CN111698245A - VxLAN security gateway and two-layer security network construction method based on state cryptographic algorithm - Google Patents

VxLAN security gateway and two-layer security network construction method based on state cryptographic algorithm Download PDF

Info

Publication number
CN111698245A
CN111698245A CN202010521722.7A CN202010521722A CN111698245A CN 111698245 A CN111698245 A CN 111698245A CN 202010521722 A CN202010521722 A CN 202010521722A CN 111698245 A CN111698245 A CN 111698245A
Authority
CN
China
Prior art keywords
vxlan
message
module
security
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010521722.7A
Other languages
Chinese (zh)
Inventor
欧睿
陈位仅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Guotai Wangxin Technology Co ltd
Original Assignee
Chengdu Guotai Wangxin Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Guotai Wangxin Technology Co ltd filed Critical Chengdu Guotai Wangxin Technology Co ltd
Priority to CN202010521722.7A priority Critical patent/CN111698245A/en
Publication of CN111698245A publication Critical patent/CN111698245A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0485Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Abstract

The invention provides a VxLAN security gateway based on a state cryptographic algorithm, which comprises a VxLAN module and an IPSec module, wherein the VxLAN module is connected with an intranet, and the IPsec module is connected with an external internet; the VxLAN module encapsulates a two-layer network communication data frame of the intranet into a VxLAN message or decapsulates the VxLAN message obtained by decrypting the IPSec module and forwards the decapsulated two-layer network data frame to the intranet; the IPSec module comprises an encryption/decryption module and a key negotiation module; the key negotiation module performs key negotiation and establishes a communication tunnel between two VxLAN security gateways, and the encryption module realizes encryption/decryption of VxLAN data messages based on a cryptographic algorithm. The security gateway has the characteristics of safety, confidentiality, special use, high performance and the like of special line connection, can realize two-layer network security networking spanning three-layer network, provides security guarantee for user service communication on the basis of networking, improves the security of network communication, and has the functions of multicast message forwarding and broadcast message forwarding.

Description

VxLAN security gateway and two-layer security network construction method based on state cryptographic algorithm
Technical Field
The invention relates to the field of communication, in particular to a VxLAN security gateway and a two-layer security network building method based on a national cryptographic algorithm.
Background
At present, each enterprise organization constructs a private network to improve the working efficiency and competitiveness of the enterprise organization. However, as the working range and the service network are continuously expanded, the network scale is also rapidly expanded. It would be very costly if one were to build their own private network in the traditional manner. Therefore, each enterprise organization generally transmits the internal information of the enterprise by interconnecting with the internal network through the public network.
The public network is a public basic network which is open to the whole society, has the characteristics of wide coverage, high speed, low cost, convenient use and the like, and has the problem of poor safety. Information transmitted by a user through a public network can be stolen, modified and forged at any time in the transmission process, so that the safety and the reliability of the information are reduced. For example, in 2010, the event that the iran nuclear industry facility is attacked by a virus in a 'seismic net' is that the centrifuge is accelerated to operate by counterfeiting information, so that equipment is damaged, and therefore, the cost can be greatly reduced by interconnecting the public information network and an enterprise internal network, but a great potential safety hazard is brought. One of the methods for solving this conflict is to adopt VPN technology.
The VPN has the characteristics of safety, confidentiality, special use, high performance and the like of special line connection, and the safety of data is ensured by effectively encapsulating and encrypting the head information of a data packet. Therefore, the company develops the IPSec VPN security gateway according to the technical specification of IPSec VPN strictly following GM/T0022-2014, and provides secure network transmission service for users.
In the current network environment, each enterprise organization generally improves the working efficiency and competitiveness of the enterprise organization by constructing a three-layer network topology under the condition of division. Thus, each enterprise organization typically transmits the internal information of the enterprise by interconnecting with an internal network through a public or private network. However, the use of public networks or the construction of private networks are open to the whole society, and have the characteristics of wide coverage, high speed, low cost, convenient use and the like. Meanwhile, the problems of poor security and complex multicast communication exist.
In terms of security, information transmitted by a user through a public network or a private network can be stolen, modified and forged at any time in the transmission process, so that the security and the reliability of the information are reduced.
During multicast communication, a two-layer networking model is needed to work normally, but most of the existing enterprise organization networking models belong to a routing three-layer networking model and cannot forward multicast messages or broadcast messages.
Disclosure of Invention
Aiming at the existing problems, the VxLAN security gateway and the large-layer and double-layer security network building method based on the national cryptographic algorithm are provided, the security of network communication is improved, and the VxLAN security gateway and the large-layer and double-layer security network building method have multicast message and broadcast message forwarding functions.
The technical scheme adopted by the invention is as follows: the VxLAN security gateway based on the state cryptographic algorithm comprises a VxLAN module and an IPSec module, wherein the VxLAN module is connected with an intranet, and the IPSec module is connected with an external internet;
the VxLAN module is used for encapsulating a two-layer network communication data frame of the intranet into a VxLAN message or decapsulating the VxLAN message obtained by decrypting the IPSec module and forwarding the decapsulated two-layer network data frame to the intranet;
the IPsec module comprises an encryption and decryption module and a key negotiation module; the key negotiation module carries out key negotiation based on an ISAKMP protocol and establishes a communication tunnel between two VxLAN security gateways according to a strategy, and the encryption module realizes encryption/decryption of VxLAN data packets based on a national encryption algorithm.
Further, the key negotiation module specifically works to include tunnel establishment, secure packet encapsulation, and packet transmission.
Further, the cryptographic algorithm is SM1, SM2, SM3, SM 4.
Further, the policy includes a tunnel policy and a security policy, and the tunnel policy includes tunnel terminal information of the security service; the security policy is an agreement established by two communicating entities via negotiation, including all information needed to perform various network security services.
Further, after receiving the external data message, the VxLAN security gateway performs the following processing:
s11, judging whether the message is a message of the VxLAN security gateway, if not, discarding, otherwise, entering S12;
s12, detecting the message type, if the message type is an ESP message, decrypting and entering S13; if the message type is an ISAKMP message, the message is forwarded to a key negotiation module, and the S14 is entered; if the message is other message, discarding, and entering S14;
s13, detecting the type of the decrypted original message; if the original message type is the vxlan message, decapsulating the vxlan message and forwarding the vxlan message to the intranet; if the message is other messages, carrying out system routing;
s14, the inbound flow ends.
Further, when the VxLAN security gateway receives an internal user service data packet or has a data message to be sent, the message needs to be processed as follows:
s21, if the filtering can not be carried out through the firewall, discarding the filter;
s22, performing security policy matching, and if the security policy is not matched, discarding the message;
s23, searching the session key for encryption, if the session key can not be found, discarding the message and triggering key negotiation, and ending the outbound process. Otherwise, entering the next step;
s24, encrypting and sending the message;
and S25, ending the flow.
The invention also provides a two-layer large-area security network construction method applying the VxLAN security gateway based on the national cryptographic algorithm, which is characterized in that VxLAN security gateways are respectively arranged at the network edges of the headquarter and the branches in two different places, the VxLAN security gateway in the third place is connected with the Internet, a VxLAN two-layer tunnel and a security tunnel are formed between the headquarter and the branches, and the two-layer large-area network construction across three-layer networks is completed.
Further, the VxLAN two-layer tunnel carries unicast, multicast and broadcast communication.
Further, the secure tunnel carries unicast communication.
Compared with the prior art, the beneficial effects of adopting the technical scheme are as follows: the security gateway has the characteristics of safety, confidentiality, special use, high performance and the like of special line connection, and ensures the safety of data by effectively encapsulating and encrypting the data packet; meanwhile, two-layer network security networking spanning three-layer networks can be realized, security guarantee is provided for user service communication on the basis of networking, the security of network communication is improved, and the multicast message forwarding function and the broadcast message forwarding function are simultaneously realized.
Drawings
Fig. 1 is a schematic diagram of a VxLAN security gateway and networking of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
As shown in fig. 1, the invention provides a VxLAN security gateway based on a cryptographic algorithm, which comprises a VxLAN module and an IPsec module, wherein the VxLAN module is connected with an intranet, and the IPsec module is connected with an external internet;
the VxLAN module is used for encapsulating a two-layer network communication data frame of the intranet into a VxLAN message or decapsulating the VxLAN message obtained by decrypting the IPSec module and forwarding the decapsulated two-layer network data frame to the intranet;
the IPsec module comprises an encryption and decryption module and a key negotiation module; the key negotiation module carries out key negotiation based on an ISAKMP protocol and establishes a communication tunnel between two VxLAN security gateways according to a strategy, and the encryption module realizes encryption/decryption of VxLAN data packets based on a national encryption algorithm.
Specifically, the key agreement module specifically works as follows: tunnel establishment, safety message encapsulation and message sending.
The cryptographic algorithms are SM1, SM2, SM3 and SM 4.
In a preferred embodiment, the policy includes a tunnel policy and a security policy, and the tunnel policy includes tunnel terminal information of the security service; the security policy is an agreement established by two communicating entities through negotiation, including all information required for executing various network security services, and is an agreement established by two communicating entities through negotiation, which describes how the entities utilize the security services to perform secure communication, including all information required for executing various network security services, such as IP layer services (such as header authentication and payload encapsulation), transport layer and application layer services, or self-protection of negotiated communication.
After receiving the external data message, the VxLAN security gateway performs the following processing:
s11, judging whether the message is a message of the VxLAN security gateway, if not, discarding, otherwise, entering S12;
s12, detecting the message type, if the message type is an ESP message, decrypting and entering S13; if the message type is an ISAKMP message, the message is forwarded to a key negotiation module, and the S14 is entered; if the message is other message, discarding, and entering S14;
s13, detecting the type of the decrypted original message; if the original message type is the vxlan message, decapsulating the vxlan message and forwarding the vxlan message to the intranet; if the message is other messages, carrying out system routing;
s14, the inbound flow ends.
When the VxLAN security gateway receives an internal user service data packet or a data message is sent, the message needs to be processed as follows:
and S21, if the filtering can not be carried out through the firewall, discarding the filter.
And S22, performing security policy matching, and if the security policy is not matched, discarding the message.
S23, searching the session key for encryption, if the session key can not be found, discarding the message and triggering key negotiation, and ending the outbound process. Otherwise, the next step is carried out.
And S24, encrypting the message and sending the message.
And S25, ending the flow.
Meanwhile, the invention also provides a two-layer large-area security network construction method applying the VxLAN security gateway based on the national cryptographic algorithm, which comprises the steps that VxLAN security gateways are respectively arranged at the network edges of the headquarter and the branches in two different places, the VxLAN security gateway in the third place is connected with the Internet, a VxLAN two-layer tunnel and a security tunnel are formed between the headquarter and the branches, and the two-layer large-area network construction across the three-layer network is completed.
The VxLAN two-layer tunnel bears unicast, multicast and broadcast communication.
The secure tunnel carries unicast traffic.
The invention can realize two-layer network safety networking spanning three-layer network and provide safety guarantee for user service communication based on the networking. In the aspect of safety guarantee, the technology of the invention adopts IPSec VPN safety communication technology to provide safety protection of network communication data for users. In the aspect of multicast and broadcast message forwarding, the technology of the invention uses a function of constructing a large two-layer network by spanning a three-layer network, which is realized by VxLAN technology, and the function can be independent of a transmission network between two places of an enterprise mechanism, and the two-layer network of the two places is constructed into the large two-layer network to provide a transparent multicast message and broadcast message forwarding function.
The technology of the invention can improve the networking safety and has the transparent forwarding function of the multicast message and the broadcast message, and the technology of the invention has the following technical characteristics:
1. the technology of the invention uses VxLAN technology to build a large two-layer local area network by two layer networks of mechanisms in two different cities through a special network or an Inter internet;
2. three-layer network security communication, after the establishment of a large two-layer local area network is realized, data communicated in the network is transmitted in a three-layer network in a plaintext form, and the risk of data exposure and tampering exists;
3. the safety communication technology is legal, and the three-layer network safety encryption technology adopted by the technology is the IPSec VPN safety communication technology and follows GM/T0022-.
The technology of the invention can avoid the security risk of being stolen, modified and forged during transmission in the established three-layer network, and can also improve the security of network transmission, and meanwhile, the invention realizes the function of establishing a large two-layer network by crossing the three-layer network based on VxLAN technology, can save network equipment (such as a router, a switch) and the like required by networking for users when establishing the large two-layer network by crossing the three-layer network, and reduces the technical requirements of the users during actual use, thereby reducing the actual investment cost of the users in labor, facilities and the like.
The invention is not limited to the foregoing embodiments. The invention extends to any novel feature or any novel combination of features disclosed in this specification and any novel method or process steps or any novel combination of features disclosed. Those skilled in the art to which the invention pertains will appreciate that insubstantial changes or modifications can be made without departing from the spirit of the invention as defined by the appended claims.
All of the features disclosed in this specification, or all of the steps in any method or process so disclosed, may be combined in any combination, except combinations of features and/or steps that are mutually exclusive.
Any feature disclosed in this specification may be replaced by alternative features serving equivalent or similar purposes, unless expressly stated otherwise. That is, unless expressly stated otherwise, each feature is only an example of a generic series of equivalent or similar features.

Claims (9)

1. A VxLAN security gateway based on a state cryptographic algorithm is characterized by comprising a VxLAN module and an IPSec module, wherein the VxLAN module is connected with an intranet, and the IPsec module is connected with an external internet;
the VxLAN module is used for encapsulating a two-layer network communication data frame of the intranet into a VxLAN message or decapsulating the VxLAN message obtained by decrypting the IPSec module and forwarding the decapsulated two-layer network data frame to the intranet;
the IPsec module comprises an encryption and decryption module and a key negotiation module; the key negotiation module carries out key negotiation based on an ISAKMP protocol and establishes a communication tunnel between two VxLAN security gateways according to a strategy, and the encryption module realizes encryption/decryption of VxLAN data packets based on a national encryption algorithm.
2. The VxLAN security gateway based on the national cryptographic algorithm according to claim 1, wherein the key negotiation module specifically works to include tunnel establishment, secure message encapsulation and message sending.
3. A VxLAN security gateway based on a national cryptographic algorithm as claimed in claim 2, wherein the national cryptographic algorithm is SM1, SM2, SM3, SM 4.
4. The VxLAN security gateway based on a cryptographic algorithm in China according to claim 1, wherein the policy comprises a tunnel policy and a security policy, and the tunnel policy comprises tunnel terminal information of a security service; the security policy is an agreement established by two communicating entities via negotiation, including all information needed to perform various network security services.
5. The VxLAN security gateway based on the national cryptographic algorithm according to claim 4, wherein the VxLAN security gateway receives an external data message and performs the following processing:
s11, judging whether the message is a message of the VxLAN security gateway, if not, discarding, otherwise, entering S12;
s12, detecting the message type, if the message type is an ESP message, decrypting and entering S13; if the message type is an ISAKMP message, the message is forwarded to a key negotiation module, and the S14 is entered; if the message is other message, discarding, and entering S14;
s13, detecting the type of the decrypted original message; if the original message type is the vxlan message, decapsulating the vxlan message and forwarding the vxlan message to the intranet; if the message is other messages, carrying out system routing;
s14, the inbound flow ends.
6. The VxLAN security gateway based on the national cryptographic algorithm according to claim 5, wherein when the VxLAN security gateway receives an internal user service data packet or has a data message to be sent, the message needs to be processed as follows:
s21, if the filtering can not be carried out through the firewall, discarding the filter;
s22, performing security policy matching, and if the security policy is not matched, discarding the message;
s23, searching the session key for encryption, if the session key can not be found, discarding the message and triggering key negotiation, and ending the outbound process. Otherwise, entering the next step;
s24, encrypting and sending the message;
and S25, ending the flow.
7. A two-layer security network construction method of a VxLAN security gateway based on a cryptographic algorithm of any one of claims 1-6 is applied, and is characterized in that VxLAN security gateways are respectively arranged at network edges of a headquarter and branches in two different places, the VxLAN security gateways in the third place are connected with the Internet, a VxLAN two-layer tunnel and a security tunnel are formed between the headquarter and the branches, and construction of a large two-layer local area network crossing a three-layer network is completed.
8. The layer two secure network establishment method of claim 7, wherein the VxLAN layer two tunnel carries unicast, multicast and broadcast communications.
9. The method of claim 7, wherein the secure tunnel carries unicast communications.
CN202010521722.7A 2020-06-10 2020-06-10 VxLAN security gateway and two-layer security network construction method based on state cryptographic algorithm Pending CN111698245A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010521722.7A CN111698245A (en) 2020-06-10 2020-06-10 VxLAN security gateway and two-layer security network construction method based on state cryptographic algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010521722.7A CN111698245A (en) 2020-06-10 2020-06-10 VxLAN security gateway and two-layer security network construction method based on state cryptographic algorithm

Publications (1)

Publication Number Publication Date
CN111698245A true CN111698245A (en) 2020-09-22

Family

ID=72480121

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010521722.7A Pending CN111698245A (en) 2020-06-10 2020-06-10 VxLAN security gateway and two-layer security network construction method based on state cryptographic algorithm

Country Status (1)

Country Link
CN (1) CN111698245A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114465788A (en) * 2022-01-24 2022-05-10 山东梅格彤天电气有限公司 Multi-fusion gateway information encryption publishing method and device
CN115277164A (en) * 2022-07-24 2022-11-01 杭州迪普科技股份有限公司 Message processing method and device based on two-layer networking environment
CN115333859A (en) * 2022-10-11 2022-11-11 三未信安科技股份有限公司 IPsec protocol message encryption and decryption method based on chip scheme

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140226820A1 (en) * 2013-02-12 2014-08-14 Vmware, Inc. Infrastructure level lan security
CN106992917A (en) * 2017-03-03 2017-07-28 新华三技术有限公司 Message forwarding method and device
CN107294711A (en) * 2017-07-11 2017-10-24 国网辽宁省电力有限公司 A kind of power information Intranet message encryption dissemination method based on VXLAN technologies
CN108028748A (en) * 2016-02-27 2018-05-11 华为技术有限公司 For handling the method, equipment and system of VXLAN messages
CN108322379A (en) * 2018-01-30 2018-07-24 华为技术有限公司 A kind of Virtual Private Network vpn system and implementation method
CN109525477A (en) * 2018-09-30 2019-03-26 华为技术有限公司 Communication means, device and system in data center between virtual machine

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140226820A1 (en) * 2013-02-12 2014-08-14 Vmware, Inc. Infrastructure level lan security
CN108028748A (en) * 2016-02-27 2018-05-11 华为技术有限公司 For handling the method, equipment and system of VXLAN messages
CN106992917A (en) * 2017-03-03 2017-07-28 新华三技术有限公司 Message forwarding method and device
CN107294711A (en) * 2017-07-11 2017-10-24 国网辽宁省电力有限公司 A kind of power information Intranet message encryption dissemination method based on VXLAN technologies
CN108322379A (en) * 2018-01-30 2018-07-24 华为技术有限公司 A kind of Virtual Private Network vpn system and implementation method
CN109525477A (en) * 2018-09-30 2019-03-26 华为技术有限公司 Communication means, device and system in data center between virtual machine

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114465788A (en) * 2022-01-24 2022-05-10 山东梅格彤天电气有限公司 Multi-fusion gateway information encryption publishing method and device
CN115277164A (en) * 2022-07-24 2022-11-01 杭州迪普科技股份有限公司 Message processing method and device based on two-layer networking environment
CN115277164B (en) * 2022-07-24 2023-06-27 杭州迪普科技股份有限公司 Message processing method and device based on two-layer networking environment
CN115333859A (en) * 2022-10-11 2022-11-11 三未信安科技股份有限公司 IPsec protocol message encryption and decryption method based on chip scheme

Similar Documents

Publication Publication Date Title
US9712502B2 (en) Method and system for sending a message through a secure connection
US9967372B2 (en) Multi-hop WAN MACsec over IP
EP2213036B1 (en) System and method for providing secure network communications
US8379638B2 (en) Security encapsulation of ethernet frames
CN102882789B (en) A kind of data message processing method, system and equipment
EP1378093B1 (en) Authentication and encryption method and apparatus for a wireless local access network
EP1461925B1 (en) Method and network for ensuring secure forwarding of messages
EP2777217B1 (en) Protocol for layer two multiple network links tunnelling
US7434045B1 (en) Method and apparatus for indexing an inbound security association database
CN111698245A (en) VxLAN security gateway and two-layer security network construction method based on state cryptographic algorithm
CN102932377B (en) Method and device for filtering IP (Internet Protocol) message
JP2002504286A (en) Virtual private network structure
US10044841B2 (en) Methods and systems for creating protocol header for embedded layer two packets
US7346926B2 (en) Method for sending messages over secure mobile communication links
CN107306198A (en) Message forwarding method, equipment and system
CN106161386B (en) Method and device for realizing IPsec (Internet protocol Security) shunt
Xu et al. Research on network security of VPN technology
CN112600802B (en) SRv6 encrypted message and SRv6 message encryption and decryption methods and devices
CN113746861B (en) Data transmission encryption and decryption method and encryption and decryption system based on national encryption technology
JP2023531034A (en) Service transmission method, device, network equipment and storage medium
US20130133063A1 (en) Tunneling-based method of bypassing internet access denial
US11750581B1 (en) Secure communication network
Zhang The solution and management of VPN based IPSec technology
Yu et al. Research on Collaborative Technology of IPv6 Protocol and Firewall Based on IPSec
Wu Implementation of virtual private network based on IPSec protocol

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200922