CN1764112A - Entity identification method based on H323 system - Google Patents
Entity identification method based on H323 system Download PDFInfo
- Publication number
- CN1764112A CN1764112A CN 200410083851 CN200410083851A CN1764112A CN 1764112 A CN1764112 A CN 1764112A CN 200410083851 CN200410083851 CN 200410083851 CN 200410083851 A CN200410083851 A CN 200410083851A CN 1764112 A CN1764112 A CN 1764112A
- Authority
- CN
- China
- Prior art keywords
- entity
- key
- random number
- message
- method based
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a entity identification method based on H323 system, which comprises: the first entity sends register information to the second entity; the latter sends require service note information to key allocation center; the center generates and sends note information to the second entity according to require information; the second entity generates and sends register confirmation information to the first entity; the latter sends confirmation information to second entity. Wherein, the first entity is terminal, and the second entity comprises terminal and network guard that needs not store any secret, the manager can find easily modify key to stop the loophole and improve network security.
Description
Technical field
The present invention relates to a kind of network communications technology, relate in particular to a kind of entity authentication method based on the H323 system.
Background technology
The H323 system is based on that PBN (Packet Based Network) that no QOS (service quality) guarantees realizes.Because the technical reason of PBN network itself, the PBN basic network can't provide QOS, also can't provide security service.In order on the unsafe network of this class, to provide safe service, just must consider two problems: authentication and secret.Main authentication and the secrecy technology that uses the H235 protocol description briefly described H.235 described authentication of agreement and secrecy technology below in the H323 system.
The H235 protocol description of ITU-T some kinds of security frameworks, for example, the H235 protocol description security service that in serial protocols framework H.3xx, increases, as authentication with maintain secrecy.H.235 agreement provides the certificate scheme of H323 system under gk (gatekeeper) route pattern, signaling authenticates provides by RAS (registration access state) in the entity authentication service of system, described gk route pattern is a kind of route pattern of H323 system, and its core is to utilize gk to transmit the H225 call signaling.
Though the H235 agreement of ITU-T has been described the security framework based on the gk route pattern, do not specifically describe the safety approach of H323 system under the non-gk route pattern.Another route pattern that described non-route pattern is the H323 system is opposite with the gk route pattern, does not utilize gk to transmit the H225 call signaling, but the directly mutual H225 call signaling of two terminals of communication; Non-gk route pattern is as a kind of very important calling route pattern of H323 system, uses very extensively, needs to guarantee the safety of H323 message equally.
Though in the basic security framework of H235 appendix D with symmetric encipherment algorithm to information signature, gk needs the query entity verify data in verification process, influence authentication speed.Under the situation of gk route, the security framework of appendix D can't provide really fail safe end to end, its fail safe to depend on middle trusted entity gk between two H323 terminals.The digital signature framework of H235 appendix E differentiates to message and is to use based on the public key certificate authentication mechanism that adopt public key encryption algorithm, calculation of complex is consuming time, and systematic function is had considerable influence.And adopt that in a single day gk is broken in these machine-processed systems, all user keys will all be revealed, and the user is caused direct threat.
In another and protocol-dependent authentification of user of H235 and RAS signaling authentication techniques, be the scheme of carrying out authentification of user in conjunction with kerberos authentication mechanism.Its reciprocal process realizes RAS signaling authentication mechanism based on " pushing away " type certification mode based on the RAS message Verification System of Kerberos as shown in Figure 1.Kerberos need set up the database of all clients and their common key based on symmetric cryptography.The kerberos authentication server can produce message, confirms another identity of entity to an entity, and kerberos system can also produce session key, uses for a client-server.
Yet, ISP and service requester are to use timestamp to carry out bi-directional authentification in the kerberos authentication scheme, therefore, authentication code in the kerberos authentication is the clock synchronization that needs the network equipment, be difficult to during realization guarantee, if use certain clock synchronization protocol, can be incorporated into H.323 system to the potential hazard of clock synchronization protocol so.
Summary of the invention
The objective of the invention is at above-mentioned problems of the prior art, a kind of user authen method based on the H323 system is provided, the present invention has mainly realized the non-gk route pattern of H323 system and non-GK entity authentication in routing mode and the authentication of RAS signaling.
Entity authentication method based on the H323 system of the present invention comprises:
A, first entity send login request message to second entity;
B, second entity send request service ticket message to key distribution center;
C, key distribution center generate ticket message according to request service ticket message, and the ticket message that is generated are sent to second entity;
D, second entity and first entity authenticate mutually according to ticket message.
Described first entity is a terminal, and described second entity comprises terminal and gatekeeper.
Described login request message in the described steps A comprises first entity identification and first random number that entity produces.
Described request service ticket message among the described step B comprises the random number that random number, second entity identification and second entity that first entity identification, first entity are produced are produced.
The described ticket message of described C step comprises to the bill of first entity and gives the bill of second entity.
The described bill of giving first entity comprises that the random number of second entity identification, first entity and the code stream of the session key of the sign of second entity, random number, second entity and first entity that first entity is produced being formed with first key carry out encrypted ciphertext.
The key that described first key comprises the key of first entity, derived by the key of first entity, random number that first entity is produced and second entity identification.
The described bill of giving second entity comprises that the random number of first entity identification, second entity and the code stream of the session key of the sign of first entity, random number, first entity and second entity that second entity is produced being formed with second key carry out encrypted ciphertext.
The key that described second key comprises the key of second entity, derived by the key of second entity, random number that second entity is produced and first entity identification.
Described step D further comprises:
D1, second entity generate registration confirmation message and send it to first entity;
D2, first entity send acknowledge message to second entity.
Described registration confirmation message among the described step D1 comprise second entity random number, give the bill of first entity and with session key to the random number of first entity, the random number of second entity and the Message Authentication Code that second entity identification is calculated.
Described step D1 also comprises: second entity utilizes the key of second entity that the bill of being sent by key distribution center of giving second entity is decrypted, and obtains session key.
Whether the random number that described step D1 also comprises second entity in the second object authentication bill is consistent with the random number that keeps of controlling oneself, if unanimity, and execution in step D2 then, otherwise, finish this authentication.
Described acknowledge message among the described step D2 comprises that the code stream of the sign of the random number of the random number of first entity and second entity and first entity being formed with the session password calculates Message Authentication Code.
After described step D2, also comprise: after second entity is received acknowledge message, again the code stream of the sign of the random number of the random number of first entity and second entity and first entity being formed with the session password calculates Message Authentication Code, and compare with the Message Authentication Code of being received, if unanimity as a result, then second entity can be confirmed first identity of entity, otherwise, the authentication of refusal authentication first identity of entity.
According to the present invention,, therefore, gk is implemented attack can't obtain the Any user authenticated data, thereby reduce the possibility that user key leaks because gk need not preserve any terminal secret.Because gk only need preserve the key of oneself, when the key of gk was revealed, administrative staff can be at an easy rate by revising stifled this leak of going up of gk key.In communication process service requester can be easily new session key more, when avoiding session key to divulge a secret brought.And direct route can be provided easily, stride the End-to-End Security of GK route.Authentication method of the present invention does not rely on the whole network clock synchronization, has avoided using the potential hazard of being brought of clock synchronization protocol.
According to the present invention, GK needn't the inquiring user key when the user registers, and also need not to produce session key and distribute, and only needs authenticate signaling, thereby has simplified the internal process of GK.The KDC that separates has simplified the structure of GK, makes GK need not preserve user key.Because transmit with clear-text way random number and the network address, whether under attackly the recipient need not deciphered can check, improved the preventing playback attack performance.
Description of drawings
Fig. 1 shows the schematic diagram of the RAS signaling authentication of prior art;
Fig. 2 shows the schematic diagram of first embodiment of RAS signaling authentication of the present invention;
Fig. 3 shows the schematic diagram of second embodiment of RAS signaling authentication of the present invention;
Fig. 4 shows the identifying procedure figure between GK of the present invention and the Epa.
Embodiment
Understand and realization the present invention the existing embodiments of the invention of describing in conjunction with the accompanying drawings for the ease of persons skilled in the art.
Basic thought of the present invention is H.235 on the basis authenticating user identification and RAS message authentication to be separated.That is, extract the function carry out authentification of user out from gk, (KeyDistribution Center KDC) comes distributing key and carry out authentification of user, and gk only carries out the RAS and the authentication of message Q.931 by key distribution center.
As shown in Figure 2, according to the present invention, (Key DistributionCenter KDC) is used to deposit user key to need to set up key distribution center.When service requester need be with ISP's communication, the ISP can select whether needs obtain bill (Ticket) to KDC is used for this session according to the upper-layer service rule, if need, then KDC is responsible for distributing both sides' session key, otherwise, can directly provide service, as use H.235 that framework provides service to service requester to service requester.
The present invention for convenience of description supposes that now the ISP is gk, and service requester is terminal (a), and adopts following writing a Chinese character in simplified form:
The key of Ka a
The shared key of Kagk a and b
Ea (M) encrypts plaintext M with Ka
Eagk (M) encrypts plaintext M with Kagk
The Message Authentication Code that MACa (M) calculates plaintext M with Ka
(Kagk) code stream of A, Ra, Kagk being formed with Ka calculates the message mirror to MACa for A, Ra
Other sign indicating number
The Message Authentication Code newspaper that MACagk (M) calculates plaintext M with Kagk
(A, Ra Kagk) calculate message with Kagk to the code stream that A, Ra, Kagk form to MACagk
Authentication code
Ta gives the bill of a
Tgk gives the bill of gk
Ca gives the authentication code of a
The sign of A a is the network address in the present invention
The random number that Ra a generates
GK gatekeeper's sign is the network address in the present invention
The random number that Rgk gk generates
Before communication two party authenticates, gatekeeper and terminal are registered to system respectively, acquisition is used for the key of the bill of decruption key distributing center distribution respectively, this key is stored in key distribution center simultaneously, be used for to by session key, communication the other side's sign and the code stream formed of the random number that produced of controlling oneself encrypt.
How discussion now designs bill.
In the present invention, communication two party (a and gk) needs to use session key that RAS message is authenticated, and session key is distributed by bill by KDC, so, should comprise session key in the bill.In order to allow ISP and service requester carry out authentication mutually, also need to comprise some secrets that they know in advance, be the other side's random number R a or Rgk as what adopt in the present invention.Judge whether to be subjected to Replay Attack fast in order can not to be decrypted message, described Replay Attack is to point to network entity constantly to repeat to send same message, makes it continue to provide service.These secrets also can send in mode expressly, and the recipient at first checks them, and if the secret different of own preservation then can directly abandon message.In addition, intercept and capture bill in order to prevent the third party, attempt allows the ISP provide service for it, also need comprise the opposing party's sign in giving a side bill, and the opposing party's sign is the network address in the present embodiment.To sum up tell, if service requester is A, the ISP is gk, and then KDC can be defined as follows for the bill Ta that a provides:
Ta=B,Ra,Ea(B,Ra,Kagk)
KDC can be defined as follows for the bill Tgk that gk provides:
Tgk=A,Rgk,Egk(A,Rgk,Kagk)
In order further to improve fail safe, prevent that the assailant from collecting a large amount of bills and selecting plaintext attack, each bill that produces should not use same key to carry out encryption and decryption.Present embodiment is to derive an encryption key Ka by Ka, Ra, gk
*, because Ra is random number, each Ra is inequality, so with the encryption key Ka of Ka, Ra, gk derivation
*Also inequality, carry out the encrypting and decrypting operation with it:
Ka
*=MACa(Ra,GK)
Form Ka to getting its preceding 128 behind Ra and the GK use key K a calculating Message Authentication Code (carrying out the uni-directional hash computing)
*Though Ra, GK are with plaintext transmission, Ka maintains secrecy, so guaranteed Ka
*Can only derive by KDC and a.Final bill Ta is defined as:
Ta=B,Ra,Ea
*(B,Ra,Kab)
Clear and definite behind the form of bill, user and RAS signaling verification process are described below.
The target of following process is to make to reach mutual trust: GK between terminal and the affiliated GK terminal of being managed is carried out RAS message authentication, and KDC carries out authenticating user identification to terminal, and terminal also can authenticate GK." drawing " type of application authentication model can be finished GK and EP encryption key distribution and mutual authentication.As shown in Figure 4, idiographic flow is as follows:
In step 1, EPa sends the end points login request message to GK, has carried a random number R a and network address A in the message, and EPa preserves the random number R a that sends in this locality.
In step 2, GK asks bill to KDC.GK after receiving the RRQ that EPa sends owing to need to confirm the identity of EPa, but and do not know the shared key of EPa, and judge whether that according to business needs ask service ticket to KDC, described business is to judge according to the port numbers of business.If need ask service ticket to KDC, then GK produces a random number R gk, sends message to KDC, comprises in the message: A, and GK, Ra, Rgk, otherwise directly Epa is served.
In step 3, KDC sends bill to GK.After KDC receives request, produce the session key of a key K agk more at random,, generate bill Ta, Tgk respectively by Ka, Kgk according to the method for above-mentioned generation bill as EPa and GK.KDC sends message to GK then, comprises in the message: Ta, Tgk
In step 4, authenticate mutually between GK and the EPa.Before authenticating mutually between GK and the EPa, at first should carry out the authentication between GK and the KDC.
After GK received Tgk, GK deciphered Tgk by Kgk, obtained session key Kagk, and whether checking Rgk is consistent with the Rgk that oneself keeps, if unanimity shows that then KDC also knows Kgk, so far just carried out the mutual authentication of KDC and GK, then GK just can by Kagk generate Message Authentication Code MACagk (Ra, Rgk, GK), send RCF message to EPa at last, comprise Rgk in the message, Ta, MACagk (Ra, Rgk, GK).If Rgk and the own inconsistent KDC that then shows of Rgk that keeps may be destroyed, stop following process or show service can not be provided to EPa transmission message.
Then, authenticate mutually between GK and the EPa.After Epa received Ta, Epa used the key K a of oneself that the Ta that is received is decrypted, and obtains session key Kagk.By Kagk, EPa can recomputate authentication code MACagk (Ra, Rgk, GK) again with receive MACagk (Ra, Rgk GK) compare, if the comparative result unanimity, then Epa believes the legal identity of GK, otherwise, abandon this message, wait for the message that receives GK.For legal identity to GK proof oneself, EPa need to GK send it authentication code MACagk (Ra, Rgk, A).EPa sends acknowledge message to GK, comprises in the message: and MACagk (Ra, Rgk, A).GK receives and recomputates MACagk after the message (Ra, Rgk A) and with the authentication code of receiving compare, the same identity that then can confirm EPa of result.
So far, just can carry out communication between terminal Epa and the GK.
Though defined two kinds of roles of ISP and service requester in the authentication model of the present invention, authentication model does not depend on ISP's customizing messages, any entity is if need other entities can initiate request to him for he provides service.So in H.323 using, service requester is corresponding to the H.323 entity (as terminal) that can call out, the ISP then can be corresponding to gatekeeper, also can be corresponding to another the H.323 entity (as terminal) that can call out.
In above-mentioned process, because the owner of Kgk has only GK and KDC, and the owner of Ka has only EPa and KDC, so if GK can decipher Tgk and verify Rgk, illustrate that then Tgk is effective bill that KDC sends really; If EPa can decipher Ta and checking R a, illustrated that also Ta is effective bill that KDC sends really, finished the process that EPa and GK differentiate KDC respectively.Also because have only them to know separately key, so have only them can decipher Ta and Tgk obtains session key Kagk.Send in the step of acknowledge message to GK at Epa, EPa relatively authentication code by the time just finished authentication to GK, same, GK successfully compares authentication code and has promptly finished authentication to EPa.So far, both sides have obtained session key Kagk and have carried out mutual authentication.
In network under the situation of no GK management, utilize this programme also can make two terminals (EPa and Epb) together obtain session key and authenticate mutually.Similar with the process of front, different is that the ISP is EPb rather than GK.
So both reduced the leakage possibility of user key, and also alleviated the processing burden of GK, the process of assign sessions key can be carried out in non-GK route and no GK route pattern simultaneously.
Adopt the present invention, EPa only needs once to authenticate to KDC, uses the session key and the mutual RAS message of GK of distributing in subsequent process.
When the user registers GK or terminal needn't query requests the key of terminal of service, also need not to produce session key and distribute session key, only need authenticate to signaling, simplified the internal process of GK.
Whether transmit with clear-text way the random number and the network address, the recipient need not deciphered can check under attack, has improved the preventing playback attack performance.
Though described the present invention by embodiment, those of ordinary skills know, without departing from the spirit and substance in the present invention, just can make the present invention that many distortion and variation are arranged, and scope of the present invention is limited to the appended claims.
Claims (15)
1. entity authentication method based on the H323 system comprises:
A, first entity send login request message to second entity;
B, second entity send request service ticket message to key distribution center;
C, key distribution center generate ticket message according to request service ticket message, and the ticket message that is generated are sent to second entity;
D, second entity and first entity authenticate mutually according to ticket message.
2. the entity authentication method based on the H323 system according to claim 1 is characterized in that, described first entity is a terminal, and described second entity comprises terminal and gatekeeper.
3. the entity authentication method based on the H323 system according to claim 1 is characterized in that, the described login request message in the described steps A comprises first entity identification and first random number that entity produces.
4. the entity authentication method based on the H323 system according to claim 1, it is characterized in that the described request service ticket message among the described step B comprises the random number that random number, second entity identification and second entity that first entity identification, first entity are produced are produced.
5. the entity authentication method based on the H323 system according to claim 1 is characterized in that, the described ticket message of described C step comprises to the bill of first entity and gives the bill of second entity.
6. the entity authentication method based on the H323 system according to claim 5 is characterized in that, the described bill of first entity of giving comprises:
The random number of second entity identification, first entity and the code stream of the session key of the sign of second entity, random number, second entity and first entity that first entity is produced being formed with first key carry out encrypted ciphertext.
7. the entity authentication method based on the H323 system according to claim 6 is characterized in that, the key that described first key comprises the key of first entity, derived by the key of first entity, random number that first entity is produced and second entity identification.
8. the entity authentication method based on the H323 system according to claim 5 is characterized in that, the described bill of second entity of giving comprises:
The random number of first entity identification, second entity and the code stream of the session key of the sign of first entity, random number, first entity and second entity that second entity is produced being formed with second key carry out encrypted ciphertext.
9. the entity authentication method based on the H323 system according to claim 8 is characterized in that, the key that described second key comprises the key of second entity, derived by the key of second entity, random number that second entity is produced and first entity identification.
10. the entity authentication method based on the H323 system according to claim 1 is characterized in that, described step D further comprises:
D1, second entity generate registration confirmation message and send it to first entity;
D2, first entity send acknowledge message to second entity.
11. the entity authentication method based on the H323 system according to claim 10, it is characterized in that, the described registration confirmation message among the described step D1 comprise second entity random number, give the bill of first entity and with session key to the random number of first entity, the random number of second entity and the Message Authentication Code that second entity identification is calculated.
12. the entity authentication method based on the H323 system according to claim 10, it is characterized in that, described step D1 also comprises: second entity utilizes the key of second entity that the bill of being sent by key distribution center of giving second entity is decrypted, and obtains session key.
13. the entity authentication method based on the H323 system according to claim 12 is characterized in that, described step D1 comprises also whether the random number of second entity in the second object authentication bill is consistent with the random number of the reservation of controlling oneself, if it is consistent, execution in step D2 then, otherwise, this authentication finished.
14. the entity authentication method based on the H323 system according to claim 10, it is characterized in that the described acknowledge message among the described step D2 comprises that the code stream of the sign of the random number of the random number of first entity and second entity and first entity being formed with the session password calculates Message Authentication Code.
15. the entity authentication method based on the H323 system according to claim 10, it is characterized in that, after described step D2, also comprise: after second entity is received acknowledge message, again the code stream of the sign of the random number of the random number of first entity and second entity and first entity being formed with the session password calculates Message Authentication Code, and compare with the Message Authentication Code of being received, if unanimity as a result, then second entity can be confirmed first identity of entity, otherwise, the authentication of refusal authentication first identity of entity.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200410083851A CN100596066C (en) | 2004-10-20 | 2004-10-20 | Entity identification method based on H323 system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200410083851A CN100596066C (en) | 2004-10-20 | 2004-10-20 | Entity identification method based on H323 system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1764112A true CN1764112A (en) | 2006-04-26 |
| CN100596066C CN100596066C (en) | 2010-03-24 |
Family
ID=36748080
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200410083851A Active CN100596066C (en) | 2004-10-20 | 2004-10-20 | Entity identification method based on H323 system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100596066C (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101087326B (en) * | 2006-06-08 | 2011-05-11 | 中兴通讯股份有限公司 | A communication terminal registration method and system |
| CN101296235B (en) * | 2008-06-13 | 2012-06-06 | 成都市华为赛门铁克科技有限公司 | Computer network authentication method, system and server |
| CN104537298A (en) * | 2014-12-04 | 2015-04-22 | 腾讯科技(深圳)有限公司 | Authorizing method and device based on micro-processor card |
-
2004
- 2004-10-20 CN CN200410083851A patent/CN100596066C/en active Active
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101087326B (en) * | 2006-06-08 | 2011-05-11 | 中兴通讯股份有限公司 | A communication terminal registration method and system |
| CN101296235B (en) * | 2008-06-13 | 2012-06-06 | 成都市华为赛门铁克科技有限公司 | Computer network authentication method, system and server |
| CN104537298A (en) * | 2014-12-04 | 2015-04-22 | 腾讯科技(深圳)有限公司 | Authorizing method and device based on micro-processor card |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100596066C (en) | 2010-03-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111371730B (en) | Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scene | |
| CN107257334B (en) | Identity authentication method for Hadoop cluster | |
| KR100811419B1 (en) | Countermeasure Against Denial-of-Service Attack in Authentication Protocols Using Public-Key Encryption | |
| EP2984782B1 (en) | Method and system for accessing device by a user | |
| US7644275B2 (en) | Pass-thru for client authentication | |
| CN1805341A (en) | Network authentication and key allocation method across secure domains | |
| CN1234662A (en) | Enciphered ignition treatment method and apparatus thereof | |
| CN101094394A (en) | Method for guaranteeing safe transmission of video data, and video monitoring system | |
| CN1905436A (en) | Method for ensuring data exchange safety | |
| CN101090316A (en) | Identify authorization method between storage card and terminal equipment at off-line state | |
| CN101064610A (en) | Identity authentication process | |
| CN113612797A (en) | Kerberos identity authentication protocol improvement method based on state cryptographic algorithm | |
| CN101282216B (en) | Method for switching three-partner key with privacy protection based on password authentication | |
| GB2543072A (en) | Public key infrastructure & method of distribution | |
| CN1627682A (en) | Method for creating dynamic cipher at time of building connection in network transmission | |
| CN109067774B (en) | Security access system based on trust token and security access method thereof | |
| CN1571407A (en) | A safety authentication method based on media gateway control protocol | |
| CN107979466B (en) | iSCSI protocol security enhancement method based on Diffie-Hellman protocol | |
| CN116599659B (en) | Certificate-free identity authentication and key negotiation method and system | |
| CN111224968B (en) | Secure communication method for randomly selecting transfer server | |
| CN110784305B (en) | Single sign-on authentication method based on careless pseudorandom function and signcryption | |
| CN111711607A (en) | Block chain-based flow type micro-service trusted loading and verifying method | |
| KR20080005344A (en) | System for authenticating user's terminal based on authentication server | |
| CN114389808B (en) | OpenID protocol design method based on SM9 blind signature | |
| Zhao et al. | Design of single sign-on |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20211222 Address after: 450046 Floor 9, building 1, Zhengshang Boya Plaza, Longzihu wisdom Island, Zhengdong New Area, Zhengzhou City, Henan Province Patentee after: Super fusion Digital Technology Co.,Ltd. Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd. |