryptographic algorithm, if inconsistent, the algorithm types that described detection is described is non-domestic cryptographic algorithm.
5. the method that cryptographic algorithm and key are detected according to claim 1, is characterized in that, described method also comprises: according to the type of described tested terminal, generation can be identified the unified interface of various tested terminal interface types.
6. device cryptographic algorithm and key being detected, is characterized in that, described device comprises:
Recognition of devices module, for tested terminal is identified, obtains the type of described tested terminal and the encryption device using thereof;
Algorithm identified module, for the encryption device using according to described tested terminal, determines the algorithm types detecting;
Algorithm detection module, for the algorithm types to described detection, select the correlation computations example of setting to carry out computing, and compare with the ciphertext that described tested terminal carries out generating after cryptographic calculations according to the plaintext of input, generate the testing result to the algorithm types of described detection;
Key detection module, for obtaining length, intensity, life cycle and the interaction protocol of the key that described tested terminal used, carries out cryptographic calculations according to the technical specification of setting, and generates the testing result to described key.
7. the device that cryptographic algorithm and key are detected according to claim 6, is characterized in that, described recognition of devices module, for tested terminal is identified, is obtained the type of described tested terminal and the encryption device using thereof, and comprising:
Power distribution network security protection type decision module, for according to the type of described tested terminal, determines which kind of power distribution network security protection type is described tested terminal adopt;
Encryption device determination module, for according to described power distribution network security protection type, determines the encryption device that described tested terminal is used.
8. the device that cryptographic algorithm and key are detected according to claim 6, is characterized in that, the encryption device of described algorithm identified module for using according to described tested terminal, determines the algorithm types detecting, and comprising:
Support determination module, for judging whether described tested terminal supports domestic cryptographic algorithm;
Algorithm determination module, for determining the type of the domestic cryptographic algorithm that described tested terminal is used, is asymmetric arithmetic or digest algorithm.
9. the device that cryptographic algorithm and key are detected according to claim 6, it is characterized in that, described algorithm detection module is for the algorithm types to described detection, select the correlation computations example of setting to carry out computing, and compare with the ciphertext that described tested terminal carries out generating after cryptographic calculations according to the plaintext of input, the testing result of generation to the algorithm types of described detection, comprising:
Standard ciphertext generation module, for according to the algorithm types of described detection, selects the correlation computations example of setting to carry out computing, generating standard ciphertext;
Expressly input module, for according to relevant interface, inputs expressly to described tested terminal;
Detect ciphertext generation module, for described tested equipment, according to the plaintext of described input, adopt corresponding cryptographic algorithm, complete cryptographic calculations, generate and detect ciphertext;
Ciphertext comparing module, for described detection ciphertext and the standard ciphertext obtaining according to the correlation computations example calculations of setting are compared, if consistent, the algorithm types that described detection is described is domestic cryptographic algorithm, if inconsistent, the algorithm types that described detection is described is non-domestic cryptographic algorithm.
10. the device that cryptographic algorithm and key are detected according to claim 6, it is characterized in that, the described device that cryptographic algorithm and key are detected also comprises: unified interface generation module, be used for according to the type of described tested terminal, generation can be identified the unified interface of various tested terminal interface types.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310412383.9A CN103516511B (en) | 2013-09-11 | 2013-09-11 | A kind of method and device that AES and key are detected |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310412383.9A CN103516511B (en) | 2013-09-11 | 2013-09-11 | A kind of method and device that AES and key are detected |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103516511A true CN103516511A (en) | 2014-01-15 |
| CN103516511B CN103516511B (en) | 2016-05-04 |
Family
ID=49898595
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310412383.9A Active CN103516511B (en) | 2013-09-11 | 2013-09-11 | A kind of method and device that AES and key are detected |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103516511B (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103888444A (en) * | 2014-02-24 | 2014-06-25 | 北京科东电力控制系统有限责任公司 | Distribution safety authentication device and method |
| CN104469809A (en) * | 2014-11-26 | 2015-03-25 | 大唐移动通信设备有限公司 | Method and device for determining LTE measurement mode of terminal |
| CN105303117A (en) * | 2015-09-17 | 2016-02-03 | 中国科学院数据与通信保护研究教育中心 | SM2 algorithm program detection method and system |
| CN106549968A (en) * | 2016-11-22 | 2017-03-29 | 浪潮(苏州)金融技术服务有限公司 | A kind of detection method and device |
| CN107623568A (en) * | 2016-07-15 | 2018-01-23 | 青岛博文广成信息安全技术有限公司 | SM4 whitepack algorithms based on the S boxes for relying on key |
| CN107818265A (en) * | 2017-10-23 | 2018-03-20 | 中国银行股份有限公司 | Encryption method, device and system |
| CN107911215A (en) * | 2017-11-21 | 2018-04-13 | 中国银行股份有限公司 | A kind of verification method and device of HSM keys |
| CN109558707A (en) * | 2018-11-16 | 2019-04-02 | 北京梆梆安全科技有限公司 | A kind of detection method and device, the mobile device of encryption function security level |
| CN109658093A (en) * | 2019-01-04 | 2019-04-19 | 中国银行股份有限公司 | The Key Tpe processing method and processing device of bank card password |
| CN110572639A (en) * | 2019-09-30 | 2019-12-13 | 公安部第一研究所 | video encryption and decryption evaluation tool and method based on GB35114 standard |
| CN110620671A (en) * | 2019-08-30 | 2019-12-27 | 厦门一通灵信息科技有限公司 | Encryption algorithm evaluation method, medium, device and apparatus |
| CN111881462A (en) * | 2020-07-17 | 2020-11-03 | 张睿 | Online analysis technology for commercial password application encryption effectiveness |
| CN111984997A (en) * | 2020-08-19 | 2020-11-24 | 北京人大金仓信息技术股份有限公司 | Method and device for determining whether database encryption algorithm is damaged or not and electronic equipment |
| CN112039730A (en) * | 2020-08-31 | 2020-12-04 | 海南大学 | Performance evaluation method of encryption algorithm and storage medium |
| CN113420310A (en) * | 2021-07-01 | 2021-09-21 | 上海交通大学 | State cryptographic algorithm detection method in Android application |
| CN113709137A (en) * | 2021-08-25 | 2021-11-26 | 广东财经大学 | Password evaluation test system and password evaluation test method |
| CN114244503A (en) * | 2021-12-01 | 2022-03-25 | 福建金密网络安全测评技术有限公司 | Performance test method for password equipment |
| CN115987483A (en) * | 2022-12-19 | 2023-04-18 | 豪符密码检测技术(成都)有限责任公司 | Method for detecting white box password |
| CN116070250A (en) * | 2023-03-07 | 2023-05-05 | 卓望数码技术(深圳)有限公司 | Password algorithm evaluation method and device for android system application program |
| CN118278057A (en) * | 2024-05-31 | 2024-07-02 | 苏州元脑智能科技有限公司 | Anti-attack chip |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1681238A (en) * | 2004-04-08 | 2005-10-12 | 株式会社日立制作所 | Key allocating method and key allocation system for encrypted communication |
| CN101207401A (en) * | 2006-12-22 | 2008-06-25 | 大唐移动通信设备有限公司 | Apparatus, base station, terminal unit and method for obtaining signal-noise ratio and amplitude-noise ratio |
| CN102571357A (en) * | 2012-02-24 | 2012-07-11 | 飞天诚信科技股份有限公司 | Signature realization method and signature realization device |
-
2013
- 2013-09-11 CN CN201310412383.9A patent/CN103516511B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1681238A (en) * | 2004-04-08 | 2005-10-12 | 株式会社日立制作所 | Key allocating method and key allocation system for encrypted communication |
| CN101207401A (en) * | 2006-12-22 | 2008-06-25 | 大唐移动通信设备有限公司 | Apparatus, base station, terminal unit and method for obtaining signal-noise ratio and amplitude-noise ratio |
| CN102571357A (en) * | 2012-02-24 | 2012-07-11 | 飞天诚信科技股份有限公司 | Signature realization method and signature realization device |
Cited By (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103888444B (en) * | 2014-02-24 | 2018-07-10 | 国家电网公司 | A kind of safe distribution of electric power authentication device and its method |
| CN103888444A (en) * | 2014-02-24 | 2014-06-25 | 北京科东电力控制系统有限责任公司 | Distribution safety authentication device and method |
| CN104469809A (en) * | 2014-11-26 | 2015-03-25 | 大唐移动通信设备有限公司 | Method and device for determining LTE measurement mode of terminal |
| CN105303117A (en) * | 2015-09-17 | 2016-02-03 | 中国科学院数据与通信保护研究教育中心 | SM2 algorithm program detection method and system |
| CN105303117B (en) * | 2015-09-17 | 2019-04-09 | 中国科学院数据与通信保护研究教育中心 | A kind of detection method and system of SM2 algorithm routine |
| CN107623568A (en) * | 2016-07-15 | 2018-01-23 | 青岛博文广成信息安全技术有限公司 | SM4 whitepack algorithms based on the S boxes for relying on key |
| CN106549968A (en) * | 2016-11-22 | 2017-03-29 | 浪潮(苏州)金融技术服务有限公司 | A kind of detection method and device |
| CN107818265B (en) * | 2017-10-23 | 2020-04-24 | 中国银行股份有限公司 | Encryption method, device and system |
| CN107818265A (en) * | 2017-10-23 | 2018-03-20 | 中国银行股份有限公司 | Encryption method, device and system |
| CN107911215A (en) * | 2017-11-21 | 2018-04-13 | 中国银行股份有限公司 | A kind of verification method and device of HSM keys |
| CN109558707A (en) * | 2018-11-16 | 2019-04-02 | 北京梆梆安全科技有限公司 | A kind of detection method and device, the mobile device of encryption function security level |
| CN109558707B (en) * | 2018-11-16 | 2021-05-07 | 北京梆梆安全科技有限公司 | Method and device for detecting security level of encryption function and mobile device |
| CN109658093A (en) * | 2019-01-04 | 2019-04-19 | 中国银行股份有限公司 | The Key Tpe processing method and processing device of bank card password |
| CN110620671A (en) * | 2019-08-30 | 2019-12-27 | 厦门一通灵信息科技有限公司 | Encryption algorithm evaluation method, medium, device and apparatus |
| CN110620671B (en) * | 2019-08-30 | 2024-04-09 | 厦门一通灵信息科技有限公司 | Encryption algorithm evaluation method, medium, equipment and device |
| CN110572639A (en) * | 2019-09-30 | 2019-12-13 | 公安部第一研究所 | video encryption and decryption evaluation tool and method based on GB35114 standard |
| CN111881462A (en) * | 2020-07-17 | 2020-11-03 | 张睿 | Online analysis technology for commercial password application encryption effectiveness |
| CN111984997A (en) * | 2020-08-19 | 2020-11-24 | 北京人大金仓信息技术股份有限公司 | Method and device for determining whether database encryption algorithm is damaged or not and electronic equipment |
| CN112039730A (en) * | 2020-08-31 | 2020-12-04 | 海南大学 | Performance evaluation method of encryption algorithm and storage medium |
| CN113420310A (en) * | 2021-07-01 | 2021-09-21 | 上海交通大学 | State cryptographic algorithm detection method in Android application |
| CN113420310B (en) * | 2021-07-01 | 2022-05-17 | 上海交通大学 | State cryptographic algorithm detection method in Android application |
| CN113709137A (en) * | 2021-08-25 | 2021-11-26 | 广东财经大学 | Password evaluation test system and password evaluation test method |
| CN114244503A (en) * | 2021-12-01 | 2022-03-25 | 福建金密网络安全测评技术有限公司 | Performance test method for password equipment |
| CN114244503B (en) * | 2021-12-01 | 2024-05-10 | 福建金密网络安全测评技术有限公司 | Password equipment performance test method |
| CN115987483A (en) * | 2022-12-19 | 2023-04-18 | 豪符密码检测技术(成都)有限责任公司 | Method for detecting white box password |
| CN115987483B (en) * | 2022-12-19 | 2024-01-30 | 豪符密码检测技术(成都)有限责任公司 | Method for detecting white box password |
| CN116070250A (en) * | 2023-03-07 | 2023-05-05 | 卓望数码技术(深圳)有限公司 | Password algorithm evaluation method and device for android system application program |
| CN118278057A (en) * | 2024-05-31 | 2024-07-02 | 苏州元脑智能科技有限公司 | Anti-attack chip |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103516511B (en) | 2016-05-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103516511A (en) | Method and device for detecting encryption algorithm and secret key | |
| US20200412767A1 (en) | Hybrid system for the protection and secure data transportation of convergent operational technology and informational technology networks | |
| CN110336774B (en) | Mixed encryption and decryption method, equipment and system | |
| TWI587672B (en) | Login authentication method, client, server and system | |
| CN111383021B (en) | Node management method, device, equipment and medium based on block chain network | |
| Mantravadi et al. | Securing IT/OT links for low power IIoT devices: design considerations for industry 4.0 | |
| CN105656859B (en) | Tax control equipment software safety online upgrading method and system | |
| US20120284790A1 (en) | Live service anomaly detection system for providing cyber protection for the electric grid | |
| CN104283688B (en) | A kind of USBKey security certification systems and safety certifying method | |
| CN104869175A (en) | Cross-platform account resource sharing implementation method, device and system | |
| US20220210202A1 (en) | Advanced cybersecurity threat mitigation using software supply chain analysis | |
| CN105262773B (en) | A kind of verification method and device of Internet of things system | |
| CN106302550A (en) | A kind of information security method for intelligent substation automatization and system | |
| Kim et al. | Smart grid security: Attacks and defence techniques | |
| US9910994B1 (en) | System for assuring security of sensitive data on a host | |
| Tøndel et al. | Threat modeling of AMI | |
| CN108416224B (en) | A kind of data encryption/decryption method and device | |
| CN111246407B (en) | Data encryption and decryption method and device for short message transmission | |
| Alshomrani et al. | PUFDCA: A Zero‐Trust‐Based IoT Device Continuous Authentication Protocol | |
| CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
| CN106713228A (en) | Cloud platform key management method and system | |
| CN115118751B (en) | Blockchain-based supervision system, method, equipment and medium | |
| CN109547404A (en) | The acquisition methods and server of data | |
| Wu et al. | Security Evaluation Method of Smart Home Cloud Platform | |
| Li et al. | Blockchain security threats and collaborative defense: A literature review |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |