CN111698245A - VxLAN security gateway and two-layer security network construction method based on state cryptographic algorithm - Google Patents
VxLAN security gateway and two-layer security network construction method based on state cryptographic algorithm Download PDFInfo
- Publication number
- CN111698245A CN111698245A CN202010521722.7A CN202010521722A CN111698245A CN 111698245 A CN111698245 A CN 111698245A CN 202010521722 A CN202010521722 A CN 202010521722A CN 111698245 A CN111698245 A CN 111698245A
- Authority
- CN
- China
- Prior art keywords
- vxlan
- message
- module
- security
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0485—Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Abstract
The invention provides a VxLAN security gateway based on a state cryptographic algorithm, which comprises a VxLAN module and an IPSec module, wherein the VxLAN module is connected with an intranet, and the IPsec module is connected with an external internet; the VxLAN module encapsulates a two-layer network communication data frame of the intranet into a VxLAN message or decapsulates the VxLAN message obtained by decrypting the IPSec module and forwards the decapsulated two-layer network data frame to the intranet; the IPSec module comprises an encryption/decryption module and a key negotiation module; the key negotiation module performs key negotiation and establishes a communication tunnel between two VxLAN security gateways, and the encryption module realizes encryption/decryption of VxLAN data messages based on a cryptographic algorithm. The security gateway has the characteristics of safety, confidentiality, special use, high performance and the like of special line connection, can realize two-layer network security networking spanning three-layer network, provides security guarantee for user service communication on the basis of networking, improves the security of network communication, and has the functions of multicast message forwarding and broadcast message forwarding.
Description
Technical Field
The invention relates to the field of communication, in particular to a VxLAN security gateway and a two-layer security network building method based on a national cryptographic algorithm.
Background
At present, each enterprise organization constructs a private network to improve the working efficiency and competitiveness of the enterprise organization. However, as the working range and the service network are continuously expanded, the network scale is also rapidly expanded. It would be very costly if one were to build their own private network in the traditional manner. Therefore, each enterprise organization generally transmits the internal information of the enterprise by interconnecting with the internal network through the public network.
The public network is a public basic network which is open to the whole society, has the characteristics of wide coverage, high speed, low cost, convenient use and the like, and has the problem of poor safety. Information transmitted by a user through a public network can be stolen, modified and forged at any time in the transmission process, so that the safety and the reliability of the information are reduced. For example, in 2010, the event that the iran nuclear industry facility is attacked by a virus in a 'seismic net' is that the centrifuge is accelerated to operate by counterfeiting information, so that equipment is damaged, and therefore, the cost can be greatly reduced by interconnecting the public information network and an enterprise internal network, but a great potential safety hazard is brought. One of the methods for solving this conflict is to adopt VPN technology.
The VPN has the characteristics of safety, confidentiality, special use, high performance and the like of special line connection, and the safety of data is ensured by effectively encapsulating and encrypting the head information of a data packet. Therefore, the company develops the IPSec VPN security gateway according to the technical specification of IPSec VPN strictly following GM/T0022-2014, and provides secure network transmission service for users.
In the current network environment, each enterprise organization generally improves the working efficiency and competitiveness of the enterprise organization by constructing a three-layer network topology under the condition of division. Thus, each enterprise organization typically transmits the internal information of the enterprise by interconnecting with an internal network through a public or private network. However, the use of public networks or the construction of private networks are open to the whole society, and have the characteristics of wide coverage, high speed, low cost, convenient use and the like. Meanwhile, the problems of poor security and complex multicast communication exist.
In terms of security, information transmitted by a user through a public network or a private network can be stolen, modified and forged at any time in the transmission process, so that the security and the reliability of the information are reduced.
During multicast communication, a two-layer networking model is needed to work normally, but most of the existing enterprise organization networking models belong to a routing three-layer networking model and cannot forward multicast messages or broadcast messages.
Disclosure of Invention
Aiming at the existing problems, the VxLAN security gateway and the large-layer and double-layer security network building method based on the national cryptographic algorithm are provided, the security of network communication is improved, and the VxLAN security gateway and the large-layer and double-layer security network building method have multicast message and broadcast message forwarding functions.
The technical scheme adopted by the invention is as follows: the VxLAN security gateway based on the state cryptographic algorithm comprises a VxLAN module and an IPSec module, wherein the VxLAN module is connected with an intranet, and the IPSec module is connected with an external internet;
the VxLAN module is used for encapsulating a two-layer network communication data frame of the intranet into a VxLAN message or decapsulating the VxLAN message obtained by decrypting the IPSec module and forwarding the decapsulated two-layer network data frame to the intranet;
the IPsec module comprises an encryption and decryption module and a key negotiation module; the key negotiation module carries out key negotiation based on an ISAKMP protocol and establishes a communication tunnel between two VxLAN security gateways according to a strategy, and the encryption module realizes encryption/decryption of VxLAN data packets based on a national encryption algorithm.
Further, the key negotiation module specifically works to include tunnel establishment, secure packet encapsulation, and packet transmission.
Further, the cryptographic algorithm is SM1, SM2, SM3, SM 4.
Further, the policy includes a tunnel policy and a security policy, and the tunnel policy includes tunnel terminal information of the security service; the security policy is an agreement established by two communicating entities via negotiation, including all information needed to perform various network security services.
Further, after receiving the external data message, the VxLAN security gateway performs the following processing:
s11, judging whether the message is a message of the VxLAN security gateway, if not, discarding, otherwise, entering S12;
s12, detecting the message type, if the message type is an ESP message, decrypting and entering S13; if the message type is an ISAKMP message, the message is forwarded to a key negotiation module, and the S14 is entered; if the message is other message, discarding, and entering S14;
s13, detecting the type of the decrypted original message; if the original message type is the vxlan message, decapsulating the vxlan message and forwarding the vxlan message to the intranet; if the message is other messages, carrying out system routing;
s14, the inbound flow ends.
Further, when the VxLAN security gateway receives an internal user service data packet or has a data message to be sent, the message needs to be processed as follows:
s21, if the filtering can not be carried out through the firewall, discarding the filter;
s22, performing security policy matching, and if the security policy is not matched, discarding the message;
s23, searching the session key for encryption, if the session key can not be found, discarding the message and triggering key negotiation, and ending the outbound process. Otherwise, entering the next step;
s24, encrypting and sending the message;
and S25, ending the flow.
The invention also provides a two-layer large-area security network construction method applying the VxLAN security gateway based on the national cryptographic algorithm, which is characterized in that VxLAN security gateways are respectively arranged at the network edges of the headquarter and the branches in two different places, the VxLAN security gateway in the third place is connected with the Internet, a VxLAN two-layer tunnel and a security tunnel are formed between the headquarter and the branches, and the two-layer large-area network construction across three-layer networks is completed.
Further, the VxLAN two-layer tunnel carries unicast, multicast and broadcast communication.
Further, the secure tunnel carries unicast communication.
Compared with the prior art, the beneficial effects of adopting the technical scheme are as follows: the security gateway has the characteristics of safety, confidentiality, special use, high performance and the like of special line connection, and ensures the safety of data by effectively encapsulating and encrypting the data packet; meanwhile, two-layer network security networking spanning three-layer networks can be realized, security guarantee is provided for user service communication on the basis of networking, the security of network communication is improved, and the multicast message forwarding function and the broadcast message forwarding function are simultaneously realized.
Drawings
Fig. 1 is a schematic diagram of a VxLAN security gateway and networking of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
As shown in fig. 1, the invention provides a VxLAN security gateway based on a cryptographic algorithm, which comprises a VxLAN module and an IPsec module, wherein the VxLAN module is connected with an intranet, and the IPsec module is connected with an external internet;
the VxLAN module is used for encapsulating a two-layer network communication data frame of the intranet into a VxLAN message or decapsulating the VxLAN message obtained by decrypting the IPSec module and forwarding the decapsulated two-layer network data frame to the intranet;
the IPsec module comprises an encryption and decryption module and a key negotiation module; the key negotiation module carries out key negotiation based on an ISAKMP protocol and establishes a communication tunnel between two VxLAN security gateways according to a strategy, and the encryption module realizes encryption/decryption of VxLAN data packets based on a national encryption algorithm.
Specifically, the key agreement module specifically works as follows: tunnel establishment, safety message encapsulation and message sending.
The cryptographic algorithms are SM1, SM2, SM3 and SM 4.
In a preferred embodiment, the policy includes a tunnel policy and a security policy, and the tunnel policy includes tunnel terminal information of the security service; the security policy is an agreement established by two communicating entities through negotiation, including all information required for executing various network security services, and is an agreement established by two communicating entities through negotiation, which describes how the entities utilize the security services to perform secure communication, including all information required for executing various network security services, such as IP layer services (such as header authentication and payload encapsulation), transport layer and application layer services, or self-protection of negotiated communication.
After receiving the external data message, the VxLAN security gateway performs the following processing:
s11, judging whether the message is a message of the VxLAN security gateway, if not, discarding, otherwise, entering S12;
s12, detecting the message type, if the message type is an ESP message, decrypting and entering S13; if the message type is an ISAKMP message, the message is forwarded to a key negotiation module, and the S14 is entered; if the message is other message, discarding, and entering S14;
s13, detecting the type of the decrypted original message; if the original message type is the vxlan message, decapsulating the vxlan message and forwarding the vxlan message to the intranet; if the message is other messages, carrying out system routing;
s14, the inbound flow ends.
When the VxLAN security gateway receives an internal user service data packet or a data message is sent, the message needs to be processed as follows:
and S21, if the filtering can not be carried out through the firewall, discarding the filter.
And S22, performing security policy matching, and if the security policy is not matched, discarding the message.
S23, searching the session key for encryption, if the session key can not be found, discarding the message and triggering key negotiation, and ending the outbound process. Otherwise, the next step is carried out.
And S24, encrypting the message and sending the message.
And S25, ending the flow.
Meanwhile, the invention also provides a two-layer large-area security network construction method applying the VxLAN security gateway based on the national cryptographic algorithm, which comprises the steps that VxLAN security gateways are respectively arranged at the network edges of the headquarter and the branches in two different places, the VxLAN security gateway in the third place is connected with the Internet, a VxLAN two-layer tunnel and a security tunnel are formed between the headquarter and the branches, and the two-layer large-area network construction across the three-layer network is completed.
The VxLAN two-layer tunnel bears unicast, multicast and broadcast communication.
The secure tunnel carries unicast traffic.
The invention can realize two-layer network safety networking spanning three-layer network and provide safety guarantee for user service communication based on the networking. In the aspect of safety guarantee, the technology of the invention adopts IPSec VPN safety communication technology to provide safety protection of network communication data for users. In the aspect of multicast and broadcast message forwarding, the technology of the invention uses a function of constructing a large two-layer network by spanning a three-layer network, which is realized by VxLAN technology, and the function can be independent of a transmission network between two places of an enterprise mechanism, and the two-layer network of the two places is constructed into the large two-layer network to provide a transparent multicast message and broadcast message forwarding function.
The technology of the invention can improve the networking safety and has the transparent forwarding function of the multicast message and the broadcast message, and the technology of the invention has the following technical characteristics:
1. the technology of the invention uses VxLAN technology to build a large two-layer local area network by two layer networks of mechanisms in two different cities through a special network or an Inter internet;
2. three-layer network security communication, after the establishment of a large two-layer local area network is realized, data communicated in the network is transmitted in a three-layer network in a plaintext form, and the risk of data exposure and tampering exists;
3. the safety communication technology is legal, and the three-layer network safety encryption technology adopted by the technology is the IPSec VPN safety communication technology and follows GM/T0022-.
The technology of the invention can avoid the security risk of being stolen, modified and forged during transmission in the established three-layer network, and can also improve the security of network transmission, and meanwhile, the invention realizes the function of establishing a large two-layer network by crossing the three-layer network based on VxLAN technology, can save network equipment (such as a router, a switch) and the like required by networking for users when establishing the large two-layer network by crossing the three-layer network, and reduces the technical requirements of the users during actual use, thereby reducing the actual investment cost of the users in labor, facilities and the like.
The invention is not limited to the foregoing embodiments. The invention extends to any novel feature or any novel combination of features disclosed in this specification and any novel method or process steps or any novel combination of features disclosed. Those skilled in the art to which the invention pertains will appreciate that insubstantial changes or modifications can be made without departing from the spirit of the invention as defined by the appended claims.
All of the features disclosed in this specification, or all of the steps in any method or process so disclosed, may be combined in any combination, except combinations of features and/or steps that are mutually exclusive.
Any feature disclosed in this specification may be replaced by alternative features serving equivalent or similar purposes, unless expressly stated otherwise. That is, unless expressly stated otherwise, each feature is only an example of a generic series of equivalent or similar features.
Claims (9)
1. A VxLAN security gateway based on a state cryptographic algorithm is characterized by comprising a VxLAN module and an IPSec module, wherein the VxLAN module is connected with an intranet, and the IPsec module is connected with an external internet;
the VxLAN module is used for encapsulating a two-layer network communication data frame of the intranet into a VxLAN message or decapsulating the VxLAN message obtained by decrypting the IPSec module and forwarding the decapsulated two-layer network data frame to the intranet;
the IPsec module comprises an encryption and decryption module and a key negotiation module; the key negotiation module carries out key negotiation based on an ISAKMP protocol and establishes a communication tunnel between two VxLAN security gateways according to a strategy, and the encryption module realizes encryption/decryption of VxLAN data packets based on a national encryption algorithm.
2. The VxLAN security gateway based on the national cryptographic algorithm according to claim 1, wherein the key negotiation module specifically works to include tunnel establishment, secure message encapsulation and message sending.
3. A VxLAN security gateway based on a national cryptographic algorithm as claimed in claim 2, wherein the national cryptographic algorithm is SM1, SM2, SM3, SM 4.
4. The VxLAN security gateway based on a cryptographic algorithm in China according to claim 1, wherein the policy comprises a tunnel policy and a security policy, and the tunnel policy comprises tunnel terminal information of a security service; the security policy is an agreement established by two communicating entities via negotiation, including all information needed to perform various network security services.
5. The VxLAN security gateway based on the national cryptographic algorithm according to claim 4, wherein the VxLAN security gateway receives an external data message and performs the following processing:
s11, judging whether the message is a message of the VxLAN security gateway, if not, discarding, otherwise, entering S12;
s12, detecting the message type, if the message type is an ESP message, decrypting and entering S13; if the message type is an ISAKMP message, the message is forwarded to a key negotiation module, and the S14 is entered; if the message is other message, discarding, and entering S14;
s13, detecting the type of the decrypted original message; if the original message type is the vxlan message, decapsulating the vxlan message and forwarding the vxlan message to the intranet; if the message is other messages, carrying out system routing;
s14, the inbound flow ends.
6. The VxLAN security gateway based on the national cryptographic algorithm according to claim 5, wherein when the VxLAN security gateway receives an internal user service data packet or has a data message to be sent, the message needs to be processed as follows:
s21, if the filtering can not be carried out through the firewall, discarding the filter;
s22, performing security policy matching, and if the security policy is not matched, discarding the message;
s23, searching the session key for encryption, if the session key can not be found, discarding the message and triggering key negotiation, and ending the outbound process. Otherwise, entering the next step;
s24, encrypting and sending the message;
and S25, ending the flow.
7. A two-layer security network construction method of a VxLAN security gateway based on a cryptographic algorithm of any one of claims 1-6 is applied, and is characterized in that VxLAN security gateways are respectively arranged at network edges of a headquarter and branches in two different places, the VxLAN security gateways in the third place are connected with the Internet, a VxLAN two-layer tunnel and a security tunnel are formed between the headquarter and the branches, and construction of a large two-layer local area network crossing a three-layer network is completed.
8. The layer two secure network establishment method of claim 7, wherein the VxLAN layer two tunnel carries unicast, multicast and broadcast communications.
9. The method of claim 7, wherein the secure tunnel carries unicast communications.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010521722.7A CN111698245A (en) | 2020-06-10 | 2020-06-10 | VxLAN security gateway and two-layer security network construction method based on state cryptographic algorithm |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010521722.7A CN111698245A (en) | 2020-06-10 | 2020-06-10 | VxLAN security gateway and two-layer security network construction method based on state cryptographic algorithm |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111698245A true CN111698245A (en) | 2020-09-22 |
Family
ID=72480121
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010521722.7A Pending CN111698245A (en) | 2020-06-10 | 2020-06-10 | VxLAN security gateway and two-layer security network construction method based on state cryptographic algorithm |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111698245A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114465788A (en) * | 2022-01-24 | 2022-05-10 | 山东梅格彤天电气有限公司 | Multi-fusion gateway information encryption publishing method and device |
CN115277164A (en) * | 2022-07-24 | 2022-11-01 | 杭州迪普科技股份有限公司 | Message processing method and device based on two-layer networking environment |
CN115333859A (en) * | 2022-10-11 | 2022-11-11 | 三未信安科技股份有限公司 | IPsec protocol message encryption and decryption method based on chip scheme |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140226820A1 (en) * | 2013-02-12 | 2014-08-14 | Vmware, Inc. | Infrastructure level lan security |
CN106992917A (en) * | 2017-03-03 | 2017-07-28 | 新华三技术有限公司 | Message forwarding method and device |
CN107294711A (en) * | 2017-07-11 | 2017-10-24 | 国网辽宁省电力有限公司 | A kind of power information Intranet message encryption dissemination method based on VXLAN technologies |
CN108028748A (en) * | 2016-02-27 | 2018-05-11 | 华为技术有限公司 | For handling the method, equipment and system of VXLAN messages |
CN108322379A (en) * | 2018-01-30 | 2018-07-24 | 华为技术有限公司 | A kind of Virtual Private Network vpn system and implementation method |
CN109525477A (en) * | 2018-09-30 | 2019-03-26 | 华为技术有限公司 | Communication means, device and system in data center between virtual machine |
-
2020
- 2020-06-10 CN CN202010521722.7A patent/CN111698245A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140226820A1 (en) * | 2013-02-12 | 2014-08-14 | Vmware, Inc. | Infrastructure level lan security |
CN108028748A (en) * | 2016-02-27 | 2018-05-11 | 华为技术有限公司 | For handling the method, equipment and system of VXLAN messages |
CN106992917A (en) * | 2017-03-03 | 2017-07-28 | 新华三技术有限公司 | Message forwarding method and device |
CN107294711A (en) * | 2017-07-11 | 2017-10-24 | 国网辽宁省电力有限公司 | A kind of power information Intranet message encryption dissemination method based on VXLAN technologies |
CN108322379A (en) * | 2018-01-30 | 2018-07-24 | 华为技术有限公司 | A kind of Virtual Private Network vpn system and implementation method |
CN109525477A (en) * | 2018-09-30 | 2019-03-26 | 华为技术有限公司 | Communication means, device and system in data center between virtual machine |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114465788A (en) * | 2022-01-24 | 2022-05-10 | 山东梅格彤天电气有限公司 | Multi-fusion gateway information encryption publishing method and device |
CN115277164A (en) * | 2022-07-24 | 2022-11-01 | 杭州迪普科技股份有限公司 | Message processing method and device based on two-layer networking environment |
CN115277164B (en) * | 2022-07-24 | 2023-06-27 | 杭州迪普科技股份有限公司 | Message processing method and device based on two-layer networking environment |
CN115333859A (en) * | 2022-10-11 | 2022-11-11 | 三未信安科技股份有限公司 | IPsec protocol message encryption and decryption method based on chip scheme |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9712502B2 (en) | Method and system for sending a message through a secure connection | |
US9967372B2 (en) | Multi-hop WAN MACsec over IP | |
EP2213036B1 (en) | System and method for providing secure network communications | |
US8379638B2 (en) | Security encapsulation of ethernet frames | |
CN102882789B (en) | A kind of data message processing method, system and equipment | |
EP1378093B1 (en) | Authentication and encryption method and apparatus for a wireless local access network | |
EP1461925B1 (en) | Method and network for ensuring secure forwarding of messages | |
EP2777217B1 (en) | Protocol for layer two multiple network links tunnelling | |
US7434045B1 (en) | Method and apparatus for indexing an inbound security association database | |
CN111698245A (en) | VxLAN security gateway and two-layer security network construction method based on state cryptographic algorithm | |
CN102932377B (en) | Method and device for filtering IP (Internet Protocol) message | |
JP2002504286A (en) | Virtual private network structure | |
US10044841B2 (en) | Methods and systems for creating protocol header for embedded layer two packets | |
US7346926B2 (en) | Method for sending messages over secure mobile communication links | |
CN107306198A (en) | Message forwarding method, equipment and system | |
CN106161386B (en) | Method and device for realizing IPsec (Internet protocol Security) shunt | |
Xu et al. | Research on network security of VPN technology | |
CN112600802B (en) | SRv6 encrypted message and SRv6 message encryption and decryption methods and devices | |
CN113746861B (en) | Data transmission encryption and decryption method and encryption and decryption system based on national encryption technology | |
JP2023531034A (en) | Service transmission method, device, network equipment and storage medium | |
US20130133063A1 (en) | Tunneling-based method of bypassing internet access denial | |
US11750581B1 (en) | Secure communication network | |
Zhang | The solution and management of VPN based IPSec technology | |
Yu et al. | Research on Collaborative Technology of IPv6 Protocol and Firewall Based on IPSec | |
Wu | Implementation of virtual private network based on IPSec protocol |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200922 |