CN112448912B - Method, device and storage medium for preventing message attack - Google Patents
Method, device and storage medium for preventing message attack Download PDFInfo
- Publication number
- CN112448912B CN112448912B CN201910795897.4A CN201910795897A CN112448912B CN 112448912 B CN112448912 B CN 112448912B CN 201910795897 A CN201910795897 A CN 201910795897A CN 112448912 B CN112448912 B CN 112448912B
- Authority
- CN
- China
- Prior art keywords
- message
- attack
- ttl
- cpu
- preventing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method, a device and a storage medium for preventing message attack, wherein the method for preventing message attack comprises the following steps: classifying the messages with TTL=1 according to the message types; for different types of messages with ttl=1, different attack prevention processes are performed under the condition that the CPU is attacked. The invention solves the problems of link establishment and forwarding performance damage caused by the fact that the network node carries out speed limiting punishment on the message with TTL=1 in the related technology.
Description
Technical Field
The present invention relates to the field of data network communications, and in particular, to a method, an apparatus, and a storage medium for preventing packet attack.
Background
The Time To Live (TTL) is a field in the IP header of a network message that indicates the Time to Live of the message in the network topology. The value of the TTL of the message is reduced by 1 after each network segment node passes through. In the case of a TTL value of 1, the network packet needs to be terminated at the current network node, and forwarding to other nodes in the network is prohibited. Thus, in a network topology environment, a network node is very vulnerable to ttl=1 messages. CPU-Guard is a self-defense mechanism of the switch when facing various attack messages, and in a complex network topology structure, speed limiting punishment is carried out after network message identification and distinction, so that the attack messages are prevented from excessively occupying CPU resources.
In order to realize the CPU-Guard anti-attack on a certain class of messages inside a network node, firstly, the attack messages are required to be identified and classified according to the characteristics of the messages. In the network topology, network messages received by one network node from other nodes can be generally classified into IP network data messages, and various IP network protocol messages (e.g., ICMP, IGMP, DHCP, etc.). For the case where the TTL value is reduced to 1 and the network protocol control plane platform is sent up, the protocol control plane platform typically recognizes it as a unified network packet type. When such network messages excessively occupy CPU resources, the network nodes perform matching classification speed-limiting punishment with the unified characteristics (i.e., ttl=1) of the messages to influence link establishment and forwarding performance:
1. for an OSPF message with ttl=1, when a CPU-Guard attack occurs in the ttl=1 message, the OSPF message will be penalized by the current network node, resulting in failure of link establishment of the OSPF service between the network nodes.
2. When the network node carries out TTL=1 message CPU-Guard anti-attack, the two-layer message of the target MAC non-own node is punished at the node, thereby affecting the two-layer forwarding of the node.
Disclosure of Invention
The invention provides a method, a device and a storage medium for preventing message attack, which solve the problems of link establishment and forwarding performance damage caused by speed limiting punishment of a message with TTL=1 by a network node in the related technology.
According to one aspect of the present invention, there is provided a method for preventing a packet attack, applied to a packet having a time-to-live value ttl=1, the method comprising: classifying the messages with TTL=1 according to the message types; for different types of messages with ttl=1, different attack prevention processes are performed under the condition that the CPU is attacked.
Further, the message type includes at least one of: host IP protocol message, passing IP protocol message, two-layer data message, host IP data message, and passing IP data message.
Further, the performing different attack prevention processes in the case that the CPU is attacked includes: and forwarding the two-layer data message through a two-layer forwarding destination outlet under the condition that the message type of TTL=1 is the two-layer data message.
Further, the performing different attack prevention processes in the case that the CPU is attacked includes: matching protocol message characteristics when the message type of TTL=1 is a host IP protocol message and the CPU is attacked; and under the condition of successful matching, identifying the TTL=1 message as an attack message and discarding the attack message.
Further, the protocol message features include at least one of: IP protocol number, source port, destination port.
Further, the performing different attack prevention processes in the case that the CPU is attacked includes: when the message type of TTL=1 is that the message is a host IP data message and the CPU is attacked, matching the TTL field and forwarding attribute information; and under the condition of successful matching, identifying the TTL=1 message as an attack message and discarding the attack message.
Further, the performing different attack prevention processes in the case that the CPU is attacked includes: judging whether the current node has a route forwarding path or not under the condition that the message type of TTL=1 is a passing IP protocol message or a passing IP data message; under the condition that the current node has a route forwarding path and the CPU is attacked, matching a TTL field and forwarding attribute information; and under the condition of successful matching, identifying the TTL=1 message as an attack message and discarding the attack message.
Further, under the condition that the current node does not have a route forwarding path, the message is identified as a network segment route message.
According to another aspect of the present invention, there is provided a device for preventing a packet attack, including a processor and a memory, the memory storing a program, wherein when the program is executed by the processor, any one of the above-mentioned packet attack preventing methods is implemented.
According to another aspect of the present invention, there is provided a computer readable storage medium having stored thereon a computer program, wherein the computer program when executed by a processor implements the steps of any one of the above-mentioned methods of preventing a message attack.
The invention provides a scheme and implementation for preventing message attack aiming at a message with TTL=1, and classifies the message with TTL=1 according to the type of the message; aiming at different types of messages with TTL=1, different anti-attack processing is carried out under the condition that a CPU is attacked, and granularity of speed limiting punishment of various network messages is refined.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiments of the invention and together with the description serve to explain the invention and do not constitute a limitation on the invention. In the drawings:
FIG. 1 is a flow chart of a method for preventing message attacks according to an embodiment of the present invention;
fig. 2 is a block diagram of a packet attack prevention apparatus according to an embodiment of the present invention.
Detailed Description
The invention will be described in detail hereinafter with reference to the drawings in conjunction with embodiments. It should be noted that, in the case of no conflict, the embodiments and features in the embodiments may be combined with each other.
In this embodiment, a method for preventing a packet attack is provided, and fig. 1 is a flowchart of the method for preventing a packet attack according to an embodiment of the present invention, as shown in fig. 1:
step S102, classifying the TTL=1 messages according to the message types;
in an alternative embodiment, the message type includes at least one of: host IP protocol message, passing IP protocol message, two-layer data message, host IP data message, and passing IP data message.
Specifically, the specific distinguishing method of the message type comprises the following steps:
for an IP network protocol message with TTL=1, dividing the three-layer IP network protocol message into a host IP network protocol message and a passing IP network protocol message according to whether a destination IP address is a host gateway IP;
dividing the message into a two-layer data message and a three-layer network data message according to the forwarding attribute so as to avoid that the two-layer passing message with the forwarding purpose of other network nodes is terminated at the current network node; further, according to whether the destination IP address is the host gateway IP, the three-layer network data message is divided into a host IP data message and a transit IP data message, and the IP data message sent to the CPU is uniformly identified as an IP network message with ttl=1.
Further, the host IP network protocol message is preferentially identified as the original protocol message type according to the message characteristics. Hardware ACL resources can be saved by distinguishing protocol messages according to the destination IP address. For the transit network protocol messages, if ARP entries are present, although such messages will not impact the CPU anymore, their ttl=1 attribute is not terminated at the network node. The above-mentioned ways of identifying the type of the original protocol message include, but are not limited to: IP protocol number, source port information, destination port information, etc.
Optionally, identifying the network message with the three-layer forwarding attribute as the three-layer network data message under the condition that all network protocol types are not matched.
Step S104, for different types of packets with ttl=1, performing different attack protection processes when the CPU is attacked.
In a first alternative embodiment, in the case that the ttl=1 packet type is a two-layer data packet, the two-layer data packet is forwarded through the two-layer forwarding destination outlet. One implementation of this alternative embodiment is to determine the two-layer forwarding destination egress by querying the mac table.
In a second alternative embodiment, when the message type of ttl=1 is a host IP protocol message and the CPU is attacked, matching the characteristics of the protocol message; and under the condition of successful matching, identifying the TTL=1 message as an attack message and discarding the attack message.
Optionally, the protocol message feature includes at least one of: IP protocol number, source port, and destination port. It is worth mentioning that increasing the feature degree of the matching protocol message can effectively reduce the situation of mismatching and improve the matching accuracy. The matching mode of the protocol message features can be ACL matching. And realizing speed limiting punishment on attack messages by discarding the successfully matched TTL=1 messages.
In a third alternative embodiment, when the message type of ttl=1 is that the message is a host IP data message and the CPU is attacked, the TTL field and the forwarding attribute information are matched; and under the condition of successful matching, identifying the TTL=1 message as an attack message and discarding the attack message. The mode of matching the TTL field and the forwarding attribute information can be ACL matching, namely, whether the host IP data message is an attack message is determined through a matching item issued by the ACL.
In a fourth alternative embodiment, if the ttl=1 packet type is a transit IP protocol packet or a transit IP data packet, determining whether the current node has a route forwarding path; under the condition that the current node has a route forwarding path and the CPU is attacked, matching a TTL field and forwarding attribute information; and under the condition of successful matching, identifying the TTL=1 message as an attack message and discarding the attack message.
Optionally, if the current node does not have a route forwarding path, identifying the message as a network segment route message.
For the protocol message, if the destination IP of the network message of the protocol type is the network segment IP of the gateway of the current network node, that is, the message is a passing IP protocol message, the ARP table of the current network node is queried, and whether the passing IP protocol message has a route forwarding path is determined. If no corresponding route forwarding path exists in the ARP table, identifying the ARP table as a network segment route message; otherwise, the message is identified as a ttl=1 type message. Under the condition of CPU-Guard anti-attack, ACL matching is carried out according to TTL fields and forwarding attributes, if the TTL fields in the IP header of the attack message are equal to the matching items issued by the ACL (namely TTL=1) and the message has three layers of forwarding attributes, namely the passing IP protocol message is determined to be the attack message, and the speed limit punishment of the attack message is completed by discarding the message.
For the network data message, if the destination IP of the network data message is the network segment IP of the current network node gateway, that is, the message is a passing IP data message, the ARP table of the current network node is queried to determine whether the passing IP data message has a route forwarding path. If no corresponding table entry exists in the ARP table, identifying the ARP table as a network segment routing message; otherwise, the message is identified as a ttl=1 type message. Under the condition of CPU-Guard anti-attack, ACL matching is carried out according to TTL fields and forwarding attributes, if the TTL fields in the IP header of the attack message are equal to the matching items issued by the ACL (namely TTL=1) and the message has three layers of forwarding attributes, namely, the passing IP data message is determined to be the attack message, and the speed limit penalty of the attack message is completed by discarding the message.
By the method, fine granularity identification and division of the TTL=1 message can be realized, and the mutual influence among various network messages caused by coarse granularity matching speed limiting punishment is avoided, so that the CPU-Guard attack prevention of the TTL=1 message is realized.
Fig. 2 is a block diagram of a device for preventing a packet attack according to an embodiment of the present invention, as shown in fig. 2, including a processor 21 and a memory 22, where a program is stored in the memory, and when the program is executed by the processor 21, any one of the above-mentioned method for preventing a packet attack is implemented.
The embodiment of the invention also provides a computer readable storage medium, on which a computer program is stored, wherein the computer program realizes the steps of any one of the above-mentioned message attack prevention methods when being executed by a processor.
It will be appreciated by those skilled in the art that the modules or steps of the invention described above may be implemented in a general purpose computing device, they may be concentrated on a single computing device, or distributed across a network of computing devices, they may alternatively be implemented in program code executable by computing devices, so that they may be stored in a memory device for execution by computing devices, and in some cases, the steps shown or described may be performed in a different order than that shown or described, or they may be separately fabricated into individual integrated circuit modules, or multiple modules or steps within them may be fabricated into a single integrated circuit module for implementation. Thus, the present invention is not limited to any specific combination of hardware and software.
The above is only a preferred embodiment of the present invention, and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (9)
1. The method for preventing the message attack is characterized by being applied to a message with a time-to-live value TTL=1, and comprises the following steps:
classifying the messages with TTL=1 according to the message types;
aiming at different types of messages with TTL=1, carrying out different anti-attack processing under the condition that a CPU is attacked;
the message type includes two layers of data messages, and the different anti-attack processes are performed under the condition that the CPU is attacked, including:
and forwarding the two-layer data message through a two-layer forwarding destination outlet when the message type of TTL=1 is the two-layer data message, wherein the two-layer data message is the two-layer message of the destination MAC non-self node.
2. The method of claim 1, wherein the message type further comprises at least one of: host IP protocol message, passing IP protocol message, host IP data message, and passing IP data message.
3. The method for preventing packet attack according to claim 2, wherein the performing different attack prevention processes in the case that the CPU is attacked includes:
matching protocol message characteristics when the message type of TTL=1 is a host IP protocol message and the CPU is attacked;
and under the condition of successful matching, identifying the message with TTL=1 as an attack message and discarding the attack message.
4. The method for preventing packet attack according to claim 3, wherein the protocol packet characteristics include at least one of: IP protocol number, source port, destination port.
5. The method for preventing packet attack according to claim 2, wherein the performing different attack prevention processes in the case that the CPU is attacked includes:
matching a TTL field and forwarding attribute information when the message type of TTL=1 is that the message is a host IP data message and the CPU is attacked;
and under the condition of successful matching, identifying the message with TTL=1 as an attack message and discarding the attack message.
6. The method for preventing packet attack according to claim 2, wherein the performing different attack prevention processes in the case that the CPU is attacked includes:
judging whether the current node has a route forwarding path or not under the condition that the message type of TTL=1 is a passing IP protocol message or a passing IP data message;
under the condition that a route forwarding path exists in the current node and a CPU is attacked, matching a TTL field and forwarding attribute information;
and under the condition of successful matching, identifying the message with TTL=1 as an attack message and discarding the attack message.
7. The method for preventing message attack according to claim 6, wherein the method comprises:
and under the condition that the current node does not have a route forwarding path, identifying the message as a network segment route message.
8. A device for preventing message attack comprises a processor and a memory, wherein the memory stores a program,
the method for preventing a message attack according to any of claims 1-7 is implemented when said program is executed by said processor.
9. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method for preventing a message attack according to any of claims 1-7.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910795897.4A CN112448912B (en) | 2019-08-27 | 2019-08-27 | Method, device and storage medium for preventing message attack |
PCT/CN2020/101056 WO2021036535A1 (en) | 2019-08-27 | 2020-07-09 | Method and apparatus for resisting packet attack, and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910795897.4A CN112448912B (en) | 2019-08-27 | 2019-08-27 | Method, device and storage medium for preventing message attack |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112448912A CN112448912A (en) | 2021-03-05 |
CN112448912B true CN112448912B (en) | 2023-08-01 |
Family
ID=74685561
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910795897.4A Active CN112448912B (en) | 2019-08-27 | 2019-08-27 | Method, device and storage medium for preventing message attack |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN112448912B (en) |
WO (1) | WO2021036535A1 (en) |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006135885A (en) * | 2004-11-09 | 2006-05-25 | Mitsubishi Electric Corp | Attack route analyzing apparatus, attack route analyzing method and program |
WO2007006193A1 (en) * | 2005-07-07 | 2007-01-18 | Huawei Technologies Co., Ltd. | A method for preventing the user from obtaining the service provider network information and the equipment as well as the system thereof |
CN101321133A (en) * | 2008-07-10 | 2008-12-10 | 中兴通讯股份有限公司 | Method and apparatus for processing packet |
CN101340440A (en) * | 2008-08-11 | 2009-01-07 | 中兴通讯股份有限公司 | Method and apparatus for defending network attack |
CN105577536A (en) * | 2016-01-29 | 2016-05-11 | 华为技术有限公司 | Message processing method and network device |
CN105939322A (en) * | 2015-12-08 | 2016-09-14 | 杭州迪普科技有限公司 | Message attack protection method and device |
CN106470187A (en) * | 2015-08-17 | 2017-03-01 | 中兴通讯股份有限公司 | Prevent dos attack methods, devices and systems |
CN108075991A (en) * | 2016-11-18 | 2018-05-25 | 新华三技术有限公司 | Message forwarding method and device |
CN108650237A (en) * | 2018-04-13 | 2018-10-12 | 烽火通信科技股份有限公司 | A kind of packet safety detection method and system based on the time-to-live |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101582833B (en) * | 2008-05-15 | 2011-10-05 | 成都市华为赛门铁克科技有限公司 | Method and device for processing spoofed IP data packet |
US9219667B2 (en) * | 2013-03-14 | 2015-12-22 | Ixia | Methods, systems, and computer readable media for selectively processing packets using time to live (TTL) information |
CN103647716A (en) * | 2013-11-22 | 2014-03-19 | 上海斐讯数据通信技术有限公司 | A data packet rapid forwarding method and an apparatus |
US9369477B2 (en) * | 2014-05-29 | 2016-06-14 | Empire Technology Development Llc | Mitigation of path-based convergence attacks |
US10887344B2 (en) * | 2017-09-22 | 2021-01-05 | Nec Corporation | Network endpoint spoofing detection and mitigation |
CN109657463B (en) * | 2018-12-18 | 2021-08-20 | 北京东土军悦科技有限公司 | Method and device for defending message flooding attack |
-
2019
- 2019-08-27 CN CN201910795897.4A patent/CN112448912B/en active Active
-
2020
- 2020-07-09 WO PCT/CN2020/101056 patent/WO2021036535A1/en active Application Filing
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006135885A (en) * | 2004-11-09 | 2006-05-25 | Mitsubishi Electric Corp | Attack route analyzing apparatus, attack route analyzing method and program |
WO2007006193A1 (en) * | 2005-07-07 | 2007-01-18 | Huawei Technologies Co., Ltd. | A method for preventing the user from obtaining the service provider network information and the equipment as well as the system thereof |
CN101321133A (en) * | 2008-07-10 | 2008-12-10 | 中兴通讯股份有限公司 | Method and apparatus for processing packet |
CN101340440A (en) * | 2008-08-11 | 2009-01-07 | 中兴通讯股份有限公司 | Method and apparatus for defending network attack |
CN106470187A (en) * | 2015-08-17 | 2017-03-01 | 中兴通讯股份有限公司 | Prevent dos attack methods, devices and systems |
CN105939322A (en) * | 2015-12-08 | 2016-09-14 | 杭州迪普科技有限公司 | Message attack protection method and device |
CN105577536A (en) * | 2016-01-29 | 2016-05-11 | 华为技术有限公司 | Message processing method and network device |
CN108075991A (en) * | 2016-11-18 | 2018-05-25 | 新华三技术有限公司 | Message forwarding method and device |
CN108650237A (en) * | 2018-04-13 | 2018-10-12 | 烽火通信科技股份有限公司 | A kind of packet safety detection method and system based on the time-to-live |
Non-Patent Citations (1)
Title |
---|
防范DDoS的路由器转发层面措施;肖敏;;绵阳师范学院学报(第02期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN112448912A (en) | 2021-03-05 |
WO2021036535A1 (en) | 2021-03-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3210345B1 (en) | Transparent network service header path proxies | |
KR101664922B1 (en) | System and Method for Distribution of Policy Enforcement Point | |
US9755959B2 (en) | Dynamic service path creation | |
US8958418B2 (en) | Frame handling within multi-stage switching fabrics | |
US7773596B1 (en) | Distribution of traffic flow criteria | |
US7673068B2 (en) | Method and system for implementing a high availability VLAN | |
EP1775908B1 (en) | Checking for spoofed labels within a label switching computer network | |
US20180026878A1 (en) | Scalable deadlock-free deterministic minimal-path routing for dragonfly networks | |
US7953088B2 (en) | Method and apparatus for packet classification and rewriting | |
US8913613B2 (en) | Method and system for classification and management of inter-blade network traffic in a blade server | |
EP2767047B1 (en) | Distributed ipv6 neighbor discovery for large datacenter switching systems | |
US20120044935A1 (en) | Relay control unit, relay control system, relay control method, and relay control program | |
US9917794B2 (en) | Redirection IP packet through switch fabric | |
CN107147581B (en) | Maintenance method and device for routing table entry | |
CN107690004A (en) | The processing method and processing device of address analysis protocol message | |
US10476774B2 (en) | Selective transmission of bidirectional forwarding detection (BFD) messages for verifying multicast connectivity | |
US20210203695A1 (en) | Anti-spoofing attack check method, device, and system | |
US8078758B1 (en) | Automatic configuration of source address filters within a network device | |
US10063675B2 (en) | Performing duplicate address detection for an integrated routing and bridging device | |
CN112448912B (en) | Method, device and storage medium for preventing message attack | |
CN111654558B (en) | ARP interaction and intranet flow forwarding method, device and equipment | |
US20130246652A1 (en) | Discover IPv4 Directly Connected Host Conversations Using ARP in Distributed Routing Platforms | |
US20150222538A1 (en) | Method of Operating a Switch or Access Node in a Network and a Processing Apparatus Configured to Implement the Same | |
WO2021240215A1 (en) | Reordering and reframing packets | |
US9282061B1 (en) | Systems and methods for handling ARP messages in modular network devices |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |