CN112367290A - Endogenous safe WAF construction method - Google Patents

Endogenous safe WAF construction method Download PDF

Info

Publication number
CN112367290A
CN112367290A CN202010953424.5A CN202010953424A CN112367290A CN 112367290 A CN112367290 A CN 112367290A CN 202010953424 A CN202010953424 A CN 202010953424A CN 112367290 A CN112367290 A CN 112367290A
Authority
CN
China
Prior art keywords
waf
container
micro
construction method
heterogeneous
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010953424.5A
Other languages
Chinese (zh)
Inventor
吴春明
陈双喜
曲振青
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang University ZJU
Original Assignee
Zhejiang University ZJU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang University ZJU filed Critical Zhejiang University ZJU
Priority to CN202010953424.5A priority Critical patent/CN112367290A/en
Publication of CN112367290A publication Critical patent/CN112367290A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45562Creating, deleting, cloning virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Abstract

The invention discloses an endogenetic safety WAF construction method, which is used for avoiding potential safety hazards caused by the safety problem of WAF, carrying out endogenetic safety treatment on a cloud server, a virtualization container, an operating system in the container, a WAF platform, an interception rule and the like, and enabling the WAF to form endogenetic safety defense capacity through structural change. When the access occurs, a heterogeneous cloud server and a heterogeneous WAF container are distributed in a specific scheduling mode, and after the rule matching is passed, the flow is released; and when the rule is not matched, forwarding the flow to other processing modules. In addition, the WAF container is offline through two mechanisms of manual intervention and negative feedback regulation. The invention avoids the threats that the WAF protection rule base is maliciously bypassed, the self loophole of the WAF platform, the bottom operating system of the server is attacked and the like, and reinforces the self service of the WAF while intercepting the illegal request.

Description

Endogenous safe WAF construction method
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a construction method of an endogenous security WAF.
Background
In a conventional Web Application Firewall (WAF), traffic and content from a user are detected and the security and legitimacy of the traffic and content are determined in a case where the WAF is deployed in a single server. The deployment method has certain defects, such as that the protection rule base is maliciously bypassed, the attack is carried out by utilizing the self vulnerability of the WAF platform, the vulnerability of the operating system or the vulnerability of the cloud platform, and the like, so that the deployment method faces serious security threats. According to the invention, the cloud server, the virtualization container, the operating system in the container, the WAF platform, the interception rule and the like are subjected to isomerization processing, and the WAF forms endogenous security defense capability through structural change.
Disclosure of Invention
The invention aims to provide a construction method of endogenous safe WAF aiming at the defects of the prior art. The invention optimizes the WAF framework, dispatches the flow to the heterogeneous WAF container in the heterogeneous server, completes the due function of the WAF, and strengthens the safety of the WAF.
The purpose of the invention is realized by the following technical scheme: an endogenous safe WAF construction method, comprising the steps of:
(1) building a heterogeneous cloud server, specifically:
(1.1) deploying M cloud servers C ═ Ci1, 2., M }, where c isiThe number is the ith cloud server;
(1.2) carrying out isomerization treatment on the C;
(2) deploying a heterogeneous WAF container, specifically:
(2.1) at each cloud Server ciDeploying N micro containers in the container, wherein R is { R ═ Rj1, 2., N }, where r isjDenotes the jth micro-container;
(2.2) for each micro-container rjDeploying a heterogeneous operating system O, a heterogeneous WAF platform W and a heterogeneous rule base G, namely rj={(Oj,Wj,Gj)|j=1,2,...,N}。
(3) The offline rule of the heterogeneous WAF server is specified, and the offline rule specifically comprises the following steps:
(3.1) manual intervention mode: the micro-containers r are regulated at intervals of T according to a mode of time sliceiOff-line cleaning is carried out, the number of the micro-containers in an on-line state in the same time is ensured to be not less than M N/2, wherein T can be set to be within a range of [10min,30min];
(3.2) cleaning mode based on negative feedback: and performing offline switching according to the performances of the cloud server and the micro container, the probability of being attacked detected within a specified time and the like.
In the two modes, all environments and configurations are reset according to a preset mode after the device is offline.
(4) Configuring backend server information S ═ S for WAFk1, 2.,. K } and a load balancing policy Lb, i.e. a backend server to which the traffic is forwarded after interception and release.
(5) And resolving the service domain name to each cloud server C through DNS.
(6) The flow is resolved to c through DNS or load balancingiThen, randomly select r of the on-line stateiPerforming rule matching, and forwarding to a back-end server s according to Lb after passingi(ii) a If not, the data is forwarded to a subsequent processing module.
Further, the step (2) is specifically: and C is subjected to isomerization processing from the perspective of virtualization technology, an operating system and micro-container software.
Further, the operating system includes Windows Server, CentOS, and Ubuntu.
Further, the virtualization techniques include kvm and Xen.
Further, the micro-container software includes Docker, Solaris Containers, and Podman.
Further, the value interval of T in the step (3.1) is [10min,30min ].
Further, the load balancing policy includes polling, weighted polling, and per-response time.
Further, the post-processing module in the step (6) comprises a sandbox and a honeypot.
Further, the scheduling of the micro container in the step (6) is performed by a management control program of the cloud server.
The invention has the beneficial effects that: the invention carries out isomerization processing on a cloud server, a virtualization technology, a micro container, an operating system in the container, a WAF platform, an interception rule and the like, and enables the WAF to form endogenous security defense capability through structural change. When the access occurs, a heterogeneous cloud server and a heterogeneous WAF container are distributed in a specific scheduling mode, and after the rule matching is passed, the flow is released; and when the rule is not matched, forwarding the flow to other processing modules. In addition, the WAF container is offline through two mechanisms of manual intervention and negative feedback regulation. Therefore, threats such as malicious bypassing of the WAF protection rule base, self bugs of the WAF platform, attack of a bottom operating system of the server and the like are avoided, illegal requests are intercepted, and the self service of the WAF is reinforced.
Drawings
Figure 1 is an endogenous safe WAF architecture diagram.
Detailed Description
As shown in fig. 1, the internal secure WAF architecture of the present invention comprises the following steps:
1. building a heterogeneous cloud server, specifically:
(1) deploying M cloud servers C ═ { Ci1, 2., M }, where c isiIs the ith cloud server.
(2) And C is subjected to isomerization processing from the perspectives of a virtualization technology, an operating system, micro-container software and the like, wherein the operating system of the cloud Server can select Windows Server, CentOS, Ubuntu and the like, the virtualization technology of the cloud selects kvm, Xen and the like, and the micro-container software selects Docker, Solaris contacts, Podman and the like.
2. Deploying a heterogeneous WAF container, specifically:
(1) at each cloud server ciDeploying N micro containers in the container, wherein R is { R ═ Rj1, 2., N }, where r isjDenotes the jth micro-container.
(2) For each micro container rjDeploying a heterogeneous operating system O, a heterogeneous WAF platform W and a heterogeneous rule base G, namely rj={(Oj,Wj,Gj)|j=1,2,...,N}。
3. The offline rule of the heterogeneous WAF server is specified, and the offline rule specifically comprises the following steps:
(1) manual intervention mode: can be carried out on a time slice basis, and each micro-capacitor is specified to be arranged at T time intervalsDevice rjOff-line cleaning is carried out, the number of the micro containers in an on-line state at the same time is ensured to be not less than M N/2, wherein T can be set to be in an interval of [10min,30min]。
(2) Cleaning mode based on negative feedback: and performing offline switching according to the performances of the cloud server and the micro container and the probability of being attacked detected within a specified time.
In the two modes, all environments and configurations are reset according to a preset mode after the device is offline.
4. Configuring backend server information S ═ S for WAFk1, 2.,. K } and a load balancing policy Lb, i.e. a backend server to which the traffic is forwarded after interception and release. The user can configure one or a group of back-end server IP addresses and specify load balancing strategies, such as polling, weighted polling, response time-based and the like, so as to forward the traffic after the traffic is released.
5. And resolving the service domain name to each cloud server C through DNS.
6. The flow is resolved to a cloud server c through DNS or load balancingiThen, the micro container r with the on-line state is randomly selectedjCarrying out rule matching, and forwarding to a back-end server s according to a load balancing strategy Lb after passingk(ii) a If not, the data is forwarded to a subsequent processing module, such as a sandbox, a honeypot and the like. Wherein for the micro-container rjIs scheduled by the cloud server ciAnd the management control program of (3).
The method optimizes the traditional WAF architecture, performs isomerization processing on a cloud server, a virtualization container, an operating system in the container, a WAF platform, an interception rule and the like, and enables the WAF to form endogenous security defense capability through structural change. Therefore, the probability that the WAF protection rule base is maliciously bypassed is reduced, the probability that own vulnerabilities of a WAF platform, an operating system or a micro-container and a cloud platform are attacked is reduced, and the own security of the WAF is reinforced while the due functions of the WAF are completed.

Claims (9)

1. An endogenic safety WAF construction method is characterized by comprising the following steps:
(1) building a heterogeneous cloud server, specifically:
(1.1) deploying M cloud servers C ═ Ci1,2, …, M, where c isiIs the ith cloud server.
(1.2) isomerization treatment of C may be carried out.
(2) Deploying a heterogeneous WAF container, specifically:
(2.1) at each cloud Server ciDeploying N micro containers in the container, wherein R is { R ═ Rj1,2, …, N, where rjDenotes the jth micro-container.
(2.2) for each micro-container rjDeploying a heterogeneous operating system O, a heterogeneous WAF platform W and a heterogeneous rule base G, namely rj={(Oj,Wj,Gj)|j=1,2,…,N}。
(3) The offline rule of the heterogeneous WAF server is specified, and the offline rule specifically comprises the following steps:
(3.1) manual intervention mode: the method based on time slices can be defined to every T time for each micro-container riAnd (4) off-line cleaning is carried out, and the number of the micro containers in an on-line state in the same time is not less than M N/2.
(3.2) cleaning mode based on negative feedback: and performing offline switching according to the performances of the cloud server and the micro container, the probability of being attacked detected within a specified time and the like.
(4) Configuring backend server information S ═ S for WAFk1,2, …, K and a load balancing policy Lb, i.e. a backend server to which the traffic is forwarded after interception release.
(5) And resolving the service domain name to each cloud server C through DNS.
(6) The flow is resolved to c through DNS or load balancingiThen, randomly select r of the on-line stateiPerforming rule matching, and forwarding to a back-end server s according to Lb after passingi(ii) a If not, the data is forwarded to a subsequent processing module.
2. The endogenous safe WAF construction method of claim 1, wherein the step (2) is specifically: and C is subjected to isomerization processing from the perspective of virtualization technology, an operating system and micro-container software.
3. The in-grown secure WAF construction method of claim 2, wherein the operating systems comprise Windows Server, CentOS, and Ubuntu.
4. The endogenous secure WAF construction method of claim 2, wherein the virtualization techniques comprise kvm and Xen.
5. The in-grown secure WAF construction method of claim 2, wherein the micro-container software comprises Docker, Solaris Containers, and Podman.
6. The method according to claim 1, wherein T in step (3.1) has a value interval of [10min,30min ].
7. The endogenous security WAF construction method of claim 1, wherein the load balancing policy comprises polling, weighted polling, and per-response time.
8. The endogenous secure WAF construction method of claim 1, wherein the post-processing modules in step (6) comprise sandboxes and honeypots.
9. The in-growth secure WAF construction method of claim 1, wherein the scheduling of the micro-containers in step (6) is performed by a management control program of a cloud server.
CN202010953424.5A 2020-09-11 2020-09-11 Endogenous safe WAF construction method Pending CN112367290A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010953424.5A CN112367290A (en) 2020-09-11 2020-09-11 Endogenous safe WAF construction method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010953424.5A CN112367290A (en) 2020-09-11 2020-09-11 Endogenous safe WAF construction method

Publications (1)

Publication Number Publication Date
CN112367290A true CN112367290A (en) 2021-02-12

Family

ID=74516783

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010953424.5A Pending CN112367290A (en) 2020-09-11 2020-09-11 Endogenous safe WAF construction method

Country Status (1)

Country Link
CN (1) CN112367290A (en)

Citations (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102223398A (en) * 2011-05-30 2011-10-19 兰雨晴 Method for deploying services in cloud computing environment
CN102655532A (en) * 2012-04-18 2012-09-05 上海和辰信息技术有限公司 Distributed heterogeneous virtual resource integration management method and system
CN104966032A (en) * 2015-07-22 2015-10-07 浙江大学 Method for randomly simulating sensitive information in cloud database
CN106506547A (en) * 2016-12-23 2017-03-15 北京奇虎科技有限公司 Processing method, WAF, router and system for Denial of Service attack
US20170201597A1 (en) * 2016-01-12 2017-07-13 Cisco Technology, Inc. Attaching service level agreements to application containers and enabling service assurance
CN107426206A (en) * 2017-07-17 2017-12-01 北京上元信安技术有限公司 A kind of protector and method to web server
CN107426252A (en) * 2017-09-15 2017-12-01 北京百悟科技有限公司 The method and apparatus that web application firewall services are provided
CN108270728A (en) * 2016-12-30 2018-07-10 上海华讯网络系统有限公司 Mixing cloud management system and method based on container
CN109347814A (en) * 2018-10-05 2019-02-15 李斌 A kind of container cloud security means of defence and system based on Kubernetes building
CN110224990A (en) * 2019-07-17 2019-09-10 浙江大学 A kind of intruding detection system based on software definition security architecture
CN110457134A (en) * 2019-08-08 2019-11-15 杭州阿启视科技有限公司 The method for establishing the video big data cloud platform based on container cloud and micro services framework
CN110505235A (en) * 2019-09-02 2019-11-26 四川长虹电器股份有限公司 A kind of detection system and method for the malicious requests around cloud WAF
CN110532101A (en) * 2019-09-03 2019-12-03 中国联合网络通信集团有限公司 The deployment system and method for micro services cluster
US20200036615A1 (en) * 2018-07-27 2020-01-30 Centurylink Intellectual Property Llc Method and System for Implementing High Availability (HA) Web Application Firewall (WAF) Functionality
CN110912876A (en) * 2019-11-08 2020-03-24 华东计算技术研究所(中国电子科技集团公司第三十二研究所) Mimicry defense system, method and medium for information system
US20200110624A1 (en) * 2014-03-24 2020-04-09 Google Llc Virtual Machine
WO2020131740A1 (en) * 2018-12-21 2020-06-25 Mcafee, Llc Sharing cryptographic session keys among a cluster of network security platforms monitoring network traffic flows
CN111431752A (en) * 2020-04-01 2020-07-17 中核武汉核电运行技术股份有限公司 Safety detection method based on adaptive flow control
US10732891B2 (en) * 2006-05-17 2020-08-04 Richard Fetik Secure application acceleration system and apparatus
CN111522653A (en) * 2020-02-07 2020-08-11 华中科技大学 Container-based network function virtualization platform

Patent Citations (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10732891B2 (en) * 2006-05-17 2020-08-04 Richard Fetik Secure application acceleration system and apparatus
CN102223398A (en) * 2011-05-30 2011-10-19 兰雨晴 Method for deploying services in cloud computing environment
CN102655532A (en) * 2012-04-18 2012-09-05 上海和辰信息技术有限公司 Distributed heterogeneous virtual resource integration management method and system
US20200110624A1 (en) * 2014-03-24 2020-04-09 Google Llc Virtual Machine
CN104966032A (en) * 2015-07-22 2015-10-07 浙江大学 Method for randomly simulating sensitive information in cloud database
US20170201597A1 (en) * 2016-01-12 2017-07-13 Cisco Technology, Inc. Attaching service level agreements to application containers and enabling service assurance
CN106506547A (en) * 2016-12-23 2017-03-15 北京奇虎科技有限公司 Processing method, WAF, router and system for Denial of Service attack
CN108270728A (en) * 2016-12-30 2018-07-10 上海华讯网络系统有限公司 Mixing cloud management system and method based on container
CN107426206A (en) * 2017-07-17 2017-12-01 北京上元信安技术有限公司 A kind of protector and method to web server
CN107426252A (en) * 2017-09-15 2017-12-01 北京百悟科技有限公司 The method and apparatus that web application firewall services are provided
US20200036615A1 (en) * 2018-07-27 2020-01-30 Centurylink Intellectual Property Llc Method and System for Implementing High Availability (HA) Web Application Firewall (WAF) Functionality
CN109347814A (en) * 2018-10-05 2019-02-15 李斌 A kind of container cloud security means of defence and system based on Kubernetes building
WO2020131740A1 (en) * 2018-12-21 2020-06-25 Mcafee, Llc Sharing cryptographic session keys among a cluster of network security platforms monitoring network traffic flows
CN110224990A (en) * 2019-07-17 2019-09-10 浙江大学 A kind of intruding detection system based on software definition security architecture
CN110457134A (en) * 2019-08-08 2019-11-15 杭州阿启视科技有限公司 The method for establishing the video big data cloud platform based on container cloud and micro services framework
CN110505235A (en) * 2019-09-02 2019-11-26 四川长虹电器股份有限公司 A kind of detection system and method for the malicious requests around cloud WAF
CN110532101A (en) * 2019-09-03 2019-12-03 中国联合网络通信集团有限公司 The deployment system and method for micro services cluster
CN110912876A (en) * 2019-11-08 2020-03-24 华东计算技术研究所(中国电子科技集团公司第三十二研究所) Mimicry defense system, method and medium for information system
CN111522653A (en) * 2020-02-07 2020-08-11 华中科技大学 Container-based network function virtualization platform
CN111431752A (en) * 2020-04-01 2020-07-17 中核武汉核电运行技术股份有限公司 Safety detection method based on adaptive flow control

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
JUNCHI XING: "Detecting Anomalies in Encrypted Traffic via Deep Dictionary Learning", 《IEEE INFOCOM WKSHPS》 *
吴春明: "动态网络主动安全防御的若干思考", 《中兴通讯技术》 *
秦俊宁: "基于异构冗余架构的拟态防御建模技术", 《电信科学》 *
胡鸿富: "WAF绕过方法与测试框架研究", 《中国优秀硕士学位论文全文数据库(电子期刊)信息科技辑》 *
陈双喜: "基于攻击转移的拟态安全网关技术的研究", 《通信学报》 *
陈双喜: "新型主动防御框架的资源对抗模型分析", 《电子学报》 *

Similar Documents

Publication Publication Date Title
US10621344B2 (en) System and method for providing network security to mobile devices
US10091238B2 (en) Deception using distributed threat detection
EP2570954B1 (en) Method, device and system for preventing distributed denial of service attack in cloud system
US8850565B2 (en) System and method for coordinating network incident response activities
WO2017053806A1 (en) Dynamic security mechanisms
Kim et al. Preventing DNS amplification attacks using the history of DNS queries with SDN
AU2008325044A1 (en) System and method for providing data and device security between external and host devices
JP2008271242A (en) Network monitor, program for monitoring network, and network monitor system
CN112367290A (en) Endogenous safe WAF construction method
JP6832990B2 (en) Security in software defined networking
He et al. NSCC: Self-service network security architecture for cloud computing
Thang et al. EVHS-Elastic Virtual Honeypot System for SDNFV-Based Networks
Zhu et al. Internet security protection for IRC-based botnet
Alhomoud et al. A next-generation approach to combating botnets
CN112367344A (en) Construction method of endogenous security load balancing server
Bousselham et al. Security of virtual networks in cloud computing for education
Sharma et al. DDoS attacks detection and prevention with cloud trace back
Sanguankotchakorn et al. Automatic attack detection and correction system development
Al-Mwald et al. Detection and Prevention of ARP Cache Poisoning in Advanced Persistent Threats Using Multiphase Validation and Firewall
WO2021181391A1 (en) System and method for finding, tracking, and capturing a cyber-attacker
CN117375961A (en) Network intrusion active defense method and system based on mobile attack surface
Shahzad An investigation of mechanisms to mitigate zero-day computer worms within computer networks
Elouafiq et al. Aggressive and Intelligent Self-Defensive Network: Towards a New Generation of Semi-autonomous Networks
IL192044A (en) System and method for providing network security to mobile devices

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20210212

WD01 Invention patent application deemed withdrawn after publication