CN114189380B - Zero-trust-based distributed authentication system and authorization method for Internet of things equipment - Google Patents
Zero-trust-based distributed authentication system and authorization method for Internet of things equipment Download PDFInfo
- Publication number
- CN114189380B CN114189380B CN202111500793.XA CN202111500793A CN114189380B CN 114189380 B CN114189380 B CN 114189380B CN 202111500793 A CN202111500793 A CN 202111500793A CN 114189380 B CN114189380 B CN 114189380B
- Authority
- CN
- China
- Prior art keywords
- resource
- equipment
- authentication
- platform
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 27
- 238000000034 method Methods 0.000 title claims abstract description 16
- 238000012795 verification Methods 0.000 claims description 26
- 238000011156 evaluation Methods 0.000 claims description 12
- 238000005516 engineering process Methods 0.000 claims description 4
- 238000004891 communication Methods 0.000 claims description 2
- 238000011161 development Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/082—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application discloses an Internet of things equipment distributed authentication system and an authorization method based on zero trust, which provide a unified equipment authentication platform for equipment manufacturers and Internet of things application resource providers by constructing an infrastructure for secure access control of Internet of things applications, and realize breakthrough of network security boundaries of a traditional authentication model based on an authentication mode of trusted equipment identities, and simultaneously realize dynamic security control aiming at resource levels.
Description
Technical Field
The application relates to the technical field of the Internet of things, in particular to an Internet of things equipment distributed authentication system and an authorization method based on zero trust.
Background
With the rapid development of the internet of things technology, the number of internet of things devices in an access network is increased, and the scene that each cloud resource provider energizes the internet of things devices is increased, so that new requirements are put forward on the security authentication and authorization of the devices. At present, authentication schemes among different equipment manufacturers and among equipment and resource providers are endless, but the problems of difficult authentication across manufacturer equipment, cross-platform isolation of resources and the like are common. Meanwhile, the traditional access control model is generally an access control model based on a network security boundary, for example, access verification is performed based on information such as IP, host information, geographic position and the like. In the internet of things scenario, cloud application and cloud computing are development trends, so that the traditional network security boundary is gradually broken down, and therefore, the traditional authentication mode starts to reveal the limitation of the traditional authentication mode in the internet of things scenario.
Disclosure of Invention
The application aims to solve the problems and provide a distributed authentication system and an authorization method for the Internet of things equipment based on zero trust.
The application realizes the above purpose through the following technical scheme:
the distributed authentication system of the Internet of things equipment based on the zero trust comprises an equipment end, a zero trust architecture authentication platform, an Internet of things unified identity platform and a resource end;
the unified identity mark platform is composed of multiple nodes, adopts a distributed trusted account book technology, realizes the issuing, the trusted verification and the trusted storage of the identity mark, and provides an identity authentication basis for an upper authorization system;
the equipment end consists of an equipment entity or an edge gateway, and is loaded when leaving a factory, and the main functions of the equipment end are that the equipment end is communicated with an authentication platform and a resource end to register identity, authenticate and acquire an access certificate Token;
the SDK of the resource end is integrated through each resource provider: resource provider identity registration, resource authorization policy configuration, resource authorization rule management, untrusted request redirection, and resource access credential Token verification;
the zero trust architecture authentication platform consists of a data channel and a control channel; the control channel dynamically controls the real-time session in the data channel according to the authorization condition, and adopts the operations of establishment, interruption and permission; when the data channel receives an untrusted resource access request redirected from the equipment end or the resource end, the equipment is subjected to identity authentication through the unified identity identification platform, and authority verification is performed through the control channel, so that resource security access is realized.
The method comprises the further steps that identity types in the unified identity platform comprise resource platform identities, internet of things equipment identity authentication and resource authentication.
The method is further characterized in that for the internet of things equipment which is limited in resources, does not have the capability of directly communicating with a blockchain and cannot store credentials, the related functions in the authentication and authorization processes are realized through an edge computing gateway.
The zero trust architecture authentication platform has the functions of equipment identity verification, authority verification, token issuance of access credentials and Token verification.
The application also provides an authorization method of the distributed authentication system of the Internet of things equipment based on zero trust, which comprises the following steps:
step 1, a resource provider locally generates a public-private key pair, uploads the public key to a unified identity platform through an SDK to register, and obtains a service provider ID (hereinafter referred to as SPID);
step 2, the resource party encrypts the SPID by using a private key, and uploads the encrypted SPID to a unified identity authentication platform for identity authentication;
step 3, the authenticated resource party can register the resource to the unified identity platform to acquire each resource identification ID (SID);
step 4, the identity identification platform is confirmed to perform relevant resource access strategy configuration (or update);
step 5, locally generating a public and private key pair by the SDK (including edge computing equipment) at the equipment end, uploading the public key to a unified identity platform for registration, and obtaining an equipment ID;
step 6, the equipment encrypts the equipment ID through a private key and uploads the encrypted equipment ID to a unified identity authentication platform for identity authentication;
step 7, the authenticated equipment initiates a resource access request to an access data channel (resource access proxy platform), if the resource is directly requested, the authenticated equipment is redirected to the proxy platform, the proxy platform verifies whether the request carries an access certificate Token or not, if the request carries the access certificate Token, the validity of the Token is verified, and the verification rule forwards the request to a resource end;
and 8, if the authentication request is not carried, initiating an authentication request to the control channel, and generating a verifiable resource access certificate Token if verification passes, wherein the access certificate can be realized through a distributed verifiable certificate. And the certificate is returned to the equipment end for storage, repeated authentication can be avoided in a limited period, the resource consumption of an authorization platform is reduced, and the performance is improved. Simultaneously forwarding the trusted resource request to a resource end;
step 9, the trust evaluation engine can be expanded to bring the request behavior, the response behavior, the risk level and the like into an evaluation range besides performing basic evaluation according to the configured strategy, and the evaluation result can be directly acted on the session in the data channel.
The application has the beneficial effects that:
according to the zero-trust-based distributed authentication system and the zero-trust-based distributed authentication method for the Internet of things equipment, a unified equipment authentication platform is provided for equipment manufacturers and Internet of things application resource providers by constructing an infrastructure for secure access control of Internet of things applications, and based on an authentication mode of trusted equipment identities, the breakthrough of the network security boundary of a traditional authentication model can be realized, and meanwhile dynamic security control on resource levels can be realized.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the following description will briefly explain the practical drawings required in the embodiments or the prior art description, and it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a structural diagram of the present application.
Fig. 2 is a flow chart of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail below. It will be apparent that the described embodiments are only some, but not all, embodiments of the application. All other embodiments, based on the examples herein, which are within the scope of the application as defined by the claims, will be within the scope of the application as defined by the claims.
In any embodiment, as shown in fig. 1, the distributed authentication system of the internet of things device based on zero trust of the present application includes: the whole scheme comprises four parts of a device end, a zero trust architecture authentication platform, an Internet of things unified identity identification platform and a resource end, wherein the four parts are formed by a plurality of entities.
The unified identity platform end is composed of multiple nodes, and adopts a distributed trusted account book technology to realize the issuing, the trusted verification and the trusted storage of the identity, thereby providing an identity authentication foundation for an upper authorization system. The identity types in the system comprise resource platform identity, internet of things equipment identity authentication, resource authentication and the like.
The equipment end is an internet of things equipment which is formed by equipment entities or edge gateways, has no direct communication capability with a blockchain and cannot store credentials for resource-limited equipment, and can realize related functions in authentication and authorization processes in the method through the edge computing gateway. The equipment end SDK can be loaded when leaving a factory, and the main function of the SDK is to communicate with an authentication platform and a resource end to register and authenticate the identity and acquire an access certificate Token.
The resource end SDK needs to integrate each resource provider, and the main realization functions comprise: resource provider identity registration, resource authorization policy configuration, resource authorization rule management, untrusted request redirection, resource access credential Token verification, and the like.
The zero trust authentication flat system consists of a data channel and a control channel. The control channel dynamically controls the real-time session in the data channel according to the authorization condition, and adopts the operations of establishment, interruption, permission and the like. When the data channel receives an untrusted resource access request from the equipment end (or the resource end is redirected), the equipment is subjected to identity authentication through the unified identity platform, and authority verification is performed through the control channel, so that resource security access is realized. The method mainly realizes the functions of equipment identity verification, authority verification, token issuance of access credentials, token verification and the like.
In a specific embodiment, as shown in fig. 2, the authorization method of the distributed authentication system of the internet of things equipment based on zero trust of the application comprises the following steps:
the resource provider locally generates a public and private key pair, and uploads the public key to the unified identity platform for registration through the SDK to obtain a service provider ID (hereinafter referred to as SPID);
the resource party encrypts the SPID by using a private key and uploads the encrypted SPID to a unified identity authentication platform for identity authentication;
the authenticated resource party can register the resource to the unified identity platform to acquire each resource identification ID (SID);
the identified identity platform performs relevant resource access policy configuration (or update);
locally generating a public-private key pair by an equipment end SDK (comprising edge computing equipment), uploading the public key to a unified identity platform for registration, and obtaining an equipment ID;
the equipment encrypts the equipment ID through a private key and uploads the encrypted equipment ID to a unified identity authentication platform for identity authentication;
the authenticated equipment initiates a resource access request to an access data channel (a resource access proxy platform), if a resource party is directly requested, the authenticated equipment is redirected to the proxy platform, the proxy platform verifies whether the request carries an access certificate Token or not, if the request carries the access certificate Token, the Token legitimacy is verified, and the verification rule forwards the request to a resource terminal;
if the authentication request is not carried, an authentication request is initiated to the control channel, and if verification is passed, a verifiable resource access credential Token is generated, wherein the access credential can be realized through a distributed verifiable credential. And the certificate is returned to the equipment end for storage, repeated authentication can be avoided in a limited period, the resource consumption of an authorization platform is reduced, and the performance is improved. Simultaneously forwarding the trusted resource request to a resource end;
in addition to basic evaluation according to configured policies, the trust evaluation engine can be further extended to bring request behavior, response behavior, risk level, etc. into an evaluation scope, and the evaluation result can directly act on the session in the data channel.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims. In addition, the specific features described in the above embodiments may be combined in any suitable manner, and in order to avoid unnecessary repetition, various possible combinations are not described further. Moreover, any combination of the various embodiments of the application can be made without departing from the spirit of the application, which should also be considered as disclosed herein.
Claims (5)
1. The distributed authentication system of the Internet of things equipment based on the zero trust is characterized by comprising an equipment end, a zero trust architecture authentication platform, an Internet of things unified identity platform and a resource end;
the unified identity mark platform is composed of multiple nodes, adopts a distributed trusted account book technology, realizes the issuing, the trusted verification and the trusted storage of the identity mark, and provides an identity authentication basis for an upper authorization system;
the equipment end consists of an equipment entity or an edge gateway, and is loaded when leaving a factory, and the main functions of the equipment end are that the equipment end is communicated with an authentication platform and a resource end to register identity, authenticate and acquire an access certificate Token;
the SDK of the resource end is integrated through each resource provider: resource provider identity registration, resource authorization policy configuration, resource authorization rule management, untrusted request redirection, and resource access credential Token verification;
the zero trust architecture authentication platform consists of a data channel and a control channel; the control channel dynamically controls the real-time session in the data channel according to the authorization condition, and adopts the operations of establishment, interruption and permission; when the data channel receives an untrusted resource access request redirected from the equipment end or the resource end, the equipment is subjected to identity authentication through the unified identity identification platform, and authority verification is performed through the control channel, so that resource security access is realized; the authenticated equipment initiates a resource access request to an access data channel, namely a resource access proxy platform, if the resource access request is directly requested, the resource access request is redirected to the proxy platform, the proxy platform verifies whether the request carries an access certificate Token or not, if the request carries the access certificate Token, the legitimacy of the Token is verified, and the verification rule forwards the request to a resource end; if the resource access certificate is not carried, an authentication request is initiated to the control channel, and if the authentication is passed, a verifiable resource access certificate Token is generated, and meanwhile, the trusted resource request is forwarded to a resource end.
2. The internet of things device distributed authentication system based on zero trust according to claim 1, wherein the identity type in the unified identity platform comprises a resource platform identity, an internet of things device identity authentication and a resource authentication.
3. The distributed authentication system of the internet of things equipment based on zero trust according to claim 1, wherein for the internet of things equipment which is limited in resources, does not have direct communication capability with a blockchain and cannot perform credential storage, related functions in authentication and authorization processes are realized through an edge computing gateway.
4. The distributed authentication system of the internet of things equipment based on zero trust according to claim 1, wherein the zero trust architecture authentication platform has the functions of equipment identity verification, authority verification, access credential Token issuance and access credential Token verification.
5. An authorization method of an internet of things device distributed authentication system based on zero trust is characterized by comprising the following steps:
step 1, a resource provider locally generates a public-private key pair, and uploads the public key to a unified identity platform for registration through an SDK to obtain an SPID;
step 2, the resource party encrypts the SPID by using a private key, and uploads the encrypted SPID to a unified identity authentication platform for identity authentication;
step 3, the authenticated resource party can register the resource to the unified identity platform to acquire the SID;
step 4, the identity identification platform is confirmed to access relevant resources or update strategy configuration;
step 5, the equipment SDK locally generates a public-private key pair, and uploads the public key to the unified identity platform for registration to obtain an equipment ID;
step 6, the equipment encrypts the equipment ID through a private key and uploads the encrypted equipment ID to a unified identity authentication platform for identity authentication;
step 7, the authenticated equipment initiates a resource access request to the access data channel, namely a resource access proxy platform, if the resource access request is directed, the authenticated equipment is redirected to the proxy platform, the proxy platform verifies whether the current request carries an access certificate Token, if the current request carries the access certificate Token, the validity of the Token is verified, and the verification rule forwards the request to a resource end;
step 8, if the authentication request is not carried, an authentication request is initiated to the control channel, a verifiable resource access certificate Token is generated after verification passes, the access certificate is realized through a distributed verifiable certificate, the certificate is returned to the equipment end for storage, the certificate avoids repeated authentication in a limited period, the resource consumption of an authorization platform is reduced, the performance is improved, and meanwhile, a trusted resource request is forwarded to the resource end;
and 9. The trust evaluation engine is expanded to bring the request behavior, the response behavior, the risk level and the like into an evaluation range except for basic evaluation according to the configured strategy, and the evaluation result directly acts on the session in the data channel.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111500793.XA CN114189380B (en) | 2021-12-09 | 2021-12-09 | Zero-trust-based distributed authentication system and authorization method for Internet of things equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111500793.XA CN114189380B (en) | 2021-12-09 | 2021-12-09 | Zero-trust-based distributed authentication system and authorization method for Internet of things equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114189380A CN114189380A (en) | 2022-03-15 |
| CN114189380B true CN114189380B (en) | 2023-09-15 |
Family
ID=80604070
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111500793.XA Active CN114189380B (en) | 2021-12-09 | 2021-12-09 | Zero-trust-based distributed authentication system and authorization method for Internet of things equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114189380B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114745445B (en) * | 2022-04-27 | 2024-05-28 | 深圳绿米联创科技有限公司 | Control method, control device, electronic equipment and storage medium |
| CN115118465B (en) * | 2022-06-13 | 2023-11-28 | 北京寰宇天穹信息技术有限公司 | Cloud edge end cooperative zero trust access control method and system based on trusted label |
| CN115296912B (en) * | 2022-08-06 | 2024-03-12 | 福建中锐网络股份有限公司 | Block chain-based internet of things platform and equipment trusted authentication method |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110188563A (en) * | 2019-06-02 | 2019-08-30 | 四川虹微技术有限公司 | A kind of trust data update method and device |
| CN111262832A (en) * | 2020-01-08 | 2020-06-09 | 北京工业大学 | DDoS attack discovery method for fusing trust and learning in cloud environment |
| CN112055029A (en) * | 2020-09-16 | 2020-12-08 | 全球能源互联网研究院有限公司 | Zero-trust power Internet of things equipment and user real-time trust degree evaluation method |
| CN112087469A (en) * | 2020-09-18 | 2020-12-15 | 全球能源互联网研究院有限公司 | Zero-trust dynamic access control method for power Internet of things equipment and users |
| CN112118102A (en) * | 2020-10-21 | 2020-12-22 | 国网天津市电力公司 | Dedicated zero trust network system of electric power |
| CN112507317A (en) * | 2020-12-07 | 2021-03-16 | 国网河北省电力有限公司电力科学研究院 | Electric power Internet of things safety protection method based on zero trust |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11936787B2 (en) * | 2019-12-10 | 2024-03-19 | Winkk, Inc. | User identification proofing using a combination of user responses to system turing tests using biometric methods |
-
2021
- 2021-12-09 CN CN202111500793.XA patent/CN114189380B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110188563A (en) * | 2019-06-02 | 2019-08-30 | 四川虹微技术有限公司 | A kind of trust data update method and device |
| CN111262832A (en) * | 2020-01-08 | 2020-06-09 | 北京工业大学 | DDoS attack discovery method for fusing trust and learning in cloud environment |
| CN112055029A (en) * | 2020-09-16 | 2020-12-08 | 全球能源互联网研究院有限公司 | Zero-trust power Internet of things equipment and user real-time trust degree evaluation method |
| CN112087469A (en) * | 2020-09-18 | 2020-12-15 | 全球能源互联网研究院有限公司 | Zero-trust dynamic access control method for power Internet of things equipment and users |
| CN112118102A (en) * | 2020-10-21 | 2020-12-22 | 国网天津市电力公司 | Dedicated zero trust network system of electric power |
| CN112507317A (en) * | 2020-12-07 | 2021-03-16 | 国网河北省电力有限公司电力科学研究院 | Electric power Internet of things safety protection method based on zero trust |
Non-Patent Citations (2)
| Title |
|---|
| "一种高安全的网络数据传输实现";赖宇阳、徐平江、房超、唐晓柯、张海峰;《信息安全与通信保密》(第2期);第109-112页 * |
| "基于精益信任的风险信任体系构建研究";訾然、刘嘉;《信息网络安全》(第10期);第32-41页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114189380A (en) | 2022-03-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Kim et al. | Authentication and Authorization for the Internet of Things | |
| CN110770695B (en) | Internet of things (IOT) device management | |
| CN107980216B (en) | Communication method, device, system, electronic equipment and computer readable storage medium | |
| CN114189380B (en) | Zero-trust-based distributed authentication system and authorization method for Internet of things equipment | |
| EP1763947B1 (en) | Authenticating users | |
| Mahalle et al. | Identity authentication and capability based access control (iacac) for the internet of things | |
| JP5599910B2 (en) | Authentication delegation based on re-verification of cryptographic evidence | |
| EP2805470B1 (en) | Identity management with local functionality | |
| Bernabe et al. | Holistic Privacy-Preserving Identity Management System for the Internet of Things. | |
| CN109344628B (en) | Method for managing trusted nodes in block chain network, nodes and storage medium | |
| GB2418819A (en) | System which transmits security settings in authentication response message | |
| KR20170106515A (en) | Multi-factor certificate authority | |
| US11100209B2 (en) | Web client authentication and authorization | |
| US10693866B2 (en) | System, apparatus and method for first hop security | |
| JP2013504832A (en) | Method and apparatus for reliable authentication and logon | |
| CN117560170A (en) | Apparatus, method, and computer readable medium for hybrid computer network environment | |
| Raniyal et al. | Passphrase protected device‐to‐device mutual authentication schemes for smart homes | |
| KR20130042266A (en) | Authentification method based cipher and smartcard for wsn | |
| López et al. | A swift take on identity management | |
| JP2017139026A (en) | Method and apparatus for reliable authentication and logon | |
| Songshen et al. | Hash-Based Signature for Flexibility Authentication of IoT Devices | |
| David et al. | A framework for secure single sign-on | |
| JP2015111440A (en) | Method and apparatus for trusted authentication and log-on | |
| Imine et al. | An Efficient Federated Identity Management Protocol For Heterogeneous Fog computing Architecture | |
| US20230421583A1 (en) | Systems, methods, and storage media for abstracting session information for an application in an identity infrastructure |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |