CN106534117B - Authentication method and device - Google Patents
Authentication method and deviceDownload PDFInfo
- Publication number
- CN106534117B CN106534117BCN201610991314.1ACN201610991314ACN106534117BCN 106534117 BCN106534117 BCN 106534117BCN 201610991314 ACN201610991314 ACN 201610991314ACN 106534117 BCN106534117 BCN 106534117B
- Authority
- CN
- China
- Prior art keywords
- authentication
- network access
- mac address
- message
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034methodMethods0.000titleclaimsabstractdescription35
- 238000012545processingMethods0.000claimsdescription5
- 230000008569processEffects0.000abstractdescription8
- 238000010586diagramMethods0.000description4
- 230000006855networkingEffects0.000description4
- 238000011144upstream manufacturingMethods0.000description3
- 238000000926separation methodMethods0.000description2
- 238000012546transferMethods0.000description2
- 238000004891communicationMethods0.000description1
- 238000012790confirmationMethods0.000description1
- 238000005516engineering processMethods0.000description1
- 238000012986modificationMethods0.000description1
- 230000004048modificationEffects0.000description1
- 230000004044responseEffects0.000description1
Images
Classifications
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Small-Scale Networks (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Technical Field
The present application relates to network communication technologies, and in particular, to an authentication method and apparatus.
Background
In order to improve network security and reliability, it is necessary to authenticate a network access device for providing a network access function for a terminal device, in addition to authenticating the terminal device such as a PC. As shown in fig. 1, in the networking, the terminal device and the network access device need to access the network after being authenticated respectively.
The existing method is to indirectly authenticate the terminal device and the network access device through authentication point separation. Authentication point separation means: the authentication point of the terminal device is a network access device, the authentication point of the network access device is a network transit device (also called an uplink device of the network access device, which is described below by taking the uplink device as an example) between the network access device and an authentication server (such as an AAA server), the terminal device is authenticated by the network access device, and the network access device is authenticated by the uplink device. It should be noted that although the terminal device is authenticated by the network access device and the network access device is authenticated by the uplink device, the network access device is not in an open local authentication mode when authenticating the terminal device or when authenticating the network access device by the uplink device, and needs to interact with an authentication server (such as an AAA server) to complete final authentication during authentication.
However, when the uplink device authenticates the network access device by adopting the 802.1X authentication method based on the MAC address, even if the MAC address of the network access device passes the authentication, the terminal device that the network access device has downlink access cannot pass the authentication, because: in the terminal device authentication process, a Radius message sent by a network access device to an authentication server (e.g., AAA server) for authenticating the terminal device is intercepted by an uplink device, so that the Radius message cannot be sent to the authentication server (e.g., AAA server), and further authentication of the terminal device cannot pass, but the Radius message sent by the network access device is intercepted by the uplink device because a source MAC address of the Radius message sent by the network access device is an MAC address of a three-layer port connected to the authentication server (e.g., AAA server) on the network access device, instead of the MAC address passing authentication.
Disclosure of Invention
The application provides an authentication method and an authentication device, which are used for preventing uplink equipment from intercepting a Radius message which is sent by network access equipment to an authentication server (such as an AAA server) and is used for authenticating the terminal equipment in the authentication process of the terminal equipment on the premise that the uplink equipment authenticates the network access equipment by adopting an 802.1X authentication mode based on an MAC address, so that the authentication of the terminal equipment is realized.
The technical scheme provided by the application comprises the following steps:
an authentication method, applied to a network transit device between a network access device and an authentication server, includes:
receiving an authentication message sent to an authentication server by network access equipment, wherein the authentication message is used for authenticating terminal equipment accessed by the network access equipment;
and judging whether a release strategy matched with the authentication message is started locally, if so, continuing to send the authentication message to an authentication server so that the network access equipment and the authentication server interact to finish the authentication of the terminal equipment.
An authentication device applied to a network transit device between a network access device and an authentication server, comprising:
a receiving unit, configured to receive an authentication packet sent by a network access device to an authentication server, where the authentication packet is used to authenticate a terminal device accessed by the network access device;
a judging unit, for judging whether the release strategy matched with the authentication message is enabled locally,
a processing unit for continuing to send the authentication when the judgment result of the judging unit is yes
And the message is sent to an authentication server so that the network access equipment and the authentication server interact to finish the authentication of the terminal equipment.
According to the technical scheme, on the premise that the uplink equipment authenticates the network access equipment by adopting an 802.1X authentication mode based on the MAC address, the invention can prevent the network transfer equipment (namely the uplink equipment) between the network access equipment and the authentication server from intercepting the Radius message which is sent by the network access equipment to the authentication server (such as an AAA server) and is used for authenticating the terminal equipment in the authentication process of the terminal equipment, and finish the authentication of the terminal equipment.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
Fig. 1 is a schematic diagram illustrating respective authentication and networking of a terminal device and a network access device;
FIG. 2 is a flow chart of a method provided by the present invention;
FIG. 3 is a schematic diagram of application networking according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of the device provided by the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in detail with reference to the accompanying drawings and specific embodiments.
The invention can prevent the uplink device from intercepting the Radius message which is sent by the network access device to an authentication server (such as an AAA server) and is used for authenticating the terminal device in the authentication process of the terminal device under the premise that the uplink device authenticates the network access device by adopting an 802.1X authentication mode based on the MAC address, thereby finishing the authentication of the terminal device.
The method provided by the invention is described as follows:
referring to fig. 2, fig. 2 is a flow chart of the method provided by the present invention. The procedure is applied to a network transit device (referred to as an uplink device for uplink access of the network access device in this application) between the network access device and the authentication server. As shown in fig. 2, the process may include the following steps:
Here, the authentication message is used to authenticate the terminal device that is downlink accessed by the network access device.
In the invention, the network access equipment starts a non-local 802.1X authentication mode, and the network access equipment also needs to interact with an authentication server in the authentication process of the terminal equipment so as to finally finish the authentication of the terminal equipment. When the network access equipment sends an authentication message to the authentication server, the source MAC address of the authentication message is the MAC address of a port which can be reached by the network access equipment to the authentication server.
As an embodiment of the present invention, when the upstream device determines that the release policy matched with the authentication packet is not enabled locally, the upstream device intercepts the authentication packet and terminates the forwarding of the authentication packet.
As an embodiment of the present invention, the present invention further comprises: the uplink equipment authenticates the network access equipment through an authentication mode which is started on the equipment and based on the MAC address, when the MAC address of the network access equipment passes the authentication, a locally configured release strategy is started, the release strategy corresponds to the port MAC address and is used for releasing the authentication message of which the source MAC address is the port MAC address, and the port MAC address is the MAC address of a port which can be reached from the network access equipment to the authentication server.
Based on this, instep 202, determining whether the release policy matched with the authentication packet is enabled locally includes:
searching for the enabled release strategy corresponding to the source MAC address of the authentication message, determining that the release strategy matched with the authentication message is locally enabled when the corresponding release strategy is found, and otherwise, determining that the release strategy matched with the authentication message is not locally enabled.
Thus, the flow shown in fig. 2 is completed.
Compared with the reason that the uplink equipment intercepts the authentication message described in the background art, it can be seen that, in the present invention, although the source MAC address of the authentication message (used for authenticating the terminal device) sent by the network access equipment to the authentication server is the MAC address of the port on the network access equipment, which is reachable by three layers of the authentication server, the uplink equipment continues to send the authentication message to the authentication server as long as the uplink equipment determines that the release policy matched with the authentication message is locally enabled after receiving the authentication message, so that the network access equipment and the authentication server interactively complete the authentication of the terminal device, which realizes that even on the premise that the uplink equipment authenticates the network access equipment by adopting the 802.1X authentication mode based on the MAC address, the uplink equipment can be prevented from intercepting the Radius message for authenticating the terminal device sent by the network access equipment to the AAA server in the authentication process of the terminal device, and finishing the authentication of the terminal equipment.
Fig. 2 is illustrated below by way of a specific embodiment:
referring to fig. 3, fig. 3 is a schematic diagram of networking according to an embodiment of the present invention. In fig. 3, the network access device takes an access Switch (Switch) as an example, the uplink device of the network access device takes the uplink Switch as an example, and the authentication server is an AAA server as an example.
In fig. 3, an uplink Switch starts an 802.1X authentication method based on a MAC address. The access Switch starts an 802.1X authentication method (specifically, the 802.1X authentication method based on the MAC address may be used, and the 802.1X authentication method based on the port may also be used, which is determined as required, and this embodiment is not particularly limited). The 802.1X authentication mode opened on the access Switch is a non-local authentication mode, and when the access Switch authenticates the terminal device, the access Switch needs to interact with an AAA server.
In fig. 3, the uplink Switch authenticates the access Switch through an 802.1X authentication method based on the MAC address opened on the device, and when the MAC address of the access Switch passes the authentication, the uplink Switch enables a locally configured release policy, which corresponds to the port MAC address and is used to release the authentication packet whose source MAC address is the port MAC address, where the port MAC address is the MAC address of a port that can be reached by the three layers of the AAA server on the access Switch, and the port may be a virtual port or a physical port.
The uplink Switch authenticates the access Switch through an 802.1X authentication method based on the MAC address opened on the device, which may specifically refer to 802.1X authentication, and is not described herein again.
The authentication of the terminal device is described below by taking an Extensible Authentication Protocol (EAP) MD5 as an example among 802.1X protocols:
the terminal equipment starts an 802.1X Client (Client) function, sends an authentication Start (EAPoL-Start) message to the access Switch and starts 802.1X authentication;
the access Switch receives the EAPoL-Start message, sends an EAP Request/confirmation (EAP-Request/Identity) message to the terminal equipment, and requires the terminal equipment to report the user name. And the destination MAC address of the EAP-Request/Identity message is the MAC address of the terminal equipment.
The terminal equipment receives the EAP-Request/Identity message and responds to an EAP Response/Identity message, wherein the EAP-Response/Identity message carries the user name.
The Access Switch receives the EAP-Response/Identity message, encapsulates the EAP-Response/Identity message into a Remote User Authentication Dial In User Service (RADIUS) Access Request message and sends the Access-Request message to the RADIUS server. The RADIUS Access-Request message is the authentication message, and the source MAC address is the port MAC address of the port that can reach from the Access Switch to the AAA server three-layer.
And the uplink Switch receives the RADIUS Access-Request message, and searches the enabled release strategy corresponding to the key word by taking the source MAC address of the RADIUS Access-Request message as the key word.
And if the uplink Switch finds the corresponding release strategy, the uplink Switch continues to forward the RADIUS Access-Request message to the AAA server.
The AAA server receives the RADIUS Access-Request message, randomly generates a Challenge (Challenge) word, and sends the RADIUS Access-Challenge message to the Access Switch through the uplink Switch. The RADIUS Access-Change message carries an EAP-Request/MD 5-Change message.
The access Switch sends an EAP-Request/MD5-Challenge message to the terminal equipment, and the terminal equipment is required to be authenticated. And the destination MAC address of the EAP-Request/MD5-Challenge is the MAC address of the terminal equipment.
After receiving the EAP-Request/MD5-Challenge message, the terminal equipment encrypts the password and a Challenge word carried by the EAP-Request/MD5-Challenge message by MD5 to obtain a Challenge-Pass-word, and sends the Challenge-Pass-word carried by the EAP-Response/MD5-Challenge message to the access Switch;
the Access Switch receives an EAP-Response/MD5-Challenge message, encapsulates the EAP-Response/MD5-Challenge message into a RADIUS-Access-Request message and sends the RADIUS-Access-Request message to the AAA server. The source MAC address of the RADIUS-Access-Request message is the port MAC address of a port which is accessed from the Switch to the three layers of the AAA server and can reach.
And the uplink Switch receives the RADIUS Access-Request message, and searches the enabled release strategy corresponding to the key word by taking the source MAC address of the RADIUS Access-Request message as the key word.
And if the uplink Switch finds the corresponding release strategy, the uplink Switch continues to forward the RADIUS Access-Request message to the AAA server.
The AAA server receives the RADIUS-Access-Request message, judges whether the terminal equipment is legal according to the challenge-Pass-word carried by the RADIUS-Access-Request message, and returns a RADIUS-Access authentication message to the Access Switch through the uplink Switch if the terminal equipment is legal;
and the Access Switch receives the Radius Access-Access authentication message, sends an EAP-Access message to the terminal equipment, and successfully accesses the terminal equipment.
Thus, the authentication of the access Switch to the terminal device is completed.
It should be noted that, in the above description, when the upstream Switch does not find the corresponding release policy, the forwarding of the received RADIUS Access-Request message is terminated.
This completes the description of the embodiment shown in fig. 3.
The method provided by the invention is described above, and the device provided by the invention is described below:
referring to fig. 4, fig. 4 is a structural view of the apparatus provided by the present invention. The device is applied to the network transfer equipment between the network access equipment and the authentication server, and comprises the following steps:
a receiving unit, configured to receive an authentication packet sent by a network access device to an authentication server, where the authentication packet is used to authenticate a terminal device accessed by the network access device;
a judging unit, for judging whether the release strategy matched with the authentication message is enabled locally,
and the processing unit is used for continuously sending the authentication message to the authentication server when the judgment result of the judgment unit is yes, so that the network access equipment and the authentication server interactively complete the authentication of the terminal equipment.
Preferably, the apparatus further comprises:
the authentication unit is used for authenticating the network access equipment through an authentication mode which is started on the equipment and is based on the MAC address, when the MAC address of the network access equipment passes the authentication, a release strategy which is configured locally is started, the release strategy corresponds to the port MAC address and is used for releasing the authentication message of which the source MAC address is the port MAC address, and the port MAC address is the MAC address of a port which can be reached by the three layers of the authentication server on the network access equipment;
the judging unit judges whether the release strategy matched with the authentication message is started locally or not, and comprises the following steps:
searching for the enabled release strategy corresponding to the source MAC address of the authentication message, determining that the release strategy matched with the authentication message is locally enabled when the corresponding release strategy is found, and otherwise, determining that the release strategy matched with the authentication message is not locally enabled.
Preferably, the processing unit further terminates the authentication packet forwarding when the determination result of the determining unit is negative.
Preferably, the authentication message is a remote user dial-up authentication service RADIUS message.
Preferably, the authentication mode is an 802.1X authentication mode.
Thus, the description of the device structure shown in fig. 4 is completed.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (8)
1. An authentication method, applied to a network transit device between a network access device and an authentication server, includes:
authenticating the network access equipment by an authentication mode based on an MAC address opened on the equipment, and starting a locally configured release strategy when the MAC address of the network access equipment passes the authentication; the releasing strategy corresponds to a port MAC address and is used for releasing an authentication message with a source MAC address being the port MAC address, and the port MAC address is an MAC address of a port which can be reached from a network access device to an authentication server layer;
receiving an authentication message sent to an authentication server by network access equipment, wherein the authentication message is used for authenticating terminal equipment accessed by the network access equipment;
and based on the local enabled release strategy matched with the authentication message, continuously sending the authentication message to an authentication server so that the network access equipment and the authentication server interact to finish the authentication of the terminal equipment.
2. The method of claim 1, wherein when it is determined that the release policy matching the authentication packet is not locally enabled, the method further comprises:
and terminating the authentication message forwarding.
3. The method of claim 1, wherein the authentication message is a Remote Authentication Dial In User Service (RADIUS) message.
4. The method of claim 1, wherein the authentication mode is an 802.1X authentication mode.
5. An authentication apparatus, applied to a network transit device between a network access device and an authentication server, includes:
the authentication unit is used for authenticating the network access equipment through an authentication mode which is started on the equipment and is based on the MAC address, when the MAC address of the network access equipment passes the authentication, a release strategy which is configured locally is started, the release strategy corresponds to the port MAC address and is used for releasing the authentication message of which the source MAC address is the port MAC address, and the port MAC address is the MAC address of a port which can be reached by the three layers of the authentication server on the network access equipment;
a receiving unit, configured to receive an authentication packet sent by a network access device to an authentication server, where the authentication packet is used to authenticate a terminal device accessed by the network access device;
the judging unit is used for judging that the release strategy matched with the authentication message is started locally;
and the processing unit is used for continuously sending the authentication message to the authentication server when the judging unit judges that the release strategy matched with the authentication message is started locally, so that the network access equipment and the authentication server interactively complete the authentication of the terminal equipment.
6. The apparatus according to claim 5, wherein the processing unit further terminates the authentication packet forwarding when the determination result of the determining unit is negative.
7. The apparatus of claim 5, wherein the authentication message is a Remote Authentication Dial In User Service (RADIUS) message.
8. The apparatus of claim 5, wherein the authentication method is an 802.1X authentication method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610991314.1ACN106534117B (en) | 2016-11-10 | 2016-11-10 | Authentication method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610991314.1ACN106534117B (en) | 2016-11-10 | 2016-11-10 | Authentication method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106534117A CN106534117A (en) | 2017-03-22 |
| CN106534117Btrue CN106534117B (en) | 2020-03-06 |
Family
ID=58350606
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610991314.1AActiveCN106534117B (en) | 2016-11-10 | 2016-11-10 | Authentication method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106534117B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1330073A1 (en)* | 2002-01-18 | 2003-07-23 | Nokia Corporation | Method and apparatus for access control of a wireless terminal device in a communications network |
| CN1842000A (en)* | 2005-03-29 | 2006-10-04 | 华为技术有限公司 | Method for Realizing WLAN Access Authentication |
| CN101127598A (en)* | 2006-08-18 | 2008-02-20 | 华为技术有限公司 | A method and system for realizing 802.1x authentication in passive optical network |
| CN101656760A (en)* | 2009-09-17 | 2010-02-24 | 杭州华三通信技术有限公司 | Address assignment method and access control facility |
| CN102761940A (en)* | 2012-06-26 | 2012-10-31 | 杭州华三通信技术有限公司 | 802.1X authentication method and equipment |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1319337C (en)* | 2003-07-02 | 2007-05-30 | 华为技术有限公司 | Authentication method based on Ethernet authentication system |
| KR100533003B1 (en)* | 2004-03-02 | 2005-12-02 | 엘지전자 주식회사 | Protocol improvement method for user authentication |
| CN100591011C (en)* | 2006-08-31 | 2010-02-17 | 华为技术有限公司 | An authentication method and system |
- 2016
- 2016-11-10CNCN201610991314.1Apatent/CN106534117B/enactiveActive
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1330073A1 (en)* | 2002-01-18 | 2003-07-23 | Nokia Corporation | Method and apparatus for access control of a wireless terminal device in a communications network |
| CN1842000A (en)* | 2005-03-29 | 2006-10-04 | 华为技术有限公司 | Method for Realizing WLAN Access Authentication |
| CN101127598A (en)* | 2006-08-18 | 2008-02-20 | 华为技术有限公司 | A method and system for realizing 802.1x authentication in passive optical network |
| CN101656760A (en)* | 2009-09-17 | 2010-02-24 | 杭州华三通信技术有限公司 | Address assignment method and access control facility |
| CN102761940A (en)* | 2012-06-26 | 2012-10-31 | 杭州华三通信技术有限公司 | 802.1X authentication method and equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106534117A (en) | 2017-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10708780B2 (en) | Registration of an internet of things (IoT) device using a physically uncloneable function | |
| US7325246B1 (en) | Enhanced trust relationship in an IEEE 802.1x network | |
| EP1764975B1 (en) | Distributed authentication functionality | |
| US7831996B2 (en) | Authentication techniques | |
| US7434044B2 (en) | Fast re-authentication with dynamic credentials | |
| US7480933B2 (en) | Method and apparatus for ensuring address information of a wireless terminal device in communications network | |
| DK2924944T3 (en) | Presence authentication | |
| WO2014117525A1 (en) | Method and device for handling authentication of static user terminal | |
| WO2011017924A1 (en) | Method, system, server, and terminal for authentication in wireless local area network | |
| CN101232372A (en) | Authentication method, authentication system and authentication device | |
| WO2008034319A1 (en) | Authentication method, system and device for network device | |
| EP4057658A1 (en) | Machine-card verification method applied to minimalist network, and related device | |
| CN102185868B (en) | Authentication method, system and equipment based on extensible authentication protocol (EAP) | |
| KR20100101887A (en) | Method and system for authenticating in communication system | |
| CN1595894A (en) | A method for implementing access authentication of wireless local area network | |
| US20060161770A1 (en) | Network apparatus and program | |
| JP3792648B2 (en) | Wireless LAN high-speed authentication method and high-speed authentication method | |
| CN107995216B (en) | Security authentication method, device, authentication server and storage medium | |
| KR20030053280A (en) | Access and Registration Method for Public Wireless LAN Service | |
| CN112423299A (en) | Method and system for wireless access based on identity authentication | |
| US8069473B2 (en) | Method to grant access to a data communication network and related devices | |
| US8286224B2 (en) | Authentication device and network authentication system, method for authenticating terminal device and program storage medium | |
| CN107528857A (en) | A kind of authentication method based on port, interchanger and storage medium | |
| CN106534117B (en) | Authentication method and device | |
| CN113472714A (en) | Method and device for authenticating terminal equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| CB02 | Change of applicant information | Address after:310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after:Xinhua three Technology Co., Ltd. Address before:310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant before:Huasan Communication Technology Co., Ltd. | |
| CB02 | Change of applicant information | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |