CN112231720B - Positioning method for forced access control rule hiding formulator - Google Patents
Positioning method for forced access control rule hiding formulator Download PDFInfo
- Publication number
- CN112231720B CN112231720B CN202010991757.7A CN202010991757A CN112231720B CN 112231720 B CN112231720 B CN 112231720B CN 202010991757 A CN202010991757 A CN 202010991757A CN 112231720 B CN112231720 B CN 112231720B
- Authority
- CN
- China
- Prior art keywords
- access control
- control rule
- mandatory access
- abnormal
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 230000002159 abnormal effect Effects 0.000 claims abstract description 63
- 230000008569 process Effects 0.000 claims abstract description 42
- 238000012544 monitoring process Methods 0.000 claims description 21
- 239000011159 matrix material Substances 0.000 description 5
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 3
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000009472 formulation Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/106—Enforcing content protection by specific content processing
- G06F21/1066—Hiding content
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2145—Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
Abstract
The invention discloses a positioning method for a forced access control rule hiding maker. Detecting an abnormal condition caused by the abnormal mandatory access control rule; determining an abnormal mandatory access control rule according to an abnormal condition, analyzing the content of the abnormal mandatory access control rule to obtain resources and processes defined by the abnormal mandatory access control rule, and obtaining a signer of the abnormal mandatory access control rule; determining a first associated population from the resource; determining a second associated population from the subscriber; and taking an intersection of the first associated population and the second associated population to determine the suspected population of the hidden formulator. The maker is traced according to resources and the signer, and the suspected people hiding the maker are determined to be convenient to further investigate the suspected people through a more specific means, so that the positioning of the maker hidden by the mandatory access control rule is realized, and important data of a company are protected.
Description
Technical Field
The invention relates to the field of mandatory access control, in particular to a positioning method for a mandatory access control rule hidden maker.
Background
SELinux (Security-Enhanced Linux) is a system for implementing mandatory access control by setting control rules. For all files, directories, ports and other resources, access can be controlled based on the control rule settings, which are customized by the administrator and are not authorized to be changed by the general user.
In the Linux system for starting SELinux, user or process level access control is executed by an operating system according to a loaded control rule; even the owner of a process cannot change the scope of the process' accessible resources. Therefore, the security of the system in which SELinux is turned on depends entirely on the loaded access control rules; the rules exist in the form of a security policy file. The SELinux is applied to a server by limiting the user right, can realize control over user access resources, and can be applied to enterprise management and operation. In the context of such enterprise management operations, it is mandatory that the formulation of access control rules be at the maximum system risk for the artificial system. However, in the current SELinux design, there is no mechanism for mapping the control rule with the control rule maker. Therefore, when an unreasonable abnormal mandatory access control rule appears, it is difficult to determine the specific maker of the abnormal mandatory access control rule.
Disclosure of Invention
The invention provides a positioning method for a compulsory access control rule hiding formulator, and aims to solve the problem that the formulator of an abnormal compulsory access rule can not be searched when the abnormal compulsory access rule threatening the resource safety occurs in the prior art.
In order to achieve the above object, the present invention provides a method for locating a person who has a mandatory access control rule hidden therein, comprising:
detecting an abnormal condition caused by the abnormal mandatory access control rule;
determining the abnormal mandatory access control rule according to the abnormal condition, analyzing the content of the abnormal mandatory access control rule to obtain the resource and the process defined by the abnormal mandatory access control rule, and obtaining the signer of the abnormal mandatory access control rule;
determining a first associated population from the resource; determining a second associated population from the subscriber;
and taking an intersection of the first associated population and the second associated population to determine the suspected population of the hidden formulator.
Preferably, a database is constructed, the database storing a first file, the first file recording contents including:
assigning a unique number to the mandatory access control rule;
the content of the mandatory access control rule;
the subscriber corresponding to each mandatory access control rule;
the first file records the inheritance relationship among the mandatory access control rules with inheritance relationship in all the mandatory access control rules.
Preferably, the access of the employee equipment to the resource is monitored through an access monitoring program, the access monitoring program generates a monitoring log, and the monitoring log is stored in a second file of the database;
the second file records a list of employees and the monitoring log.
Preferably, the interpersonal relationship expressed by the employees in the units is counted, and the interpersonal relationship is stored in a third file of the database.
Preferably, the detecting of the abnormal condition caused by the abnormal mandatory access control rule includes: and periodically detecting the data integrity of the existing resources, monitoring the condition of the resources called by the process in real time and monitoring the flow condition in real time.
Preferably, an abnormal first target mandatory access control rule is determined according to the data integrity of the resource, if the data integrity of the resource is damaged, the content of the mandatory access control rule in the first file is retrieved by taking the resource and the related process of the resource as retrieval conditions, and the first target mandatory access control rule with limitation on the resource is determined.
Preferably, an abnormal second target mandatory access control rule is determined according to the condition that the resource is called by the process, if the reading frequency of the first target process on the resource exceeds an adjustable first threshold, the first target process is taken as a retrieval condition to retrieve the content of the mandatory access control rule in the first file, and the second target mandatory access control rule with limitation on the first target process is determined.
Preferably, an abnormal third target mandatory access control rule is determined according to the traffic condition of the monitoring worker device, if the percentage of the flow of the worker device exceeds a third threshold, or the traffic access time of the worker device exceeds a fourth threshold, a second target process of the worker device generating traffic is acquired, the second target process is used as a retrieval condition to retrieve the content of the mandatory access control rule in the first file, and a third target mandatory access control rule with a limit on the second target process is determined.
Preferably, the resource limited in the content of the first target mandatory access control rule, the second target mandatory access control rule and the third target mandatory access control rule is taken as a target resource; and searching staff who pay attention to and visit the target resource in the second file by taking the target resource as a searching condition so as to obtain a first associated crowd.
Preferably, after determining the first target mandatory access control rule, the second target mandatory access control rule and the third target mandatory access control rule, acquiring an orderer of the target mandatory access control rule from the first file;
and searching staff connected with the subscriber from the third file by using the subscriber as a search condition so as to obtain the second related crowd.
The positioning method for the forced access control rule hiding formulator provided by the application has the following beneficial effects:
the positioning method for hiding the maker by the mandatory access control rule can establish the relation between the mandatory access control rule and the signer through the first file, and when one mandatory access control rule is an abnormal mandatory access control rule, the signer of the abnormal mandatory access control rule is determined through the first file; the interpersonal relationship of the company of the staff is saved through the second file, and a second associated crowd is determined according to the interpersonal relationship of the company in the second file inquired by the signing person so as to narrow the range; and saving the record of the monitoring staff for accessing the resources through the staff equipment through the third file, inquiring the first associated population for accessing the resources in the third file according to the resources to narrow the range, and taking the intersection of the first associated population and the second associated population to further narrow the range to determine the suspected population. The suspect group can be conveniently checked by a more specific means, so that the positioning of the maker is realized by hiding the mandatory access control rule, and the data of a company is protected.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the structures shown in the drawings without creative efforts.
Fig. 1 is a schematic flow chart of a positioning method for hiding a maker according to a mandatory access control rule in an embodiment of the present invention;
FIG. 2 is a schematic diagram of a first file in the form of a data table according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a resource access matrix in an embodiment of the invention;
fig. 4 is a process diagram of a positioning method for enforcing hiding an access control rule of an enactment person according to an embodiment of the present invention.
The implementation, functional features and advantages of the present invention will be further described with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1 and 4, the present invention provides a method for locating a forced access control rule hidden maker, which includes the following steps:
s100, constructing a database, wherein the database stores a first file, a second file and a third file; wherein the first file recording content includes:
assigning a unique number to each mandatory access control rule;
the content of the mandatory access control rule; the content comprises resources, processes and operation types limited by the mandatory access control rule;
the subscriber corresponding to each mandatory access control rule;
the first file also records inheritance relationship and remark among mandatory access control rules with inheritance relationship in all the mandatory access control rules, wherein the inheritance relationship refers to which rule a mandatory access control rule is modified from, the modified record can be tracked through the inheritance relationship, and the remark is used for recording self-defining information of the mandatory access control rule.
A specific possible form of the first file is a form of a data table shown in fig. 2, where a first record of the data table includes a number, content, a number of inherited mandatory access control rules, content of inherited mandatory access control rules, a signer, and a remark, and a field of the data table is used for recording related content.
Monitoring the access of the employee equipment to the resource through an access monitoring program, generating a monitoring log by the access monitoring program, and storing the monitoring log in a second file of the database;
and recording the employee list and the monitoring log by the second file. In a specific implementation process, referring to fig. 3, the content of the monitoring log is counted to construct a resource access matrix of a single employee; each column of the resource access matrix lists the access state of all resources related to the next employee equipment at the same time, and each column of the resource access matrix lists the time sequence characteristics of the access state of any resource. And counting the resource access state of the employee within one working day without one hour interval through the resource access matrix.
Wherein the third file records interpersonal relationships expressed by employees within the organization. Each employee is represented by a name and a job number in the content of the human relationship to avoid confusion of the human relationship due to name duplication.
S200, detecting abnormal conditions brought by abnormal mandatory access control rules;
specifically, the detecting an abnormal condition caused by the abnormal mandatory access control rule includes: the data integrity of the existing resources is regularly detected, the condition that the resources are called by the process is monitored in real time, and the flow condition is monitored in real time.
One possible way to periodically determine the integrity of the data of the existing resource is to: traversing the resources in the appointed directory at regular intervals through the script, acquiring the attribute of each resource, storing the attribute in the attribute table, comparing the current attribute with the attribute acquired in the previous period, and if the attribute changes, destroying the integrity of the existing resource data. The attribute may be a size of the resource.
One possible way to monitor the resource invocation by the process in real time is: and monitoring the frequency of the process calling resources of the employee equipment through the access monitoring program.
One possible way to monitor the traffic situation in real time is to monitor the traffic situation by using any one of iptraf, nload, ifstat, sar, and iftop software, and obtain real-time traffic data.
S300, determining the abnormal mandatory access control rule according to the abnormal condition, wherein the abnormal mandatory access control rule comprises a first target mandatory access control rule, a second target mandatory access control rule and a third target mandatory access control rule.
In a specific implementation process, determining the abnormal mandatory access control rule according to an abnormal condition includes determining an abnormal first target mandatory access control rule according to data integrity of a resource, specifically, if the data integrity of the resource is damaged, retrieving the content of the mandatory access control rule in the first file by using the resource and a related process of the resource as retrieval conditions, and determining a first target mandatory access control rule with a limit on the resource.
In a specific implementation process, the determining of the abnormal mandatory access control rule according to the abnormal condition comprises determining an abnormal second target mandatory access control rule according to the condition that the resource is called by the process, if the reading frequency of the first target process on the resource exceeds an adjustable first threshold, retrieving the content of the mandatory access control rule in the first file by taking the first target process as a retrieval condition, and determining the second target mandatory access control rule with a limit on the first target process.
In a specific implementation process, determining the abnormal mandatory access control rule according to an abnormal condition includes determining an abnormal third target mandatory access control rule according to a traffic condition of monitoring worker equipment, if a flow proportion of the worker equipment exceeds a third threshold or a traffic access time of the worker equipment exceeds a fourth threshold, acquiring a second target process of the worker equipment generating traffic, retrieving the content of the mandatory access control rule in the first file by taking the second target process as a retrieval condition, and determining a third target mandatory access control rule with a limit on the second target process.
S400, analyzing the content of the abnormal mandatory access control rule (the first target mandatory access control rule, the second target mandatory access control rule and the third target mandatory access control rule) in the first file to obtain the resource, process and operation type defined by the abnormal mandatory access control rule, and obtaining the signer of the abnormal mandatory access control rule.
S500, determining a first associated crowd according to the resources defined by the abnormal mandatory access control rule; specifically, the resource restricted in the content of the first target mandatory access control rule, the second target mandatory access control rule and the third target mandatory access control rule is taken as a target resource; and searching staff who pay attention to and visit the target resource in the second file by taking the target resource as a searching condition so as to obtain the first associated crowd.
S600, determining a second associated crowd according to the subscriber of the abnormal mandatory access control rule; specifically, after the first target mandatory access control rule, the second target mandatory access control rule and the third target mandatory access control rule are determined, an subscriber of the target mandatory access control rule is obtained from the first file;
and searching staff connected with the person who signs from the third file by using the person who signs as a searching condition so as to obtain the second related population.
Wherein the retrieval method used in S500 and S600 is a database data retrieval method.
S700, an intersection is taken for the first associated population and the second associated population to determine the suspected population of the hidden formulator.
The positioning method for hiding the maker by the mandatory access control rule can establish the relation between the mandatory access control rule and the signer through the first file, and when one mandatory access control rule is an abnormal mandatory access control rule, the signer of the abnormal mandatory access control rule is determined through the first file; the interpersonal relationship of the companies of the employees is saved through the second file, and a second associated group is determined according to the interpersonal relationship of the companies in the second file inquired by the signing person so as to narrow the range; and saving the record of the monitoring staff for accessing the resources through the staff equipment through the third file, inquiring the first associated population for accessing the resources in the third file according to the resources to narrow the range, and taking the intersection of the first associated population and the second associated population to further narrow the range to determine the suspected population. The suspect group can be conveniently checked by a more specific means, so that the positioning of the maker is realized by forcibly hiding the access control rule, and the company data is protected.
It should be noted that in the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means can be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
The person who signs the present invention is a person in charge who performs signature authentication determination on a specified mandatory access rule.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (6)
1. A method for locating a person who has forced an access control rule to hide an establishment, comprising:
recording the content of mandatory access control rules, unique numbers given to the mandatory access control rules, subscribers corresponding to each mandatory access control rule and the inheritance relationship among the mandatory access control rules with inheritance relationship in a first file;
monitoring the access of the employee equipment to the resources by an access monitoring program, generating a monitoring log by the access monitoring program, and storing the monitoring log and an employee list in a second file;
counting interpersonal relationships expressed by employees in units, and storing the interpersonal relationships in a third file;
detecting an abnormal condition caused by the abnormal mandatory access control rule;
determining the abnormal mandatory access control rule according to an abnormal condition, analyzing the content of the abnormal mandatory access control rule to obtain resources and processes defined by the abnormal mandatory access control rule, and obtaining a signer of the abnormal mandatory access control rule by using a first file;
taking the resources limited in the contents of the abnormal first target mandatory access control rule, the abnormal second target mandatory access control rule and the abnormal third target mandatory access control rule as target resources; searching staff who pay attention to and visit the target resource in the second file by taking the target resource as a searching condition so as to obtain a first associated crowd; searching staff who are connected with the endorser from the third file by using the endorser as a search condition so as to obtain a second associated crowd;
and taking an intersection of the first associated population and the second associated population to determine the suspected population of the hidden formulator.
2. The method of claim 1, wherein a database is constructed, the database storing a first file, a second file and a third file.
3. The method of claim 1, wherein detecting an abnormal condition caused by an abnormal mandatory access control rule comprises: and periodically detecting the data integrity of the existing resources, monitoring the condition of the resources called by the process in real time and monitoring the flow condition in real time.
4. The method as claimed in claim 3, wherein the step of determining the abnormal first target mandatory access control rule according to the data integrity of the resource, if the data integrity of the resource is destroyed, the step of searching the content of the mandatory access control rule in the first file by using the resource and the related process of the resource as the searching condition, and determining the first target mandatory access control rule with restriction on the resource.
5. The method according to claim 3, wherein the abnormal second target mandatory access control rule is determined according to the condition that the resource is called by the process, if the reading frequency of the resource by the first target process exceeds the adjustable first threshold, the content of the mandatory access control rule in the first file is retrieved by taking the first target process as a retrieval condition, and the second target mandatory access control rule with limitation on the first target process is determined.
6. The method for locating a person having a hidden formulator according to claim 3, wherein an abnormal third target mandatory access control rule is determined according to traffic conditions of monitoring worker devices, if the traffic proportion of the worker devices exceeds a third threshold or the traffic access time of the worker devices exceeds a fourth threshold, a second target process of the worker devices generating traffic is obtained, the content of the mandatory access control rule in the first file is retrieved by taking the second target process as a retrieval condition, and a third target mandatory access control rule with a limit on the second target process is determined.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010991757.7A CN112231720B (en) | 2020-09-18 | 2020-09-18 | Positioning method for forced access control rule hiding formulator |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010991757.7A CN112231720B (en) | 2020-09-18 | 2020-09-18 | Positioning method for forced access control rule hiding formulator |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112231720A CN112231720A (en) | 2021-01-15 |
| CN112231720B true CN112231720B (en) | 2022-11-22 |
Family
ID=74107958
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010991757.7A Active CN112231720B (en) | 2020-09-18 | 2020-09-18 | Positioning method for forced access control rule hiding formulator |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112231720B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102968599A (en) * | 2012-10-25 | 2013-03-13 | 北京邮电大学 | User-defined access control system and method based on resource publisher |
| CN108805391A (en) * | 2018-04-12 | 2018-11-13 | 阿里巴巴集团控股有限公司 | Determine the method and device of high risk user |
| CN109873819A (en) * | 2019-02-01 | 2019-06-11 | 湖南快乐阳光互动娱乐传媒有限公司 | A kind of method and system preventing unauthorized access server |
-
2020
- 2020-09-18 CN CN202010991757.7A patent/CN112231720B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102968599A (en) * | 2012-10-25 | 2013-03-13 | 北京邮电大学 | User-defined access control system and method based on resource publisher |
| CN108805391A (en) * | 2018-04-12 | 2018-11-13 | 阿里巴巴集团控股有限公司 | Determine the method and device of high risk user |
| CN109873819A (en) * | 2019-02-01 | 2019-06-11 | 湖南快乐阳光互动娱乐传媒有限公司 | A kind of method and system preventing unauthorized access server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112231720A (en) | 2021-01-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20180157672A1 (en) | Enterprise level data management | |
| US7089306B2 (en) | Apparatus and method to automatically collect data regarding assets of a business entity | |
| US6988134B2 (en) | Apparatus and method to automatically collect data regarding assets of a business entity | |
| US7096219B1 (en) | Method and apparatus for optimizing a data access customer service system | |
| US7555482B2 (en) | Automatic detection of abnormal data access activities | |
| US7200616B2 (en) | Information management system, control method thereof, information management server and program for same | |
| US7665134B1 (en) | Profiling users based on artificially constructed deceptive content | |
| US20050086529A1 (en) | Detection of misuse or abuse of data by authorized access to database | |
| US8745155B2 (en) | Network storage device collector | |
| EP2290578A1 (en) | Method and system to configure security rights based on contextual information | |
| US20050086231A1 (en) | Information archiving software | |
| WO2005017722A1 (en) | Generating and managing access control information | |
| CN113765881A (en) | Method and device for detecting abnormal network security behavior, electronic equipment and storage medium | |
| CN112639787B (en) | System, method and computer readable medium for protecting sensitive data | |
| US7882085B2 (en) | Database system and method with improved locks | |
| KR20150009798A (en) | System for online monitering individual information and method of online monitering the same | |
| Afshar et al. | Incorporating behavior in attribute based access control model using machine learning | |
| US11222309B2 (en) | Data processing systems for generating and populating a data inventory | |
| CN112231720B (en) | Positioning method for forced access control rule hiding formulator | |
| KR101942576B1 (en) | System for integrally analyzing and auditing heterogeneous personal information protection products | |
| US20230267225A1 (en) | Dynamic evaluation of data store access permissions | |
| CN1328876C (en) | Method for self-adapting testing access of abnormal files | |
| US20240104237A1 (en) | Subject logging | |
| CN111881119B (en) | Data management system for contracting local sub-database | |
| CN117527296A (en) | Block chain-based data trusted access control method, device and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |