CN114745199A - Certificate replacement method on SSL decryption device - Google Patents
Certificate replacement method on SSL decryption device Download PDFInfo
- Publication number
- CN114745199A CN114745199A CN202210489224.8A CN202210489224A CN114745199A CN 114745199 A CN114745199 A CN 114745199A CN 202210489224 A CN202210489224 A CN 202210489224A CN 114745199 A CN114745199 A CN 114745199A
- Authority
- CN
- China
- Prior art keywords
- certificate
- user
- root certificate
- domain name
- ssl
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Abstract
The invention discloses a certificate replacement method on SSL decryption equipment, which comprises the following steps: s1, configuring the relevant attribute of the digital root certificate through the SSL configuration page, and generating a special digital root certificate according to the user-defined information; and S2, dynamically detecting the legality of the domain name and the IP address through the proxy service program and the extension thereof, dynamically issuing a server certificate and object information needing decryption, which is configured by a user in advance, for the domain name according to the digital root certificate generated in the S1, and replacing the certificate of the decrypted object with a self-built service certificate. The invention uses the self-defined CA root certificate to sign and issue the server certificate and replaces other unknown certificates in the SSL decryption system, thus being capable of decrypting the encrypted flow accessed in the Internet, increasing the network security protection and reducing the risk of network attack.
Description
Technical Field
The invention relates to the technical field of network data transmission, in particular to a certificate replacement method on SSL decryption equipment.
Background
Since data on the network is transmitted in the clear, various security events are frequently popped up. In order to solve the problem of safe and reliable transmission of data in the internet, a protocol for safely exchanging information by using an SSL/TSL is created and used for identity authentication of both parties of data transmission and confidentiality and reliability of data transmission, and the data transmission of the SSL/TLS protocol uses a digital certificate as a certificate of both parties of communication.
However, in the prior art, the SSL decryption devices supported in the market are all based on the inbound direction, and do not monitor and filter the data coming back from the outbound direction, thereby possibly causing an uncontrollable network security accident.
Disclosure of Invention
The invention provides a certificate replacement method on SSL decryption equipment, which aims to solve the problems in the background technology.
In order to achieve the purpose, the invention adopts the following technical scheme:
a certificate replacement method on an SSL decryption device, comprising the steps of:
s1, configuring the relevant attribute of the digital root certificate through the SSL configuration page, and generating a special digital root certificate according to the user-defined information;
and S2, dynamically detecting the legality of the domain name and the IP address through the proxy service program and the extension thereof, dynamically issuing a server certificate and object information needing decryption, which is configured by a user in advance, for the domain name according to the digital root certificate generated in the S1, and replacing the certificate of the decrypted object with a self-built service certificate.
As a further improvement scheme of the technical scheme: the S1 is used for creating a CA root certificate when the user accesses the SSL decryption device, and the specific flow is as follows:
the user needs to initialize the attributes of the CA certificate according to the self condition, including selecting the type, length and algorithm of the key for generating the key and the validity period of the certificate;
the back-end logic program generates a corresponding CA root certificate and a private key for encryption according to the parameter information customized by the user, and generates a private key for the server certificate;
after the CA root certificate is successfully created, the user also checks the information of the root certificate at present and downloads the root certificate to the local system, and the root certificate is imported into a certificate module of the computer system and added as a trusted certificate.
As a further improvement scheme of the technical scheme: the required processing behaviors in the specific flow of S1 include: the background processing program carries out logic verification on the parameters;
if the user does not select the type, length, algorithm of the root certificate key, then the default values are used for filling by the background program;
meanwhile, the background program generates a key of a server certificate according to user self-selection or default parameters, and creates a text database file index.
Storing the generated CA root certificate, the CA root certificate key, the server certificate key file and the related files to a specified position;
returning details of the CA root certificate and providing downloading operation;
the user imports the CA root certificate downloaded locally into the certificate module of the computer system and sets it as a trusted certificate.
As a further improvement scheme of the technical scheme: the user needs to initialize attributes of the CA root certificate, including country, region, mailbox information needed for custom CA.
As a further improvement scheme of the technical scheme: the S2 is used for the SSL decryption system background to decrypt the object and the decryption policy configured by the user, and the specific process is as follows: matching outbound flow, redirecting the domain name or IP accessed by the outbound to an internal proxy module of the SSL decryption system when the conditions are met, completing certificate replacement in the process, and then initiating access to a target by proxy service.
As a further improvement scheme of the technical scheme: the behavior logic to be processed in the specific flow of S2 includes:
the SSL decryption system strategy module dynamically judges whether the outbound access needs to carry out traffic decryption according to a strategy configured by a user;
policy decisions require decryption, at which point certificate replacement includes:
1) acquiring an accessed target IP or a domain name, and judging the correctness of the domain name or the IP;
2) matching in a server certificate cache region by using the IP or the domain name, and hitting cache;
3) verifying the certificate timeliness;
4) returning the certificate;
5) in 2) the cache is not hit, a service certificate of the IP or the domain name is generated by using a server private key and a CA root certificate, and the certificate is returned;
6) a certificate that replaces the IP or domain name;
7) the certificate is cached in the cache area for direct access next time, and performance is improved.
An embodiment of the present invention further provides a terminal device, which includes a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, where the processor implements the certificate replacement method on the SSL decryption device when executing the computer program.
An embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium includes a stored computer program, where when the computer program runs, the device where the computer-readable storage medium is located is controlled to execute any one of the above methods for replacing a certificate on the SSL decryption device.
Compared with the prior art, the invention has the beneficial effects that:
in the SSL decryption system, the user-defined CA root certificate is used for signing and issuing the server certificate and replacing other unknown certificates, so that the encrypted flow accessed in the Internet can be decrypted, the network security protection is increased, and the risk of network attack is reduced.
The foregoing description is only an overview of the technical solutions of the present invention, and in order to make the technical solutions of the present invention more clearly understood and to make the technical solutions of the present invention practical in accordance with the contents of the specification, the following detailed description is given of preferred embodiments of the present invention with reference to the accompanying drawings. The detailed description of the present invention is given in detail by the following examples and the accompanying drawings.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention and do not constitute a limitation of the invention. In the drawings:
fig. 1 is a schematic diagram of a logic structure of S1 in a certificate replacement method on an SSL decryption device according to the present invention;
fig. 2 is a schematic diagram of the logical structure of S2 in the certificate replacement method on the SSL decryption device according to the present invention;
fig. 3 is a schematic structural diagram of a preferred embodiment of a terminal device according to the present invention.
Detailed Description
The principles and features of this invention are described below in conjunction with the following drawings, which are set forth by way of illustration only and are not intended to limit the scope of the invention. The invention is described in more detail in the following paragraphs by way of example with reference to the accompanying drawings. Advantages and features of the present invention will become apparent from the following description and from the claims. It is to be noted that the drawings are in a very simplified form and are not to precise scale, which is merely for the purpose of facilitating and distinctly claiming the embodiments of the present invention.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
Referring to fig. 1 to 3, in the embodiment of the present invention, the generated certificate is divided into two parts:
the first part is: configuring relevant attributes of the digital root certificate through an SSL configuration page, and generating a special digital root certificate according to user-defined information;
the second part is: and dynamically detecting the legality of the domain name and the IP address through the proxy service program and the extension thereof, dynamically issuing a server certificate and object information needing to be decrypted, which is configured by a user in advance, for the domain name according to the digital root certificate generated by the first part, and replacing the certificate of the decrypted object with a self-built service certificate.
The first part requires the user to create a CA root certificate when accessing the SSL decryption device, and as described in the flow of fig. 1, the user needs to initialize the attributes of the CA certificate according to his/her own circumstances, including selecting the type, length, algorithm of the key used to generate the key, and the validity period of the certificate. And the back-end logic program generates a corresponding CA root certificate and a private key for encryption according to the user-defined parameter information, and generates a private key of the server certificate. After the CA root certificate is successfully created, the user also checks the information of the root certificate at present and downloads the root certificate to the local system, and the root certificate is imported into a certificate module of the computer system and added as a trusted certificate.
The second part is that the SSL decryption system background matches outbound traffic according to a decryption object and a decryption policy configured by a user, as described in the flow of fig. 2, and when a condition is met, redirects a domain name or an IP accessed by the outbound to an internal proxy module of the SSL decryption system, completes certificate replacement in this process, and then the proxy service initiates access to a target.
The invention requires processing activities in the first phase including:
1. the user needs to initialize the attribute of the CA root certificate and package the information of the country, the region, the mailbox and the like required by the user-defined CA;
2. the background processing program carries out logic verification on the parameters;
3. if the user does not select the type, length, algorithm of the root certificate key, then the default values are used for filling by the background program;
4. meanwhile, the background program generates a key of a server certificate according to user self-selection or default parameters, and creates a text database file index.
5. Storing the generated CA root certificate, the CA root certificate key, the server certificate key file and the related files to a specified position;
6. returning details of the CA root certificate and providing downloading operation;
7. the user leads the CA root certificate downloaded to the local into a certificate module of the computer system and sets the CA root certificate as a trusted certificate;
8. resetting the CA root certificate, revoking the CA root certificate, deleting the private keys of the CA root certificate and the root certificate and all server-side certificates signed by using the CA root certificate, and performing the 7 th step by the user.
The behavior logic required to be processed in the second stage of the invention comprises the following steps:
1. the SSL decryption system policy module dynamically judges whether outbound access needs to perform traffic decryption according to a policy configured by a user
2. The policy determines that decryption is required, and the certificate replacement module comprises:
1) obtaining the accessed destination IP or domain name, and judging the correctness of the domain name or the IP
2) Using the IP or the domain name to match in a certificate cache region of a server side and hit in cache
3) Verifying the certificate timeliness
4) Returning the certificate
5) In 2) no cache hit, the service certificate of the IP or the domain name is generated by using the private key of the service end and the CA root certificate, and the certificate is returned
6) Substituting the certificate for the IP or domain name
7) The certificate is cached in the cache area for direct access next time, and performance is improved.
Referring to fig. 3, fig. 3 is a schematic structural diagram of a terminal device according to a preferred embodiment of the present invention. The terminal device comprises a processor, a memory and a computer program stored in the memory and configured to be executed by the processor, wherein the processor implements the certificate replacement method on the SSL decryption device according to any of the above embodiments when executing the computer program.
Preferably, the computer program may be divided into one or more modules/units (e.g., computer program 1, computer program 2, … …) that are stored in the memory and executed by the processor to implement the invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used for describing the execution process of the computer program in the terminal device.
The Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, a discrete hardware component, etc., the general purpose Processor may be a microprocessor, or the Processor may be any conventional Processor, the Processor is a control center of the terminal device, and various interfaces and lines are used to connect various parts of the terminal device.
The memory mainly includes a program storage area that may store an operating system, an application program required for at least one function, and the like, and a data storage area that may store related data and the like. In addition, the memory may be a high speed random access memory, may also be a non-volatile memory, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash Card (Flash Card), and the like, or may also be other volatile solid state memory devices.
It should be noted that the terminal device may include, but is not limited to, a processor and a memory, and those skilled in the art will understand that the structural diagram of fig. 3 is only an example of the terminal device and does not constitute a limitation of the terminal device, and may include more or less components than those shown, or combine some components, or different components.
An embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium includes a stored computer program, where when the computer program runs, the apparatus where the computer-readable storage medium is located is controlled to execute the certificate replacement method on the SSL decryption apparatus according to any of the above embodiments.
The working principle of the invention is as follows:
the method is characterized in that a WEB page is configured in SSL decryption equipment for self-configuration, and a self-built CA digital certificate is issued for accessing the Internet from a local area network, and other digital certificates are replaced by the self-built certificate. The data can be conveniently decrypted, so that the aim of safe and controllable data transmission is fulfilled.
The foregoing is merely a preferred embodiment of the invention and is not intended to limit the invention in any manner; the present invention may be readily implemented by those of ordinary skill in the art as illustrated in the accompanying drawings and described above; however, those skilled in the art should appreciate that they can readily use the disclosed conception and specific embodiments as a basis for designing or modifying other structures for carrying out the same purposes of the present invention without departing from the scope of the invention; meanwhile, any equivalent changes, modifications and evolutions made to the above embodiments according to the substantial technology of the present invention are still within the protection scope of the technical solution of the present invention.
Claims (8)
1. A method for certificate replacement on an SSL decryption device, comprising the steps of:
s1, configuring the relevant attribute of the digital root certificate through the SSL configuration page, and generating a special digital root certificate according to the user-defined information;
and S2, dynamically detecting the legality of the domain name and the IP address through the proxy service program and the extension thereof, dynamically issuing a server certificate and object information needing decryption, which is configured by a user in advance, for the domain name according to the digital root certificate generated in the S1, and replacing the certificate of the decrypted object with a self-built service certificate.
2. The method for replacing the certificate on the SSL decryption device as recited in claim 1, wherein the S1 is used for creating a CA root certificate when the user accesses the SSL decryption device, and the specific procedure is as follows:
the user needs to initialize the attributes of the CA certificate according to the self condition, including selecting the type, length and algorithm of the key for generating the key and the validity period of the certificate;
the back-end logic program generates a corresponding CA root certificate and a private key for encryption according to the user-defined parameter information, and generates a private key of the server certificate;
after the CA root certificate is successfully created, the user also checks the information of the root certificate at present and downloads the root certificate to the local system, and the root certificate is imported into a certificate module of the computer system and added as a trusted certificate.
3. The method for replacing a certificate on an SSL decryption device as claimed in claim 2, wherein the required processing actions in the specific flow of S1 include: the background processing program carries out logic verification on the parameters;
if the user does not select the type, length, algorithm of the root certificate key, then the default values are used for filling by the background program;
meanwhile, the background program generates a key of the server certificate according to user self-selection or default parameters, and creates a text database file index.
Storing the generated CA root certificate, the CA root certificate key, the server certificate key file and the related files to a specified position;
returning details of the CA root certificate and providing downloading operation;
the user imports the CA root certificate downloaded locally into the certificate module of the computer system and sets it as a trusted certificate.
4. The method as claimed in claim 3, wherein the user needs to initialize the attributes of the CA root certificate, including country, region, mailbox information required by the user-defined CA.
5. The method for replacing the certificate on the SSL decryption device as claimed in claim 4, wherein the S2 is used for the SSL decryption system background to decrypt the object and the decryption policy configured by the user, and the specific process is as follows: matching outbound flow, redirecting the domain name or IP of outbound access to an internal agent module of the SSL decryption system when the conditions are met, completing certificate replacement in the process, and then initiating access to a target by the agent service.
6. The method for replacing the certificate on the SSL decryption device as recited in claim 5, wherein the action logic required to be processed in the specific flow of S2 includes:
the SSL decryption system strategy module dynamically judges whether the outbound access needs to carry out traffic decryption according to a strategy configured by a user;
policy decisions require decryption, at which point certificate replacement includes:
1) acquiring an accessed target IP or a domain name, and judging the correctness of the domain name or the IP;
2) matching in a server certificate cache region by using the IP or the domain name, and hitting cache;
3) verifying the timeliness of the certificate;
4) returning the certificate;
5) if the cache is not hit in the step 2), generating a service certificate of the IP or the domain name by using a server private key and a CA root certificate, and returning the certificate;
6) a certificate that replaces the IP or domain name;
7) the certificate is cached in the cache area for direct access next time, and performance is improved.
7. A terminal device comprising a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, the processor when executing the computer program implementing the certificate replacement method on an SSL decryption device as claimed in any one of claims 1-6.
8. A computer-readable storage medium, comprising a stored computer program, wherein the computer program, when executed, controls an apparatus in which the computer-readable storage medium is located to perform the certificate replacement method on the SSL decryption device as recited in any one of claims 1-6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210489224.8A CN114745199A (en) | 2022-05-06 | 2022-05-06 | Certificate replacement method on SSL decryption device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210489224.8A CN114745199A (en) | 2022-05-06 | 2022-05-06 | Certificate replacement method on SSL decryption device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114745199A true CN114745199A (en) | 2022-07-12 |
Family
ID=82285585
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210489224.8A Pending CN114745199A (en) | 2022-05-06 | 2022-05-06 | Certificate replacement method on SSL decryption device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114745199A (en) |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005202364A (en) * | 2003-12-16 | 2005-07-28 | Ricoh Co Ltd | Electronic device, image forming apparatus, electronic device control method, program, record medium, image forming apparatus control system and member to record digital certification in |
US20150113264A1 (en) * | 2013-10-17 | 2015-04-23 | Fortinet, Inc. | Inline inspection of security protocols |
CN108011888A (en) * | 2017-12-15 | 2018-05-08 | 东软集团股份有限公司 | A kind of method, apparatus and storage medium, program product for realizing certificate reconstruct |
US20180227292A1 (en) * | 2017-02-08 | 2018-08-09 | A10 Networks, Inc. | Caching Network Generated Security Certificates |
CN109286598A (en) * | 2017-07-20 | 2019-01-29 | 中国科学院声学研究所 | A kind of the RDP agreement clear data acquisition system and method for TLS channel encryption |
US20190116027A1 (en) * | 2016-06-07 | 2019-04-18 | Huawei Technologies Co., Ltd. | Service processing method and apparatus |
CN109743325A (en) * | 2019-01-11 | 2019-05-10 | 北京中睿天下信息技术有限公司 | A kind of Brute Force attack detection method, system, equipment and storage medium |
US20200341689A1 (en) * | 2014-04-21 | 2020-10-29 | David Lane Smith | Distributed storage system for long term data storage |
CN112261068A (en) * | 2020-12-22 | 2021-01-22 | 北京翼辉信息技术有限公司 | Dynamic TLS authentication method, device and storage medium in local area network |
CN114168922A (en) * | 2022-02-10 | 2022-03-11 | 亿次网联(杭州)科技有限公司 | User CA certificate generation method and system based on digital certificate |
-
2022
- 2022-05-06 CN CN202210489224.8A patent/CN114745199A/en active Pending
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005202364A (en) * | 2003-12-16 | 2005-07-28 | Ricoh Co Ltd | Electronic device, image forming apparatus, electronic device control method, program, record medium, image forming apparatus control system and member to record digital certification in |
US20050172118A1 (en) * | 2003-12-16 | 2005-08-04 | Masami Nasu | Electronic apparatus, image forming apparatus, method for controlling electronic apparatus, and system for managing image forming apparatus |
US20150113264A1 (en) * | 2013-10-17 | 2015-04-23 | Fortinet, Inc. | Inline inspection of security protocols |
US20200341689A1 (en) * | 2014-04-21 | 2020-10-29 | David Lane Smith | Distributed storage system for long term data storage |
US20190116027A1 (en) * | 2016-06-07 | 2019-04-18 | Huawei Technologies Co., Ltd. | Service processing method and apparatus |
US20180227292A1 (en) * | 2017-02-08 | 2018-08-09 | A10 Networks, Inc. | Caching Network Generated Security Certificates |
CN109286598A (en) * | 2017-07-20 | 2019-01-29 | 中国科学院声学研究所 | A kind of the RDP agreement clear data acquisition system and method for TLS channel encryption |
CN108011888A (en) * | 2017-12-15 | 2018-05-08 | 东软集团股份有限公司 | A kind of method, apparatus and storage medium, program product for realizing certificate reconstruct |
CN109743325A (en) * | 2019-01-11 | 2019-05-10 | 北京中睿天下信息技术有限公司 | A kind of Brute Force attack detection method, system, equipment and storage medium |
CN112261068A (en) * | 2020-12-22 | 2021-01-22 | 北京翼辉信息技术有限公司 | Dynamic TLS authentication method, device and storage medium in local area network |
CN114168922A (en) * | 2022-02-10 | 2022-03-11 | 亿次网联(杭州)科技有限公司 | User CA certificate generation method and system based on digital certificate |
Non-Patent Citations (1)
Title |
---|
邓峰;齐德昱;: "基于数字证书的自助服务终端身份认证的研究", 金卡工程 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Fett et al. | An expressive model for the web infrastructure: Definition and application to the browser id sso system | |
EP2020797B1 (en) | Client-server Opaque token passing apparatus and method | |
US7568114B1 (en) | Secure transaction processor | |
US7861087B2 (en) | Systems and methods for state signing of internet resources | |
CN110326267A (en) | Network security with Alternative digital certificate | |
US9215064B2 (en) | Distributing keys for decrypting client data | |
US9942200B1 (en) | End user authentication using a virtual private network | |
US8924725B2 (en) | Authenticated file handles for network file systems | |
EP2414983B1 (en) | Secure Data System | |
US20230336541A1 (en) | Method and device for two-factor authentication, computer device, and storage medium | |
CN114244508B (en) | Data encryption method, device, equipment and storage medium | |
CN114462059A (en) | Table field level encryption and security access control method and system | |
JP2022534677A (en) | Protecting online applications and web pages that use blockchain | |
KR20170119054A (en) | End-to-End Security Platform of Internet of Things | |
US20210281608A1 (en) | Separation of handshake and record protocol | |
US10764065B2 (en) | Admissions control of a device | |
CN114666368B (en) | Access control method, device, equipment and storage medium of electric power Internet of things | |
CN114745199A (en) | Certificate replacement method on SSL decryption device | |
CN114697113A (en) | Hardware accelerator card-based multi-party privacy calculation method, device and system | |
Mei et al. | Research and Defense of Cross-Site WebSocket Hijacking Vulnerability | |
WO2022212396A1 (en) | Systems and methods of protecting secrets in use with containerized applications | |
Jesudoss et al. | Enhanced certificate-based authentication for distributed environment | |
Fongen et al. | The integration of trusted platform modules into a tactical identity management system | |
CN106464684B (en) | Service processing method and device | |
CN114553410B (en) | API gateway safety protection method and system based on interface mapping |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |