CN112380529A - Embedded bare computer system safety isolation system based on operation - Google Patents
Embedded bare computer system safety isolation system based on operation Download PDFInfo
- Publication number
- CN112380529A CN112380529A CN202011154821.2A CN202011154821A CN112380529A CN 112380529 A CN112380529 A CN 112380529A CN 202011154821 A CN202011154821 A CN 202011154821A CN 112380529 A CN112380529 A CN 112380529A
- Authority
- CN
- China
- Prior art keywords
- function
- program
- reference monitor
- embedded
- bare metal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an operation-based embedded bare metal system security isolation system which comprises a compiler module and a reference monitor module. Dividing the embedded bare computer system into different operations, namely logically independent tasks, by developer division, and obtaining resources to be accessed by each operation by using a program static analysis technology through a compiler module, wherein the resources comprise global variables, external equipment and special registers on a private peripheral bus; at run time, the reference monitor module utilizes MPU hardware features of the ARMv7-M architecture to limit the resources that each operation can access. The invention realizes high-efficiency privilege isolation and fine-grained resource isolation based on the existing hardware, can be applied to an embedded bare computer system and improves the safety of the embedded bare computer system, and has little influence on the performance of the system.
Description
Technical Field
The invention belongs to the technical field of information security, and particularly relates to an embedded bare metal system security isolation system based on operation.
Background
In recent years, the number of embedded devices has increased, and attacks against them have also emerged. The embedded bare metal system, as a subclass of embedded devices, lacks some hardware security features, such as MMU, and has limited hardware resources, so that it is difficult to deploy security protection mechanisms, such as privilege isolation, address randomization, etc., widely used in desktop systems. And the program running on the embedded bare metal system has system function and application logic at the same time, and is not subjected to security isolation. An attacker can control the whole system by utilizing one vulnerability.
The existing security isolation method of the embedded bare metal system has the problem of over-authority. The super-authority problem is divided into super-authority when the isolation domain is divided and super-authority when the program runs. Because global variables are shared among the isolation domains and the number of MPU (micro processing Unit) areas is limited, the current safety isolation method can combine the shared variables accessed by each isolation domain, so that a certain isolation domain can access the global variables of other isolation domains, and the problem of over-authority during isolation domain division is caused; because the current isolation domain segmentation is modular division with code as a center, the execution flow of a program is not considered, for example, a function in a file is formed into an isolation domain, so that a system can span a plurality of isolation domains when executing a task, but all resources in the isolation domain are not used by the task, and the run-time over-permission is caused.
The super-authority problem reduces the effectiveness of the existing embedded bare computer system security isolation method, and an attacker is easy to bypass isolation.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides an operation-based embedded bare metal system security isolation system, which solves the problem of over-authority during isolation domain cutting and alleviates the problem of over-authority during program operation. The specific technical scheme is as follows:
an operation-based embedded bare metal system security isolation system, the system comprising a compiler module and a reference monitor module;
the compiler module is used for generating an application program function call graph, sequentially performing function resource dependence analysis, constructing a resource list to be accessed by each operation, generating a configuration file of an MPU (micro processing unit) according to the resource list, inserting an environment initialization code before a program main function, and inserting an operation switching code before and after an operation entry function call point; skipping to the reference monitor module by operating the switching code;
the reference monitor module is used for initializing a program, switching operation and realizing system calling in the running process of the program; the initialization comprises the steps of initializing shared variables of each operation, activating an exception handling function used by a reference monitor, setting resources required by default operation, jumping to an application program in a non-privileged mode and executing, and switching a microprocessor to the non-privileged mode; the operation switching is specifically to store a stack pointer of a previous operation and a shared global variable written back to the previous operation, read the shared global variable of the current operation, calculate a new stack pointer, copy operation entry function parameters, switch MPU configuration, and finally execute an operation entry function; the system call allows non-privileged application code to access registers on the privileged private peripheral bus.
Further, the compiler module uses a static program analysis technology to construct a program function call graph and analyzes to obtain a resource list to be accessed by each function, wherein the resource includes a global variable, an address of an external device and a register on a private peripheral bus.
Further, the compiler module obtains a function included in each operation according to an operation entry function list input by a user, and constructs a resource list to be accessed by each operation for the function.
Further, the compiler module generates a dedicated data area for each operation, which includes the exclusive global variable and a copy of the shared global variable of the operation.
Further, the reference monitor module operates in a privileged mode and the application operates in a non-privileged mode.
Further, the reference monitor module allows each operation to read and write 4 peripheral addresses.
Further, when the shared global variable of the current operation is written back, the reference monitor module performs validity check on the value of the variable.
Further, the reference monitor module implements a system call based on a bus error handling function; when the non-privileged application program code accesses the register on the privileged private bus, a bus error is triggered, a bus error processing function is automatically executed, and the function acquires the address of the register on the private peripheral bus accessed by the application program and checks whether the address is allowed or not; when legal, reading or writing the address of the register; otherwise, reporting an error.
Further, when switching operation, the reference monitor module sets the stack of the previous operation as read-only, and copies the content of the entry function parameter of the current operation to the top of the stack of the current operation.
An embedded bare metal system security isolation method based on operation, when cutting operation, executes the following steps:
(1) generating a function call graph according to the program source code;
(2) analyzing the resources which can be accessed by each function, including global variables and peripherals, and registers on a private peripheral bus;
(3) finding out a function which can be executed by each operation according to the operation entry function list, merging the resources accessed by the functions to obtain the resource which needs to be accessed by each operation, and generating a resource list; generating an MPU configuration file of each operation according to the resource list;
(4) writing the MPU configuration file of each operation into a read-only area of the reinforced program image, performing instrumentation on the program, inserting an initialization code before a main function, inserting an operation switching code before and after the execution of an entry function of each operation, and compiling the codes together with the codes of the reference monitor module to generate the reinforced program image;
when the program runs, the following steps are executed:
(1) environment initialization is performed first:
(1.1) initializing a shared variable of each operation;
(1.2) activating an exception handling function used by the reference monitor;
(1.3) setting resources required for default operation;
(1.4) reducing the authority level of the microcontroller, and jumping to the application program execution of the non-privileged mode;
(2) and operation switching is carried out in the program running process:
(2.1) firstly saving a stack pointer of the previous operation, and writing back the value of the global variable copy shared by the previous operation;
(2.2) writing the value of the shared global variable of the current operation into its copy;
(2.3) calculating a new stack pointer;
(2.4) switching the MPU configuration and executing the operation entry function;
(3) accessing a register on a private peripheral bus;
(3.1) acquiring the address of the register on the accessed private peripheral bus;
(3.2) checking whether the address is legal, and reading or writing the register when the address is legal; otherwise, reporting an error.
The invention has the following beneficial effects:
the present invention uses MPU hardware features already present on the ARMv7-M architecture to limit the resources that can be accessed per operation. Based on the existing hardware, the method realizes high-efficiency privilege isolation and fine-grained resource isolation, can be applied to an embedded bare metal system, improves the safety, and has small influence on the system performance.
Drawings
FIG. 1 is a schematic diagram of an operation-based embedded bare metal system security isolation system of the present invention;
FIG. 2 is a diagram of the shared global variable synchronization of the operation-based embedded bare metal system security isolation system of the present invention;
figure 3 is a schematic diagram of a security-hardened program image generated by the operation-based embedded bare metal system security isolation system of the present invention.
Detailed Description
The present invention will be described in detail below with reference to the accompanying drawings and preferred embodiments, and the objects and effects of the present invention will become more apparent, it being understood that the specific embodiments described herein are merely illustrative of the present invention and are not intended to limit the present invention.
As shown in FIG. 1, the operation-based embedded bare metal system security isolation system of the invention comprises a compiler module and a reference monitor module.
And the compiler module is used for generating an application program function call graph by using a static program analysis technology, sequentially performing function resource dependence analysis, constructing a resource list to be accessed by each operation, generating a configuration file of the MPU and performing program instrumentation. The resources include global variables, addresses of external devices, and registers on the private peripheral bus.
The method comprises the following specific steps:
(1) and generating a function call graph according to the program source code.
(2) The resources that each function can access, including global variables and peripherals, and registers on the private peripheral bus are analyzed.
(3) Finding out a function which can be executed by each operation according to an operation entry function list input by a user, merging resources accessed by the functions to obtain resources to be accessed by each operation, and generating a resource list; and generating an MPU configuration file and an operation exclusive data area of each operation according to the resource list, wherein the MPU configuration file and the operation exclusive data area comprise an exclusive global variable and a copy of a shared global variable of the operation. And a special data area is allocated to each operation, so that the super-authority in isolation domain cutting can be avoided.
(4) Writing the MPU configuration file of each operation into a read-only area of the reinforced program image, generating an exclusive data area of each operation, performing instrumentation on the program, inserting an initialization code before a main function, inserting operation switching codes before and after an entry function calling point of each operation, compiling the codes together with the codes of the reference monitor module, and generating the reinforced program image. Jump to the reference monitor module by operating the switching code.
And the reference monitor module is used for initializing the program, switching the operation in the running process of the program and realizing system call. The reference monitor module operates in a privileged mode and the application operates in a non-privileged mode.
The reference monitor module specifically includes the following functions:
(1) and environment initialization, including initializing shared variables of each operation, activating an exception handling function used by the reference monitor, setting resources required by default operation, jumping to the application program execution of the non-privileged mode, and switching the microprocessor to the non-privileged mode.
(2) And (5) switching the operation. When the operation is switched, firstly saving a stack pointer of the previous operation and writing back a shared global variable of the previous operation; reading the value of the shared global variable of the current operation into the exclusive data area of the current operation; then calculating a new stack pointer, and copying an operation entry function parameter; and switching the MPU configuration, and finally executing the operation entry function. When the reference monitor module switches operation, the stack of the previous operation is set to be read only, and the content of the current operation entry function parameter is copied to the stack top of the current operation.
The write back and read of global variables are shown in figure 2. The protection of the application stack is shown in figure 3.
(3) And (5) calling a system. The reference monitor module rewrites the bus error handling function to implement the system call. When the non-privileged application code accesses a register on the privileged private bus, a bus error is triggered, a bus error handling function is executed that obtains the address of the register on the private peripheral bus accessed by the application and checks whether it is allowed. When the address is legal, the address of the register is read or written, otherwise, an error is reported.
The reference monitor module allows up to 4 peripheral addresses to be read and written per operation. The safety isolation system takes ARM Cortex-M3/4 as a development basis, and the MPU of the safety isolation system can set the read, write and execution authorities of at most 8 memory areas; while approximately 75% of the operations access the peripheral less than or equal to 4, as measured. Thus, in order to save configurable memory area for the MPU, setting the reference monitor module allows up to 4 peripheral addresses to be read and written per operation.
When the shared global variable of the current operation is written back, the reference monitor module can check the validity of the value of the variable, so that the difficulty of an attacker in starting data stream attack can be improved.
The operation-based embedded bare computer system security isolation method of the invention executes the following steps when the operation is cut:
(1) generating a function call graph according to the program source code;
(2) analyzing the resources which can be accessed by each function, including global variables and peripherals, and registers on a private peripheral bus;
(3) finding out a function which can be executed by each operation according to the operation entry function list, merging the resources accessed by the functions to obtain the resource which needs to be accessed by each operation, and generating a resource list; generating an MPU configuration file of each operation according to the resource list;
(4) writing the MPU configuration file of each operation into a read-only area of the reinforced program image, performing instrumentation on the program, inserting an initialization code before a main function, inserting an operation switching code before and after the execution of an entry function of each operation, and compiling the codes together with the codes of the reference monitor module to generate the reinforced program image;
when the program runs, the following steps are executed:
(1) environment initialization is performed first:
(1.1) initializing a shared variable of each operation;
(1.2) activating an exception handling function used by the reference monitor;
(1.3) setting resources required for default operation;
(1.4) reducing the authority level of the microcontroller, and jumping to the application program execution of the non-privileged mode;
(2) and operation switching is carried out in the program running process:
(2.1) firstly saving a stack pointer of the previous operation, and writing back the value of the global variable copy shared by the previous operation;
(2.2) writing the value of the shared global variable of the current operation into its copy;
(2.3) calculating a new stack pointer;
(2.4) switching the MPU configuration and executing the operation entry function;
(3) accessing a register on a private peripheral bus;
(3.1) acquiring the address of the register on the accessed private peripheral bus;
(3.2) checking whether the address is legal, and reading or writing the register when the address is legal; otherwise, reporting an error.
It will be understood by those skilled in the art that the foregoing is only a preferred embodiment of the present invention, and is not intended to limit the invention, and although the invention has been described in detail with reference to the foregoing examples, it will be apparent to those skilled in the art that various changes in the form and details of the embodiments may be made and equivalents may be substituted for elements thereof. All modifications, equivalents and the like which come within the spirit and principle of the invention are intended to be included within the scope of the invention.
Claims (10)
1. An operation-based embedded bare metal system security isolation system is characterized by comprising a compiler module and a reference monitor module;
the compiler module is used for generating an application program function call graph, sequentially performing function resource dependence analysis, constructing a resource list to be accessed by each operation, generating a configuration file of an MPU (micro processing unit) according to the resource list, inserting an environment initialization code before a program main function, and inserting an operation switching code before and after an operation entry function call point; jump to the reference monitor module by operating the switching code.
The reference monitor module is used for initializing a program, switching operation and realizing system calling in the running process of the program; the initialization comprises the steps of initializing shared variables of each operation, activating an exception handling function used by a reference monitor, setting resources required by default operation, jumping to an application program in a non-privileged mode and executing, and switching a microprocessor to the non-privileged mode; the operation switching is specifically to store a stack pointer of a previous operation and a shared global variable written back to the previous operation, read the shared global variable of the current operation, calculate a new stack pointer, copy operation entry function parameters, switch MPU configuration, and finally execute an operation entry function; the system call allows non-privileged application code to access registers on the privileged private peripheral bus.
2. The operation-based embedded bare metal system security isolation system according to claim 1, wherein the compiler module uses static program analysis technique to construct a program function call graph and analyze to obtain a list of resources that each function needs to access, wherein the resources include global variables, addresses of external devices and registers on the private peripheral bus.
3. The embedded bare metal system security isolation system based on operations according to claim 1, wherein the compiler module obtains the function included in each operation according to the operation entry function list input by the user, and constructs a resource list to be accessed by each operation for the function.
4. The embedded operation-based bare metal system security isolation system of claim 1, wherein the compiler module generates a dedicated data area for each operation, including the exclusive global variable and a copy of the shared global variable of the operation.
5. The embedded operation-based bare metal system security isolation system according to claim 1, wherein the reference monitor module runs in a privileged mode and the application runs in a non-privileged mode.
6. The embedded operation-based bare metal system security isolation system according to claim 1, wherein the reference monitor module allows each operation to read and write 4 peripheral addresses.
7. The operation-based embedded bare metal system security isolation system according to claim 1, wherein the reference monitor module performs a validity check on the value of the variable when writing back the shared global variable of the current operation.
8. The operation-based embedded bare metal system security isolation system according to claim 1, wherein the reference monitor module implements system calls based on a bus error handling function; when the non-privileged application program code accesses the register on the privileged private bus, a bus error is triggered, a bus error processing function is automatically executed, and the function acquires the address of the register on the private peripheral bus accessed by the application program and checks whether the address is allowed or not; when legal, reading or writing the address of the register; otherwise, reporting an error.
9. The embedded operation-based bare metal system security isolation system according to claim 1, wherein the reference monitor module sets the stack of the previous operation to read only and copies the contents of the entry function parameters of the current operation to the top of the stack of the current operation when switching the operation.
10. An embedded bare metal system security isolation method based on operation is characterized in that when the operation is cut, the following steps are executed:
(1) generating a function call graph according to the program source code;
(2) analyzing the resources which can be accessed by each function, including global variables and peripherals, and registers on a private peripheral bus;
(3) finding out a function which can be executed by each operation according to the operation entry function list, merging the resources accessed by the functions to obtain the resource which needs to be accessed by each operation, and generating a resource list; generating an MPU configuration file of each operation according to the resource list;
(4) writing the MPU configuration file of each operation into a read-only area of the reinforced program image, performing instrumentation on the program, inserting an initialization code before a main function, inserting an operation switching code before and after the execution of an entry function of each operation, and compiling the codes together with the codes of the reference monitor module to generate the reinforced program image;
when the program runs, the following steps are executed:
(1) environment initialization is performed first:
(1.1) initializing a shared variable of each operation;
(1.2) activating an exception handling function used by the reference monitor;
(1.3) setting resources required for default operation;
(1.4) reducing the authority level of the microcontroller, and jumping to the application program execution of the non-privileged mode;
(2) and operation switching is carried out in the program running process:
(2.1) firstly saving a stack pointer of the previous operation, and writing back the value of the global variable copy shared by the previous operation;
(2.2) writing the value of the shared global variable of the current operation into its copy;
(2.3) calculating a new stack pointer;
(2.4) switching the MPU configuration and executing the operation entry function;
(3) accessing a register on a private peripheral bus;
(3.1) acquiring the address of the register on the accessed private peripheral bus;
(3.2) checking whether the address is legal, and reading or writing the register when the address is legal; otherwise, reporting an error.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011154821.2A CN112380529B (en) | 2020-10-26 | 2020-10-26 | Embedded bare computer system safety isolation system based on operation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011154821.2A CN112380529B (en) | 2020-10-26 | 2020-10-26 | Embedded bare computer system safety isolation system based on operation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112380529A true CN112380529A (en) | 2021-02-19 |
| CN112380529B CN112380529B (en) | 2022-03-11 |
Family
ID=74577058
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011154821.2A Active CN112380529B (en) | 2020-10-26 | 2020-10-26 | Embedded bare computer system safety isolation system based on operation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112380529B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1938683A (en) * | 2004-04-07 | 2007-03-28 | 罗伯特·博世有限公司 | Method for preventing data inconsistency between accesses of different functions of an application to a global variable in a data processing installation |
| CN101539883A (en) * | 2009-05-05 | 2009-09-23 | 北京和利时系统工程有限公司 | Error tracking method of embedded system and device thereof |
| CN101668283A (en) * | 2008-09-01 | 2010-03-10 | 沃勤网络科技(上海)有限公司 | Method for dynamic loading in embedded system of mobile phone |
| US20140012963A1 (en) * | 2012-07-03 | 2014-01-09 | Skyfire Labs, Inc. | Linked List Scripting Engine |
| CN103955362A (en) * | 2014-04-03 | 2014-07-30 | 广东工业大学 | Xen-based operating system kernel monitoring method |
| CN104636256A (en) * | 2015-02-17 | 2015-05-20 | 中国农业银行股份有限公司 | Memory access abnormity detecting method and memory access abnormity detecting device |
| CN108090346A (en) * | 2017-12-04 | 2018-05-29 | 华中科技大学 | A kind of code reuse attack defense method and system based on data stream monitoring |
-
2020
- 2020-10-26 CN CN202011154821.2A patent/CN112380529B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1938683A (en) * | 2004-04-07 | 2007-03-28 | 罗伯特·博世有限公司 | Method for preventing data inconsistency between accesses of different functions of an application to a global variable in a data processing installation |
| CN101668283A (en) * | 2008-09-01 | 2010-03-10 | 沃勤网络科技(上海)有限公司 | Method for dynamic loading in embedded system of mobile phone |
| CN101539883A (en) * | 2009-05-05 | 2009-09-23 | 北京和利时系统工程有限公司 | Error tracking method of embedded system and device thereof |
| US20140012963A1 (en) * | 2012-07-03 | 2014-01-09 | Skyfire Labs, Inc. | Linked List Scripting Engine |
| CN103955362A (en) * | 2014-04-03 | 2014-07-30 | 广东工业大学 | Xen-based operating system kernel monitoring method |
| CN104636256A (en) * | 2015-02-17 | 2015-05-20 | 中国农业银行股份有限公司 | Memory access abnormity detecting method and memory access abnormity detecting device |
| CN108090346A (en) * | 2017-12-04 | 2018-05-29 | 华中科技大学 | A kind of code reuse attack defense method and system based on data stream monitoring |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112380529B (en) | 2022-03-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9529614B2 (en) | Automatically bridging the semantic gap in machine introspection | |
| US20180211046A1 (en) | Analysis and control of code flow and data flow | |
| US6694457B2 (en) | System and method for monitoring execution of privileged instructions | |
| US9436603B1 (en) | Detection and mitigation of timing side-channel attacks | |
| US7845009B2 (en) | Method and apparatus to detect kernel mode rootkit events through virtualization traps | |
| KR102255767B1 (en) | Systems and methods for virtual machine auditing | |
| US20080127114A1 (en) | Framework for stealth dynamic coarse and fine-grained malware analysis | |
| EP2237186A2 (en) | Method for accelerating hardware emulator used for malware detection and analysis | |
| US10102373B2 (en) | Method and apparatus for capturing operation in a container-based virtualization system | |
| US10380336B2 (en) | Information-processing device, information-processing method, and recording medium that block intrusion of malicious program to kernel | |
| Gu et al. | Building certified concurrent OS kernels | |
| CN107368739B (en) | Kernel drive monitoring method and device | |
| Kiperberg et al. | Hypervisor-assisted atomic memory acquisition in modern systems | |
| US20160224794A1 (en) | Virtual machine introspection | |
| Hsiao et al. | Hardware-assisted MMU redirection for in-guest monitoring and API profiling | |
| Wiseman et al. | Eliminating the threat of kernel stack overflows | |
| Lam et al. | Checking array bound violation using segmentation hardware | |
| CN113176926A (en) | API dynamic monitoring method and system based on virtual machine introspection technology | |
| JP2015166952A (en) | Information processor, information processing monitoring method, program and recording medium | |
| CN112380529B (en) | Embedded bare computer system safety isolation system based on operation | |
| Ferstay | Fast secure virtualization for the arm platform | |
| Tan et al. | Where's the" up"?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems | |
| US11216280B2 (en) | Exception interception | |
| Pan et al. | BAHK: flexible automated binary analysis method with the assistance of hardware and system kernel | |
| Wang et al. | Raft: Hardware-assisted Dynamic Information Flow Tracking for Runtime Protection on RISC-V |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Zhou Yajin Inventor after: Zhang Wenlong Inventor after: Zhou Xia Inventor after: Li Jiaqi Inventor after: Shen Wenbo Inventor after: Ren Kui Inventor before: Zhou Xia Inventor before: Li Jiaqi Inventor before: Zhou Yajin Inventor before: Zhang Wenlong Inventor before: Shen Wenbo Inventor before: Ren Kui |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |