CN1641516A - Method for ensuring system safety for window operating system - Google Patents
Method for ensuring system safety for window operating system Download PDFInfo
- Publication number
- CN1641516A CN1641516A CN 200410002154 CN200410002154A CN1641516A CN 1641516 A CN1641516 A CN 1641516A CN 200410002154 CN200410002154 CN 200410002154 CN 200410002154 A CN200410002154 A CN 200410002154A CN 1641516 A CN1641516 A CN 1641516A
- Authority
- CN
- China
- Prior art keywords
- executable program
- file
- program
- function
- illegal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Debugging And Monitoring (AREA)
Abstract
This invention discloses a method of ensuring the system security in the Windows operating system. The method is: spring the system monitoring program when the Windows operating system is preparing to found tenor for the executable program put forward a request of executing the program; the system monitoring program obtains the check file corresponding to the mentioned executable program. If there is no check file or the file is vacancy, confirm the mentioned executable program is illegal and terminate initializtion work of founding tenor. Otherwise judge whether the executable program is legal. If it's illegal, terminate initializtion work of founding tenor, or else found tenor as the normal flow.
Description
Technical field
The present invention relates to computer security technique, relate in particular to a kind of method that in Windows (Windows), guarantees security of system.
Background technology
Along with popularizing of computing machine and network, the challenge of safety is increasingly serious.Virus is as one of two security threats that cause the most extensive attention (another is the invador), and its fabricator and the struggle between removing person also grow in intensity.
Virus is attached to the head or the afterbody of executable program, perhaps adopts alternate manner to embed.When calling by the program of virus infections, at first carry out viral code, and then the original code of executive routine.Specifically, the principle of work of virus infections is as follows: first line code is a redirect to main Virus; Second row is a special marking, is used for determining whether the potential program of being injured has been crossed by this virus infections.When this program was called, control passed to main Virus at once.Virus is at first found out not to be had infected executable file and infects them; Next step, virus may be carried out certain action, normally harmful to system action, for example deleted file; At last, virus is given original program with control, the difference that allows the imperceptible infection of user front and back program carry out.
According to above virus mechanism, it is to have mark governed to the infection of executable program, as the variation of file size, the check and variation, identical structure and bit mode, promptly the signature etc.
The flow process of traditional Antivirus program can be summed up as trilogy:
Detect: the periodic scanning executable program, search the signature of virus or the change of program length, whether the affirmation program is infected.
Identification:, then determine to have infected which type of virus according to the signature storehouse in case detect unusually.
Remove: in case discerned specific virus, from infected program, remove all vestiges of virus, program recovery is arrived original state.
Though traditional Antivirus program can be removed known virus, have following several significant disadvantages:
1, it is a kind of post factum, wait just go behind the virus infections to detect, identification and removing.It can not prevent by the virus infections program implementation, also just can't prevent the propagation of virus and carry out harmful action.Therefore, it is cured the symptoms, not the disease.
2, its detection depends on the signature storehouse, can only detect known virus, to not at signature viral powerless in the storehouse.When a kind of new virus occurring, need in the signature storehouse, increase new signature, Here it is causes this class software frequently to be upgraded.
3, its detects one and removes one, might one program just be eliminated and infected, that is to say its whole shortage immunocompetence.
Summary of the invention
The object of the present invention is to provide a kind of method that in Windows, guarantees security of system, to solve the problem that can not fundamentally guarantee security of system in the prior art.
For solving problem, the invention provides following technical scheme:
A kind of method that guarantees security of system in Windows comprises step:
A, Windows (Windows operating system) triggering system watchdog routine when being prepared as the executable program establishment process that proposes the executive routine request;
B, system monitor obtain described executable program corresponding check file, if do not have verification file or file for empty, determine that then described executable program is illegal, and stop the initial work of establishment process, otherwise continue step C;
C, judge according to verification file whether described executable program is legal; If illegal, then stop the initial work of establishment process, otherwise create process by normal flow.
According to said method:
System monitor is by registering the system-level process activity that (Callback) function comes surveillance of returning, the triggering system watchdog routine when calling this function when the system creation process called in advance in Windows operating system.Described triggering system watchdog routine is meant the address of revising establishment process service routine in the system service distributing list (SSDT), makes system monitor obtain to carry out control.
System monitor is caught the process activity that (API Hook) program is come surveillance by register a system-level application programming interface in advance in Windows operating system, call when creating process function triggering system watchdog routine when perhaps calling load libraries (LoadLibary) function and dynamically packing dynamic link libraries (DLL) into when the system creation process.Described triggering system watchdog routine is meant Import Address Table (the Import Address Table of modification process, IAT) and input namelist (Import Name Table, INT) content in, perhaps revise the address that obtains process address (GetProcAddress) function, make system monitor obtain to carry out control.
Described triggering system watchdog routine is meant revises the value of interrupting description list, makes system monitor obtain to carry out control.
Described verification file comprises verification file summary info, source file size and checking data.
Step C comprises:
(1) checks whether the verification file summary info is correct,, otherwise determine that described executable program is illegal, stop the initial work of establishment process if correctly then carry out step (2);
(2) whether the size of checking executable program is identical with the source file size that writes down in the verification file, if identical then carry out step (3), otherwise determine that described executable program is illegal, stop the initial work of establishment process;
(3) call the checking data generating algorithm, generate the checking data of described executable program and compare,, determine that then described executable program is legal, creates process by normal flow if two checking datas are identical with checking data in the verification file; Otherwise, determine that described executable program is illegal, stop the initial work of establishment process.
When described executable program is installed in system, generates the corresponding check file and install with executable program by system monitor.
For already present executable program in the system before the installation system watchdog routine, then generate the verification file of this executable program according to configuration file by guard process.
When the present invention is prepared as executable program establishment process in system, the intercepting system service comes the program of carrying out is carried out validity checking, and when discovery procedure is illegal, in time stop the initial work of establishment process, stoped illegal process or by the startup of virus infections process, because interception opportunity early, also just fundamentally stop viral propagation and carried out harmful action, guaranteed the safety of system; According to principle as can be seen, have only the program that generates verification file just to be allowed to operation, otherwise, even not by virus infections, be not allowed to operation yet, promptly guaranteed the special use of system simultaneously.The present invention does not rely on the feature of concrete virus, and is effective to the parasitic virus of any infection executable program.
Description of drawings
Fig. 1 is the structural representation of computing machine;
Fig. 2 is the mutual relationship synoptic diagram of system monitor and Windows operating system;
Fig. 3 is a process flow diagram of the present invention.
Embodiment
It is the protection of application software system of Windows operating system (being Windows NT, 2000, XP etc., inapplicable to Windows98) of core that system monitor of the present invention goes for NT.Process creation by surveillance comes the quiescing system to move unauthorized program or by the virus infections program, to guarantee the safety of application software system.
Consult Fig. 1, shown the basic structure of a computing machine among the figure, implement method of the present invention with it.The processor of computing machine is connected with storer by bus, also connects IO interface by bus simultaneously, and storer comprises internal memory and external memory, basic external memory such as hard disk etc.; IO interface attended operation keyboard and display device, communication interface is connected to network or other communication facilities through connection.
Store Windows operating system program and other executable program in storer, at first load the Windows operating system program during computer starting, other executable program operates on this operating system.When other executable program need move, send request to Windows operating system, be that executable program is created new process by the kernel module of operating system, and be this new course allocation resource.
In the present invention, also store system monitor in the storer, this program is that executable program is used to check whether executable program is legal when creating new process at the kernel module of operating system, relation between system monitor and operating system as shown in Figure 2, executable program (comprises specialized application software, and other system software or application software) to Windows operating system " executive routine request " proposed when carrying out, after Windows operating system receives " executive routine request ", carry out some initial work, prepare to create and reporting system watchdog routine " the establishment process is prepared by system ", whether the program that inspection will be carried out after system monitor received and notifies is legal.If legal, then allow Windows operating system continue to finish the initial work of process creation; Otherwise stop the initial work of the process creation of Windows operating system.
Each legal procedure in the system all has the corresponding check file, and this verification file can adopt MD5 algorithm (also can adopt other algorithms) that legal procedure is carried out the calculation check data by system monitor and generate.For existing legal procedure in the system before system monitor is installed, system monitor generates corresponding checking file according to the appointment of configuration file when mounted.For the legal procedure that install the back being installed, must generating its checking file before installing with the kit of system monitor, and install together in company with legal procedure at system monitor.
The verification file form is:
| Sequence number | Space (byte number) | Effect | Explanation |
| 1 | 16 | Verification file sign, character string are " _ PPT_FILE_ ". | The verification file summary info |
| 2 | 4 | The byte number of checking data, nonnegative integer. | |
| 3 | 64 | Retaining space is preserved other information of verification file when being used for from now on expanded function. | |
| 4 | 4 | The source file size, nonnegative integer. | |
| 5 | 64 | Retaining space is preserved other information of source file when being used for expanding from now on. | |
| 6 | Byte number is determined by the checking data generating algorithm | Preserve checking data. | Checking data |
It is as follows to consult treatment scheme shown in Figure 3, main:
Step 10:Windows operating system is the triggering system watchdog routine when being prepared as the executable program establishment process that proposes the executive routine request, obtains control by system monitor.
Step 20: system monitor obtains described executable program corresponding check file, if do not have verification file or file for empty, then carry out step 80, otherwise continues step 30.
Step 30: check whether the verification file summary info is the verification file of correct format, if not, then carry out step 80, otherwise carry out step 40.
There are two conditions all to satisfy to be only whether " the verification file sign " of correct verification file: A, verification file summary info is " _ PPT_FILE_ "; Whether " byte number of checking data "+152 in B, the verification file summary info equal the size of verification file.
Step 40: the size of checking described executable program whether with verification file in the source file preserved big or small identical, if different, then this executable code modification mistake carry out step 80, otherwise carry out step 50.
Step 50: call the checking data generating algorithm, regenerate the checking data of described executable program.
Step 60: newly-generated checking data and the checking data in the verification file are compared; If two checking datas are inequality, then carry out step 80; Otherwise carry out step 70.
Step 70: judge that this executable program is legal, give system module, and create process by normal flow with control.
Step 80: determine that described executable program is illegal, and stop the initial work of establishment process, do not carry out this executable program.
Because unauthorized illegal program, it does not have the verification file of compliance with system watchdog routine; By the program that virus infections is crossed, newly-generated verification and be not inconsistent with verification file, so the two all can not move.
In the present invention, the realization of Windows operating system triggering system watchdog routine when being prepared as the executable program that proposes the executive routine request and creating process can have multiple mode, below mainly three kinds of modes is wherein described in detail:
Mode one:
1, creates the process informing mechanism
Windows operating system is in the process of establishment, and kernel module can after these resources allocations are good, can be notified the WIN32 subsystem for new some resources of course allocation.And can allowing one of user installation call, the WIN32 subsystem returns the process activity that (Callback) function comes surveillance.In this Callback function, just can carry out the action of appointment, implementation is as follows:
At first, the kernel function of going calling program NTOSKRNL.EXE to provide by a core schema (KM) driver.Program NTOSKRNL.EXE module has derived a series of Processing Structure programs (Process Structure Routine) function under Windows operating system, wherein there is one to be used to register a system-level Callback function, when operating system (OS) is created, withdrawed from or stops process, all can call this Callback function.Because user model (UM) program can not be called kernel function, provide a KM driver.
Then, provide a UM program, this UM program is communicated by letter with the KM driver, to start and to stop the service of KM.In the time of the process activity, the KM program is notified UM program by a notice (Notify) incident.
2, revise Windows system service distributing list (System Service Dispatch Table, SSDT)
This utilizes these characteristics of NT system layer mechanism to realize.
WIN32 API is generally provided by KERNEL32.DLL and these two modules of ADVAPI32.DLL, and when calling WIN32 API, OS at first can be converted to Unicode to the string argument in the function automatically.Subsequently, OS can find corresponding function in the NTDLL.DLL module, and the function that finds can call NTOSKRNL.EXE and serve accordingly.Each service all has unique sign in NTOSKRNL be service ID.NTDLL is put into this service ID in the eax register, and the parameter stack address is put among the EDX, then uses INT 2EH instruction that system running pattern is become kernel mode, begins to carry out by specifying corresponding handling procedure among the IDT.
When NTOSKRNL was initialized, it can set up a SSDT, and each is the address of a service (Service) handling procedure in the table, and each Service handling procedure all can reside in the kernel (Kernel).Also has the parameter that table is used for preserving Service.
In this is used, can be by revising the SSDT table content of NTOSKRNL, allow the code of address pointing system watchdog routine of establishment process service, realize system monitoring.
When program start, this Callback function of system call, this Callback function is carried out verification.If verification is not passed through, then process stops; If pass through, then the default Callback of calling system carries out normal program start process.
Mode two:
The method that adopts application programming interface (API) to catch (Hook)
Each process of moving in the Windows system all has an Import Address Table (Import AddressTable, IAT) and input namelist (Import Name Table, INT), these two tables can write down all importing functions of this process, and the establishment process can only be used limited several functions.If program is static the connection, its process necessarily has record and creates process function in these two tables so.If the function of the establishment process of certain DLL of dynamic call, in these two tables, just do not create the record of process function, but it must call load libraries (LoadLibary) the function DLL that packs into dynamically, so the record of LoadLibary function is necessarily arranged in these two tables.
At first, a system-level HOOK program is installed in system, in this HOOK program of installation, enumerates processes all in the system, and in the IAT and INT of these processes, search and whether use the record of creating process function; If have, then the address among IAT and the INT is preserved, be used for system monitor particular code sector address then and cover this record; If do not have, this process can not directly use the establishment process function to come the establishment process, then search the record that whether uses this class dynamic call of LoadLibary DLL function: if having, then revising the address that obtains process address (GetProcAddress) function is watchdog routine particular code sector address; If any operation that no, just it goes without doing.
Monitored process is used when creating process function or this class function of LoadLibary, because revised IAT and INT, so system monitor obtains carrying out control, and the action of appointment in the then first executive system watchdog routine; If use the function of the DLL that packs into, when using GetProcAddress, judge whether the parameter of GetProcAddress creates the function C reateProcess of process, if then go the action of executive system watchdog routine appointment; If not, any processing that just it goes without doing.
Mode three:
The Interrupt Service Routine table of retouching operation system
Under protected mode, (Interrupt Descriptor Table IDT) describes to interrupt using the interruption description list.(Interrupt Descriptor Table Register IDTR) keeps the address of IDT and the record number of table to interrupt the description list register.IDT can be retained in the physical memory always, and an interrupt gate is arranged in IDT, and it preserves the selector switch (Selector) and the side-play amount (Offset) of this interrupt handling program code segment.When interrupting occurring, the interrupt number that processor is shown by IDT finds the processing routine of this interruption, then relevant interrupt handling routine is just carried out in the stacked back of relevant register.
At first obtain the value of IDTR, obtain wanting to revise the Selector and the Offset of interrupt handling routine, these two values are preserved, and then the value of IDT is revised as the Selector and the Offset of system monitor by the SIDT instruction.
The executive subsystem of Windows NT comprises subsystems such as Win32, Win16, POSIX.These subsystems have function creation process separately.But finally still to call kernel the service of establishment process is provided.Any of client layer calls, finally the service of all calling system kernel.System service has and has only unique processing routine in OS, unique routine is tackled, and the possibility of mistakes and omissions can not occur.Thereby the present invention adopts the intercepting system service, is a kind of scheme very reliably.The scheme of system service interception also has a benefit, is exactly item in each service corresponding with service parameter list, can be accurate and find the information that needs fast.And system is not any resource of new course allocation, and the establishment that stop process also more fast, thoroughly.
The present invention stops by the operation of virus infections program from the source, prevents the propagation of virus and carries out harmful action.It does not rely on the feature of concrete virus, and is effective to the parasitic virus of any infection executable program.It can stop unauthorized program implementation simultaneously.
Claims (10)
1, a kind of method that guarantees security of system in Windows is characterized in that comprising step:
A, Windows (Windows operating system) triggering system watchdog routine when being prepared as the executable program establishment process that proposes the executive routine request;
B, system monitor obtain described executable program corresponding check file, if do not have verification file or file for empty, determine that then described executable program is illegal, and stop the initial work of establishment process, otherwise continue step C;
C, judge according to verification file whether described executable program is legal; If illegal, then stop the initial work of establishment process, otherwise create process by normal flow.
2, the method for claim 1, it is characterized in that, system monitor is by registering the system-level process activity that (Callback) function comes surveillance of returning, the triggering system watchdog routine when calling this function when the system creation process called in advance in Windows operating system.
3, method as claimed in claim 1 or 2 is characterized in that, described triggering system watchdog routine is meant the address of revising establishment process service routine in the system service distributing list (SSDT), makes system monitor obtain to carry out control.
4, the method for claim 1, it is characterized in that, system monitor is caught the process activity that (API Hook) program is come surveillance by register a system-level application programming interface in advance in Windows operating system, call when creating process function triggering system watchdog routine when perhaps calling load libraries (LoadLibary) function and dynamically packing dynamic link libraries (DLL) into when the system creation process.
5, as claim 1 or 4 described methods, it is characterized in that, described triggering system watchdog routine is meant Import Address Table (the Import Address Table of modification process, IAT) and input namelist (ImportName Table, INT) content in, perhaps revise the address that obtains process address (GetProcAddress) function, make system monitor obtain to carry out control.
6, the method for claim 1 is characterized in that, described triggering system watchdog routine is meant revises the value of interrupting description list, makes system monitor obtain to carry out control.
7, the method for claim 1 is characterized in that, described verification file comprises verification file summary info, source file size and checking data.
8, the method for claim 1 is characterized in that, step C comprises:
(1) checks whether the verification file summary info is correct,, otherwise determine that described executable program is illegal, stop the initial work of establishment process if correctly then carry out step (2);
(2) whether the size of checking executable program is identical with the source file size that writes down in the verification file, if identical then carry out step (3), otherwise determine that described executable program is illegal, stop the initial work of establishment process;
(3) call the checking data generating algorithm, generate the checking data of described executable program and compare,, determine that then described executable program is legal, creates process by normal flow if two checking datas are identical with checking data in the verification file; Otherwise, determine that described executable program is illegal, stop the initial work of establishment process.
9, the method for claim 1 is characterized in that, when described executable program is installed in system, is generated the corresponding check file and is installed with executable program by system monitor.
10, the method for claim 1 is characterized in that, for already present executable program in the system before the installation system watchdog routine, is then generated the verification file of this executable program according to configuration file by guard process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100021540A CN100349084C (en) | 2004-01-05 | 2004-01-05 | Method for ensuring system safety for window operating system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100021540A CN100349084C (en) | 2004-01-05 | 2004-01-05 | Method for ensuring system safety for window operating system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1641516A true CN1641516A (en) | 2005-07-20 |
| CN100349084C CN100349084C (en) | 2007-11-14 |
Family
ID=34867304
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100021540A Expired - Fee Related CN100349084C (en) | 2004-01-05 | 2004-01-05 | Method for ensuring system safety for window operating system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100349084C (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102034047A (en) * | 2010-12-21 | 2011-04-27 | 姚志浩 | Automatic protection method for computer virus |
| CN102651060A (en) * | 2012-03-31 | 2012-08-29 | 北京奇虎科技有限公司 | Method and system for detecting vulnerability |
| CN103970540A (en) * | 2014-05-15 | 2014-08-06 | 北京华为数字技术有限公司 | Method and device for safely calling key function |
| CN106228066A (en) * | 2016-07-13 | 2016-12-14 | 北京金山安全软件有限公司 | Method and device for preventing malicious modification of process address space and terminal |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU686494B2 (en) * | 1995-02-08 | 1998-02-05 | Sega Enterprises, Ltd. | Information processor having security check function |
| US6205551B1 (en) * | 1998-01-29 | 2001-03-20 | Lucent Technologies Inc. | Computer security using virus probing |
| US6330670B1 (en) * | 1998-10-26 | 2001-12-11 | Microsoft Corporation | Digital rights management operating system |
| US6697948B1 (en) * | 1999-05-05 | 2004-02-24 | Michael O. Rabin | Methods and apparatus for protecting information |
-
2004
- 2004-01-05 CN CNB2004100021540A patent/CN100349084C/en not_active Expired - Fee Related
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102034047A (en) * | 2010-12-21 | 2011-04-27 | 姚志浩 | Automatic protection method for computer virus |
| CN102034047B (en) * | 2010-12-21 | 2012-10-17 | 姚志浩 | Automatic protection method for computer virus |
| CN102651060A (en) * | 2012-03-31 | 2012-08-29 | 北京奇虎科技有限公司 | Method and system for detecting vulnerability |
| CN102651060B (en) * | 2012-03-31 | 2015-05-06 | 北京奇虎科技有限公司 | Method and system for detecting vulnerability |
| CN103970540A (en) * | 2014-05-15 | 2014-08-06 | 北京华为数字技术有限公司 | Method and device for safely calling key function |
| CN103970540B (en) * | 2014-05-15 | 2018-02-06 | 北京华为数字技术有限公司 | Key Functions secure calling method and device |
| CN106228066A (en) * | 2016-07-13 | 2016-12-14 | 北京金山安全软件有限公司 | Method and device for preventing malicious modification of process address space and terminal |
| CN106228066B (en) * | 2016-07-13 | 2019-12-03 | 珠海豹趣科技有限公司 | The process address space prevents malicious modification method, apparatus and terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100349084C (en) | 2007-11-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107808094B (en) | System and method for detecting malicious code in a file | |
| US7802300B1 (en) | Method and apparatus for detecting and removing kernel rootkits | |
| US7797748B2 (en) | On-access anti-virus mechanism for virtual machine architecture | |
| US9135443B2 (en) | Identifying malicious threads | |
| EP2461264B1 (en) | Apparatus and method for runtime integrity verification | |
| Ferrie | Anti-unpacker tricks–part one | |
| US8621337B1 (en) | Detecting memory corruption | |
| CN1896903A (en) | Virtual-machine system for supporting trusted evaluation and method for realizing trusted evaluation | |
| KR20180018531A (en) | Behavioral malware detection using an interpreter virtual machine | |
| US8402539B1 (en) | Systems and methods for detecting malware | |
| US9177149B2 (en) | Method of detecting malware in an operating system kernel | |
| CN101042719A (en) | System and method for killing ROOTKIT | |
| Weisberg et al. | Enhancing Transportation System Networks Reliability by Securer Operating System | |
| CN105117649A (en) | Anti-virus method and anti-virus system for virtual machine | |
| EP3079057B1 (en) | Method and device for realizing virtual machine introspection | |
| Oyama et al. | Detecting malware signatures in a thin hypervisor | |
| WO2013048492A1 (en) | Mechanism for providing a secure environment for acceleration of software applications at computing devices | |
| KR101563059B1 (en) | Anti-malware system and data processing method in same | |
| CN1282083C (en) | Computer memory virus monitoring method and method for operation with virus | |
| CN1010511B (en) | Signaling attempted transfer to protected entry point bios routine | |
| US8938807B1 (en) | Malware removal without virus pattern | |
| CN1641516A (en) | Method for ensuring system safety for window operating system | |
| CN113176926A (en) | API dynamic monitoring method and system based on virtual machine introspection technology | |
| US20170126716A1 (en) | Malware detection | |
| CN1581088A (en) | Method and device for preventing computer virus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20071114 Termination date: 20180105 |