CN112104611A - CC attack protection management method - Google Patents
CC attack protection management method Download PDFInfo
- Publication number
- CN112104611A CN112104611A CN202010844828.0A CN202010844828A CN112104611A CN 112104611 A CN112104611 A CN 112104611A CN 202010844828 A CN202010844828 A CN 202010844828A CN 112104611 A CN112104611 A CN 112104611A
- Authority
- CN
- China
- Prior art keywords
- client
- address
- connection
- attack
- tcp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Abstract
The invention discloses a method for CC attack protection management, comprising the following steps of S1: the method comprises the steps that firstly, after a server receives a TCP connection request initiated by a client, the IP address of the client is obtained according to the TCP connection request, a black and white list is searched, and whether the IP address of the current client is in the black and white list or not is judged. According to the method for CC attack protection management, by setting CC attack judgment, newly-built connection rate detection, parallel connection number detection, slow connection rate detection and abnormal session detection, a service request initiated by a normal client and a distributed denial of service attack initiated by a CC attack client can be effectively distinguished, the IP address of a malicious attack client can be effectively added into a blacklist to reject all subsequent connection requests of the malicious attack client, meanwhile, normal connection release can be carried out after the normal client is distinguished, and the protection effect is good.
Description
Technical Field
The invention relates to the technical field of CC attack protection, in particular to a method for CC attack protection management.
Background
The CC attack is a distributed denial of service attack aiming at consuming the connection resources of the server, the attack does not use false IP, and an attacker initiates a large number of connection requests to connect the server through an attack tool or a botnet to exhaust the connection resources of the server, thereby causing the failure of the establishment of normal connection requests. Because the requests are effective and conform to the protocol of network communication, the traditional network security equipment is difficult to identify and filter the requests, so that the requests occupy a large amount of resources of the server, the server cannot respond to the service request initiated by a normal client, and the purpose of attack is achieved. The attack means of the CC attack generally has the following two cases: one is to establish network connections with the attack target at a higher rate in a shorter time so that the number of connections opened by the attack target exceeds its upper resource limit. The other is that the number of connections established with the attack target in a certain time is normal, namely, network connection is established with the attack target at a fixed or variable low connection rate in a continuous time, but established successful connections are not released, so that the number of connections opened by the attack target exceeds the resource upper limit of the attack target.
The existing protection method for CC attack generally limits the connection request rate initiated by the client and the number of connection requests initiated by the server responding to the client, so as to limit the number of clients connected by the server, and thus, a large number of resources of the server cannot be occupied by a large number of puppet machines in the CC attack.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a CC attack protection management method, which solves the problems that the existing CC attack protection method can cause that a server refuses a normal service request initiated by a client when the number of connections initiated by a response client of the server reaches a limit number, and the protection effect is not good enough.
(II) technical scheme
In order to achieve the purpose, the invention is realized by the following technical scheme: a method for CC attack protection management specifically comprises the following steps:
s1, black and white list judgment: firstly, after a server receives a TCP connection request initiated by a client, the server acquires the IP address of the client according to the TCP connection request, searches a black and white list, and determines whether the IP address of the current client is in the black and white list or not, and if the search result is that the IP address of the current client is not in the white list or the black list, the server continues to execute the following steps;
s2, CC attack judgment: determining whether the TCP connection request of the client is CC attack or not according to the geographical position of the IP address of the client, wherein the IP address is the IP address of a non-preset region, determining that the TCP connection request of the client is CC attack, and refusing the access request of the client;
s3, detecting the new connection rate: checking a newly-built connection rate of the client IP address, and judging the client IP address as an attack source when the number of TCP newly-built connections initiated by the client IP address in a preset checking period is greater than a preset threshold after the client IP address is checked for the newly-built connection rate;
s4, parallel connection number detection: checking the parallel connection number of the client IP address, and judging the client IP address as an attack source when the TCP parallel connection number of the client IP address is greater than a preset threshold value after the client IP address parallel connection number is checked;
s5, detecting the slow connection rate: carrying out slow connection rate check on the IP address of the client, counting the connection times of the same IP address of the client to the same target IP address after the slow connection rate check, judging that the TCP slow connection attack is carried out if the continuous connection times are the same and exceed a preset threshold value within each counting time interval, and judging the source IP address as an attack source;
s6, abnormal conversation detection: and carrying out abnormal session check on the IP address of the client, and judging the source IP address as an attack source when the connection number of TCP abnormal sessions initiated by the IP address of the client is greater than a preset threshold value in a preset check period.
Preferably, in S1, the IP address search result of the client indicates that the IP address of the current client is in the white list, the client connection request is directly released without performing the following procedure, and the IP address search result indicates that the IP address of the current client is in the black list, without performing the following procedure, the client access request is directly denied.
Preferably, each client in S2 has a unique IP address, obtains the geographic location of the corresponding client through the IP address of the client, compares the geographic location with a preset geographic location range of a normal client, determines whether the TCP connection request of the client is a CC attack, and performs new connection rate detection on the IP address of the client.
Preferably, in S3, determining that the client IP address is an attack source, adding the client IP to a blacklist, rejecting all connection requests subsequent to the client IP address, determining that the client IP address is not an attack source, and performing parallel connection number detection on the client IP address.
Preferably, in S4, determining that the client IP address is an attack source, adding the client IP to a blacklist, rejecting all subsequent connection requests of the client IP address, determining that the client IP address is not an attack source, and performing slow connection rate detection on the client IP address.
Preferably, in S5, determining that the client IP address is an attack source, adding the client IP to a blacklist, rejecting all subsequent connection requests of the client IP address, determining that the client IP address is not an attack source, and performing abnormal session detection on the client IP address.
Preferably, in S6, determining that the client IP address is an attack source, adding the client IP to a blacklist, rejecting all connection requests subsequent to the client IP address, determining that the client IP address is not an attack source, and passing the client connection request to the client IP address.
Preferably, the basis for determining the TCP abnormal session in S6 may be divided into an empty connection, a retransmission session check and a slow start connection check, where the empty connection is that, in a preset check period, the number of packets passing through a certain TCP connection is smaller than a threshold, the connection is determined to be an abnormal connection, the retransmission session check is that, when the number of packets passing through a certain TCP connection is larger than a preset threshold, the connection is determined to be an abnormal connection, and the slow start connection check is that, when a window value of packets passing through a certain TCP connection is smaller than a preset threshold, the connection is determined to be an abnormal connection.
(III) advantageous effects
The invention provides a CC attack protection management method. Compared with the prior art, the method has the following beneficial effects: the CC attack protection management method judges through a black list and a white list at S1: firstly, after a server receives a TCP connection request initiated by a client, the server acquires the IP address of the client according to the TCP connection request, searches a black and white list, and determines whether the IP address of the current client is in the black and white list or not, and if the search result is that the IP address of the current client is not in the white list or the black list, the server continues to execute the following steps; s2, CC attack judgment: determining whether the TCP connection request of the client is CC attack or not according to the geographical position of the IP address of the client, wherein the IP address is the IP address of a non-preset region, determining that the TCP connection request of the client is CC attack, and refusing the access request of the client; s3, detecting the new connection rate: at the moment, the newly-established connection rate of the IP address of the client is checked, after the newly-established connection rate of the IP address of the client is checked, the number of newly-established TCP connections initiated by the IP address of the client in a preset checking period is larger than a preset threshold value, the IP address of the client is judged as an attack source, a normal service request initiated by the client and a distributed denial of service attack initiated by a CC attack client can be effectively distinguished by setting CC attack judgment, newly-established connection rate detection, parallel connection number detection, slow connection rate detection and abnormal session detection, the IP address of a malicious attack client can be effectively added into a blacklist to reject all subsequent connection requests of the malicious attack client, the use is more convenient, the normal connection release can be carried out after the normal client is distinguished, and the connection service between the client and the normal client is ensured, the protection effect is good, and the practicability of the CC attack protection management method is improved.
Drawings
FIG. 1 is a process flow diagram of CC attack protection management according to the present invention;
FIG. 2 is a schematic block diagram of CC attack protection according to the present invention;
FIG. 3 is a logic diagram of the CC attack protection of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-3, an embodiment of the present invention provides a technical solution: a method for CC attack protection management specifically comprises the following steps:
s1, black and white list judgment: firstly, after a server receives a TCP connection request initiated by a client, the server acquires the IP address of the client according to the TCP connection request, searches a black and white list, and determines whether the IP address of the current client is in the black and white list or not, and if the search result is that the IP address of the current client is not in the white list or the black list, the server continues to execute the following steps;
s2, CC attack judgment: determining whether the TCP connection request of the client is CC attack or not according to the geographical position of the IP address of the client, wherein the IP address is the IP address of a non-preset region, determining that the TCP connection request of the client is CC attack, and refusing the access request of the client;
s3, detecting the new connection rate: checking a newly-built connection rate of the client IP address, and judging the client IP address as an attack source when the number of TCP newly-built connections initiated by the client IP address in a preset checking period is greater than a preset threshold after the client IP address is checked for the newly-built connection rate;
s4, parallel connection number detection: checking the parallel connection number of the client IP address, and judging the client IP address as an attack source when the TCP parallel connection number of the client IP address is greater than a preset threshold value after the client IP address parallel connection number is checked;
s5, detecting the slow connection rate: carrying out slow connection rate check on the IP address of the client, counting the connection times of the same IP address of the client to the same target IP address after the slow connection rate check, judging that the TCP slow connection attack is carried out if the continuous connection times are the same and exceed a preset threshold value within each counting time interval, and judging the source IP address as an attack source;
s6, abnormal conversation detection: and carrying out abnormal session check on the IP address of the client, and judging the source IP address as an attack source when the connection number of TCP abnormal sessions initiated by the IP address of the client is greater than a preset threshold value in a preset check period.
In the invention, the IP address search result of the client in S1 shows that the IP address of the current client is in the white list, the client connection request is directly released without the following process, the IP address of the current client is displayed in the black list without the following process, and the client access request is directly refused.
In the invention, each client in S2 has a unique IP address, the geographical position of the corresponding client is obtained through the IP address of the client, and is compared with the preset geographical position range of the normal client, whether the TCP connection request of the client is CC attack or not is determined, and the new connection speed detection is carried out on the IP address of the client.
In the invention, the IP address of the client is judged to be an attack source in S3, the IP of the client is added into a blacklist, all subsequent connection requests of the IP address of the client are rejected, the IP address of the client is judged not to be the attack source, and the parallel connection number detection is carried out on the IP address of the client.
In the invention, the IP address of the client is judged to be an attack source in S4, the IP of the client is added into a blacklist, all subsequent connection requests of the IP address of the client are rejected, the IP address of the client is judged not to be the attack source, and the slow connection rate detection is carried out on the IP address of the client.
In the invention, the IP address of the client is judged to be an attack source in S5, the IP of the client is added into a blacklist, all subsequent connection requests of the IP address of the client are rejected, the IP address of the client is judged not to be the attack source, and abnormal session detection is carried out on the IP address of the client.
In the invention, the IP address of the client is judged to be an attack source in S6, the IP of the client is added into a blacklist, all connection requests subsequent to the IP address of the client are rejected, the IP address of the client is judged not to be the attack source, and the connection request of the client is released for the IP address of the client.
In the present invention, the basis for determining the TCP abnormal session in S6 may be divided into null connection, retransmission session check and slow-start connection check, where the null connection is that, in a preset check period, the number of packets passing through a certain TCP connection is less than a threshold, the connection is determined to be an abnormal connection, the retransmission session check is that, when the number of retransmission packets on a certain TCP connection is greater than a preset threshold, the connection is determined to be an abnormal connection, and the slow-start connection check is that, when the window value of packets passing through a certain TCP connection is less than a preset threshold, the connection is determined to be an abnormal connection.
And those not described in detail in this specification are well within the skill of those in the art.
In summary, by setting the CC attack determination, the newly-established connection rate detection, the parallel connection number detection, the slow connection rate detection and the abnormal session detection, the service request initiated by the normal client and the distributed denial of service attack initiated by the CC attack client can be effectively distinguished, and the IP address of the malicious attack client can be effectively added into the blacklist to reject all subsequent connection requests of the malicious attack client, so that the use is more convenient, and the normal connection release can be performed after the normal client is distinguished, thereby ensuring the connection service between the client and the normal client, ensuring a better protection effect, and improving the practicability of the CC attack protection management method.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (8)
1. A method for CC attack protection management is characterized in that: the method specifically comprises the following steps:
s1, black and white list judgment: firstly, after a server receives a TCP connection request initiated by a client, the server acquires the IP address of the client according to the TCP connection request, searches a black and white list, and determines whether the IP address of the current client is in the black and white list or not, and if the search result is that the IP address of the current client is not in the white list or the black list, the server continues to execute the following steps;
s2, CC attack judgment: determining whether the TCP connection request of the client is CC attack or not according to the geographical position of the IP address of the client, wherein the IP address is the IP address of a non-preset region, determining that the TCP connection request of the client is CC attack, and refusing the access request of the client;
s3, detecting the new connection rate: checking a newly-built connection rate of the client IP address, and judging the client IP address as an attack source when the number of TCP newly-built connections initiated by the client IP address in a preset checking period is greater than a preset threshold after the client IP address is checked for the newly-built connection rate;
s4, parallel connection number detection: checking the parallel connection number of the client IP address, and judging the client IP address as an attack source when the TCP parallel connection number of the client IP address is greater than a preset threshold value after the client IP address parallel connection number is checked;
s5, detecting the slow connection rate: carrying out slow connection rate check on the IP address of the client, counting the connection times of the same IP address of the client to the same target IP address after the slow connection rate check, judging that the TCP slow connection attack is carried out if the continuous connection times are the same and exceed a preset threshold value within each counting time interval, and judging the source IP address as an attack source;
s6, abnormal conversation detection: and carrying out abnormal session check on the IP address of the client, and judging the source IP address as an attack source when the connection number of TCP abnormal sessions initiated by the IP address of the client is greater than a preset threshold value in a preset check period.
2. The method of claim 1, wherein the method comprises: in S1, the IP address search result of the client indicates that the IP address of the current client is in the white list, the client connection request is directly released without performing the following procedure, and the IP address of the current client is indicated in the black list without performing the following procedure, and the client access request is directly denied.
3. The method of claim 1, wherein the method comprises: and each client in the S2 has a unique IP address, the geographic position of the corresponding client is obtained through the IP address of the client, the geographic position is compared with the preset geographic position range of the normal client, whether the TCP connection request of the client is CC attack or not is determined, and the newly-built connection rate detection is carried out on the IP address of the client.
4. The method of claim 1, wherein the method comprises: and in the step S3, determining that the client IP address is an attack source, adding the client IP to a blacklist list, rejecting all connection requests subsequent to the client IP address, determining that the client IP address is not an attack source, and performing parallel connection number detection on the client IP address.
5. The method of claim 1, wherein the method comprises: and in the step S4, determining that the client IP address is an attack source, adding the client IP to a blacklist, rejecting all subsequent connection requests of the client IP address, determining that the client IP address is not an attack source, and performing slow connection rate detection on the client IP address.
6. The method of claim 1, wherein the method comprises: and in the step S5, determining that the client IP address is an attack source, adding the client IP to a blacklist list, rejecting all subsequent connection requests of the client IP address, determining that the client IP address is not an attack source, and performing abnormal session detection on the client IP address.
7. The method of claim 1, wherein the method comprises: and in the step S6, determining that the client IP address is an attack source, adding the client IP to a blacklist list, rejecting all connection requests subsequent to the client IP address, determining that the client IP address is not an attack source, and releasing the client connection request for the client IP address.
8. The method of claim 1, wherein the method comprises: the basis for determining the TCP abnormal session in S6 may be null connection, retransmission session check, and slow start connection check, where the null connection is that, in a preset check period, the number of packets passing through a certain TCP connection is less than a threshold, the connection is determined to be an abnormal connection, the retransmission session check is that, when the number of packets passing through a certain TCP connection is greater than a preset threshold, the connection is determined to be an abnormal connection, and the slow start connection check is that, when the window value of packets passing through a certain TCP connection is less than a preset threshold, the connection is determined to be an abnormal connection.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010844828.0A CN112104611A (en) | 2020-08-20 | 2020-08-20 | CC attack protection management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010844828.0A CN112104611A (en) | 2020-08-20 | 2020-08-20 | CC attack protection management method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112104611A true CN112104611A (en) | 2020-12-18 |
Family
ID=73753252
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010844828.0A Pending CN112104611A (en) | 2020-08-20 | 2020-08-20 | CC attack protection management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112104611A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113141376A (en) * | 2021-05-08 | 2021-07-20 | 四川英得赛克科技有限公司 | Malicious IP scanning detection method and device, electronic equipment and storage medium |
| CN113395277A (en) * | 2021-06-10 | 2021-09-14 | 工银科技有限公司 | Method, device, system and medium for dynamically adjusting quasi-blacklist and blacklist |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130055375A1 (en) * | 2011-08-29 | 2013-02-28 | Arbor Networks, Inc. | Method and Protection System for Mitigating Slow HTTP Attacks Using Rate and Time Monitoring |
| CN104113559A (en) * | 2014-08-13 | 2014-10-22 | 浪潮电子信息产业股份有限公司 | Method for resisting tcp full-link attack |
| CN106330911A (en) * | 2016-08-25 | 2017-01-11 | 广东睿江云计算股份有限公司 | CC (Challenge Collapsar) attack protection method and device |
| CN106789983A (en) * | 2016-12-08 | 2017-05-31 | 北京安普诺信息技术有限公司 | A kind of CC attack defense methods and its system of defense |
| CN109818970A (en) * | 2019-03-07 | 2019-05-28 | 腾讯科技(深圳)有限公司 | A kind of data processing method and device |
| CN110855717A (en) * | 2019-12-05 | 2020-02-28 | 浙江军盾信息科技有限公司 | Method, device and system for protecting equipment of Internet of things |
| CN111327615A (en) * | 2020-02-21 | 2020-06-23 | 浙江德迅网络安全技术有限公司 | CC attack protection method and system |
-
2020
- 2020-08-20 CN CN202010844828.0A patent/CN112104611A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130055375A1 (en) * | 2011-08-29 | 2013-02-28 | Arbor Networks, Inc. | Method and Protection System for Mitigating Slow HTTP Attacks Using Rate and Time Monitoring |
| CN104113559A (en) * | 2014-08-13 | 2014-10-22 | 浪潮电子信息产业股份有限公司 | Method for resisting tcp full-link attack |
| CN106330911A (en) * | 2016-08-25 | 2017-01-11 | 广东睿江云计算股份有限公司 | CC (Challenge Collapsar) attack protection method and device |
| CN106789983A (en) * | 2016-12-08 | 2017-05-31 | 北京安普诺信息技术有限公司 | A kind of CC attack defense methods and its system of defense |
| CN109818970A (en) * | 2019-03-07 | 2019-05-28 | 腾讯科技(深圳)有限公司 | A kind of data processing method and device |
| CN110855717A (en) * | 2019-12-05 | 2020-02-28 | 浙江军盾信息科技有限公司 | Method, device and system for protecting equipment of Internet of things |
| CN111327615A (en) * | 2020-02-21 | 2020-06-23 | 浙江德迅网络安全技术有限公司 | CC attack protection method and system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113141376A (en) * | 2021-05-08 | 2021-07-20 | 四川英得赛克科技有限公司 | Malicious IP scanning detection method and device, electronic equipment and storage medium |
| CN113395277A (en) * | 2021-06-10 | 2021-09-14 | 工银科技有限公司 | Method, device, system and medium for dynamically adjusting quasi-blacklist and blacklist |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101136922B (en) | Service stream recognizing method, device and distributed refusal service attack defending method, system | |
| US9288218B2 (en) | Securing an accessible computer system | |
| CN108521408B (en) | Method and device for resisting network attack, computer equipment and storage medium | |
| US7373663B2 (en) | Secret hashing for TCP SYN/FIN correspondence | |
| US20030226034A1 (en) | Secret hashing for TCP SYN/ FIN correspondence | |
| CN109327426A (en) | A kind of firewall attack defense method | |
| JP2006512856A (en) | System and method for detecting and tracking DoS attacks | |
| CN110830447A (en) | SPA single packet authorization method and device | |
| CN111212096B (en) | Method, device, storage medium and computer for reducing IDC defense cost | |
| JP2004507978A (en) | System and method for countering denial of service attacks on network nodes | |
| CN108605264B (en) | Method and apparatus for network management | |
| CN112104611A (en) | CC attack protection management method | |
| US7464410B1 (en) | Protection against flooding of a server | |
| CN106713220A (en) | DDOS-attack-based prevention method and device | |
| CN110266650A (en) | The recognition methods of Conpot industry control honey jar | |
| CN107800723A (en) | CC attack guarding methods and equipment | |
| CN108667829A (en) | A kind of means of defence of network attack, device and storage medium | |
| CN110830444A (en) | Method and device for single-packet enhanced security verification | |
| KR100950900B1 (en) | Protection Method and System for Distributed Denial of Service Attack | |
| CN107547561B (en) | Method and device for carrying out DDOS attack protection processing | |
| CN107566418B (en) | Security management method and access device | |
| CN111565196B (en) | KNXnet/IP protocol intrusion detection method, device, equipment and medium | |
| CN113810347B (en) | Service mode switching method and system under SDP architecture | |
| CN113660666B (en) | Bidirectional request response detection method for man-in-the-middle attack | |
| EP4037361A1 (en) | System and method for securing a communication network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201218 |
|
| RJ01 | Rejection of invention patent application after publication |