CN114070631A - Storage type hidden channel scheme based on Tor hidden service descriptor - Google Patents
Storage type hidden channel scheme based on Tor hidden service descriptor Download PDFInfo
- Publication number
- CN114070631A CN114070631A CN202111368351.4A CN202111368351A CN114070631A CN 114070631 A CN114070631 A CN 114070631A CN 202111368351 A CN202111368351 A CN 202111368351A CN 114070631 A CN114070631 A CN 114070631A
- Authority
- CN
- China
- Prior art keywords
- hidden
- channel
- data
- covert
- sender
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 claims abstract description 23
- 230000006854 communication Effects 0.000 claims description 30
- 238000004891 communication Methods 0.000 claims description 29
- 230000005540 biological transmission Effects 0.000 claims description 5
- 230000008569 process Effects 0.000 claims description 4
- 238000013144 data compression Methods 0.000 claims description 3
- 230000001360 synchronised effect Effects 0.000 claims description 3
- 239000000284 extract Substances 0.000 claims description 2
- 238000013461 design Methods 0.000 abstract description 6
- 238000005206 flow analysis Methods 0.000 abstract description 6
- 238000010276 construction Methods 0.000 abstract description 4
- 238000001514 detection method Methods 0.000 abstract description 3
- 230000007246 mechanism Effects 0.000 abstract description 3
- 241000234282 Allium Species 0.000 description 10
- 235000002732 Allium cepa var. cepa Nutrition 0.000 description 10
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000001934 delay Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 238000010187 selection method Methods 0.000 description 1
- 230000004083 survival effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a storage type hidden channel scheme based on a Tor hidden service descriptor, which firstly carries out-of-band channel construction: the method comprises the steps that a sender and a receiver construct an out-of-band channel, and negotiate protocol parameters of a covert channel through the out-of-band channel; then, carrying out hidden channel initialization: the sender and the receiver carry out channel initialization according to protocol parameters, including domain name list initialization, consensus file synchronization and directory server selection; the modem algorithm then: the sender stores the covert data into the hidden service descriptor and uploads the covert data to the hidden directory server based on the hidden service descriptor, and the receiver traverses the corresponding directory server and demodulates the covert data according to the parameters and the initialization configuration; and finally, optimizing the performance of the covert channel by using a coding and decoding algorithm with enhanced robustness. The invention avoids the attack of the flow analysis detection method and improves the concealment of the hidden channel by the design of a special data carrier selection and synchronization mechanism.
Description
Technical Field
The invention relates to a storage type hidden Channel scheme based on a Tor hidden service descriptor, and belongs to the technical field of Network hidden channels (Network covered channels) and anonymous networks (anonymous networks).
Background
Under the social environment of rapid development of the current informatization technology, the internet has been integrated into aspects of social operation. Meanwhile, the wide application of the internet makes network space security become important, and the data security requirements of some government departments also put higher demands on communication protection. The communication behavior hiding, also called hidden communication, is a technical means for hiding the actual communication behavior of a user in other communication processes so as to protect the communication behavior from being discovered, and the method has wide application in a high-security data transmission scene due to higher communication security.
In the field of covert communications, a covert channel is an important fundamental concept. A covert channel refers to a communication channel that uses a carrier that is not designed for transmitting information. Common covert channels include database covert channels, operating system covert channels, subliminal covert channels, network covert channels, inference covert channels, and the like, depending on the application. Among them, the network hidden channel has a great demand in the network communication field due to the hiding property of data transmission. With the research and development of network covert channel technology, a number of attack means for network covert channels exist, wherein flow detection is a general and effective way, and the method detects the existence of carrier characteristics of covert channels by means of flow analysis and the like so as to destroy the concealment of the covert channels, so that the concealment of the covert channels is challenged by the means of flow analysis. Meanwhile, the traditional network covert channel belongs to a single-to-single communication mode, and once the concealment is damaged, a supervisor can easily acquire the communication relation information of two communication parties of the covert channel through the open channel. Therefore, the traditional network covert channel has the hidden danger of anonymity loss.
Disclosure of Invention
The purpose of the invention is as follows: aiming at the hidden danger of anonymity loss of the traditional network covert channel, the invention provides a storage type covert channel scheme based on a Tor covert service descriptor, a traditional single-pair single covert channel model is expanded into a many-to-many interaction mode, and the attack cost of an attacker on the covert channel is improved by means of a many-to-many communication scene so as to optimize the anonymity of the attacker. Meanwhile, aiming at a hidden channel attack means based on flow analysis, the invention avoids the attack of a flow analysis detection method and improves the hidden channel concealment through special data carrier selection and synchronization mechanism design.
The technical scheme is as follows: the method for solving the technical problems is realized by the following technical scheme:
the invention relates to a storage type hidden channel scheme based on a Tor hidden service descriptor, which comprises the following steps:
(1) constructing an out-of-band channel: the method comprises the steps that a sender and a receiver construct an out-of-band channel, and negotiate protocol parameters of a covert channel through the out-of-band channel;
(2) hidden channel initialization: the sender and the receiver carry out channel initialization according to protocol parameters, including domain name list initialization, consensus file synchronization and directory server selection;
(3) modulation and demodulation algorithm: the sender stores the covert data into the hidden service descriptor and uploads the covert data to the hidden directory server based on the hidden service descriptor, and the receiver traverses the corresponding directory server and demodulates the covert data according to the parameters and the initialization configuration;
(4) and (3) encoding and decoding scheme: the performance of the covert channel is optimized by a coding and decoding algorithm with enhanced robustness.
Further, the step (1) specifically includes:
(11) a TCP connection is established between a sender and a receiver, and an anonymous link is established through Tor during establishment so as to improve the anonymity of an out-of-band channel;
(12) the number N of directory servers to be used by the sender, and the initial sending time T of the sender0Sending the parameters to a receiver through an out-of-band channel, wherein each parameter is 4 bytes;
(13) the receiving party receives the data packet and analyzes the protocol parameter to complete the protocol parameter communication of the hidden channel.
Further, the step (2) specifically includes:
(21) initializing a domain name list: according to the beginning of the senderTime of initial transmission T0And a cycle number i, generating a domain name list using the following method: firstly, a seed character string list is generated, wherein the character strings of a sender and a receiver in the seed character string list are identical, and are both 22-byte random character strings and 10-byte time stamps (T)0+ i x T); then, generating a domain name list from the seed character string list by using a Tor domain name generation method;
(22) synchronizing the consensus files: the Tor node periodically acquires the Tor network consensus files through the local time, and a sender and a receiver keep the synchronization of the consensus files through the NTP server synchronization time;
(23) selecting a directory server: and generating a directory server list for covert communication by utilizing a Tor built-in binary selection algorithm and caching according to the Tor network complete hidden service directory server list in the consensus file and the number N of directory servers used in a unit period in the parameter.
Further, the step (3) specifically includes:
(31) the sender divides the covert data into D size and replaces the filling data of the hidden service descriptor plaintext with the covert data, so that the covert data and the descriptor plaintext data are encrypted together;
(32) the sender is based on the starting time T0Uploading hidden service descriptors according to the corresponding domain name and the directory server sequence;
(33) the receiving party is according to the starting time T0According to the corresponding domain name, requesting a descriptor of the corresponding domain name according to the sequence of the directory server;
(34) the receiving party decrypts the obtained descriptor and extracts the secret data;
(35) the process is repeated (32) to (34) using the synchronized directory server sequence and domain name list, and reception ends when the recipient receives a hidden service descriptor without stego data.
Further, the step (4) specifically includes:
(41) normal communication data is encoded and converted into data which can be stored by a hidden service descriptor through base64 according to the modulation and demodulation algorithm defined in (3);
(42) the base64 codec method increases the amount of data, and thus increases the channel capacity through data compression techniques.
Has the advantages that: compared with the prior art, the invention has the following remarkable advantages:
1. according to the method, the hidden channel is constructed based on the third-party component in the anonymous network, and information is modulated without depending on the side channel characteristics of network flow, so that the traditional hidden channel attack scheme based on flow analysis is invalid; meanwhile, the invention controls the data volume of protocol negotiation in the out-of-band channel through ingenious protocol design, and the sending party and the receiving party synchronously generate the domain name by using the parameters, so that the domain name for covert communication cannot appear in the real network space, and the difficulty of an attacker for acquiring the domain name and attacking the covert communication is higher. The design greatly improves the concealment of covert communication.
2. Conventional network covert channels are limited by the size of the protocol header field and the amount of information that characterizes the traffic side channel, and the channel capacity is typically low. The invention replaces the filling data with the secret data and encrypts by using the expandability and the encryption mechanism of the hidden service descriptor, thereby ensuring the concealment and greatly improving the channel capacity of the covert communication.
Drawings
Fig. 1 is a schematic diagram of the hidden channel technique based on hidden service descriptor storage of the present invention.
Fig. 2 is a clear text structure diagram of a hidden service descriptor.
Fig. 3 is a diagram illustrating an example of a modem algorithm of the present invention.
Detailed Description
The storage type hidden channel scheme based on the Tor hidden service descriptor guarantees high-safety hidden transmission of data. The scheme is divided into four parts, namely out-of-band channel construction, covert channel initialization, a modulation-demodulation algorithm and a coding and decoding scheme. The completion process is shown in fig. 1, and specifically includes:
1. out-of-band channel construction
As shown in FIG. 1, the sender and the receiver construct a directly connected out-of-band channel based on an anonymous network, and the process is completed by a socket cooperating with a sockets 5 protocol. The connection is used as an out-of-band channel to complete negotiation of covert channel protocol parameters.
The number N of directory servers to be used by a sender through an out-of-band channel and the initial sending time T of the sender0The data packets are organized into data packets with the size of 8 bytes, and each parameter occupies 4 bytes; the receiving party receives the data packet and analyzes the protocol parameter to complete the protocol parameter synchronization of the covert communication.
2. Covert channel initialization
The hidden channel initialization comprises three steps of domain name list initialization, consensus file synchronization and directory server selection.
Initializing a domain name list: the hidden service domain name is generated by the hidden service through a public key, and a public-private key pair of the hidden service is generated through a 32-byte random character string, so that two hidden channel parties can synchronously generate the domain name by generating the same 32-byte character string through a specific rule. The design of the invention is based on the starting time T0And a string list seeds (T) of cycle number i0I) construction rules are as follows:
(1) from T0Generated 22-byte random string RNG (T)0) Form seeds (T)0I) the first 22 bytes, the random string is synchronously calculated by the sender and the receiver and keeps the same;
(2) string () is defined as a timestamp to String method. By String (T)0+ i T) constitutes seeds (T)0I) last 10 bytes.
According to the above rules, the sender and the receiver construct and hold the same character string list seeds (T) synchronously0I) and then calculate to generate the same hidden service domain name address list onions, onions [ i ]]Indicating the domain name of the ith cycle.
Synchronizing the consensus files: and a consensus file exists in the Tor network, and all Tor nodes can synchronize Tor network information such as network bandwidth and a directory server list through the consensus file. The time of the sender and the time of the receiver are synchronized through the NTP server, so that the same versions of the consensus files of the sender and the receiver are ensured, and the synchronization of the consensus files is realized.
Selecting a directory server: routerstatus _ list is a list of Tor network complete directory server information in the Tor network consensus file. The directory server list dirs for covert communications is generated using a Tor built-in binary selection method based on the number of directory servers N used per unit period in the list and parameters.
3. Modem algorithm
As shown in fig. 2, the plaintext data of the descriptor contains information related to the hidden service introduction node and the authentication client, and the information lengths are variable, so that the descriptor has extensibility, and the extension part ensures the consistency of the plaintext data length by using padding data. After the descriptor plaintext data is generated and filled, the descriptor plaintext data is asymmetrically encrypted by using the domain name and then uploaded to the directory server. Therefore, the sender can utilize the filling space to store the secret data by replacing the filling data, and the receiver obtains the descriptor at the directory server through the domain name so as to obtain the secret data. According to the characteristics, the invention designs the modulation and demodulation algorithm of the storage type hidden channel based on the hidden service descriptor as follows:
the initial environment of the covert channel can be obtained by constructing the out-of-band channel and initializing the covert channel: covert channel start time T0The descriptor index is i, the list of hidden service directory servers is dirs, the length of the list for hidden communication is N, and the list of hidden service addresses is onions. The scheme comprises two parts of data modulation of a sending party and data demodulation of a receiving party.
And modulation of data of a sending party: the sender hides the data with the size D to
And upload it to dirs [ i% N ]]. To ensure concealment, the plaintext data of the descriptor is not more than 10000 bytes, and the experimental determination usually shows that the size of the descriptor body is 1357 bytes, so the maximum value of D is 8643 bytes.
And (3) receiver data demodulation: after the time delay sigma, the receiver goes to dirs [ i% N%]Request for
And reads the stego data. Reception ends when the receiving side receives the hidden service descriptor without the stego data.
For example, at this time, data with a size of 20000 bytes needs to be subjected to covert communication, D takes 8192 bytes, N takes 2, and the sender and the receiver generate a descriptor list [ dir1, dir2] with a size of 2 through pre-initialization, where the domain name list is onions.
As shown in fig. 3, the sender generates a descriptor corresponding to the ons [0], and stores the descriptor in the data [ 0: 8192] parts are placed and passed up to dir 1; generate a new descriptors for the onions [0], convert the data [ 8192: 16384] partial put in and upload to dir 2; generate descriptors corresponding to the onions [1], convert data [ 16384: 20000] parts are placed and uploaded to dir 1; a new descriptor corresponding to the onions [1] is generated and uploaded directly to dir 2.
After the receiver delays σ, the descriptors are correspondingly obtained from the onions [0] in dir1, and the descriptor is read from [ 0: 8192] partial and storing; the onions [0] corresponding descriptor is obtained from dir2, and the data is read as [ 8192: 16384] partial and storing; obtain the corresponding descriptor from dir1, read data [ 16384: 20000] and storing; and acquiring an onions [1] corresponding descriptor from the dir2, wherein the descriptor has no secret data and is an end mark, a receiving party does not read the end mark any more, the secret communication is ended, and the secret data is output.
Because the descriptor has a survival period, the sender only needs to upload the descriptor successfully before the receiver acquires the corresponding descriptor, and does not need to perform strict periodic synchronization between the two parties.
4. Coding and decoding scheme
Normal communication data is encoded and converted into data which can be stored by a hidden service descriptor through base 64; since the base64 codec method increases the amount of data, the channel capacity can be increased by processing the data through data compression techniques such as LZ77, huffman algorithm, etc. before base64 encoding.
Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the present application and not for limiting the scope of protection thereof, and although the present application is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: numerous variations, modifications, and equivalents will occur to those skilled in the art upon reading the present application and are within the scope of the claims appended hereto.
Claims (5)
1. A Tor hidden service descriptor based storage type hidden channel scheme, comprising the steps of:
(1) constructing an out-of-band channel: the method comprises the steps that a sender and a receiver construct an out-of-band channel, and negotiate protocol parameters of a covert channel through the out-of-band channel;
(2) hidden channel initialization: the sender and the receiver carry out channel initialization according to protocol parameters, including domain name list initialization, consensus file synchronization and directory server selection;
(3) modulation and demodulation algorithm: the sender stores the covert data into the hidden service descriptor and uploads the covert data to the hidden directory server based on the hidden service descriptor, and the receiver traverses the corresponding directory server and demodulates the covert data according to the parameters and the initialization configuration;
(4) and (3) encoding and decoding scheme: the performance of the covert channel is optimized by a coding and decoding algorithm with enhanced robustness.
2. The Tor hidden service descriptor based storage type hidden channel scheme of claim 1, wherein said step (1) specifically comprises:
(11) a TCP connection is established between a sender and a receiver, and an anonymous link is established through Tor during establishment so as to improve the anonymity of an out-of-band channel;
(12) the number N of directory servers to be used by the sender, and the initial sending time T of the sender0Sending the parameters to a receiver through an out-of-band channel, wherein each parameter is 4 bytes;
(13) the receiving party receives the data packet and analyzes the protocol parameter to complete the protocol parameter communication of the hidden channel.
3. The Tor hidden service descriptor based storage type hidden channel scheme of claim 1, wherein said step (2) specifically comprises:
(21) initializing a domain name list: according to the initial transmission time T of the sender0And a cycle number i, generating a domain name list using the following method: firstly, a seed character string list is generated, wherein the character strings of a sender and a receiver in the seed character string list are identical, and are both 22-byte random character strings and 10-byte time stamps (T)0+ i x T); then, generating a domain name list from the seed character string list by using a Tor domain name generation method;
(22) synchronizing the consensus files: the Tor node periodically acquires the Tor network consensus files through the local time, and a sender and a receiver keep the synchronization of the consensus files through the NTP server synchronization time;
(23) selecting a directory server: and generating a directory server list for covert communication by utilizing a Tor built-in binary selection algorithm and caching according to the Tor network complete hidden service directory server list in the consensus file and the number N of directory servers used in a unit period in the parameter.
4. The Tor hidden service descriptor based storage type hidden channel scheme of claim 1, wherein said step (3) specifically comprises:
(31) the sender divides the covert data into D size and replaces the filling data of the hidden service descriptor plaintext with the covert data, so that the covert data and the descriptor plaintext data are encrypted together;
(32) the sender is based on the starting time T0Uploading hidden service descriptors according to the corresponding domain name and the directory server sequence;
(33) the receiving party is according to the starting time T0According to the corresponding domain name, requesting a descriptor of the corresponding domain name according to the sequence of the directory server;
(34) the receiving party decrypts the obtained descriptor and extracts the secret data;
(35) the process is repeated (32) to (34) using the synchronized directory server sequence and domain name list, and reception ends when the recipient receives a hidden service descriptor without stego data.
5. The Tor hidden service descriptor-based stored hidden channel scheme of claim 1, wherein said step (4) comprises in particular:
(41) normal communication data is encoded and converted into data which can be stored by a hidden service descriptor through base64 according to the modulation and demodulation algorithm defined in (3);
(42) the base64 codec method increases the amount of data, and thus increases the channel capacity through data compression techniques.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111368351.4A CN114070631B (en) | 2021-11-18 | 2021-11-18 | Storage type hidden channel scheme based on Tor hidden service descriptor |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111368351.4A CN114070631B (en) | 2021-11-18 | 2021-11-18 | Storage type hidden channel scheme based on Tor hidden service descriptor |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114070631A true CN114070631A (en) | 2022-02-18 |
| CN114070631B CN114070631B (en) | 2024-01-19 |
Family
ID=80279104
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111368351.4A Active CN114070631B (en) | 2021-11-18 | 2021-11-18 | Storage type hidden channel scheme based on Tor hidden service descriptor |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114070631B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107104938A (en) * | 2016-02-19 | 2017-08-29 | 胡雪松 | Establishing a secure data exchange channel |
| CN110825950A (en) * | 2019-09-25 | 2020-02-21 | 中国科学院信息工程研究所 | Hidden service discovery method based on meta search |
-
2021
- 2021-11-18 CN CN202111368351.4A patent/CN114070631B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107104938A (en) * | 2016-02-19 | 2017-08-29 | 胡雪松 | Establishing a secure data exchange channel |
| CN110825950A (en) * | 2019-09-25 | 2020-02-21 | 中国科学院信息工程研究所 | Hidden service discovery method based on meta search |
Non-Patent Citations (1)
| Title |
|---|
| BRENT CARRARA 等 OUT-OF-BAND COVERT CHANNELS—A SURVEY, 《ACM COMPUTING SURVEYS》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114070631B (en) | 2024-01-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8249255B2 (en) | System and method for securing communications between devices | |
| Feamster et al. | Infranet: Circumventing web censorship and surveillance | |
| US6799270B1 (en) | System and method for secure distribution of digital information to a chain of computer system nodes in a network | |
| US8457304B2 (en) | Efficient encoding processes and apparatus | |
| RU2638639C1 (en) | Encoder, decoder and method for encoding and encrypting input data | |
| CN106850191B (en) | Encryption and decryption method and device for communication protocol of distributed storage system | |
| CN111654484B (en) | Ethernet workshop covert communication method based on whisper protocol | |
| Engelmann et al. | A content-delivery protocol, exploiting the privacy benefits of coded caching | |
| CN112104454A (en) | Data secure transmission method and system | |
| EP3459002A1 (en) | Methods and devices for handling hash-tree based data signatures | |
| CN114710558B (en) | Asynchronous secure transmission channel construction method based on cloud storage | |
| CN114567427B (en) | Block chain hidden data segmented transmission method | |
| KR20090098833A (en) | Unique compressed call identifiers | |
| US8458452B1 (en) | System and method for encryption and decryption of data transferred between computer systems | |
| CN116684095B (en) | Sensor data encryption method and system based on Internet of Things | |
| WO2016177050A1 (en) | Message transmission method and apparatus | |
| CN104660591B (en) | IP address-based packet length feedback network concealed communication method | |
| CN116866052A (en) | Efficient block chain hidden communication method based on address coding | |
| CN114070631B (en) | Storage type hidden channel scheme based on Tor hidden service descriptor | |
| CN114726522B (en) | Careless searchable encryption method for protecting privacy of two parties | |
| CN114095242B (en) | Storage type hidden channel construction method based on Tor hidden service domain name state | |
| CN108063828A (en) | Network private communication channel building method based on the transmission of P2P files | |
| US11516192B2 (en) | System and method for combinatorial security | |
| Yang et al. | A source authentication scheme based on message recovery digital signature for multicast | |
| Pilania et al. | A Walk-through towards network steganography techniques |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |