CN112468495A - Degradation monitoring method, system and medium for complete forward secrecy encryption system - Google Patents
Degradation monitoring method, system and medium for complete forward secrecy encryption system Download PDFInfo
- Publication number
- CN112468495A CN112468495A CN202011347275.4A CN202011347275A CN112468495A CN 112468495 A CN112468495 A CN 112468495A CN 202011347275 A CN202011347275 A CN 202011347275A CN 112468495 A CN112468495 A CN 112468495A
- Authority
- CN
- China
- Prior art keywords
- data packet
- encryption
- reverse proxy
- forward secrecy
- switch
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0464—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
Abstract
The invention provides a degradation monitoring system, a method and a medium of a complete forward secrecy encryption system, comprising the following steps: a request module and a response module; the request module comprises a data packet input reverse proxy device encrypted by a complete forward secrecy mode; the reverse proxy equipment decrypts the complete forward secret data packet and inputs the decrypted complete forward secret data packet into the switch; the switch forwards the ordinary encrypted data packet to an internal business service system, and sends the ordinary encrypted data packet to a monitoring server after being subjected to mirror image replication; the corresponding module comprises an internal business service system which sends a response data packet to the switch; the exchanger mirror copies the response data packet and sends the response data packet to the monitoring server, and forwards the response data packet to the reverse proxy equipment, and the reverse proxy equipment responds to the response data packet encrypted in a complete forward secrecy mode. The invention provides a non-intrusive scheme, which enables network service monitoring to be normally implemented on the premise of not sacrificing the external service provision in a complete forward secrecy mode.
Description
Technical Field
The invention relates to the technical field of network service monitoring, in particular to a degradation monitoring method, a degradation monitoring system and a degradation monitoring medium of a complete forward secrecy encryption system.
Background
Network traffic monitoring refers to monitoring availability and security by identifying traffic information through network traffic analysis (including but not limited to means of packet capture, decoding, transaction association, index statistics, alarms, and the like).
Network traffic monitoring has very important significance: 1) the method comprises the steps of visualizing flow, establishing a service baseline, and providing a threshold value and a baseline alarm to ensure stable operation of the service; 2) identifying attacks in the request and preventing the attacks by a security method; 3) protecting against illegal transmission of internal confidential data to the external network.
With the increasing security requirements of users, user service systems are gradually migrating from a common asymmetric encryption mode to a full Forward Privacy (PFS) encryption mode. In the prior art, the internal service private key is deployed in a monitoring server for decryption monitoring, and decryption cannot be completed in a completely forward secret encryption mode, so that network service monitoring cannot be completed.
The invention provides a method for monitoring encryption degradation, which enables a user service system to serve the outside in a completely forward secrecy mode, but internal degradation is in a common encryption (or non-encryption) mode so as to simultaneously carry out decryption monitoring on service network flow.
Patent document US20180062854a1, which requires the use of dedicated hardware. And the decryption monitoring party acquires the temporary key in the pfs exchange process stored in the hardware equipment after authorization to complete decryption. The action of storing the temporary key in the key exchange process of the communication party weakens the safety of pfs. That is, the external monitor, after obtaining the key in the dedicated hardware, can decrypt the previously captured traffic, defeating forward secrecy.
In view of the above-mentioned drawbacks of the prior art, the technical problems to be solved by the present invention are as follows:
1) the communication is in a complete forward-secret (perfect forward secret) encryption mode, because a temporarily generated key pair is used in the process of pfs exchanging the key, the communication cannot be decrypted by simply deploying a private key in the monitoring server.
2) There is a certain risk of injecting a key interception program in the business system: for example, the injected program is unstable, which affects the normal operation of the business system.
Disclosure of Invention
In view of the deficiencies in the prior art, it is an object of the present invention to provide a system, method and medium for degradation monitoring of a fully forward secrecy encryption system.
The invention provides a degradation monitoring system of a complete forward secrecy encryption system, which comprises: a request module and a response module;
the request module comprises a data packet input reverse proxy device encrypted by a complete forward secrecy mode; the reverse proxy equipment decrypts the complete forward secret data packet and inputs the decrypted complete forward secret data packet into the switch; the switch forwards the ordinary encrypted data packet to an internal business service system, and sends the ordinary encrypted data packet to a monitoring server after being subjected to mirror image replication;
the corresponding module comprises an internal business service system which sends a response data packet to the switch; the exchanger mirror copies the response data packet and sends the response data packet to the monitoring server, and forwards the response data packet to the reverse proxy equipment, and the reverse proxy equipment responds to the response data packet encrypted in a complete forward secrecy mode.
Preferably, the reverse proxy device is deployed externally in a fully forward-secret encryption manner, including key exchange encryption suites of DHE and ECDHE classes.
Preferably, the reverse proxy device decrypts the completely forward secure packet and then performs normal encryption, and inputs the normally encrypted packet into the switch.
Preferably, the internal traffic service system sends the response packet to the switch in a normal encrypted manner.
The invention provides a degradation monitoring method of a complete forward secrecy encryption system, which comprises the following steps:
step M1: inputting the data packet encrypted by a complete forward secrecy mode into a reverse proxy device; the reverse proxy equipment decrypts the complete forward secret data packet and inputs the decrypted complete forward secret data packet into the switch; the switch forwards the ordinary encrypted data packet to an internal business service system, and sends the ordinary encrypted data packet to a monitoring server after being subjected to mirror image replication;
step M2: the internal business service system sends a response data packet to the switch; the exchanger mirror copies the response data packet and sends the response data packet to the monitoring server, and forwards the response data packet to the reverse proxy equipment, and the reverse proxy equipment responds to the response data packet encrypted in a complete forward secrecy mode.
Preferably, the reverse proxy device is deployed externally in a fully forward-secret encryption manner, including key exchange encryption suites of DHE and ECDHE classes.
Preferably, the reverse proxy device decrypts the completely forward secure packet and then performs normal encryption, and inputs the normally encrypted packet into the switch.
Preferably, the internal traffic service system sends the response packet to the switch in a normal encrypted manner.
According to the present invention, a computer-readable storage medium is provided, in which a computer program is stored, which, when being executed by a processor, carries out the steps of the method as described above.
Compared with the prior art, the invention has the following beneficial effects:
1. the invention provides a non-invasive scheme, which does not need to arrange a key interception program on an internal business server and enables network business monitoring to be normally implemented on the premise of not sacrificing external service provision in a complete forward secrecy mode;
2. the invention discloses a degradation monitoring method of a complete forward secrecy encryption system, which comprises the following steps: and (3) a universal DHE (distributed hash algorithm) and ECDHE (elliptic curve cipher) encryption suite is deployed on the front-end reverse proxy equipment without special hardware. The decryption monitor accomplishes the decryption by deploying the same key as in the service server. The encryption security of the internal service is weakened, but the pfs security of the external service is not weakened at all, and an external monitor cannot decrypt the previously captured traffic even if the external monitor obtains a service server private key.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments with reference to the following drawings:
FIG. 1 is a flow diagram of a method for degradation monitoring request for a full forward secrecy encryption system;
FIG. 2 is a system diagram of a degradation monitoring system request flow for a full forward secrecy encryption system;
FIG. 3 is a system diagram of a degradation monitoring method response flow for a full forward secrecy encryption system;
fig. 4 is a system diagram of a degradation monitoring system response flow for a full forward secrecy encryption system.
Detailed Description
The present invention will be described in detail with reference to specific examples. The following examples will assist those skilled in the art in further understanding the invention, but are not intended to limit the invention in any way. It should be noted that it would be obvious to those skilled in the art that various changes and modifications can be made without departing from the spirit of the invention. All falling within the scope of the present invention.
Example 1
The invention provides a degradation monitoring system of a complete forward secrecy encryption system, which comprises: a request module and a response module;
the request module comprises a data packet input reverse proxy device encrypted by a complete forward secrecy mode; the reverse proxy equipment decrypts the complete forward secret data packet and inputs the decrypted complete forward secret data packet into the switch; the switch forwards the ordinary encrypted data packet to an internal business service system, and sends the ordinary encrypted data packet to a monitoring server after being subjected to mirror image replication;
the corresponding module comprises an internal business service system which sends a response data packet to the switch; the exchanger mirror copies the response data packet and sends the response data packet to the monitoring server, and forwards the response data packet to the reverse proxy equipment, and the reverse proxy equipment responds to the response data packet encrypted in a complete forward secrecy mode.
Specifically, the reverse proxy device is deployed externally in a fully forward-secret encryption manner, including key exchange encryption suites of DHE and ECDHE classes.
Specifically, the reverse proxy device decrypts a complete forward secure packet, performs ordinary encryption, and inputs the ordinary encrypted packet into the switch.
Specifically, the internal traffic service system sends a response packet to the switch in a normal encrypted manner.
The invention provides a degradation monitoring method of a complete forward secrecy encryption system, which comprises the following steps:
step M1: inputting the data packet encrypted by a complete forward secrecy mode into a reverse proxy device; the reverse proxy equipment decrypts the complete forward secret data packet and inputs the decrypted complete forward secret data packet into the switch; the switch forwards the ordinary encrypted data packet to an internal business service system, and sends the ordinary encrypted data packet to a monitoring server after being subjected to mirror image replication;
step M2: the internal business service system sends a response data packet to the switch; the exchanger mirror copies the response data packet and sends the response data packet to the monitoring server, and forwards the response data packet to the reverse proxy equipment, and the reverse proxy equipment responds to the response data packet encrypted in a complete forward secrecy mode.
Specifically, the reverse proxy device is deployed externally in a fully forward-secret encryption manner, including key exchange encryption suites of DHE and ECDHE classes.
Specifically, the reverse proxy device decrypts a complete forward secure packet, performs ordinary encryption, and inputs the ordinary encrypted packet into the switch.
Specifically, the internal traffic service system sends a response packet to the switch in a normal encrypted manner.
According to the present invention, there is provided a computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the steps of the method described above.
Example 2
Example 2 is a modification of example 1
The system of the present invention comprises 4 parts of components:
reverse proxy device (front-end external): and (4) deploying encryption modes with complete forward secrecy, such as DHE and ECDHE key exchange encryption suites.
(internal) intermediate switch: and the system is responsible for connecting the front-end reverse proxy equipment and internal business services and copying and forwarding the data packets passing through the switch to the internal monitoring server in a mirror image manner.
(internal) business service system: and (3) deploying a common encryption mode (such as a common RSA key exchange encryption suite) or not encrypting, and providing specific business services.
(internal) monitoring server: and deploying a private key of the internal business service, receiving a data packet mirrored by the switch, and decrypting the data packet to monitor the business.
The invention comprises two processes:
scheme 1: and a request flow, which is a process that an encryption request enters the system of the invention from the outside, is sent to the internal business service processing, and simultaneously, the business monitoring is completed.
And (2) a flow scheme: and responding, namely encrypting and returning the data to the requester after the internal business service processing is requested.
As shown in fig. 1 to 2, the process 1 includes the following steps:
step 1.1: the data packet encrypted in a complete forward secrecy mode enters a reverse proxy device at the front end from the outside of the system. (the reverse proxy device is deployed externally in a completely forward secret encryption mode, such as a DHE and ECDHE key exchange encryption suite; it normally requests an internal business service system internally and completes the reverse proxy);
step 1.2: the head-end equipment requests data to the internal service system in a normal encrypted (or unencrypted) manner.
Step 1.3: the switch forwards the data packet to the internal traffic service system.
Step 1.4: and the switch sends the data packet to the monitoring server after mirroring and copying.
As shown in fig. 3-4, the process 2 includes the following steps:
step 2.1: the internal business service system sends a response data packet to the outside in a common encryption (or non-encryption) mode;
step 2.2: and the switch sends the data packet to the monitoring server after mirroring and copying.
Step 2.3: the switch forwards the packet to the reverse proxy device at the front end.
Step 2.4: the front-end reverse proxy equipment responds to the external response data packet encrypted in a complete forward security mode.
Those skilled in the art will appreciate that, in addition to implementing the systems, apparatus, and various modules thereof provided by the present invention in purely computer readable program code, the same procedures can be implemented entirely by logically programming method steps such that the systems, apparatus, and various modules thereof are provided in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Therefore, the system, the device and the modules thereof provided by the present invention can be considered as a hardware component, and the modules included in the system, the device and the modules thereof for implementing various programs can also be considered as structures in the hardware component; modules for performing various functions may also be considered to be both software programs for performing the methods and structures within hardware components.
The foregoing description of specific embodiments of the present invention has been presented. It is to be understood that the present invention is not limited to the specific embodiments described above, and that various changes or modifications may be made by one skilled in the art within the scope of the appended claims without departing from the spirit of the invention. The embodiments and features of the embodiments of the present application may be combined with each other arbitrarily without conflict.
Claims (9)
1. A degradation monitoring system for a full forward secrecy encryption system, comprising: a request module and a response module;
the request module comprises a data packet input reverse proxy device encrypted by a complete forward secrecy mode; the reverse proxy equipment decrypts the complete forward secret data packet and inputs the decrypted complete forward secret data packet into the switch; the switch forwards the ordinary encrypted data packet to an internal business service system, and sends the ordinary encrypted data packet to a monitoring server after being subjected to mirror image replication;
the corresponding module comprises an internal business service system which sends a response data packet to the switch; the exchanger mirror copies the response data packet and sends the response data packet to the monitoring server, and forwards the response data packet to the reverse proxy equipment, and the reverse proxy equipment responds to the response data packet encrypted in a complete forward secrecy mode.
2. A degradation monitoring system of a full forward secrecy encryption system according to claim 1, wherein the reverse proxy device is deployed externally in a full forward secrecy encryption manner, including key exchange encryption suites of DHE and ECDHE classes.
3. The system for monitoring degradation of a perfect forward secrecy encryption system according to claim 1, wherein the reverse proxy device decrypts the perfect forward secrecy packet and performs a normal encryption, and inputs the normal encrypted packet to the switch.
4. The system for monitoring degradation of a perfect forward secrecy encryption system according to claim 1, wherein the internal traffic service system sends the response packet to the switch in a normal encryption manner.
5. A degradation monitoring method for a full forward secrecy encryption system, comprising:
step M1: inputting the data packet encrypted by a complete forward secrecy mode into a reverse proxy device; the reverse proxy equipment decrypts the complete forward secret data packet and inputs the decrypted complete forward secret data packet into the switch; the switch forwards the ordinary encrypted data packet to an internal business service system, and sends the ordinary encrypted data packet to a monitoring server after being subjected to mirror image replication;
step M2: the internal business service system sends a response data packet to the switch; the exchanger mirror copies the response data packet and sends the response data packet to the monitoring server, and forwards the response data packet to the reverse proxy equipment, and the reverse proxy equipment responds to the response data packet encrypted in a complete forward secrecy mode.
6. The degradation monitoring method of the full forward secrecy encryption system according to claim 5, wherein the reverse proxy device is deployed externally in a full forward secrecy encryption manner, including key exchange encryption suites of DHE and ECDHE types.
7. The degradation monitoring method of the perfect forward secrecy encryption system according to claim 5, wherein the reverse proxy device decrypts the perfect forward secrecy packet, performs ordinary encryption, and inputs the ordinary encrypted packet to the switch.
8. The degradation monitoring method of the perfect forward secrecy encryption system according to claim 5, wherein the internal traffic service system sends the response packet to the switch in a normal encryption manner.
9. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011347275.4A CN112468495B (en) | 2020-11-26 | 2020-11-26 | Degradation monitoring method, system and medium for complete forward secrecy encryption system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011347275.4A CN112468495B (en) | 2020-11-26 | 2020-11-26 | Degradation monitoring method, system and medium for complete forward secrecy encryption system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112468495A true CN112468495A (en) | 2021-03-09 |
CN112468495B CN112468495B (en) | 2022-05-17 |
Family
ID=74808521
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011347275.4A Active CN112468495B (en) | 2020-11-26 | 2020-11-26 | Degradation monitoring method, system and medium for complete forward secrecy encryption system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112468495B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113114781A (en) * | 2021-04-27 | 2021-07-13 | 国网浙江省电力有限公司检修分公司 | Proxy service device and method for monitoring system |
CN113784236A (en) * | 2021-11-11 | 2021-12-10 | 深圳华锐金融技术股份有限公司 | Distributed data acquisition monitoring method, device, equipment and medium |
CN114338169A (en) * | 2021-12-29 | 2022-04-12 | 北京天融信网络安全技术有限公司 | Request processing method, device, server and computer readable storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107409133A (en) * | 2015-03-30 | 2017-11-28 | 高通股份有限公司 | Certifiede-mail protocol with complete forward secrecy |
CN108156178A (en) * | 2018-01-30 | 2018-06-12 | 上海天旦网络科技发展有限公司 | A kind of SSL/TLS data monitoring systems and method |
CN109218364A (en) * | 2017-07-04 | 2019-01-15 | 武汉安天信息技术有限责任公司 | Encrypt monitoring method, proxy server end, client to be monitored and the monitoring system of data on flows |
CN110870277A (en) * | 2017-06-26 | 2020-03-06 | 微软技术许可有限责任公司 | Introducing middleboxes into secure communication between a client and a server |
CN111819824A (en) * | 2017-12-23 | 2020-10-23 | 迈克菲有限责任公司 | Decrypting transport layer security traffic without a broker |
CN113489705A (en) * | 2021-06-30 | 2021-10-08 | 中国银联股份有限公司 | Method and device storage medium for capturing HTTP (hyper text transport protocol) communication data of application program |
-
2020
- 2020-11-26 CN CN202011347275.4A patent/CN112468495B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107409133A (en) * | 2015-03-30 | 2017-11-28 | 高通股份有限公司 | Certifiede-mail protocol with complete forward secrecy |
CN110870277A (en) * | 2017-06-26 | 2020-03-06 | 微软技术许可有限责任公司 | Introducing middleboxes into secure communication between a client and a server |
CN109218364A (en) * | 2017-07-04 | 2019-01-15 | 武汉安天信息技术有限责任公司 | Encrypt monitoring method, proxy server end, client to be monitored and the monitoring system of data on flows |
CN111819824A (en) * | 2017-12-23 | 2020-10-23 | 迈克菲有限责任公司 | Decrypting transport layer security traffic without a broker |
CN108156178A (en) * | 2018-01-30 | 2018-06-12 | 上海天旦网络科技发展有限公司 | A kind of SSL/TLS data monitoring systems and method |
CN113489705A (en) * | 2021-06-30 | 2021-10-08 | 中国银联股份有限公司 | Method and device storage medium for capturing HTTP (hyper text transport protocol) communication data of application program |
Non-Patent Citations (1)
Title |
---|
余彩霞等: "基于多级安全加密的电子文件流转中的访问控制研究", 《档案学通讯》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113114781A (en) * | 2021-04-27 | 2021-07-13 | 国网浙江省电力有限公司检修分公司 | Proxy service device and method for monitoring system |
CN113784236A (en) * | 2021-11-11 | 2021-12-10 | 深圳华锐金融技术股份有限公司 | Distributed data acquisition monitoring method, device, equipment and medium |
CN113784236B (en) * | 2021-11-11 | 2022-02-18 | 深圳华锐金融技术股份有限公司 | Distributed data acquisition monitoring method, device, equipment and medium |
CN114338169A (en) * | 2021-12-29 | 2022-04-12 | 北京天融信网络安全技术有限公司 | Request processing method, device, server and computer readable storage medium |
CN114338169B (en) * | 2021-12-29 | 2023-11-14 | 北京天融信网络安全技术有限公司 | Request processing method, device, server and computer readable storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN112468495B (en) | 2022-05-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112468495B (en) | Degradation monitoring method, system and medium for complete forward secrecy encryption system | |
US7751570B2 (en) | Method and apparatus for managing cryptographic keys | |
CN100464549C (en) | Method for realizing data safety storing business | |
EP3324572B1 (en) | Information transmission method and mobile device | |
US9762548B2 (en) | Controlling encrypted data stored on a remote storage device | |
US11831753B2 (en) | Secure distributed key management system | |
JP2008533882A (en) | How to backup and restore encryption keys | |
CN103001976A (en) | Safe network information transmission method | |
Puvvadi et al. | Cost-effective security support in real-time video surveillance | |
KR101496318B1 (en) | Apparatus and method for providing security in remote digital forensics | |
CN113472793A (en) | Personal data protection system based on hardware password equipment | |
CA3097749A1 (en) | Peer identity verification | |
CN112685786A (en) | Financial data encryption and decryption method, system, equipment and storage medium | |
CN111741268B (en) | Video transmission method, device, server, equipment and medium | |
US20160080329A1 (en) | Mobile terminal and method thereof | |
CN103237011B (en) | Digital content encryption transmission method and server end | |
CN104104650A (en) | Data file visit method and terminal equipment | |
CN111460475B (en) | Method for implementing de-identification processing of data object main body based on cloud service | |
TW202231014A (en) | Message transmitting system, user device and hardware security module for use therein | |
JP7208383B2 (en) | Video data transmission system, method and apparatus | |
CN116244750A (en) | Secret-related information maintenance method, device, equipment and storage medium | |
Beugin et al. | Building a privacy-preserving smart camera system | |
CN114710271A (en) | Method and device for sharing encrypted data, storage medium and electronic equipment | |
US11170122B2 (en) | Method for secure access to data | |
Rastoceanu et al. | Securing Personal Data in a Video Identification System |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |