CN1581795A - Network management safety authentication method - Google Patents
Network management safety authentication method Download PDFInfo
- Publication number
- CN1581795A CN1581795A CN 03143791 CN03143791A CN1581795A CN 1581795 A CN1581795 A CN 1581795A CN 03143791 CN03143791 CN 03143791 CN 03143791 A CN03143791 A CN 03143791A CN 1581795 A CN1581795 A CN 1581795A
- Authority
- CN
- China
- Prior art keywords
- webmaster
- network management
- snmp
- request message
- snmp request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The method includes steps: configuring parameter table of network management; network management sends request message of SNMP (Simple Network Management Protocol); receiving request message of SNMP sent by network management; determining whether attribute parameters indicating network management id in requent message of SNMP are in parameter table of network management; if no, returning error message, and stopping request of SNMP; if yes, processing request message of SNMP, and returning processed result back to network management. The invention increases a user authentication mechanism of simple network management without modifying SNMP V1/V2 protocol stack and without additional development effort, and adds function for authenticating users in order to raise security of V1/V2 protocol in SNMP.
Description
Technical field
The present invention relates to network security technology, be specifically related to a kind of method of network management security authentication, especially, relate to method based on the network management security authentication of SNMP V1/V2.
Background technology
Network security is an organic component of system safety, and network security mainly comprises the fail safe (safety of physical layer, link layer) of physical circuit, the network equipment, the fail safe aspects such as (safety of network layer, transport layer) of TCP (transmission control protocol)/IP (internet protocol).The hidden danger that exists aspect the network equipment is bigger, at first is the fail safe of physical equipment itself, and this can control by various management means; Next is the fail safe of network service, and for example: the disabled user can cause physical equipment excellent by being remotely logged into the destruction of carrying out system configuration or ios software on the router/switch, but can not carry out the function of route/local area network (LAN) exchange.Therefore, monitor and control i.e. network management network.According to the definition of International Organization for Standardization, network management has five big categories:
(1) fault management: to the process that the problem in the network or fault position, it comprises pinpoints the problems, separation problem, finds out reason, reparation problem.
(2) configuration management: find and be provided with the process of the network equipment, it comprises the information that obtains the current network configuration, and the means of remotely modifying configuration are provided, and stores to safeguard up-to-date equipment list and produce report.
(3) accounting management: follow the tracks of each individual and group to the operating position of Internet resources, it is collected rational expense; And increased the network manager uses Internet resources to the user understanding.
(4) safety management: control is to the process of the message reference in the network.
(5) performance management: the performance of hardware and software in the Measurement Network, for sub-district access network of certain scale, make whole network can keep good running status, perfect network management is absolutely necessary.Simultaneously, good network management also should be able to provide the various analyses of network operation situation, thereby provides reliable foundation for the planning of extension of network.
In order to finish above-mentioned management function, a network management system has four big parts:
(1) a plurality of by the pipe agency;
(2) at least one manager;
(3) general NMP (as SNMP);
(4) management information bank (MIB).
Generally speaking, network management workstation is the manager, and other online machines are the agency.Manager and agency be machine also, as network management workstation.
The manager utilizes SNMP (Simple Network Management Protocol) request broker to carry out the collection and the setting of information.The agency obtains mib information according to gerentocratic SNMP request visit MIB management information bank, and the manager is done to reply or to change the content of asking to change among the MIB according to it.The agency also can initiatively send out data to the manager by self-trapping (Trap) when emergency is arranged.
SNMP is the industry-standard protocol that is widely accepted and comes into operation, and its target is to guarantee that management information transmits in any 2, is convenient to any node retrieving information of network manager on network, makes amendment trouble-shooting; Finish failure diagnosis, capacity planning and report generate.It adopts polling mechanism, and basic functions collection is provided.
The basic operation of SNMP comprises GET/GET-NEXT/SET/TRAP etc., network management workstation (NMS) sends various query messages to network equipment Agent (administration agent), and reception shows the result from response and trap (trap) message of managed device Agent.Agency (agent) is a process that resides on the managed device, is responsible for accepting, handling the request message from network management workstation, obtains the numerical value of management variable then on the slave unit in other protocol modules, forms response message, sends to NMS.At some in emergency circumstances, change as Interface status, in the time of access success etc., proactive notification NMS (sending trap TRAP message), its communication process is as shown in Figure 1.
SNMP V1/V2 is widely used in the network management-application at present, and it is verified by group's name and realizes that simple fail safe guarantees.Ordinary circumstance, a SNMP Agent has two CommunityName (group's name), and one only has read right, and another has access limit.When NMS sends a SNMP request message, the Community Name that the Agent program of managed devices sends according to webmaster differentiates the read/write authority that this SNMP request is had, if group's name authentication success then allow webmaster read/write corresponding M IB variable, otherwise will return the mistake of group's name authentification failure.SNMP V1/V2 protocol processes process as shown in Figure 2.Because the intrinsic shortage security mechanism of V1/V2 agreement, only rely on the Community Name that expressly transmits to discern user identity and have very big potential safety hazard, in the network transport process, be easy to be obtained its Community Name, make the hacker pretend webmaster managed devices is carried out the data change configuration by other human packet catcher; The V1/V2 agreement only relies on the character string of borrowing group's name to the identity of NMS user and relatively authenticates and also lack enough fail safes in addition.
Safety defect based on SNMP V1/V2 agreement, SNMP V3 agreement has increased based on user's safety management with based on the safety management of view, and message encryption, and fail safe has had large increase, but SNMP V3 implements difficulty, and present most of equipment is only supported SNMP V1/V2 agreement.
Summary of the invention
The objective of the invention is to overcome the above-mentioned shortcoming of prior art, a kind of method of network management security authentication is provided, described method comprises step:
Configuration webmaster parameter list, described webmaster parameter list is used to distinguish the identity of webmaster;
Webmaster sends Simple Network Management Protocol (SNMP) request message;
Receive described request message of SNMP sent by network management;
Whether the property parameters of judging the described webmaster identity of expression in the described SNMP request message is present in the described webmaster parameter list,
If there is no, then return illegal webmaster error message, and end the SNMP request,
If exist, then handle described SNMP request message, and result is returned to webmaster.
Alternatively, described webmaster parameter list comprises project: webmaster title, webmaster IP address, webmaster maintenance mode, group's name, port numbers.
Preferably, described webmaster maintenance mode comprises: in-band management and outband management, described in-band management represent that the mode that manages by service channel, described outband management represent the mode that manages by Ethernet interface.
Alternatively, the step of described reception request message of SNMP sent by network management comprises: receive described SNMP request message that operation sends to network management center and/or the described SNMP request message that sends by the mode dial-in network administrative center that dials.
Preferably, the step that whether is present in the described webmaster parameter list of the described property parameters of judging in the described SNMP request message the described webmaster identity of expression comprises step:
IP address and/or webmaster title to described webmaster are carried out legal authentication;
Group's name to described webmaster is carried out legal authentication.
Alternatively, the described step that the IP address and/or the webmaster title of described webmaster are carried out legal authentication comprises step:
PDU (protocol Data Unit) according in the described SNMP request message that receives judges whether the IP address of described webmaster and/or webmaster title are present in the described webmaster parameter list,
If exist, then continue to handle described SNMP request,
If there is no, then end described SNMP request, and return the non-existent error message of described webmaster.
Alternatively, described group's name to described webmaster step of carrying out legal authentication comprises step:
The described SNMP request message that decoding receives;
Judge whether described group name is present in the described webmaster parameter list in the IP address and/or webmaster title respective items with described webmaster,
If exist, then continue to handle described SNMP request,
If there is no, then end described SNMP request, and return described webmaster group name authentification failure error message.
Alternatively, the step of the described SNMP request message of described processing comprises step: according to described webmaster group name read and/or write permission allows described webmaster to read and/or write corresponding management information.
Utilize the present invention, can not revise SNMP V1/V2 protocol stack and not increase under the situation of extra development amount, increase a kind of simple NMS user authentication mechanism, increase the preceding subscription authentication authentication function of visit Agent, distinguish that whether real NMS user to determine whether to allow to visit the MIB storehouse of managed devices, to improve the fail safe of SNMP V1/V2 agreement.
Description of drawings
Fig. 1 is NMS (network management workstation) and Agent (administration agent) communication process schematic diagram;
Fig. 2 is present SNMP V1/V2 protocol processes process flow diagram;
Fig. 3 is the structural representation of the parameter list of webmaster described in the preferred embodiments of the present invention;
Fig. 4 is the flow chart of step of the method for the preferred embodiments of the present invention network management security authentication.
Embodiment
The present invention is described in further detail below in conjunction with drawings and embodiments:
At first with reference to Fig. 1, Fig. 1 has described the schematic diagram of NMS (network management workstation) and Agent (administration agent) communication process in the typical network management system:
The simple network management system comprises two parts: network management workstation (NMS) and SNMP agency (AGENT).The agency is the part that is used for realizing the SNMP function in the real network equipment.The agency is in the read-write requests message of the 161 ports reception NMS of UDP (User Datagram Protoco (UDP)), and NMS receives agency's event notification message at 162 ports of UDP.In case obtain the access rights of equipment, just can access means information, rewriting and configuration device parameter.
Usually, network management system comprises four elements: keeper, administration agent, management information base, proxy service device.Wherein, first three key element is essential, and the 4th is option.
SNMP is a kind of connectionless protocol, and by using request message and the mode of returning response, SNMP is transmission information between administration agent and keeper.Snmp protocol has defined the form of packet and the information exchange between network manager and the administration agent, and it is also controlling the MIB data object of administration agent.Therefore, can be used for handling the various tasks of administration agent definition.It externally provides three kinds of basic operation command that are used to control mib object.They are: Set, Get and Trap:
Set: be a privileged command, can change the configuration of equipment or the operating condition of control appliance by it;
Get: be the basic mode that from the network equipment, obtains management information.
Trap: its function is exactly under the prerequisite that network management system does not explicitly call for, and has some special situations or problem to take place by administration agent informing network management system.
The PDU of SNMPv1 (protocol Data Unit) has five types, and they comprise: GetRequest, GetNextRequest, SetRequest, GetResponse, Trap.SNMPv2 has increased by two kinds of PDU:GetBulkRequest and InformRequest again.
Snmp management person uses GetRequest retrieving information from the network equipment that has the SNMP agency, and SNMP acts on behalf of with GetResponse message response GetRequest.The information that can exchange is a lot, as the name of system, and the time of normal operation after system's self-starting, network interface number in the system or the like.GetRequest and GetNextRequest combine use can obtain an object in the table.GetRequest fetches a special object; Use GetNextRequest then is the next object in the required list.Use SetRequest to carry out Remote configuration to the parameter in the equipment.Set-Request can be provided with the name of equipment, turns off a port or removes an item in the address resolution table.Trap is a snmp trap, is the non-request message that the SNMP agency sends to management station.These message inform that a particular event has taken place this equipment of management station, and as port failure, power down restarts etc., and management station can deal with accordingly.
The present invention just is based on this typical network management system shown in Figure 1, and a kind of method of network management security authentication is provided on the basis of SNMP V1/V2 agreement.
With reference to Fig. 4, Fig. 4 has described the flow process of step of the method for the preferred embodiments of the present invention network management securities authentication:
At first in step 41, dispose the webmaster parameter list, described webmaster parameter list is used to distinguish the identity of webmaster, and its structure and project are as shown in Figure 3;
Then, enter step 42, webmaster sends the SNMP request message, and a SNMP message is made up of three parts: version field (version field), group territory (community field) and snmp protocol data cell territory (SNMP PDU field), length of data package is not fixed;
Enter step 43, receive request message of SNMP sent by network management by the SNMP agency;
Enter step 44, the SNMP request message is decoded;
Enter step 45, according to source IP address and/or the webmaster title in the protocol Data Unit (PDU) in the SNMP request message that receives, identity to NMS user is carried out legal authentication, judges promptly whether source IP address and/or the webmaster title among the PDU is present in the above-mentioned webmaster parameter list that has disposed;
If there is no, then enter step 46, return illegal webmaster error message, then, return step 43, receive request message of SNMP sent by network management by the SNMP agency;
If exist, show that then the webmaster identity is legal, enter step 47, group's name of NMS user is authenticated, promptly judge the group's name in the decoded SNMP bag, whether be present in the above-mentioned webmaster parameter list that has disposed and in the list item corresponding with above-mentioned source IP address;
If there is no, then enter step 48, return group's name authentification failure error message, then, return step 43, receive request message of SNMP sent by network management by the SNMP agency;
If exist, show that then webmaster is real legal identity, enter step 49, treatment S NMP request message;
Then, enter step 410, result is returned to webmaster;
Return step 43, receive request message of SNMP sent by network management by the SNMP agency.
The structural representation that Fig. 3 has described webmaster parameter list described in the preferred embodiments of the present invention has been mentioned in the front, below with reference to Fig. 3 described webmaster parameter list is done one and describes in detail: comprise in the webmaster parameter list: webmaster title, webmaster IP address, webmaster maintenance mode, group's name, port numbers.Wherein, the webmaster maintenance mode comprises maintenance mode and the outer maintenance mode of band in the band, and described in-band management represents that a kind of way to manage of being undertaken by service channel, described outband management represent a kind of way to manage of being undertaken by Ethernet interface.
In addition, can also increase other project according to system's actual needs.Its structure can be provided with flexibly, not only arrests in frame mode shown in Figure 3.
Though described the present invention by embodiment, those of ordinary skills know, the present invention has many distortion and variation and do not break away from spirit of the present invention, wish that appended claim comprises these distortion and variation and do not break away from spirit of the present invention.
Claims (8)
1. the method for network management security authentication is characterized in that described method comprises step:
Configuration webmaster parameter list, described webmaster parameter list is used to distinguish the identity of webmaster;
Webmaster sends Simple Network Management Protocol (SNMP) request message;
Receive described request message of SNMP sent by network management;
Whether the property parameters of judging the described webmaster identity of expression in the described SNMP request message is present in the described webmaster parameter list,
If there is no, then return illegal webmaster error message, and end the SNMP request,
If exist, then handle described SNMP request message, and result is returned to webmaster.
2. the method for network management security authentication as claimed in claim 1 is characterized in that described webmaster parameter list comprises project: webmaster title, webmaster IP address, webmaster maintenance mode, group's name, port numbers.
3. the method for network management security authentication as claimed in claim 2, it is characterized in that, described webmaster maintenance mode comprises: in-band management and outband management, described in-band management represents that the mode that manages by service channel, described outband management represent the mode that manages by Ethernet interface.
4. the method for network management security authentication as claimed in claim 1, it is characterized in that the step of described reception request message of SNMP sent by network management comprises: receive described SNMP request message that operation sends to network management center and/or the described SNMP request message that sends by the mode dial-in network administrative center that dials.
5. the method for network management security as claimed in claim 2 authentication is characterized in that, the step whether described property parameters of judging the described webmaster identity of expression in the described SNMP request message is present in the described webmaster parameter list comprises step:
IP address and/or webmaster title to described webmaster are carried out legal authentication;
Group's name to described webmaster is carried out legal authentication.
6. the method for network management security authentication as claimed in claim 5 is characterized in that the described step that the IP address and/or the webmaster title of described webmaster are carried out legal authentication comprises step:
PDU (protocol Data Unit) according in the described SNMP request message that receives judges whether the IP address of described webmaster and/or webmaster title are present in the described webmaster parameter list,
If exist, then continue to handle described SNMP request,
If there is no, then end described SNMP request, and return the non-existent error message of described webmaster.
7. the method for network management security authentication as claimed in claim 5 is characterized in that the step that described group's name to described webmaster is carried out legal authentication comprises step:
The described SNMP request message that decoding receives;
Judge whether described group name is present in the described webmaster parameter list in the IP address and/or webmaster title respective items with described webmaster,
If exist, then continue to handle described SNMP request,
If there is no, then end described SNMP request, and return described webmaster group name authentification failure error message.
8. the method for network management security authentication as claimed in claim 7, it is characterized in that the step of the described SNMP request message of described processing comprises step: according to described webmaster group name read and/or write permission allows described webmaster to read and/or write corresponding management information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031437915A CN100456689C (en) | 2003-08-06 | 2003-08-06 | Network management safety authentication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031437915A CN100456689C (en) | 2003-08-06 | 2003-08-06 | Network management safety authentication method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1581795A true CN1581795A (en) | 2005-02-16 |
| CN100456689C CN100456689C (en) | 2009-01-28 |
Family
ID=34579523
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB031437915A Expired - Lifetime CN100456689C (en) | 2003-08-06 | 2003-08-06 | Network management safety authentication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100456689C (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007030989A1 (en) * | 2005-09-14 | 2007-03-22 | Huawei Technologies Co., Ltd. | A network management system and the method thereof |
| WO2007062557A1 (en) * | 2005-11-30 | 2007-06-07 | Huawei Technologies Co., Ltd. | A security control method,device for the communication border and the security control system |
| CN100420206C (en) * | 2006-04-05 | 2008-09-17 | 华为技术有限公司 | SNMP communication system and method |
| US7877469B2 (en) | 2006-02-01 | 2011-01-25 | Samsung Electronics Co., Ltd. | Authentication and authorization for simple network management protocol (SNMP) |
| CN102006296A (en) * | 2010-11-26 | 2011-04-06 | 杭州华三通信技术有限公司 | Security certification method and equipment |
| CN102158363A (en) * | 2011-04-26 | 2011-08-17 | 中兴通讯股份有限公司 | Security protection method and device of simple network management protocol (SNMP) |
| US8276194B2 (en) | 2007-02-01 | 2012-09-25 | Huawei Technologies Co., Ltd. | Methods and systems for user authentication |
| CN101714926B (en) * | 2009-11-02 | 2013-01-30 | 福建星网锐捷网络有限公司 | Method, device and system for managing network equipment |
| CN102983986A (en) * | 2011-09-06 | 2013-03-20 | 中兴通讯股份有限公司 | Network element equipment authentication management method and network element equipment authentication management system |
| CN102006178B (en) * | 2009-09-03 | 2013-11-20 | 电信科学技术研究院 | SNMP-based network management method and system |
| CN111049674A (en) * | 2019-11-25 | 2020-04-21 | 三维通信股份有限公司 | Network management parameter configuration method, device, equipment and computer readable storage medium |
| CN113839776A (en) * | 2021-11-29 | 2021-12-24 | 军事科学院系统工程研究院网络信息研究所 | Method and system for safety interconnection protocol between network management and router |
| CN114844664A (en) * | 2022-03-11 | 2022-08-02 | 江苏天创科技有限公司 | Monitoring system and monitoring method for data security management |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2001229098A (en) * | 2000-02-17 | 2001-08-24 | Nec Eng Ltd | Network monitor system |
| CN1149787C (en) * | 2001-04-29 | 2004-05-12 | 华为技术有限公司 | Method of adding subscriber's security confirmation to simple network management protocol |
-
2003
- 2003-08-06 CN CNB031437915A patent/CN100456689C/en not_active Expired - Lifetime
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007030989A1 (en) * | 2005-09-14 | 2007-03-22 | Huawei Technologies Co., Ltd. | A network management system and the method thereof |
| WO2007062557A1 (en) * | 2005-11-30 | 2007-06-07 | Huawei Technologies Co., Ltd. | A security control method,device for the communication border and the security control system |
| US7904954B2 (en) * | 2005-11-30 | 2011-03-08 | Huawei Technologies Co., Ltd. | Method, device and security control system for controlling communication border security |
| CN101379762B (en) * | 2006-02-01 | 2012-05-02 | 三星电子株式会社 | System and method for processing authentication and authorization for simple network management protocol (SNMP) |
| US7877469B2 (en) | 2006-02-01 | 2011-01-25 | Samsung Electronics Co., Ltd. | Authentication and authorization for simple network management protocol (SNMP) |
| CN100420206C (en) * | 2006-04-05 | 2008-09-17 | 华为技术有限公司 | SNMP communication system and method |
| US8276194B2 (en) | 2007-02-01 | 2012-09-25 | Huawei Technologies Co., Ltd. | Methods and systems for user authentication |
| CN102006178B (en) * | 2009-09-03 | 2013-11-20 | 电信科学技术研究院 | SNMP-based network management method and system |
| CN101714926B (en) * | 2009-11-02 | 2013-01-30 | 福建星网锐捷网络有限公司 | Method, device and system for managing network equipment |
| CN102006296A (en) * | 2010-11-26 | 2011-04-06 | 杭州华三通信技术有限公司 | Security certification method and equipment |
| CN102158363A (en) * | 2011-04-26 | 2011-08-17 | 中兴通讯股份有限公司 | Security protection method and device of simple network management protocol (SNMP) |
| WO2012146100A1 (en) * | 2011-04-26 | 2012-11-01 | 中兴通讯股份有限公司 | Security protection method and apparatus using simple network management protocol |
| CN102983986A (en) * | 2011-09-06 | 2013-03-20 | 中兴通讯股份有限公司 | Network element equipment authentication management method and network element equipment authentication management system |
| CN102983986B (en) * | 2011-09-06 | 2017-11-28 | 中兴通讯股份有限公司 | A kind of method and system of network element device authentication management |
| CN111049674A (en) * | 2019-11-25 | 2020-04-21 | 三维通信股份有限公司 | Network management parameter configuration method, device, equipment and computer readable storage medium |
| CN111049674B (en) * | 2019-11-25 | 2021-03-23 | 三维通信股份有限公司 | Network management parameter configuration method, device, equipment and computer readable storage medium |
| WO2021104116A1 (en) * | 2019-11-25 | 2021-06-03 | 三维通信股份有限公司 | Network management parameter configuration method, device, apparatus, and computer readable storage medium |
| CN113839776A (en) * | 2021-11-29 | 2021-12-24 | 军事科学院系统工程研究院网络信息研究所 | Method and system for safety interconnection protocol between network management and router |
| CN114844664A (en) * | 2022-03-11 | 2022-08-02 | 江苏天创科技有限公司 | Monitoring system and monitoring method for data security management |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100456689C (en) | 2009-01-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6404743B1 (en) | Enhanced simple network management protocol (SNMP) for network and systems management | |
| Case et al. | Management information base for version 2 of the simple network management protocol (snmpv2) | |
| CN1581795A (en) | Network management safety authentication method | |
| EP2680490B1 (en) | Filtering within device management protocol queries | |
| CN105791047A (en) | Method for controlling management system of secure video private network | |
| CN1930817A (en) | Isolation approach for network users associated with elevated risk | |
| CN100499502C (en) | Trap analyzing and preprocessing system and method thereof | |
| CN101076028B (en) | Method for interacting telecommunication system and message by SNMP protocol | |
| CN1309208C (en) | Network safety system of computer network and controlling method thereof | |
| CN1852169A (en) | Method and system for centralized management of multiple functional units | |
| CN1494260A (en) | Monitoring method of higher level network authority against lower level network authority | |
| CN1820265A (en) | Single-point management system for devices in a cluster | |
| CN101035026A (en) | Network management system and its communication method | |
| US20060123103A1 (en) | Communicating network management information using session initiation protocol architecture | |
| Cisco | Overview of Basic SNMP Building Blocks | |
| Cisco | Configuring SNMP Support | |
| Cisco | Chapter 8, Network Management | |
| Cisco | Configuring SNMP | |
| KR20020023481A (en) | High speed network traffic management device and method thereof | |
| CN1523851A (en) | Security method for operator access control of network management system | |
| WO2012146100A1 (en) | Security protection method and apparatus using simple network management protocol | |
| Chris | What’s Not So Simple about SNMP? | |
| Genkov | Implementing port security feature using snmp protocol | |
| Tyata et al. | Network Management Protocols: Analytical Study and Future Research Directions | |
| KR100542344B1 (en) | Security method for access control of Network Management System |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CX01 | Expiry of patent term | ||
| CX01 | Expiry of patent term |
Granted publication date: 20090128 |