CN106982207A - A kind of method and system of dynamic dispatching network operating system - Google Patents

A kind of method and system of dynamic dispatching network operating system Download PDF

Info

Publication number
CN106982207A
CN106982207A CN201710146861.4A CN201710146861A CN106982207A CN 106982207 A CN106982207 A CN 106982207A CN 201710146861 A CN201710146861 A CN 201710146861A CN 106982207 A CN106982207 A CN 106982207A
Authority
CN
China
Prior art keywords
nos
scheduler
operating system
master
network operating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710146861.4A
Other languages
Chinese (zh)
Other versions
CN106982207B (en
Inventor
陈福才
卢振平
程国振
扈红超
刘文彦
梁浩
杨超
丁瑞浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PLA Information Engineering University
Original Assignee
PLA Information Engineering University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PLA Information Engineering University filed Critical PLA Information Engineering University
Priority to CN201710146861.4A priority Critical patent/CN106982207B/en
Publication of CN106982207A publication Critical patent/CN106982207A/en
Application granted granted Critical
Publication of CN106982207B publication Critical patent/CN106982207B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of method and system of dynamic dispatching network operating system, overcome in the prior art, the problem of Passive Defence technology of feature based matching can not resist unknown threat.Invention elder generation system initialization;Perceptron is responsible for assessing all NOS working condition, and provides assessment report;Assessment report is sent to scheduler by perceptron timing, updates log-on message;If the NOS assessment results of current Master role are normal, judge whether scheduling timer is zero, otherwise stops scheduler timing.The invention can not only realize traditionally Internet resources and computing resource, the cooperative scheduling of storage resource, also the security of network operating system is drastically increased, the passive situation that currently existing network operating system Passive Defence only has " the acquired immunity day after tomorrow " is solved.

Description

A kind of method and system of dynamic dispatching network operating system
Technical field
The invention is related to technical field of network security, the method for more particularly to a kind of dynamic dispatching network operating system and System.
Background technology
SDN thoughts are that the control plane for completing decision making function is moved to independent main frame or business clothes from the network equipment It is engaged in device forming SDN controllers, referred to as network operating system (Network Operating System, NOS).Along with cloud The development of the new technologies such as data center, this kind of frameworks for building flexible, a scalable network of SDN are changed for network field brings huge Influence and motive force.But its own design leak existed also brings the potential safety hazard of sternness to its application simultaneously.Especially It is the false stream injection that has occurred extensively in service process and controller is kidnapped etc. that attack makes its safety problem more prominent with threat Go out.Including:The control framework of centralization easily turns into preferred target of attack;Open network operating system has unknown leak with after Door;The static characteristic of current network operation system is conducive to attacker to detect and analyze key-course.And existing tradition The Passive Defence technology of feature based matching can not resist unknown threat, therefore, to solve the above problems, must design with master The network operating system framework of dynamic defence characteristic, the guarantee of effective security is provided for it.
The content of the invention
Instant invention overcomes in the prior art, the Passive Defence technology of feature based matching can not resist asking for unknown threat Topic is high there is provided a kind of security performance, the method and system of the small dynamic dispatching network operating system of security threat.
The technical solution of the present invention is to provide a kind of side for the dynamic dispatching network operating system having steps of Method, contains following steps:
Step 1:System initialization;
Step 2:Perceptron is responsible for assessing all NOS working condition, and provides assessment report;
Step 3:Assessment report is sent to scheduler by perceptron timing, updates log-on message;
Step 4:If the NOS assessment results of current Master role are normal, step 5 is performed, step 6 is otherwise performed;
Step 5:Judge whether scheduling timer is zero, if zero, then scheduler is based on scheduling strategy, according to assessment report, choosing Select an optimal Slaver turns into new Master instead of Master, while updating log-on message;If not zero, jump to step 2;
Step 6:If monitoring finds that the NOS of Master role is abnormal, stop scheduler timing, and reset, by scheduler from One healthy, optimal NOS of selection replaces current Master to turn into new Master in Slaver set, while more new registration Information.
The step 1 includes:
Step 101:Dynamic mode is opened, dispatch layer reads isomery NOS log-on message from configuration file, or dynamic from isomery NOS receives log-on message, completes registration;
Step 102:One NOS of random selection writes into registration chain as Master, and by NOS Role Informations from registration chained list Table, for enforcement of regulations of the NOS role definitions based on OpenFlow agreements;
Step 103:Scheduler countdown is opened, and perceptron module starts;
Step 104:Bottom-layer network request of data is distributed to each through agent data and performs body, and it includes Master and all Slavers;
Step 105:Master performs body and bottom data request is responded.
Registration is divided into automatic registration and static configuration in the step 101;Automatic registration:NOS performs body set from trend Scheduler registers NOS identification information, and increasing or decreasing NOS can all cause the log-on message of NOS in scheduler kernel to occur phase The change answered;Static configuration:User by hand configures NOS identification information into scheduler kernel as keeper, and these are matched somebody with somebody Confidence breath includes port and IP address.
Scheduling strategy in the step 5 is specially:Active scheduling strategy and reactive schedule strategy;It is wherein active Scheduling strategy, the scheduling interval of scheduler on a timeline is consistent, and no matter how bottom-layer network topology changes, and scheduler timing is certainly Hair ground is switched over to NOS;Wherein reactive schedule strategy, perceptron module is by the safe condition of sensing network and some realities When information, if found the abnormal situation, start scheduling strategy immediately.
A kind of system for the method for realizing dynamic dispatching network operating system is provided, containing with lower unit:
Using layer unit:The DLL that types of functionality APP is provided by key-course is programmed to underlying device;
Control layer unit:Body set is performed comprising the different N number of NOS of function equivalence structure, a class is Master NOS, had and only There is one, be the NOS for actually managing network;One class is Slaver NOS, is alternative NOS, Slaver is called to be turned into Master;
Dispatch layer unit:The network operating system of network and upper strata to bottom is transparent.
The scheduling layer unit contains agent data module, perceptron module, Scheduler module, wherein
Agent data module:It is the intermediate point of control plane and data plane data interaction, the network request of bottom passes through this point It is sent to NOS and performs body set, the management control data of controller is also handed down to bottom-layer network and other dispatch layer modules through time;
Perceptron module:The safe condition of perceptron sensing network, and by information exchange to scheduler;
Scheduler module:All NOS log-on message is included, receives the information of agent data, inside there is countdown function, once meter When device reset, scheduler according to scheduling strategy select a Slaver NOS be used as Master NOS.
Compared with prior art, the method and system of dynamic dispatching network operating system of the present invention have advantages below:Should Framework has the function of perceiving dynamic dispatching isomery NOS, and then avoids the false flow table note initiated using NOS leaks and back door Enter and the attack such as kidnap with NOS and threaten, also avoid attacker from being based on a successful attack and the control of sustainable utilization same leak NOS.The security architecture of the application, dynamic, isomerism are introduced into network operating system, are dispatched NOS by dynamic realtime and are held Row body realizes dynamic, can not only realize traditionally Internet resources and computing resource, the cooperative scheduling of storage resource, also greatly Ground improves the security of network operating system, solves currently existing network operating system Passive Defence and there was only " the acquisition day after tomorrow Property it is immune " passive situation.
Brief description of the drawings
Fig. 1 be dynamic dispatching network operating system of the present invention method and system in method schematic flow sheet;
Fig. 2 is the schematic flow sheet initialized in the method and system method of dynamic dispatching network operating system of the present invention;
Fig. 3 is the simulation drawing of the method and system of dynamic dispatching network operating system of the present invention.
Embodiment
The method and system to dynamic dispatching network operating system of the present invention are made with reference to the accompanying drawings and detailed description Further illustrate:
Embodiment one, as shown in Fig. 1, a kind of method of dynamic dispatching network operating system contains following steps:
Step 1:System initialization;
Step 2:Perceptron is responsible for assessing all NOS working condition, and provides assessment report;
Step 3:Assessment report is sent to scheduler by perceptron timing, updates log-on message;
Step 4:If the NOS assessment results of current Master role are normal, step 5 is performed, step 6 is otherwise performed;
Step 5:Judge whether scheduling timer is zero, if zero, then scheduler is based on scheduling strategy, according to assessment report, choosing Select an optimal Slaver turns into new Master instead of Master, while updating log-on message;If not zero, jump to step 2;
Step 6:If monitoring finds that the NOS of Master role is abnormal, stop scheduler timing, and reset, by scheduler from One healthy, optimal NOS of selection replaces current Master to turn into new Master in Slaver set, while more new registration Information.
The step 1 includes:Step 101:Dynamic mode is opened, dispatch layer reads isomery NOS registration from configuration file Information, or dynamic receive log-on message from isomery NOS, complete registration;
Step 102:One NOS of random selection writes into registration chain as Master, and by NOS Role Informations from registration chained list Table, for enforcement of regulations of the NOS role definitions based on OpenFlow agreements;
Step 103:Scheduler countdown is opened, and perceptron module starts.
Step 104:Bottom-layer network request of data is distributed to each through agent data and performs body, and it includes Master and all Slavers;
Step 105:Master performs body and bottom data request is responded.
Registration is divided into automatic registration and static configuration in the step 101;Automatic registration:NOS performs body set from trend Scheduler registers NOS identification information, and increasing or decreasing NOS can all cause the log-on message of NOS in scheduler kernel to occur phase The change answered;Static configuration:User by hand configures NOS identification information into scheduler kernel as keeper, and these are matched somebody with somebody Confidence breath includes port and IP address.
Scheduling strategy in the step 5 is specially:Active scheduling strategy and reactive schedule strategy;It is wherein active Scheduling strategy, the scheduling interval of scheduler on a timeline is consistent, and no matter how bottom-layer network topology changes, and scheduler timing is certainly Hair ground is switched over to NOS;Wherein reactive schedule strategy, perceptron module is by the safe condition of sensing network and some realities When information, if found the abnormal situation, start scheduling strategy immediately.
Embodiment two, a kind of system for the method for realizing dynamic dispatching network operating system, containing with lower unit:
Using layer unit:The DLL that types of functionality APP is provided by key-course is programmed to underlying device.
Control layer unit:Body set is performed comprising the different N number of NOS of function equivalence structure, a class is Master NOS, is had And only one, it is the NOS for actually managing network;One class is Slaver NOS, is alternative NOS, and Slaver is called into For Master.
Dispatch layer unit:The network operating system of network and upper strata to bottom is transparent.
The scheduling layer unit contains agent data module, perceptron module, Scheduler module, wherein
Agent data module:It is the intermediate point of control plane and data plane data interaction, the network request of bottom passes through this point It is sent to NOS and performs body set, the management control data of controller is also handed down to bottom-layer network and other dispatch layer modules through time;
Perceptron module:The safe condition of perceptron sensing network, and by information exchange to scheduler;
Scheduler module:All NOS log-on message is included, receives the information of agent data, inside there is countdown function, once meter When device reset, scheduler according to scheduling strategy select a Slaver NOS be used as Master NOS.
Data Layer:It is consistent with the data plane functions in existing SDN frameworks.
Network operating system roll-over protective structure of the disclosure based on dynamic dispatching is can be seen that from above-mentioned architectural schemes Structure, by using the diversified isomery NOS that increases income, sets up isomery NOS example collections, comprehensive respective security advantages, and combine Dynamic dispatching method based on perception so that during network faces security threat, can preferably ensure that network attack is reproducible, bullet Property and survival ability, so as to lift the security performance of network operating system.
Dynamic dispatching network operating system framework disclosed in the embodiment of the present application has the work(for perceiving dynamic dispatching isomery NOS Can, and then the attacks such as NOS single point failures, false flow table injection and NOS abduction are avoided with threatening, also attacker is once attacked The identical leak of sustainable use or privilege reach that the purpose of control NOS once and for all turns into impossible after hitting successfully.The application's Framework, dynamic, isomerism are introduced into network operating system, and dispatching NOS by dynamic realtime performs the dynamic that body realizes NOS Property, traditionally Internet resources and computing resource, the cooperative scheduling of storage resource can be not only realized, network is also drastically increased The security of operating system.
The embodiment of each in this specification is described by the way of progressive, and what each embodiment was stressed is and other Between the difference of embodiment, each embodiment identical similar portion mutually referring to.To the upper of the disclosed embodiments State bright, professional and technical personnel in the field is realized or use the application.To a variety of modifications of these embodiments to ability It will be apparent for the professional and technical personnel in domain, generic principles defined herein can not depart from the application's In the case of spirit or scope, realize in other embodiments.Therefore, the application be not intended to be limited to it is shown in this article these Embodiment, and it is to fit to the most wide scope consistent with features of novelty with principles disclosed herein.

Claims (6)

1. a kind of method of dynamic dispatching network operating system, it is characterised in that contain following steps:
Step 1:System initialization;
Step 2:Perceptron is responsible for assessing all NOS working condition, and provides assessment report;
Step 3:Assessment report is sent to scheduler by perceptron timing, updates log-on message;
Step 4:If the NOS assessment results of current Master role are normal, step 5 is performed, step 6 is otherwise performed;
Step 5:Judge whether scheduling timer is zero, if zero, then scheduler is based on scheduling strategy, according to assessment report, choosing Select an optimal Slaver turns into new Master instead of Master, while updating log-on message;If not zero, jump to step 2;
Step 6:If monitoring finds that the NOS of Master role is abnormal, stop scheduler timing, and reset, by scheduler from One healthy, optimal NOS of selection replaces current Master to turn into new Master in Slaver set, while more new registration Information.
2. the method for dynamic dispatching network operating system according to claim 1, it is characterised in that the step 1 includes:
Step 101:Dynamic mode is opened, dispatch layer reads isomery NOS log-on message from configuration file, or dynamic from isomery NOS receives log-on message, completes registration;
Step 102:One NOS of random selection writes into registration chain as Master, and by NOS Role Informations from registration chained list Table, for enforcement of regulations of the NOS role definitions based on OpenFlow agreements;
Step 103:Scheduler countdown is opened, and perceptron module starts;
Step 104:Bottom-layer network request of data is distributed to each through agent data and performs body, and it includes Master and all Slavers;
Step 105:Master performs body and bottom data request is responded.
3. the method for dynamic dispatching network operating system according to claim 2, it is characterised in that in the step 101 Registration is divided into automatic registration and static configuration;Automatic registration:NOS performs the mark letter that NOS is registered in body set from trend scheduler Breath, increasing or decreasing NOS can all cause the log-on message of NOS in scheduler kernel to occur corresponding change;Static configuration:User NOS identification information is configured into scheduler kernel by hand as keeper, these configuration informations are with including port and IP Location.
4. the method for dynamic dispatching network operating system according to claim 1, it is characterised in that in the step 5 Scheduling strategy is specially:Active scheduling strategy and reactive schedule strategy;Wherein active scheduling strategy, scheduler is in the time Scheduling interval on axle is consistent, and no matter how bottom-layer network topology changes, and scheduler timing is spontaneously switched over to NOS;Its Middle reactive schedule strategy, perceptron module is by the safe condition of sensing network and some real time information, if noting abnormalities feelings Condition, starts scheduling strategy immediately.
5. a kind of system for the method for realizing dynamic dispatching network operating system, it is characterised in that containing with lower unit:
Using layer unit:The DLL that types of functionality APP is provided by key-course is programmed to underlying device;
Control layer unit:Body set is performed comprising the different N number of NOS of function equivalence structure, a class is Master NOS, had and only There is one, be the NOS for actually managing network;One class is Slaver NOS, is alternative NOS, Slaver is called to be turned into Master;
Dispatch layer unit:The network operating system of network and upper strata to bottom is transparent.
6. the system of the method according to claim 5 for realizing dynamic dispatching network operating system, it is characterised in that described Scheduling layer unit contains agent data module, perceptron module, Scheduler module, wherein
Agent data module:It is the intermediate point of control plane and data plane data interaction, the network request of bottom passes through this point It is sent to NOS and performs body set, the management control data of controller is also handed down to bottom-layer network and other dispatch layer modules through time;
Perceptron module:The safe condition of perceptron sensing network, and by information exchange to scheduler;
Scheduler module:All NOS log-on message is included, receives the information of agent data, inside there is countdown function, once meter When device reset, scheduler according to scheduling strategy select a Slaver NOS be used as Master NOS.
CN201710146861.4A 2017-03-13 2017-03-13 A kind of method and system of dynamic dispatching network operating system Active CN106982207B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710146861.4A CN106982207B (en) 2017-03-13 2017-03-13 A kind of method and system of dynamic dispatching network operating system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710146861.4A CN106982207B (en) 2017-03-13 2017-03-13 A kind of method and system of dynamic dispatching network operating system

Publications (2)

Publication Number Publication Date
CN106982207A true CN106982207A (en) 2017-07-25
CN106982207B CN106982207B (en) 2019-06-28

Family

ID=59339502

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710146861.4A Active CN106982207B (en) 2017-03-13 2017-03-13 A kind of method and system of dynamic dispatching network operating system

Country Status (1)

Country Link
CN (1) CN106982207B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109144746A (en) * 2018-07-19 2019-01-04 中国航空工业集团公司沈阳飞机设计研究所 A kind of message asynchronous distribution system and method for GFT training system
CN110048868A (en) * 2018-01-16 2019-07-23 北京中科晶上超媒体信息技术有限公司 The dispatching method of operating system execution body

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101178666A (en) * 2007-12-13 2008-05-14 中兴通讯股份有限公司 Coordinating and scheduling method between heterogeneous multi-core
CN103176780A (en) * 2011-12-22 2013-06-26 中国科学院声学研究所 Binding system and method of multiple network interfaces
CN103514043A (en) * 2012-06-29 2014-01-15 华为技术有限公司 Multi-processor system and data processing method thereof
CN104410730A (en) * 2014-12-10 2015-03-11 上海斐讯数据通信技术有限公司 Seamless handover method of SDN (software defined network) main backup controller based on NAT (network address translation) technique
CN105791279A (en) * 2016-02-29 2016-07-20 中国人民解放军信息工程大学 Mimic SDN controller construction method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101178666A (en) * 2007-12-13 2008-05-14 中兴通讯股份有限公司 Coordinating and scheduling method between heterogeneous multi-core
CN103176780A (en) * 2011-12-22 2013-06-26 中国科学院声学研究所 Binding system and method of multiple network interfaces
CN103514043A (en) * 2012-06-29 2014-01-15 华为技术有限公司 Multi-processor system and data processing method thereof
CN104410730A (en) * 2014-12-10 2015-03-11 上海斐讯数据通信技术有限公司 Seamless handover method of SDN (software defined network) main backup controller based on NAT (network address translation) technique
CN105791279A (en) * 2016-02-29 2016-07-20 中国人民解放军信息工程大学 Mimic SDN controller construction method

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110048868A (en) * 2018-01-16 2019-07-23 北京中科晶上超媒体信息技术有限公司 The dispatching method of operating system execution body
CN110048868B (en) * 2018-01-16 2022-03-01 北京中科晶上超媒体信息技术有限公司 Scheduling method of operating system executive
CN109144746A (en) * 2018-07-19 2019-01-04 中国航空工业集团公司沈阳飞机设计研究所 A kind of message asynchronous distribution system and method for GFT training system

Also Published As

Publication number Publication date
CN106982207B (en) 2019-06-28

Similar Documents

Publication Publication Date Title
CN109587168A (en) Network function dispositions method based on mimicry defence in software defined network
CN101309180B (en) Security network invasion detection system suitable for virtual machine environment
TWI604333B (en) Technologies for scalable security architecture of virtualized networks
CN104199654B (en) The call method and device of open platform
CN110224990A (en) A kind of intruding detection system based on software definition security architecture
CN104104720B (en) A kind of server set group managing means and system
CN108769064A (en) Realize the distributed asset identification and change cognitive method and system that loophole is administered
CN111786983B (en) Virtualized attack-defense countermeasure environment construction method
CN105260004B (en) The screen rotation method and system of Android system terminal
CN106982207A (en) A kind of method and system of dynamic dispatching network operating system
CN109491668A (en) A kind of the mimicry defence framework and method of SDN/NFV service arrangement
CN110928662B (en) Distributed timing task scheduler facing micro-service architecture
CN108574709A (en) The implementation method and device of cross-domain operation
CN105893211A (en) Method and system for monitoring
CN108900366A (en) Uniform data central management system and its management method
CN109145590A (en) A kind of function hook detection method, detection device and computer-readable medium
CN107766730A (en) A kind of method that leak early warning is carried out for extensive target
CN106341369A (en) Security control method and device
CN103902901B (en) A kind of APT detection methods and system recognized based on compiler
CN110300070A (en) Power rating based on condition it is selectively modified
CN106302412A (en) A kind of intelligent checking system for the test of information system crushing resistance and detection method
CN106464541B (en) Fault handling method and equipment based on network function virtualization
CN109326156A (en) A kind of Training Methodology and its device
CN106302459A (en) Networking operational approach and device
CN106775620A (en) A kind of timing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant