CN116709338B - Wi-Fi access point capable of defending middleman MitM attack - Google Patents
Wi-Fi access point capable of defending middleman MitM attack Download PDFInfo
- Publication number
- CN116709338B CN116709338B CN202310996082.9A CN202310996082A CN116709338B CN 116709338 B CN116709338 B CN 116709338B CN 202310996082 A CN202310996082 A CN 202310996082A CN 116709338 B CN116709338 B CN 116709338B
- Authority
- CN
- China
- Prior art keywords
- wireless
- message
- detecting
- attack
- interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000005516 engineering process Methods 0.000 abstract description 7
- 230000008260 defense mechanism Effects 0.000 description 10
- 238000000034 method Methods 0.000 description 6
- 230000007123 defense Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000035939 shock Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/63—Location-dependent; Proximity-dependent
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
Abstract
The invention relates to the technical field of Wi-Fi access points, and discloses a Wi-Fi access point capable of defending a middleman MitM attack, which comprises a wireless AP, wherein the wireless AP is provided with two wireless interfaces, one of the two wireless interfaces is a main interface, the other wireless interface is an interface for detecting the attack, the interface for detecting the attack is divided into two stages, not only can the rogue devices be detected before a hacker obtains a middleman position, but also the Wi-Fi access point can defend after a hacker obtains the middleman position, and Wi-Fi standards are not modified, the PMF is not required to be relied, the middleman position is taken back by utilizing the technology of the middleman attack after the BSSID of the rogue AP is detected, so that a network manager can easily promote the overall network security, only the wireless AP is required to be updated, and all the wireless stations are not required to be updated.
Description
Technical Field
The invention relates to the technical field of Wi-Fi access points, in particular to a Wi-Fi access point capable of defending MitM attacks of intermediate persons.
Background
Wi-Fi alliance and Wi-Fi device manufacturers began defending against man-in-the-middle attacks because WPA2 (Wi-Fi Protected Access 2) was found to be a vulnerability in the standard itself in 2017. Hackers can use an attack means named KRACK (Key ReinstallationAttack) based on man-in-the-middle attack to break the vulnerability and eliminate the protection capability of the WPA 2.
Man-in-the-middle attacks fall into two categories: mitM attach (Man in the Middle Attack) is a common means of Attack that enables hackers to master and even modify communications between wireless base stations and Wi-Fi access points. Under the premise of knowing the password of the attacked network, the hacker establishes a rogue network with the same ESSID and the same password, and sends out a fake De-auth packet to disconnect the radio station and connect the radio station to the rogue network. And Multi-Channel MitM (MC-MitM) is a further MitM attach. Hackers can obtain the position of the man-in-the-middle without knowing the password of the attacked network. The method of forcing the victim to switch channels is as follows: using an interference source; channel SwitchAnnouncement (CSA) was used.
There are two main classes of methods for defending against MC-MitM: first stage defense mechanism: detecting a rogue device, a rogue channel, or a counterfeit CSA (Channel Switch Announcement) before a hacker obtains the man-in-the-middle position; second stage defense mechanism: after a hacker takes the man-in-the-middle position, it defends against MC-MitM extended attacks, such as KRACK attacks.
Many first-stage defense mechanisms, such as Operating Channel Validation (OCV), have been proposed that verify the operating channel between the wireless AP and the radio station. It adds OCI (Operating Channel Information) to the EAPOL packet and verifies at the 4-way handle shock. In short, after receiving the handlegram packet, the receiving end confirms whether the OCI exists, and checks whether the main channel of the communication accords with the OCI, if not, the handlegram fails. Such as beacon protection, is used primarily to defend against rogue AP-based attacks. The method adds a new IE to each beacon and the wireless client can verify the beacon before connecting to the wireless AP. They modified part of the PMF (Protected ManagementFrame) standard, with BIPN (Beacon Integrity Packet Number) of the beacons being incremented each time a transmission is made, for detecting a counterfeit or re-transmitted beacon. In addition, they have invented a new group key, called BIGTK (Beacon Integrity Group Temporal Key), which allows each wireless client to generate MIC (MessageIntegrity Check) to authenticate the beacon sent by the wireless AP. In the WPA3-2020 update, WFA incorporates SAE-PK (SAE PublicKey) functionality, also a first stage defense mechanism. Can be used for verifying the wireless AP and preventing hackers from erecting rogue APs to execute MitM attacks. SAE-PK is an extension of SAE that incorporates an additional acknowledgement message that allows the wireless AP to send a digital signature to the wireless client that can be authenticated with the public key of the wireless AP. In addition, PUF (Physically Unclonable Function) may be used to defend against MC-MitM attacks by rogue AP. Its basic spirit is to generate a key for mutual authentication of the radio station and the wireless AP. It requires a trusted third party server to store the PUF signature of the wireless AP, and each wireless client has a key that each wireless client must authenticate with the trusted third party server before connecting to the wireless AP. In addition, a first-stage defense mechanism is proposed to find a rogue AP, and before the wireless client connects to the wireless AP, a white list must be compared, which contains the correspondence between BSSID and ESSID. If the alignment is inconsistent, the connection is disabled and the user is alerted.
In 2017, a second stage defense mechanism called KRACK-Cover was proposed to assist the radio station in detecting KRACK attacks. This mechanism would grab and analyze the 802.11 MAC frame, check for retransmitted broadcast packets or multicast packets, or retransmitted 4-way handshake packets. Another similar second stage defense mechanism is also proposed to detect the KRACK attack by first gathering the 802.11 MAC frames and then analyzing the message #3 with the repeated 4 way handshaks, since the KRACK attacker would mask the victim message #4, causing the wireless AP to retransmit message #3. If such a situation is detected, measures to disconnect the suspicious radio station can be taken immediately. Another second stage defense mechanism to modify Wi-Fi standards is: adding a Boolean variable number into the 4 way handle, when the AP sends message #1 to the radio station, the AP carries the Boolean variable number, the value is true, after the radio station receives the message #1, the value of the Boolean variable number is stored, when the radio station needs to install the secret key for the first time, whether the value is true or not is checked, and after the secret key is installed, the value is set to false, so that repeated secret key reinstallation is avoided. This approach would also encrypt all 4 way handshake information with PMK to protect the brin variables. Yet another SDN (Software-Defined Networking) based second stage defense mechanism was invented to defend against KRACK attacks. This mechanism requires the wireless AP to analyze every 802.11 frame to see if there is a duplicate 4 way handle session message #3, and in addition to this, it will check the nonce and replay counter to see if there are any re-used keys. A new handshake protocol was designed as a second stage defense mechanism to defend against KRACK attacks.
Most of the above defense techniques require modification of Wi-Fi standards, which is basically very low in feasibility. In addition, some defense techniques need to be set up on each radio station device, which also increases the difficulty of implementation. Many defense technologies also rely on PMFs, but PMFs are optional at WPA 2.
Disclosure of Invention
(one) solving the technical problems
Aiming at the defects of the prior art, the invention provides a Wi-Fi access point capable of defending MitM attacks of middle people, which has the advantages of enabling network managers to easily improve the overall network security, only updating wireless APs, not updating all wireless stations and the like, and solves the problems that most of the existing defending technologies need to modify Wi-Fi standards, the feasibility is very low, some defending technologies need to be set on each wireless station device, the implementation difficulty is increased, and many defending technologies also depend on PMF.
(II) technical scheme
In order to achieve the above purpose, the present invention provides the following technical solutions: a Wi-Fi access point capable of defending MitM attacks of intermediate persons comprises a wireless AP, wherein the wireless AP is provided with two wireless interfaces, one of the two interfaces is a main interface, the other is an interface for detecting the attacks, the interface for detecting the attacks is divided into two stages, the first stage is used for detecting the rogue AP, and the second stage is used for detecting KRACK attacks.
Preferably, the detecting rogue AP includes a wireless AP that can establish a white list as a corresponding list of BSSID and ESSID, and the wireless AP monitors all channels using an interface for detecting attack, if it finds a BSSID that is not on the white list, it counterfeits the BSSID to send a false beacon, and has CSA inside, and guides the wireless station back to the correct channel.
Preferably, the detecting the KRACK attack includes the following steps:
the first step: if the message #4 of the 4 way handshake is not received, it is highly likely that the plaintext message #4 sent by the wireless station is blocked and collected by a hacker, and at this time, the wireless AP does not need to resend the message #3 to the primary channel, if the message #3 is resent, because the wireless station has already installed key, if the message #3 is received repeatedly, it sends out encrypted message #4, and if the hacker collects the message #4 of the plaintext and the message #4 of the ciphertext at the same time, the key stream can be obtained by XOR operation;
and a second step of: if the interface detecting the attack detects that the other channels have packets of 4 way handle shake and have identical nonce values, the interface detecting the attack represents that the KRACK attack is detected, and the MAC address of a hacker and the MAC address of a victim can be obtained from the packets;
and a third step of: if the KRACK attack is detected, firstly sending a de-auth packet by the BSSID of the counterfeit hacker to disconnect the line of the victim, and then sending a fake beacon by the BSSID of the counterfeit hacker, wherein CSA is arranged in the fake beacon to guide the wirelessstation to return to a correct channel;
fourth step: if no KRACK attack is detected at this stage, message #3 is resent.
Compared with the prior art, the Wi-Fi access point capable of defending MitM attack of the middleman has the following beneficial effects:
1. the Wi-Fi access point capable of defending the middleman MitM attack can detect the rogue device before a hacker obtains the middleman position, defend the MC-MitM-based KRACK attack after the hacker obtains the middleman position, enable a network manager to easily improve the overall network security, and only need to update the wireless AP, and not need to update all the wireless radio stations.
2. The Wi-Fi access point capable of defending the MitM attack of the man-in-the-middle does not modify Wi-Fi standards, does not need to rely on PMF, and after detecting the BSSID of the rogue AP, takes back the position of the man-in-the-middle by using the man-in-the-middle attack technology (the BSSID of a counterfeit hacker sends de-auth packets and CSA packets).
Drawings
FIG. 1 is a schematic diagram of an MC-MitM attack;
FIG. 2 is a stage 1 defense schematic of the present invention;
fig. 3 is a stage 2 defense schematic of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1-3, a Wi-Fi access point capable of defending a man-in-the-middle (MitM) attack can detect a rogue device before a hacker obtains a man-in-the-middle position, and defend after a hacker obtains a man-in-the-middle position, and does not modify Wi-Fi standards, without relying on PMF, after detecting a BSSID of a rogue AP, the man-in-the-middle position is extracted by using a man-in-the-middle attack technique (a BSSID of a rogue is a de-auth packet and a CSA packet), so that a network manager can easily promote the security of the whole network, only needs to update a wireless AP, without updating all wireless stations, including the wireless AP, one of which is a main interface, and the other of which is an interface for detecting an attack is divided into two stages, the first stage being an interface for detecting the rogue AP: the wireless AP can establish a white list as a corresponding list of BSSID and ESSID, monitors all channels by using an interface for detecting attack, if the BSSID which is not on the white list is found, counterfeits the BSSID to send false beacon, CSA is arranged in the beacon, the wireless station is guided to return to the correct channel, and the second stage detects KRACK attack: if the message #4 of the 4 way hand stream is not received, it is highly likely that the plaintext message #4 sent by the wireless station is blocked and collected by a hacker, and at this time, the wireless AP does not need to resend the message #3 to the primary channel, if the message #3 is resent, because the wireless station has already installed key, if the message #3 is received repeatedly, it sends out encrypted message #4, and if the hacker collects the message #4 of the plaintext and the message #4 of the ciphertext at the same time, the key stream can be obtained by XOR operation; if the interface detecting the attack detects that the other channels have packets of 4 way handle shake and have identical nonce values, the interface detecting the attack represents that the KRACK attack is detected, and the MAC address of a hacker and the MAC address of a victim can be obtained from the packets; if the KRACK attack is detected, firstly sending a de-auth packet by the BSSID of the counterfeit hacker to disconnect the line of the victim, and then sending a fake beacon by the BSSID of the counterfeit hacker, wherein CSA is arranged in the fake beacon, and guiding the wireless station to return to a correct channel; if no KRACK attack is detected at this stage, message #3 is resent.
When in use, the wireless AP has two wireless interfaces, one of which is a main interface, and the other is an interface for detecting attacks, wherein the interface for detecting attacks is divided into two stages, and the first stage is used for detecting rogueAP: the wireless AP can establish a white list which is a corresponding list of the BSSID and the ESSID, monitor all channels by using an interface for detecting attacks, if the BSSID which is not on the white list is found, impersonate the BSSID to send false beacon, contain CSA and guide the wireless station to return to the correct channel.
The second stage detects the KRACK attack: if the message #4 of the 4 way hand stream is not received, it is highly likely that the plaintext message #4 sent by the wireless station is blocked and collected by a hacker, and at this time, the wireless AP does not need to resend the message #3 to the primary channel, if the message #3 is resent, because the wireless station has already installed key, if the message #3 is received repeatedly, it sends out encrypted message #4, and if the hacker collects the message #4 of the plaintext and the message #4 of the ciphertext at the same time, the key stream can be obtained by XOR operation; if the interface detecting the attack detects that the other channels have packets of 4 way handle shake and have identical nonce values, the interface detecting the attack represents that the KRACK attack is detected, and the MAC address of a hacker and the MAC address of a victim can be obtained from the packets; if the KRACK attack is detected, firstly sending a de-auth packet by the BSSID of the counterfeit hacker to disconnect the line of the victim, and then sending a fake beacon by the BSSID of the counterfeit hacker, wherein CSA is arranged in the fake beacon, and guiding the wireless station to return to a correct channel; if no KRACK attack is detected at this stage, message #3 is resent. The Wi-Fi access point capable of defending the MitM attack of the man-in-the-middle not only can detect the rogue devices before a hacker obtains the man-in-the-middle position, but also can defend after a hacker obtains the man-in-the-middle position, does not need to modify Wi-Fi standards, does not need to rely on PMF, and takes back the man-in-the-middle position by utilizing the man-in-the-middle attack technology (the BSSID of a fake hacker sends out a de-auth packet and a CSA packet) after detecting the BSSID of the rogue AP, so that a network manager can easily promote the overall network security, and only needs to update the wireless AP and does not need to update all wireless stations.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (2)
1. A Wi-Fi access point capable of defending man-in-the-middle MitM attacks comprises a WirelessAP, and is characterized in that: the wireless AP is provided with two wireless interfaces, one of the two interfaces is a main interface, the other one is an interface for detecting attacks, the interface for detecting attacks is divided into two stages, the first stage is used for detecting the rogue AP, the second stage is used for detecting KRACK attacks, and the step of detecting the KRACK attacks comprises the following steps:
the first step: if the message #4 of the 4 way handshake is not received, it is highly likely that the plaintext message #4 sent by the wirelessstation is blocked and collected by a hacker, at this time, the wirelessAP does not need to resend the message #3 to the primary channel, if the message #3 is resent at this time, because the wirelessstation has already accepted the key, if the repeated message #3 is received, it sends out the encrypted message #4, and if the hacker collects the message #4 of the plaintext and the message #4 of the ciphertext at the same time, the key stream can be obtained by using XOR operation;
and a second step of: if the interface detecting the attack detects that the other channels have packets of 4 way handle shake and have identical nonce values, the interface detecting the attack represents that the KRACK attack is detected, and the MAC address of a hacker and the MAC address of a victim can be obtained from the packets;
and a third step of: if the KRACK attack is detected, firstly using the BSSID of a hacker to send a de-auth packet to disconnect the line of a victim, and then using the BSSID of the hacker to send a false beacon with CSA inside to guide the wirelessstation to return to a correct channel;
fourth step: if no KRACK attack is detected at this stage, message #3 is resent.
2. A Wi-Fi access point capable of defending against man-in-the-middle MitM attacks as in claim 1, wherein: the detecting rogue AP comprises a wireless AP which can establish a corresponding table with a white list of BSSID and ESSID, the wireless AP monitors all channels by using an interface for detecting attacks, if the BSSID which is not on the white list is found, the BSSID is used for sending false beacon, CSA is arranged in the BSSID, and the wireless AP is guided to return to a correct channel.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310996082.9A CN116709338B (en) | 2023-08-09 | 2023-08-09 | Wi-Fi access point capable of defending middleman MitM attack |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310996082.9A CN116709338B (en) | 2023-08-09 | 2023-08-09 | Wi-Fi access point capable of defending middleman MitM attack |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116709338A CN116709338A (en) | 2023-09-05 |
CN116709338B true CN116709338B (en) | 2023-11-03 |
Family
ID=87829823
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310996082.9A Active CN116709338B (en) | 2023-08-09 | 2023-08-09 | Wi-Fi access point capable of defending middleman MitM attack |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116709338B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105162768A (en) * | 2015-07-31 | 2015-12-16 | 腾讯科技(深圳)有限公司 | Method and device for detecting phishing Wi-Fi hotspots |
CN108471428A (en) * | 2018-06-27 | 2018-08-31 | 北京云端智度科技有限公司 | Applied to the ddos attack initiative type safeguard technology and equipment in CDN system |
KR20190076479A (en) * | 2017-12-22 | 2019-07-02 | 한국과학기술원 | Apparatus and method for analyzing feature of impersonation attack using deep running in wireless wi-fi network |
CN110213761A (en) * | 2019-05-27 | 2019-09-06 | 中国海洋大学 | Multi-model puppet AP detection method and detection device based on two-way SYN reflection |
CN212876313U (en) * | 2020-09-10 | 2021-04-02 | 北京信安伟业科技有限公司 | WiFi signal detection terminal equipment |
JP2021068999A (en) * | 2019-10-23 | 2021-04-30 | 日立Geニュークリア・エナジー株式会社 | Malicious equipment detection device, wireless communication system, malicious equipment detection method |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9137670B2 (en) * | 2003-02-18 | 2015-09-15 | Hewlett-Packard Development Company, L.P. | Method for detecting rogue devices operating in wireless and wired computer network environments |
US8549641B2 (en) * | 2009-09-03 | 2013-10-01 | Palo Alto Research Center Incorporated | Pattern-based application classification |
-
2023
- 2023-08-09 CN CN202310996082.9A patent/CN116709338B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105162768A (en) * | 2015-07-31 | 2015-12-16 | 腾讯科技(深圳)有限公司 | Method and device for detecting phishing Wi-Fi hotspots |
KR20190076479A (en) * | 2017-12-22 | 2019-07-02 | 한국과학기술원 | Apparatus and method for analyzing feature of impersonation attack using deep running in wireless wi-fi network |
CN108471428A (en) * | 2018-06-27 | 2018-08-31 | 北京云端智度科技有限公司 | Applied to the ddos attack initiative type safeguard technology and equipment in CDN system |
CN110213761A (en) * | 2019-05-27 | 2019-09-06 | 中国海洋大学 | Multi-model puppet AP detection method and detection device based on two-way SYN reflection |
JP2021068999A (en) * | 2019-10-23 | 2021-04-30 | 日立Geニュークリア・エナジー株式会社 | Malicious equipment detection device, wireless communication system, malicious equipment detection method |
CN212876313U (en) * | 2020-09-10 | 2021-04-02 | 北京信安伟业科技有限公司 | WiFi signal detection terminal equipment |
Also Published As
Publication number | Publication date |
---|---|
CN116709338A (en) | 2023-09-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP0998080B1 (en) | Method for securing over-the-air communication in a wireless system | |
US8369830B2 (en) | Method and system for detecting attacks in wireless data communications networks | |
Barbeau | WiMax/802.16 threat analysis | |
CN108880813B (en) | Method and device for realizing attachment process | |
EP2296392A1 (en) | Authentication method, re-certification method and communication device | |
US20090307483A1 (en) | Method and system for providing a mesh key | |
EP1972125A2 (en) | Apparatus and method for protection of management frames | |
Thankappan et al. | Multi-Channel Man-in-the-Middle attacks against protected Wi-Fi networks: A state of the art review | |
CN105471845A (en) | Communication method and communication system for preventing man-in-the-middle attack | |
Bais et al. | Evaluation of UMTS security architecture and services | |
CN105873059A (en) | United identity authentication method and system for power distribution communication wireless private network | |
Bogdanoski et al. | IEEE 802.16 security issues: a survey | |
Singh et al. | Analysis of security issues and their solutions in wireless LAN | |
CN116709338B (en) | Wi-Fi access point capable of defending middleman MitM attack | |
CN205693897U (en) | The secondary identity authorization system of LTE electric power wireless private network | |
Gu et al. | Wireless LAN attacks and vulnerabilities | |
Baheti | Extensible Authentication Protocol Vulnerabilities and Improvements | |
Aminmoghadam et al. | A forward secure PKI-based UMTS-AKA with tunneling authentication | |
Barbeau et al. | Analysis of threats to WiMAX/802.16 security | |
Ahmad et al. | Latency evaluation of extensible authentication protocols in WLANs | |
Pervaiz et al. | Security in wireless local area networks | |
Bakthavathsalu et al. | Management frame attacks in WiMAX networks: Analysis and prevention | |
Wang et al. | MitM attack: CCMP data-confidentiality targeting Wi-Fi | |
Preneel | Mobile and wireless communications security | |
Fidelis et al. | ENHANCED ADAPTIVE SECURITY PROTOCOL IN LTE AKA |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |