CN107104925A - Method, apparatus and system for secure communication - Google Patents
Method, apparatus and system for secure communication Download PDFInfo
- Publication number
- CN107104925A CN107104925A CN201610096661.8A CN201610096661A CN107104925A CN 107104925 A CN107104925 A CN 107104925A CN 201610096661 A CN201610096661 A CN 201610096661A CN 107104925 A CN107104925 A CN 107104925A
- Authority
- CN
- China
- Prior art keywords
- server
- key
- client
- access mandate
- mandate information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
Abstract
The embodiments of the invention provide the method for secure communication, apparatus and system.This method includes:In the case of it is determined that allowing client to access server, the access mandate information being authenticated for server to client is generated;Key is obtained, wherein, the key is generated according to the shared key schedule of server Authorization Manager and server, and server Authorization Manager and server belong to the limited applications protocol authentication and authorization framework system of commission;Access mandate information is encrypted using key;And send encrypted access mandate information to client.The embodiments of the invention provide the Secure Communication of server and SAM in DCAF systems, without carrying out cipher key interaction between server and SAM, so as to save signaling consumption, lifting system performance.
Description
Technical field
The present invention relates to areas of information technology, more particularly, to the method for secure communication, device and
(Constrained Application Protocol, the CoAP) certification of limited applications agreement and mandate of commission
Framework (Delegated CoAP Authentication and Authorization Framework, DCAF)
System.
Background technology
Due to traditional HTTP (HyperText Transfer Protocol, HTTP) no
Suitable for resource constrained environment, therefore Internet Engineering Task group (Internet Engineering Task
Force, IETF) a kind of application layer protocol, i.e. CoAP have been formulated for such constrained environment, make
The constrained nodes obtained in constrained environment can be communicated on the internet.
And for the safety problem that constrained nodes communicate, IETF has drafted DCAF documents recently.
In DCAF documents, a kind of DCAF systems are described, within the system by introducing less node
To help constrained nodes to carry out the task related to mandate.It is such less in DCAF systems
Node can be referred to as Authorization Manager.These Authorization Managers can be performed for the node of its management
Complicated safe task (key for for example managing large number quipments), so that constrained nodes can be realized
Delegated strategy.Authorization Manager can include the client authorization pipe for management client authorization message
Manage device (Client Authorization Manager, CAM) and for manager server authorization message
Server Authorization Manager (Server Authorization Manager, SAM).Performing with authorizing
During the task of correlation, need to transmit some authorization messages between SAM and server.However, DCAF
Document do not provide how between SAM and server the safely side of implementing of transmission information
Case.
The content of the invention
In view of the above mentioned problem of prior art, The embodiment provides for secure communication
Method, apparatus and system, have effectively achieved the secure communication of server and SAM in DCAF systems.
An embodiment provides a kind of method for secure communication, including:It is determined that
In the case of allowing client access server, generate and the client is carried out for the server
The access mandate information of certification;Key is obtained, wherein, the key is according to server empowerment management
Device and the server shared key schedule is generated, the server Authorization Manager and
The server belongs to the limited applications protocol authentication and authorization framework DCAF systems of commission;Using institute
Key is stated the access mandate information is encrypted;And send encrypted visit to the client
Ask authorization message.
Wherein, the acquisition key further comprises:The key is generated using dynamic token.
Another embodiment of the present invention provides a kind of method for secure communication, including:From client
End receives encrypted access mandate information, and the access mandate information is used for server to the client
End is authenticated;Key is obtained, wherein, the key is according to server Authorization Manager and described
Server shared key schedule is generated, the server Authorization Manager and the service
Device belongs to the limited applications protocol authentication and authorization framework DCAF systems of commission;Use the key pair
The encrypted access mandate information is decrypted;And according to decrypted access mandate information come
The client is authenticated.
Wherein, the acquisition key further comprises:The key is generated using dynamic token.
Another embodiment of the present invention provides a kind of device for secure communication, including:Generate mould
Block, in the case of it is determined that allowing client to access server, generating for the server pair
The access mandate information that the client is authenticated;Acquisition module, for obtaining key, wherein,
The key is according to the server Authorization Manager and the shared key schedule of the server
Come what is generated, the server Authorization Manager and the server belong to the limited applications agreement of commission
Certification and authorization framework DCAF systems;Encrypting module, for being awarded using the key to the access
Power information is encrypted;And sending module, awarded for sending encrypted access to the client
Weigh information.
Wherein, the acquisition module is further used for:The key is generated using dynamic token.
Another embodiment of the present invention provides a kind of device for secure communication, including:Receive mould
Block, for receiving encrypted access mandate information from client, the access mandate information is used for institute
Server is stated to be authenticated the client;Acquisition module, for obtaining key, wherein, it is described
Key is generated according to server Authorization Manager and the shared key schedule of the server
, the server Authorization Manager and the server belong to commission limited applications protocol authentication and
Authorization framework DCAF systems;Deciphering module, for using the key to the encrypted access
Authorization message is decrypted;And authentication module, for according to decrypted access mandate information come pair
The client is authenticated.
Wherein, the acquisition module is further used for:The key is generated using dynamic token.
Another embodiment of the present invention provides the limited applications protocol authentication and authorization framework of a kind of commission
System, including:Server Authorization Manager, server, client and client authorization manager.
Wherein, the server Authorization Manager is used to send encrypted to the client authorization manager
Access mandate information, the client authorization manager is used to connect from the server Authorization Manager
Receive after the encrypted access mandate information, the encrypted access is sent to the client
Authorization message.
From the above, it can be seen that the embodiments of the invention provide server in DCAF systems and SAM
Secure Communication, without carrying out cipher key interaction between server and SAM, so as to save signaling
Expense, lifting system performance.
Brief description of the drawings
Further feature, feature, advantage and the benefit of the present invention passes through the detailed description below in conjunction with accompanying drawing
It will become apparent.
Fig. 1 is the schematic diagram of DCAF systems according to an embodiment of the invention.
Fig. 2 is the flow chart of the method according to an embodiment of the invention for secure communication.
Fig. 3 is the flow chart of the method according to another embodiment of the present invention for secure communication.
Fig. 4 is the schematic diagram of the device according to an embodiment of the invention for secure communication.
Fig. 5 is the schematic diagram of the device according to an embodiment of the invention for secure communication.
Fig. 6 is SAM according to an embodiment of the invention schematic diagram.
Fig. 7 is the schematic diagram of server according to an embodiment of the invention.
Embodiment
Each embodiment of the present invention is described in detail next, with reference to accompanying drawing.
Fig. 1 is the schematic diagram of DCAF systems according to an embodiment of the invention.As shown in figure 1,
DCAF systems 100 can include client 110, server 120, CAM 130 and SAM 140.
Server 120 can have CoAP resources.Client 110 can be to the CoAP on server 120
Resource conducts interviews.CAM 130 can manage the certification and authorization data for client 110.SAM
140 can manage the certification and authorization data for server 120.
Client 110, can be to server when needing to access the CoAP resources on server 120
120 send initial unauthorized resource request message.Server 120 upon receiving the message, will be refused
The request, and to client 110 return its corresponding SAM 140 address.
Client 110, can be to its corresponding CAM 130 after SAM 140 address is received
Send authorization requests.CAM 130 can determine what client 110 was asked according to the authorization requests
Whether action is allowed to.If permitted to if, CAM 130 can send label to SAM 140 please
Seek message (Ticket Request Message).
SAM 140 is after label request message is received, it can be estimated that wherein included access please
Seek information.After it is determined that allowing the access server 120 of client 110, SAM 140 can be generated
Include the label approval message (Ticket Grant Message) for accessing label (Access Ticket).Visit
Ask that label can include being used for the access mandate information that server 120 is authenticated client 110.
As defined in DCAF documents, Face parts can be included by accessing label.The access mandate information
It can be included in Face parts.In order to ensure the security of communication, SAM 140 can utilize key
Face parts are encrypted.Then, SAM 140 can send the message to CAM 130.
CAM 130 can transmit message (Ticket after label approval message is received by label
Transfer Message), label will be accessed and be sent to client 110.Then, client 110 can be with
The Face parts accessed in label are sent to server 120.
Server 120 is received from client 110 after Face parts, it is possible to use key is to Face
Part is decrypted, so as to obtain decrypted access mandate information.Server 120 can be according to warp
The access mandate information of decryption, is authenticated and authorizes to client 120.So, client 110
Safe lane can be set up between server 120.By the safe lane, client 110 can be with
Access the CoAP resources on server 120.
In above process, it is close that the key and server 120 that SAM 140 is encrypted are decrypted
Key can be generated according to SAM 140 and the shared key schedule of server 120.So,
It may insure that SAM 140 and server 120 perform encryption respectively using identical key and decryption is grasped
Make, so as to avoid cipher key interaction process, signaling consumption can be saved.
In one embodiment, SAM 140 can be static close with the key that server 120 is shared
Key.Generated for example, the key can be SAM 140 with server 120 using the two shared key
Algorithm and previously generate, and be stored in respective memory.This mode realizes simply, cost
It is low.
In another embodiment, the key that SAM 140 shares with server 120 can be dynamic
Key.The key can be generated using dynamic token.For example, the dynamic of the side of server 120
The dynamic token of token device and the sides of SAM 140 can be generated synchronously identical token.So,
The token generated may be used as the shared key between server 120 and SAM 140.In the present invention
, can be using any dynamic token in the prior art in embodiment.This mode is compared to static state
For key, the security of information more ensure that.
From the above, it can be seen that the embodiments of the invention provide server in DCAF systems and SAM
Secure Communication, without carrying out cipher key interaction between server and SAM, so as to save signaling
Expense, lifting system performance.
Referring now to Fig. 2, it is the stream of the method according to an embodiment of the invention for secure communication
Cheng Tu.For example, Fig. 2 method can be performed by the SAM 140 in above-mentioned Fig. 1.
As shown in Fig. 2 this method comprises the following steps:
Step 210, in the case of it is determined that allowing client to access server, generate for server pair
The access mandate information that client is authenticated.
Step 220, key is obtained, wherein, the key is according to SAM and the shared key of server
Generating algorithm is come what is generated, and SAM and server belong to DCAF systems.
Step 230, access mandate information is encrypted using key.
Step 240, encrypted access mandate information is sent to client.
In one embodiment, in a step 220, it is possible to use dynamic token is come on generating
State key.
Referring now to Fig. 3, it is the stream of the method according to an embodiment of the invention for secure communication
Cheng Tu.For example, Fig. 3 method can be performed by the server 120 in above-mentioned Fig. 1.
As shown in figure 3, this method comprises the following steps:
Step 310, encrypted access mandate information is received from client, access mandate information is used to take
Business device is authenticated to client.
Step 320, key is obtained, wherein, the key is according to SAM and the shared key of server
Generating algorithm is come what is generated, and SAM and server belong to DCAF systems.
Step 330, encrypted access mandate information is decrypted using key.
Step 340, client is authenticated according to decrypted access mandate information.
In one embodiment, in step 320, it is possible to use dynamic token is come on generating
State key.
Referring now to Fig. 4, it is showing for the device according to an embodiment of the invention for secure communication
It is intended to.Device 400 shown in Fig. 4 can utilize software, hardware (such as integrated circuit or DSP)
Or the mode of software and hardware combining is realized.One example of Fig. 4 device 400 can be above-mentioned SAM
140。
As shown in figure 4, device 400 can include generation module 410, acquisition module 420, encryption mould
Block 430 and sending module 440.
Generation module 410 is used in the case of it is determined that allowing client to access server, and generating is used for
The access mandate information that server is authenticated to client.Acquisition module 420 is used to obtain key,
Wherein, key is generated according to the shared key schedule of SAM and server, SAM and
Server belongs to DCAF systems.Encrypting module 430 is used to carry out access mandate information using key
Encryption.Sending module 440 is used to send encrypted access mandate information to client.
In one embodiment, acquisition module 420 can be further used for utilizing dynamic token
To generate above-mentioned key.
Referring now to Fig. 5, it is the schematic diagram of server according to an embodiment of the invention.Fig. 5 institutes
The device 500 shown can utilize software, hardware (such as integrated circuit or DSP) or software and hardware knot
The mode of conjunction is realized.One example of Fig. 5 device 500 can be above-mentioned server 120.
As shown in figure 5, device 500 can include receiving module 510, acquisition module 520, decryption mould
Block 530 and authentication module 540.
Receiving module 510 is used to receive encrypted access mandate information, access mandate letter from client
Cease and client is authenticated for server.Acquisition module 520 is used to obtain key, wherein, should
Key is generated according to SAM and the shared key schedule of server, SAM devices and service
Device belongs to DCAF systems.Deciphering module 530 is used for using key to encrypted access mandate information
It is decrypted.Authentication module 540 is used to carry out client according to decrypted access mandate information
Certification.
In one embodiment, acquisition module 520 can be further used for utilizing dynamic token
To generate above-mentioned key.
Referring now to Fig. 6, it is SAM according to an embodiment of the invention schematic diagram.Such as Fig. 6
It is shown, SAM 600 can include be used for store executable instruction memory 610 and with memory 610
The processor 620 of connection, wherein, processor 620 can perform foregoing SAM 400 modules
Performed operation.
Referring now to Fig. 7, it is the schematic diagram of server according to an embodiment of the invention.Such as Fig. 7
Shown, server 700 can include the memory 710 and and memory for being used to store executable instruction
The processor 720 of 710 connections, wherein, processor 720 can perform each of aforementioned server 500
Operation performed by module.
The embodiment of the present invention also provides a kind of machine readable media, and executable instruction is stored thereon, when this
When executable instruction is performed so that machine realizes the operation of processor 620.
The embodiment of the present invention also provides another machine readable media, and executable instruction is stored thereon, when
When the executable instruction is performed so that machine realizes the operation of processor 720.
Detailed displaying and explanation have been carried out to the present invention above by accompanying drawing and preferred embodiment, but originally
Invention is not limited to these embodiments having revealed that, other sides that those skilled in the art therefrom derive
Case is also within protection scope of the present invention.
Claims (12)
1. a kind of method for secure communication, including:
In the case of it is determined that allowing client to access server, generate for the server to described
The access mandate information that client is authenticated;
Key is obtained, wherein, the key is common according to server Authorization Manager and the server
Key schedule is come what is generated, and the server Authorization Manager and the server belong to committee
The limited applications protocol authentication and authorization framework DCAF systems of support;
The access mandate information is encrypted using the key;And
Encrypted access mandate information is sent to the client.
2. according to the method described in claim 1, wherein, it is described acquisition key further comprise:
The key is generated using dynamic token.
3. a kind of method for secure communication, including:
Encrypted access mandate information is received from client, the access mandate information is used for server
The client is authenticated;
Key is obtained, wherein, the key is common according to server Authorization Manager and the server
Key schedule is come what is generated, and the server Authorization Manager and the server belong to committee
The limited applications protocol authentication and authorization framework DCAF systems of support;
The encrypted access mandate information is decrypted using the key;And
The client is authenticated according to decrypted access mandate information.
4. method according to claim 3, wherein, the acquisition key further comprises:
The key is generated using dynamic token.
5. a kind of device for secure communication, including:
Generation module, in the case of it is determined that allowing client to access server, generating for institute
State the access mandate information that server is authenticated to the client;
Acquisition module, for obtaining key, wherein, the key is according to the server mandate pipe
Manage device and the shared key schedule of the server to generate, the server Authorization Manager
Belong to the limited applications protocol authentication and authorization framework DCAF systems of commission with the server;
Encrypting module, for the access mandate information to be encrypted using the key;And
Sending module, for sending encrypted access mandate information to the client.
6. equipment according to claim 5, wherein, the acquisition module is further used for:
The key is generated using dynamic token.
7. a kind of device for secure communication, including:
Receiving module, for receiving encrypted access mandate information, the access mandate from client
Information is authenticated for the server to the client;
Acquisition module, for obtaining key, wherein, the key is according to server Authorization Manager
The key schedule that is shared with the server is generated, the server Authorization Manager and institute
State limited applications protocol authentication and authorization framework DCAF systems that server belongs to commission;
Deciphering module, for the encrypted access mandate information to be decrypted using the key;
And
Authentication module, for being authenticated according to decrypted access mandate information to the client.
8. equipment according to claim 7, wherein, the acquisition module is further used for:
The key is generated using dynamic token.
9. a kind of server Authorization Manager, including:
Memory;And
Processor, for the operation included by perform claim requirement 1 or 2.
10. a kind of server, including:
Memory;And
Processor, for the operation included by perform claim requirement 3 or 4.
11. the limited applications protocol authentication and authorization framework system of a kind of commission, including:
Server Authorization Manager according to claim 9;
Server according to claim 10;
Client;And
Client authorization manager;
Wherein, the server Authorization Manager is used to send through adding to the client authorization manager
Close access mandate information, the client authorization manager is used for from the server empowerment management
Device is received after the encrypted access mandate information, sends described encrypted to the client
Access mandate information.
12. a kind of machine readable media, is stored thereon with executable instruction, when the executable instruction
When being performed so that machine perform claim requires the operation included by any one of 1-4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610096661.8A CN107104925A (en) | 2016-02-22 | 2016-02-22 | Method, apparatus and system for secure communication |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610096661.8A CN107104925A (en) | 2016-02-22 | 2016-02-22 | Method, apparatus and system for secure communication |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107104925A true CN107104925A (en) | 2017-08-29 |
Family
ID=59658683
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610096661.8A Pending CN107104925A (en) | 2016-02-22 | 2016-02-22 | Method, apparatus and system for secure communication |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107104925A (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102882906A (en) * | 2011-07-14 | 2013-01-16 | 华为技术有限公司 | Method and device of data communication in constrained application protocol |
CN104618362A (en) * | 2015-01-23 | 2015-05-13 | 华为技术有限公司 | Method and device for session message interaction between resource server and client side |
US20150326539A1 (en) * | 2014-03-31 | 2015-11-12 | EXILANT Technologies Private Limited | Increased communication security |
-
2016
- 2016-02-22 CN CN201610096661.8A patent/CN107104925A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102882906A (en) * | 2011-07-14 | 2013-01-16 | 华为技术有限公司 | Method and device of data communication in constrained application protocol |
US20150326539A1 (en) * | 2014-03-31 | 2015-11-12 | EXILANT Technologies Private Limited | Increased communication security |
CN104618362A (en) * | 2015-01-23 | 2015-05-13 | 华为技术有限公司 | Method and device for session message interaction between resource server and client side |
Non-Patent Citations (1)
Title |
---|
ACE WORKING GROUP: ""Delegated CoAP Authentication and Authorization Framework (DCAF) draft-gerdes-ace-dcaf-authorize-02"", 《IETF》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102195957B (en) | Resource sharing method, device and system | |
JP7014806B2 (en) | Digital certificate management method and equipment | |
EP2391083B1 (en) | Method for realizing authentication center and authentication system | |
US11134069B2 (en) | Method for authorizing access and apparatus using the method | |
CN109660485A (en) | A kind of authority control method and system based on the transaction of block chain | |
KR20060100920A (en) | Trusted third party authentication for web services | |
US10257171B2 (en) | Server public key pinning by URL | |
US10958630B2 (en) | System and method for securely exchanging data between devices | |
CN102098317A (en) | Data transmitting method and system applied to cloud system | |
CN102377788A (en) | Single sign-on (SSO) system and single sign-on (SSO) method | |
WO2019047927A1 (en) | Digital credential management method and device | |
CN109150800A (en) | Login access method, system and storage medium | |
CN112861157A (en) | Data sharing method based on decentralized identity and proxy re-encryption | |
CN109698746A (en) | Negotiate the method and system of the sub-key of generation bound device based on master key | |
TWI556618B (en) | Network Group Authentication System and Method | |
JP4807944B2 (en) | Challenge-based authentication that does not require knowledge of secret authentication data | |
CN106992978A (en) | Network safety managing method and server | |
CN107566393A (en) | A kind of dynamic rights checking system and method based on trust certificate | |
CN113965425B (en) | Access method, device and equipment of Internet of things equipment and computer readable storage medium | |
CN102629928B (en) | Implementation method for safety link of internet lottery ticket system based on public key | |
CN111835716B (en) | Authentication communication method, server, device and storage medium | |
JP2005086428A (en) | Method of obtaining authentication and performing crypto communication, authenticating system and authenticating method | |
CN107104925A (en) | Method, apparatus and system for secure communication | |
JP2007074745A (en) | Method for performing encrypted communication by obtaining authentication, authentication system and method | |
Rajathi et al. | Practical Implementation and Analysis of TLS Client Certificate Authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170829 |