CN112054893A - Sensitive information encryption method and system under micro-service framework - Google Patents
Sensitive information encryption method and system under micro-service framework Download PDFInfo
- Publication number
- CN112054893A CN112054893A CN202010784474.5A CN202010784474A CN112054893A CN 112054893 A CN112054893 A CN 112054893A CN 202010784474 A CN202010784474 A CN 202010784474A CN 112054893 A CN112054893 A CN 112054893A
- Authority
- CN
- China
- Prior art keywords
- node
- key
- encryption
- sensitive information
- received
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Strategic Management (AREA)
- Finance (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a method and a system for encrypting sensitive information under a micro-service framework, which dynamically generate a encryption-conversion key by using a main key and an access relation identifier stored in an encryption machine, wherein the encryption machine only needs to maintain a small number of mapping relations between the main key and an application-side key, and the key maintenance workload is greatly reduced.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a method and a system for encrypting sensitive information under a micro-service framework.
Background
At present, many companies use Spring Cloud and istio micro-service frameworks to carry out micro-service framework transformation. The microservice framework provides a generic security mechanism, but does not consider implementing an encrypted transport mechanism for sensitive fields at the application layer, such as the secure transport of payment passwords.
At present, in the process of implementing micro-service architecture transformation, in order to ensure the security of transaction password transmission, symmetric keys for encrypting sensitive information need to be agreed between any calling party node and any service party node in an application end and are stored in an encryption machine, the number of the keys stored in the encryption machine is greatly increased along with the gradual splitting of micro-services and the gradual construction of application systems, so that the searching efficiency is directly and continuously reduced, the key mapping relationship maintained by the application end is more complex along with the increase of the keys, and the workload of development and transformation is greatly increased.
Disclosure of Invention
In order to solve the defects of the prior art, the invention provides a method and a system for sensitive information encryption under a micro-service framework.
In order to achieve the above purpose, the technical scheme adopted by the invention comprises the following steps:
a sensitive information encryption method under a micro-service framework is characterized by comprising the following steps:
generating a decryption key by combining the access relation identification of the previous node and the current node with the master key to decrypt a received ciphertext sent to the current node by the previous node to obtain a transmitted ciphertext;
and generating an encryption key by combining the access relation identification of the current node and the next node with the master key to encrypt the transmission original text sent by the current node to the next node to obtain the transmission ciphertext.
Further, the access relation identification comprises an ordered combination of unique feature codes of the related nodes.
Further, the method further comprises:
when the current node does not have the previous node, the received ciphertext is generated by encrypting the transmission original text by adopting the current node private key, and a public key corresponding to the current node private key is used as a decryption key;
and when the current node does not have the next node, the transmission ciphertext is generated by encrypting the transmission original text by using the storage key appointed by the current node as an encryption key.
Further, the method further comprises:
the master key is selected from a master key group consisting of a plurality of master keys according to the master key identification for use.
Further, the master key identifier is transformed according to a preset time interval or a non-preset random time interval.
Further, the method further comprises:
before generating a decryption key and/or an encryption key, authority verification is carried out on the current node through a node identifier corresponding to the current node and a node authorization code, and the decryption key and/or the encryption key are/is generated only under the condition of passing the authority verification.
The invention also relates to a sensitive information encryption system under the micro-service framework, which is characterized by comprising a calling node, an intermediate node and a service node which are sequentially connected in data, and an encryption machine and a configuration center which are respectively connected with the calling node, the intermediate node and the service node in data;
the calling node is a sending node of sensitive information;
the intermediate node is a transfer node of sensitive information;
the service node is a use node of sensitive information;
the encryption machine performs encryption conversion operation on the sensitive information transmitted among the calling node, the intermediate node and the service node through the access relation identification and the main key;
the configuration center provides a master key identifier according to a preset time interval or a non-preset random time interval.
Further, the calling node encrypts a transmission original text of the sensitive information by using a calling node private key to obtain a receiving ciphertext, and packages and sends the receiving ciphertext to an encryption machine in combination with an access relation identifier of the calling node and a connected intermediate node, a node identifier and a node authorization code of the calling node and a main key identifier obtained from the configuration center; the intermediate node packs and sends a received ciphertext received from the previous node, the access relation identifier connected with the next node and the master key identifier obtained from the configuration center to an encryption machine; and the service node sends the received ciphertext received from the previous node, the access relation identifier of the connected previous node, the node identifier and the node authorization code of the service node and the storage key identifier appointed by the service node to the encryption machine.
Further, the transcrypting operation includes:
carrying out authority verification on the related nodes according to the received node identification and the node authorization code;
selecting a corresponding master key from the master key group according to the received master key identifier for use;
decrypting the received ciphertext by using the corresponding public key according to the received calling node private key;
encrypting the sensitive information by using a corresponding storage key according to the received appointed storage key identification;
and generating an encryption key or a decryption key by combining the received access relation identifier with the master key to encrypt or decrypt the sensitive information.
Further, the number of the intermediate nodes is zero, one or more, and when the number of the intermediate nodes is multiple, the intermediate nodes are sequentially connected in series.
The invention has the beneficial effects that:
by adopting the method and the system for sensitive information transcrypting under the micro-service framework, the access relation identification is combined with the master key to generate the decryption key/the encryption key to carry out transcrypting operation on the sensitive information in the transmission process, so that the problem of excessive number of keys caused by the fact that symmetric keys must be mutually stored among all nodes under the micro-service framework can be avoided, the encryption machine can complete transcrypting operation only by maintaining a small number of master keys to ensure the safety of the sensitive information transmission process, and the key maintenance workload and the application development and reconstruction workload are greatly reduced.
Drawings
Fig. 1 is a schematic flow chart of an embodiment of a method for encrypting sensitive information in a micro service framework according to the present invention.
Fig. 2 is a schematic structural diagram of an embodiment of a sensitive information encryption system under the micro service framework.
Detailed Description
For a clearer understanding of the contents of the present invention, reference will be made to the accompanying drawings and examples.
Fig. 1 shows a flow of a preferred embodiment of the method for encrypting sensitive information under the micro service framework, which includes the following steps:
s1, configuring the key appointed by the calling node and the preorder node in the encryption machine, configuring the key appointed by the service node and the calling node, configuring the key appointed by the service node and the postorder node, and configuring the using node identification and the authorization code for the calling node and the service node respectively to provide the right of accessing the encryption machine.
S2, after receiving the message containing sensitive information (such as payment password) from the preorder node, the calling node sends request information for obtaining the main key identification to the configuration center.
S3, the configuration center returns the master key identification to the calling node; the configuration center supports regular and irregular rotation of the master key and pushing of the master key identification to the calling node.
S4, the calling node sends the input parameters such as the main key identification, the access relation identification, the node identification, the authorization code, the sensitive information (such as payment password) data and the like to the encryption machine; in particular, the encryption machine can be called to provide a transcrypted SDK software package, and the encryption machine can be accessed through an interface provided by the SDK software package.
S5, after receiving the input parameters, the encryption machine analyzes the parameters: the encryption machine firstly utilizes the node identification and the authorization code to verify the access authority of the calling node, then utilizes the access relation identification of the preorder node and the calling node and the main key corresponding to the main key identification to dynamically generate a decryption key, then uses the decryption key to decrypt sensitive information (such as payment password) ciphertext into original text, then utilizes the access relation identification of the calling node and the service node and the main key corresponding to the main key identification to dynamically generate an encryption key, then uses the key to encrypt the sensitive information (such as the payment password) original text into the ciphertext, then returns the ciphertext to the encryption-transferring SDK software package, and then returns the ciphertext to the calling node.
And S6, after the calling node receives the encrypted ciphertext, assembling a request message and initiating a request to the service node.
S7, after receiving the ciphertext message containing the sensitive information (such as the payment password), the service node calls the configuration center interface to obtain the main key identification information.
S8, the configuration center returns the main key identification information to the service node; the configuration center supports the regular rotation of the master key and the pushing of the master key identification to the service node.
S9, the service node sends the input parameters such as the main key identification, the access relation identification, the node identification, the authorization code, the sensitive information (such as payment password) data and the like to the encryption machine; in particular, the transcrypted SDK package provided by the encryption engine may be invoked.
S10, after receiving the input parameters, the encryption conversion interface of the encryption machine analyzes the parameters, the encryption machine firstly uses the node identification and the authorization code to verify the access authority of the service node, uses the access relation identification of the calling node and the service node and the main key corresponding to the main key identification to dynamically generate a decryption key, then uses the key to decrypt sensitive information (such as a payment password) ciphertext data into an original text, then uses the access relation identification of the service node and a subsequent node and the main key corresponding to the main key identification to dynamically generate an encryption key, then uses the key to encrypt the sensitive information (such as the payment password) original text into the ciphertext, returns the ciphertext to the encryption conversion SDK software package, and then returns to the service node.
And S11, the service node processes the encrypted data or requests the background service to process the sensitive information (such as payment password) ciphertext and then returns the processing result to the calling node.
In the above embodiment, the case where the calling node is directly connected to the service node is given, the above steps may also be referred to for the case where there is an intermediate node connection between the calling node and the service node, and the sensitive information encryption operation of any intermediate node may be implemented by repeating steps S3 to S10, so as to ensure the security of the sensitive information in the whole transmission process.
As shown in fig. 2, an embodiment structure of a transcrypting system is shown in the case that an intermediate node exists between a calling node and a service node, and includes the calling node, the intermediate node, and the service node which are sequentially connected by data, and an encryptor and a configuration center which are respectively connected by data with the calling node, the intermediate node, and the service node. The complete data flow process between the parts in the system is shown in the figures from P1 to P15, wherein: p1 requests the master key identification from the configuration center on behalf of the calling node; p2 returns the master key identification to the calling node on behalf of the configuration center; p3 represents calling node to send packed data to the encryptor; p4 represents the enciphering machine to return the enciphered cipher text to the calling node; p5 represents the calling node sending the ciphertext to the intermediate node; p6 requests the master key identification from the configuration center on behalf of the intermediate node; p7 returns the master key identification to the intermediate node on behalf of the configuration center; p8 represents the intermediate node sending the packaged data to the encryptor; p9 represents the enciphering machine to return the enciphered cipher text to the intermediate node; p10 represents the intermediate node sending the ciphertext to the service node; p11 requests a master key identification from the configuration center on behalf of the service node; p12 returns a master key identification to the service node on behalf of the configuration center; p13 sends the packaged data to the encryptor on behalf of the service node; p14 represents the encryptor to return the encrypted ciphertext to the service node; p15 returns the sensitive information processing results to the calling node on behalf of the serving node. The operation of the transcryption method can be realized by using the system.
For further explanation of the present invention, the following process of paying the check password at the online bank by the user is taken as an example to specifically explain the encryption operation process according to the present invention.
After a user inputs a payment password on an online bank page, the online bank application needs to transmit the payment password to a core system through an encryption conversion mechanism, the core system compares the payment password with the payment password in a database for verification, and subsequent processing can be performed after the verification is passed, in the process, the payment password of the user belongs to sensitive information, and the safety of a transmission process needs to be ensured.
1) After the user logs in the internet bank, the user uses the transfer function to request the input of a payment password, and the front-end page encrypts the payment password.
2) The internet bank background (calling node) receives a payment password submitted by a user and then requests a main key identification from the configuration center, and then calls a transfer encryption SDK software package interface by using parameters such as the main key identification, an access relation identification, the node identification, an authorization code, data to be encrypted and the like, and the SDK software package forwards a request to the encryption machine.
3) After the encryption machine completes authority verification, the encryption conversion module firstly decrypts by using a key agreed by the front-end page of the internet bank and the internet bank background, then dynamically generates an encryption key by using an access relation identifier and a main key of the internet bank background and a core system (service node), encrypts a payment password by using the key to generate a payment password ciphertext and returns the payment password ciphertext to the internet bank background.
4) And the internet bank background sends the encrypted payment cipher ciphertext to the core system in a request message mode.
5) The core system requests a main key identification from the configuration center after receiving the request message, and then calls a transfer encryption SDK software package interface by using parameters such as the main key identification, the access relation identification of the internet bank background and the core system, the node identification, the authorization code, the payment cipher ciphertext data and the like, and the SDK software package forwards the request to the encryption machine.
6) After the encryption machine completes authority verification, the encryption conversion module firstly uses a secret key agreed by the internet bank background and the core system to decrypt, and then uses a storage secret key of the core system to encrypt the payment password to generate a payment password ciphertext and returns the payment password ciphertext to the core system.
7) And the core system compares the payment password ciphertext with the ciphertext in the database to perform account processing, and finally returns a processing result to the online bank background, and the online bank background displays the processing result to the online bank front end.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A sensitive information encryption method under a micro-service framework is characterized by comprising the following steps:
generating a decryption key by combining the access relation identification of the previous node and the current node with the master key to decrypt a received ciphertext sent to the current node by the previous node to obtain a transmitted ciphertext;
and generating an encryption key by combining the access relation identification of the current node and the next node with the master key to encrypt the transmission original text sent by the current node to the next node to obtain the transmission ciphertext.
2. The method of claim 1, wherein the access relationship identification comprises an ordered combination of related node unique feature codes.
3. The method of claim 2, wherein the method further comprises:
when the current node does not have the previous node, the received ciphertext is generated by encrypting the transmission original text by adopting the current node private key, and a public key corresponding to the current node private key is used as a decryption key;
and when the current node does not have the next node, the transmission ciphertext is generated by encrypting the transmission original text by using the storage key appointed by the current node as an encryption key.
4. The method of claim 3, wherein the method further comprises:
the master key is selected from a master key group consisting of a plurality of master keys according to the master key identification for use.
5. The method of claim 4, wherein the master key identification is transformed according to a preset time interval or a non-preset random time interval.
6. The method of claim 3, wherein the method further comprises:
before generating a decryption key and/or an encryption key, authority verification is carried out on the current node through a node identifier corresponding to the current node and a node authorization code, and the decryption key and/or the encryption key are/is generated only under the condition of passing the authority verification.
7. A sensitive information encryption system under a micro-service framework is characterized by comprising a calling node, an intermediate node and a service node which are sequentially connected in data, and an encryption machine and a configuration center which are respectively connected with the calling node, the intermediate node and the service node in data;
the calling node is a sending node of sensitive information;
the intermediate node is a transfer node of sensitive information;
the service node is a use node of sensitive information;
the encryption machine performs encryption conversion operation on the sensitive information transmitted among the calling node, the intermediate node and the service node through the access relation identification and the main key;
the configuration center provides a master key identifier according to a preset time interval or a non-preset random time interval.
8. The system of claim 7, wherein the calling node encrypts a transmission text of the sensitive information by using a calling node private key to obtain a received ciphertext, and packages and sends the received ciphertext to the encryptor by combining an access relationship identifier of the calling node and a connected intermediate node, a node identifier and a node authorization code of the calling node and a master key identifier obtained from the configuration center; the intermediate node packs and sends a received ciphertext received from the previous node, the access relation identifier connected with the next node and the master key identifier obtained from the configuration center to an encryption machine; and the service node sends the received ciphertext received from the previous node, the access relation identifier of the connected previous node, the node identifier and the node authorization code of the service node and the storage key identifier appointed by the service node to the encryption machine.
9. The system of claim 7, wherein the transcrypting operation comprises:
carrying out authority verification on the related nodes according to the received node identification and the node authorization code;
selecting a corresponding master key from the master key group according to the received master key identifier for use;
decrypting the received ciphertext by using the corresponding public key according to the received calling node private key;
encrypting the sensitive information by using a corresponding storage key according to the received appointed storage key identification;
and generating an encryption key or a decryption key by combining the received access relation identifier with the master key to encrypt or decrypt the sensitive information.
10. The system of any one of claims 7 to 9, wherein the intermediate nodes are zero, one, or more.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010784474.5A CN112054893B (en) | 2020-08-06 | 2020-08-06 | Sensitive information encryption method and system under micro-service framework |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010784474.5A CN112054893B (en) | 2020-08-06 | 2020-08-06 | Sensitive information encryption method and system under micro-service framework |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112054893A true CN112054893A (en) | 2020-12-08 |
| CN112054893B CN112054893B (en) | 2022-10-25 |
Family
ID=73602138
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010784474.5A Active CN112054893B (en) | 2020-08-06 | 2020-08-06 | Sensitive information encryption method and system under micro-service framework |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112054893B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114884655A (en) * | 2022-05-05 | 2022-08-09 | 中电金信软件有限公司 | Data processing method and device, electronic equipment and readable storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105516059A (en) * | 2014-09-25 | 2016-04-20 | 阿里巴巴集团控股有限公司 | Resource access control method and device |
| EP3117357A1 (en) * | 2014-03-12 | 2017-01-18 | Samsung Electronics Co., Ltd. | System and method of encrypting folder in device |
| CN110457930A (en) * | 2019-08-16 | 2019-11-15 | 上海海事大学 | The attribute base encryption method and system of the hiding traceable revocation malicious user of strategy |
| CN111104691A (en) * | 2019-11-28 | 2020-05-05 | 贝壳技术有限公司 | Sensitive information processing method and device, storage medium and equipment |
-
2020
- 2020-08-06 CN CN202010784474.5A patent/CN112054893B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3117357A1 (en) * | 2014-03-12 | 2017-01-18 | Samsung Electronics Co., Ltd. | System and method of encrypting folder in device |
| CN105516059A (en) * | 2014-09-25 | 2016-04-20 | 阿里巴巴集团控股有限公司 | Resource access control method and device |
| CN110457930A (en) * | 2019-08-16 | 2019-11-15 | 上海海事大学 | The attribute base encryption method and system of the hiding traceable revocation malicious user of strategy |
| CN111104691A (en) * | 2019-11-28 | 2020-05-05 | 贝壳技术有限公司 | Sensitive information processing method and device, storage medium and equipment |
Non-Patent Citations (2)
| Title |
|---|
| 王金宝: "网上银行系统数据加密方式分析与应用", 《科技资讯》 * |
| 黄穗等: ""基于CP-ABE和区块链的数据安全共享方法"", 《计算机系统应用》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114884655A (en) * | 2022-05-05 | 2022-08-09 | 中电金信软件有限公司 | Data processing method and device, electronic equipment and readable storage medium |
| CN114884655B (en) * | 2022-05-05 | 2023-09-12 | 中电金信软件有限公司 | Data processing method, device, electronic equipment and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112054893B (en) | 2022-10-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101855860B (en) | Systems and methods for managing cryptographic keys | |
| US20120054491A1 (en) | Re-authentication in client-server communications | |
| US20080263645A1 (en) | Privacy identifier remediation | |
| CN106650482A (en) | Electronic file encryption method and device, electronic file decryption method and device and electronic file encryption and decryption system | |
| CN110889696A (en) | Storage method, device, equipment and medium for alliance block chain secret key based on SGX technology | |
| CN111262852B (en) | Business card signing and issuing method and system based on block chain | |
| CN108809936B (en) | Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof | |
| CN110224976A (en) | A kind of encryption communication method, device and computer readable storage medium | |
| CN111865609A (en) | Private cloud platform data encryption and decryption system based on state cryptographic algorithm | |
| CN108881240B (en) | Member privacy data protection method based on block chain | |
| CN109039598A (en) | Data transfer encryption method, client and server-side | |
| CN101639957A (en) | Method and terminal for realizing loading or unloading as well as banking system | |
| CN112054893B (en) | Sensitive information encryption method and system under micro-service framework | |
| CN112865965B (en) | Train service data processing method and system based on quantum key | |
| CN112532387B (en) | Key service operation system and method thereof | |
| CN113645235A (en) | Distributed data encryption and decryption system and encryption and decryption method | |
| EP4205347A1 (en) | Data management and encryption in a distributed computing system | |
| CN116170131B (en) | Ciphertext processing method, ciphertext processing device, storage medium and trusted execution device | |
| CN116707778A (en) | Data hybrid encryption transmission method and device and electronic equipment | |
| CN100561913C (en) | A kind of method of access code equipment | |
| CN114978769B (en) | Unidirectional leading-in device, unidirectional leading-in method, unidirectional leading-in medium and unidirectional leading-in equipment | |
| US11436351B1 (en) | Homomorphic encryption of secure data | |
| WO2022250716A1 (en) | Data management and encryption in a distributed computing system | |
| CN112039663A (en) | Data transmission method and system | |
| JPH08139718A (en) | Cipher device and inter-terminal communication method using the cipher device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |