CN106789982B - Safety protection method and system applied to industrial control system - Google Patents

Safety protection method and system applied to industrial control system Download PDF

Info

Publication number
CN106789982B
CN106789982B CN201611119850.9A CN201611119850A CN106789982B CN 106789982 B CN106789982 B CN 106789982B CN 201611119850 A CN201611119850 A CN 201611119850A CN 106789982 B CN106789982 B CN 106789982B
Authority
CN
China
Prior art keywords
safety protection
information
control
monitoring station
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201611119850.9A
Other languages
Chinese (zh)
Other versions
CN106789982A (en
Inventor
胡浩
何小梅
王晶
王明华
傅刚
陶靖隆
刘青
李志�
李�远
杨文勃
侯海波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Zhongdian Anke Modern Technology Co Ltd
Original Assignee
Hangzhou Guyi Network Technology Co ltd
BEIJING LANXUM NEW TECHNOLOGY CO LTD
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Guyi Network Technology Co ltd, BEIJING LANXUM NEW TECHNOLOGY CO LTD filed Critical Hangzhou Guyi Network Technology Co ltd
Priority to CN201611119850.9A priority Critical patent/CN106789982B/en
Publication of CN106789982A publication Critical patent/CN106789982A/en
Application granted granted Critical
Publication of CN106789982B publication Critical patent/CN106789982B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a safety protection method and a safety protection system applied to an industrial control system, wherein the safety protection system applied to the industrial control system comprises the following steps: supervision management network and on-the-spot control network, supervision management network includes: the system comprises a human-computer interface, an engineer workstation and a monitoring station, wherein the human-computer interface, the engineer workstation and the monitoring station are simultaneously connected with a switch; the field control network includes: the lower computer is simultaneously connected with the switch, the safety protection equipment and the field equipment, and the safety protection equipment is also connected with the switch; the invention can limit and block the spread of the illegal information or malicious software caused by the information on the industrial control system when the safety protection equipment receives the information flow of illegal access, thereby quickly and effectively isolating the problem control subnet or related equipment.

Description

Safety protection method and system applied to industrial control system
Technical Field
The invention relates to the technical field of industrial control safety, in particular to a safety protection method and a safety protection system applied to an industrial control system.
Background
With the widespread use of standard networking and internet technology in industrial control systems, the security threats of industrial control systems are becoming increasingly acute, and the possibility of malware spreading among industrial control devices has been demonstrated. The existing safety protection technology is limited to protection of specific control equipment, and for a large-scale industrial control network, the safety protection of each control sub-network is independently carried out and is respectively executed. In view of the current situation that the protection means lacks a linkage mechanism, the invention provides a method for realizing the communication between the whole-network intelligent linkage blocking and the invaded field control subnet based on the information of individual illegal invasion detection so as to prevent the problem that the individual control subnet infects malicious software to spread in the whole industrial control system.
Disclosure of Invention
Therefore, the invention provides a safety protection method and a safety protection system applied to an industrial control system, which are used for solving the problems of danger and the like caused by the loss of functions of a lower computer or field equipment due to the fact that a controller in a control system sends an operation instruction which is not in accordance with a normal operation flow when external interference occurs or a problem occurs in the controller.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
a safety protection system applied to an industrial control system comprises: the supervisory management network 100 and the field control network 200,
the supervisory management network 100 includes: the human-machine interface 102, the engineer workstation 104 and the monitoring station 106 are connected with the switch 110 at the same time;
the field control network 200 includes: a lower computer 302, a safety shield device 304 and a field device 402,
the lower computer 302 is simultaneously connected with the switch 110, the safety protection device 304 and the field device 402, and the safety protection device 304 is also connected with the switch 110.
The safety shield apparatus 304 includes: a processor 640, an alert processing module 606, a user interface module 608, and a storage module 610,
the processor 604 is connected to an alarm handling module 606, the alarm handling module 606 is connected to a user interface module 608 and a storage module 610, and further the user interface module 608 is connected to the storage module 610.
The monitoring station 106 includes: a network interface 702, a processor 704, an access control module 706, a status detection module 708, a packet detection module 710, a blocking module 712, a storage module 714, and a monitoring station interface module 716,
the network interface 702 is coupled to the processor 704, and the processor 704 is also coupled to the access control module 706, the status detection module 708, the packet detection module 710, the blocking module 712, the storage module 714, and the console interface module 716.
A safety protection method applied to an industrial control system comprises the following three steps:
a. when the safety protection equipment receives the information of illegal access, firstly, the communication between a lower computer receiving the illegal information and the field equipment is blocked, and simultaneously, the alarm information is sent to the monitoring station;
b. the monitoring station receives the alarm information from the safety protection equipment and analyzes the alarm information, and if the alarm information is determined not to influence other control subnets in the industrial control system, the information is recorded and the alarm information is displayed; otherwise, sending an instruction to all safety protection devices of the industrial control system to block the communication with the control subnet in which the illegal access information occurs;
c. after the safety protection equipment in the control subnet receives the instruction of the monitoring station, the control subnet where the control equipment receiving the illegal information is positioned is listed in a blacklist, and the communication between the control equipment receiving the illegal information and the control subnet where the control equipment receiving the illegal information is positioned is blocked.
When the safety protection equipment detects illegal access from the monitoring station, the safety protection equipment automatically blocks the communication between the lower computer and the field equipment.
The safety protection equipment gives an alarm to the monitoring central office after the communication between the protected lower computer and the field equipment is blocked.
And the monitoring station analyzes the received alarm information, and displays an alarm record if the analysis result determines that the alarm information does not influence the normal operation of other field control subnets.
The monitoring station analyzes the received alarm information, and if the analysis result determines that the alarm information affects other field control subnets or cannot determine the influence range of the alarm information, the monitoring station sends an instruction to block all communications with the control subnets with illegal intrusion and displays an alarm.
The safety protection device connected to the field control subnet can block the information in the communication instruction when receiving the communication blocking instruction issued by the monitoring station, and the method comprises the following steps: and the ID, the IP address, the MAC address and the subnet mask information of the control equipment receiving the illegal information are written into the access control rule, and the communication with the control equipment receiving the illegal information is further blocked.
The invention has the beneficial effects that: the invention can limit and block the spread of the illegal information or malicious software caused by the information on the industrial control system when the safety protection equipment receives the information flow of illegal access, thereby quickly and effectively isolating the problem control subnet or related equipment.
Drawings
Figure 1 is a schematic diagram of the network architecture of the industrial control system of the present invention,
figure 2 is a schematic diagram of the monitoring station components of the present invention,
figure 3 is a schematic view of the components of the safety shield apparatus of the present invention,
fig. 4 is a flow chart of the safety protection method of the present invention.
Reference numerals:
100-supervisory management network, 102-human-machine interface,
104-engineer workstation, 106-monitoring station,
110-switch, 200-field control network
302-a lower computer, 304-safety protection equipment,
402-field devices, 604-processors,
606-alarm analysis module, 608-user interface module,
610-a storage module, 702-a network communication interface,
704-processor, 706-access control module,
708-state detection module, 710-packet detection module,
712-access control, 714-memory module,
716-monitoring station interface module.
Detailed Description
In the following detailed description of the preferred embodiments of the invention, reference is made to the accompanying drawings that form a part hereof, and in which is shown by way of illustration, specific features of the invention, such that the advantages and features of the invention may be more readily understood and appreciated.
In fig. 1, an industrial control system supervisory management network 100 and a field control network 200 are shown, the supervisory management network 100 including, but not limited to, a human machine interface 102, an engineer workstation 104, a monitoring station 106, and a switch 110 for network connectivity. The human machine interface 102 and the engineer workstation 104 manage and supervise the lower computer 302 of the field control network through the switch 110. The monitoring station 106 is configured to cooperate with the safeties 304 deployed in each of the fieldbus subnets to perform intrusion detection and direct the individual safeties 304(304-1, 304-2 … … 304-k, k being 1, 2, … …, n) of each of the fieldbus subnets to block communication with an infected fieldbus subnet or a control device receiving an illegal message, if necessary.
The field control network 200 includes n field control subnets, including, but not limited to, a lower computer 302(302-1, 302-2 … … 302-k, k 1, 2, … …, n), a safety device 304, and a number of field devices 402(402-1, 402-2, … …, 402-m (k)), m (k), for the k (k) th field control subnet (1, 2, … …, n). The lower computer 302 communicates with the human machine interface 102 or the engineer workstation 104 in the supervisory management layer network 100 via a network device, i.e., the switch 110-k, according to an industrial control protocol. And the lower computer 302 outputs instructions to the field device 402 or inputs test data from the field device 402 to the lower computer 302. The safety protection device 304 reads all network traffic sent to the lower computer 302 from the switch 110, and analyzes and judges whether the network traffic is a legal control command or data.
The specific structure of the monitoring station 106 is shown in FIG. 2. the monitoring station 106 includes, but is not limited to, a network communication interface, a processor 604, an alarm processing module 606, a user interface module 608, and a storage module 610. The function of the monitoring station 106 in the present invention is to coordinate the processing of alarm information from the safety devices 304 in the field control network 200 and to send communication blocking information to the entire field control network 200 if necessary.
Security device 304 As shown in FIG. 3, the security device 304 includes, but is not limited to, a network communication interface 702, a processor 704, an access control module 706, a status detection module 708, a packet detection module 710, a communication blocking module 712, a storage module 714, and a monitoring station interface module 716. The invention mainly completes the functions of intrusion detection, alarm notification and communication blocking. Wherein, the intrusion detection function is completed by the independent processing or the joint processing of modules including but not limited to the access control module 706, the state detection module 708, and the data packet detection module 710, when the illegal intrusion information is detected, it is stored in the storage module 714; when the alarm notification function detects illegal intrusion information, the monitoring station interface API module generates alarm data which can be accepted by the monitoring station and sends the alarm data to the monitoring station 106 through the network communication interface 702; the communication blocking function is that when the illegal invading equipment is found to have abnormal and illegal data flow, all the communication with the execution equipment in the field control subnet where the illegal invading equipment is located is blocked immediately; or the monitoring station interface module 716, when receiving the communication blocking from the monitoring station 106, writes the data in the blocking command, including but not limited to the IP address, MAC address, device ID, subnet mask, etc. of the blocked device, into the protection rule in the access control module 706, where the protection rule includes but not limited to the blacklist, and cuts off the communication between the blocked device and the control subnet where the security protection device is located.
Fig. 4 is a flowchart of the safety protection method, in step S1, when any one of the safety protection devices 304 in the field control network 200 determines whether an abnormal illegal data traffic of the lower computer is detected, and no illegal data traffic is detected, the next received data is determined, and if one of the security devices 304 detects illegal data traffic, then step S2 is executed, the safety protection device 304 sends an alarm message to the monitoring station 106, step S3 is executed, the monitoring station 106 analyzes the received alarm message, step S4 determines whether it is necessary to block the communication with the lower computer, if it is determined that the alarm does not affect other control subnets, waiting for the next alarm information, otherwise executing step S5 to send blocking instructions to all safety protection modules in the field control network 200 to block all communications with the field control subnet sending the alarm, where the flow of the intelligent coordinated communication path blocking method is shown in fig. 4.
The safety device 304 is connected to the field device 404 via a network, and when the safety device 304 detects an unauthorized access from the monitoring station 106, the safety device 304 automatically blocks communication between the lower computer 302 and the field device 404. After the communication between the lower computer 302 and the field device 404 is blocked, the safety protection device 304 gives an alarm to the monitoring central office and records the alarm, thereby further effectively preventing the illegal intrusion from the supervision and management network 100 and better improving the safety protection effect.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes performed by the present specification and drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.

Claims (9)

1. A safety protection system applied to an industrial control system is characterized by comprising: a supervisory management network and a field control network,
the supervisory management network (100) comprises: the system comprises a human-machine interface (102), an engineer workstation (104) and a monitoring station (106), wherein the human-machine interface (102), the engineer workstation (104) and the monitoring station (106) are simultaneously connected with a switch (110);
the field control network (200) comprises: a lower computer (302), a safety protection device (304) and a field device (402),
the lower computer (302) is simultaneously connected with the switch (110), the safety protection device (304) and the field device (402), the safety protection device (304) is also connected with the switch (110),
the field control network (200) comprises n field control subnets, each field control subnet comprises a lower computer (302), a safety protection device (304) and the field device (402),
in each field control subnet, the safety protection device (304) reads all network traffic sent to the lower computer (302) from the switch (110),
the safety protection equipment (304) analyzes whether the information sent to the lower computer (302) is illegal invasion information according to the network flow, blocks the communication (402) between the lower computer (302) receiving the illegal information and the field equipment for the illegal invasion information, and simultaneously sends alarm information to the monitoring station (106),
and the monitoring station (106) analyzes the alarm information received from the safety protection equipment (304), and if the alarm affects other control subnets, the monitoring station sends an instruction to the safety protection equipment (304) of other control subnets to block the communication between the other control subnets and the control subnet which is illegally invaded.
2. The safety shield system for use in an industrial control system of claim 1, wherein said safety shield apparatus comprises: a processor, an alarm processing module, a user interface module and a storage module,
the processor is connected with the alarm processing module, the alarm processing module is connected with the user interface module and the storage module, and further the user interface module is also connected with the storage module.
3. The safety protection system applied to the industrial control system according to claim 1 or 2, wherein the monitoring station comprises: a network interface, a processor, an access control module, a state detection module, a data packet detection module, a blocking module, a storage module and a monitoring station interface module,
the network interface is connected with the processor, and the processor is simultaneously connected with the access control module, the state detection module, the data packet detection module, the blocking module, the storage module and the monitoring station interface module.
4. A safety protection method applied to an industrial control system is characterized by comprising the following three steps:
a. the safety protection equipment analyzes whether the information sent to the lower computer is illegal invasion information according to network flow, firstly blocks the communication between the lower computer receiving the illegal information and the field equipment for the illegal invasion information, and simultaneously sends alarm information to the monitoring station;
b. the monitoring station receives the alarm information from the safety protection equipment and then analyzes the alarm information, if the alarm information is determined not to influence other control subnets in the industrial control system, the information is recorded, and the alarm information is displayed; otherwise, sending an instruction to all the safety protection devices of the industrial control system, and blocking the communication between other control subnets and the control subnet with illegal access information;
c. after receiving the instruction of the monitoring station, the safety protection equipment in the control subnet lists the control subnet where the control equipment receiving the illegal information is in a blacklist, and blocks the communication between the control subnet where the control equipment receiving the illegal information and the control subnet where the control equipment receiving the illegal information is in.
5. The safety protection method applied to the industrial control system according to claim 4, wherein when the safety protection device detects illegal access from a monitoring station, the safety protection device automatically blocks communication between the lower computer and the field device.
6. The safety protection method applied to the industrial control system according to claim 5, wherein the safety protection device gives an alarm to a monitoring center after communication between the lower computer and the field device to be protected is blocked.
7. The safety protection method applied to the industrial control system according to claim 6, wherein the monitoring station analyzes the received alarm information, and displays an alarm record if the analysis result determines that the alarm information does not affect the normal operation of other field control subnets.
8. The safety protection method applied to the industrial control system according to claim 6, wherein the monitoring station analyzes the received alarm information, and if the analysis result determines that the alarm information affects other field control subnets or cannot determine the influence range of the alarm information, the monitoring station sends out an instruction to block all communications with the control subnets with illegal intrusion and displays an alarm.
9. The safety protection method applied to the industrial control system according to claim 8, wherein the safety protection device connected to the field control sub-network blocks information in the communication command when receiving the blocking communication command issued by the monitoring station, and the method comprises: and the ID, the IP address, the MAC address and the subnet mask information of the control equipment for receiving the illegal information are written into an access control rule, and the communication with the control equipment for receiving the illegal information is further blocked.
CN201611119850.9A 2016-12-08 2016-12-08 Safety protection method and system applied to industrial control system Expired - Fee Related CN106789982B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611119850.9A CN106789982B (en) 2016-12-08 2016-12-08 Safety protection method and system applied to industrial control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611119850.9A CN106789982B (en) 2016-12-08 2016-12-08 Safety protection method and system applied to industrial control system

Publications (2)

Publication Number Publication Date
CN106789982A CN106789982A (en) 2017-05-31
CN106789982B true CN106789982B (en) 2020-06-16

Family

ID=58882504

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611119850.9A Expired - Fee Related CN106789982B (en) 2016-12-08 2016-12-08 Safety protection method and system applied to industrial control system

Country Status (1)

Country Link
CN (1) CN106789982B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107360134B (en) * 2017-06-08 2020-04-17 杭州谷逸网络科技有限公司 Method for realizing safety remote control terminal and safety system thereof
CN108259478B (en) * 2017-12-29 2021-10-01 中国电力科学研究院有限公司 Safety protection method based on industrial control terminal equipment interface HOOK
CN108600232B (en) * 2018-04-27 2021-11-16 北京网藤科技有限公司 Industrial control safety audit system and audit method thereof
CN110417807A (en) * 2019-08-07 2019-11-05 杭州安恒信息技术股份有限公司 Quickly disposition Internet of Things illegally accesses the method and device of assets
CN111885094B (en) * 2020-09-28 2021-02-26 浙江省能源集团有限公司 Industrial control system network safety protection capability inspection and evaluation system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002290407A (en) * 2001-03-23 2002-10-04 Mitsubishi Electric Corp Apparatus guaranteeing secure communications
CN101159718B (en) * 2007-08-03 2010-06-16 重庆邮电大学 Embedded type industry ethernet safety gateway
CN103491108B (en) * 2013-10-15 2016-08-24 浙江中控研究院有限公司 A kind of industrial control network security protection method and system
CN105592021A (en) * 2014-11-12 2016-05-18 成都安慧科技有限公司 Novel internal network security protection method
CN104753959B (en) * 2015-04-21 2018-01-30 湖北鑫英泰系统技术股份有限公司 A kind of method and system to multiple Network Security Device centralized operation management and control

Also Published As

Publication number Publication date
CN106789982A (en) 2017-05-31

Similar Documents

Publication Publication Date Title
CN106789982B (en) Safety protection method and system applied to industrial control system
KR101977731B1 (en) Apparatus and method for detecting anomaly in a controller system
KR101761737B1 (en) System and Method for Detecting Abnormal Behavior of Control System
CN108063753A (en) A kind of information safety monitoring method and system
US7200866B2 (en) System and method for defending against distributed denial-of-service attack on active network
CN109845227B (en) Method and system for network security
CN114257413B (en) Reaction blocking method and device based on application container engine and computer equipment
JP5134141B2 (en) Unauthorized access blocking control method
CN214306527U (en) Gas pipe network scheduling monitoring network safety system
CN101034976B (en) Intrusion detection in an IP connected security system
US8321369B2 (en) Anti-intrusion method and system for a communication network
CN111935085A (en) Method and system for detecting and protecting abnormal network behaviors of industrial control network
KR101343693B1 (en) Network security system and method for process thereof
CN111404917B (en) Industrial control simulation equipment-based threat information analysis and detection method and system
US20100157806A1 (en) Method for processing data packet load balancing and network equipment thereof
KR20200116773A (en) Cyber inspection system
KR20200054495A (en) Method for security operation service and apparatus therefor
CN112671783B (en) Host IP scanning prevention method based on VLAN user group
CN207083115U (en) A kind of network administration apparatus of industrial control system
US20240146694A1 (en) Automatic firewall configuration for control systems in critical infrastructure
Kiuchi et al. Customizing control system intrusion detection at the application layer
CN115047822A (en) Industrial control network safety protection method based on PLC
KR100994404B1 (en) Security apparatus and method for network
CN114338163A (en) Internet security processing method and device
TWM563582U (en) Network intrusion detection system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20211122

Address after: 310051 building 3, 351 Changhe Road, Changhe street, Binjiang District, Hangzhou City, Zhejiang Province

Patentee after: Hangzhou rischen Anke Technology Co.,Ltd.

Address before: 100192 b407, block B, science and technology wealth center, 8 Xueqing Road, Haidian District, Beijing

Patentee before: BEIJING LANXUM NEW TECHNOLOGY Co.,Ltd.

Patentee before: HANGZHOU GUYI NETWORK TECHNOLOGY CO.,LTD.

CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: Room 817-7, Building 1, No. 371, Mingxing Road, Economic and Technological Development Zone, Xiaoshan District, Hangzhou City, Zhejiang Province, 311215

Patentee after: Hangzhou Zhongdian Anke Modern Technology Co., Ltd.

Address before: 310051 building 3, 351 Changhe Road, Changhe street, Binjiang District, Hangzhou City, Zhejiang Province

Patentee before: Hangzhou rischen Anke Technology Co.,Ltd.

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20200616