技术领域technical field
本发明涉及信息安全技术领域,特别是一种远程系统安全规则自动化验证方法与系统。The invention relates to the technical field of information security, in particular to a remote system security rule automatic verification method and system.
背景技术Background technique
随着信息技术的发展,Web服务称为互联网产业的重要载体,当前暴露的Web安全隐患也层出不穷,如何保护Web服务不受攻击成为安全领域研究的热点。传统的网络安全设备如防火墙(Firewall)、入侵检测系统(Intrusion Detection System,IDS)、入侵防御系统(Intrusion Prevention System,IPS)等,但都是基于包过滤的方法,其防御的侧重点和深度各不相同,很难对基于应用层面的web服务进行有效防护。With the development of information technology, Web services have become an important carrier of the Internet industry, and the current hidden dangers of Web security are also emerging one after another. How to protect Web services from attacks has become a hot research topic in the security field. Traditional network security equipment such as firewall (Firewall), intrusion detection system (Intrusion Detection System, IDS), intrusion prevention system (Intrusion Prevention System, IPS), etc., are all based on packet filtering methods, the focus and depth of defense Each is different, and it is difficult to effectively protect web services based on the application level.
基于对信息安全的考虑,我们会在操作系统安装相应的防护软件。目前市面上已有360安全卫士,瑞星杀毒,赛门铁克等防护软件。防护软件的安全规则是否能够有效的下发并生效,现有技术中并没有自动化验证方式,因此,急需一种远程系统安全规则的自动化验证方法,以保证信息安全。Based on the consideration of information security, we will install corresponding protection software in the operating system. At present, there are 360 security guards, Rising antivirus, Symantec and other protection software on the market. Whether the security rules of the protection software can be effectively delivered and take effect, there is no automatic verification method in the prior art. Therefore, an automatic verification method of remote system security rules is urgently needed to ensure information security.
发明内容Contents of the invention
本发明的目的是提供一种远程系统安全规则自动化验证方法与系统,旨在解决现有技术中缺乏对安全规则是否有效下发并生效进行验证的方法,实现根据操作系统以及防御级别自动获取防御规则,并针对防御规则进行测试,从而实现对安全规则自动化验证。The purpose of the present invention is to provide a method and system for automatic verification of remote system security rules, aiming to solve the lack of a method for verifying whether the security rules are effectively issued and effective in the prior art, and realize automatic acquisition of defense according to the operating system and defense level. Rules, and test against defense rules, so as to realize automatic verification of security rules.
为达到上述技术目的,本发明提供了一种远程系统安全规则自动化验证方法,包括以下步骤:In order to achieve the above technical purpose, the present invention provides a method for automatic verification of remote system security rules, comprising the following steps:
S1、远程登录操作系统,获取操作系统类型;S1. Log in to the operating system remotely to obtain the operating system type;
S2、根据操作系统类型,以及当前操作系统的防御级别,过滤安全规则库中的规则;S2. Filter the rules in the security rule base according to the operating system type and the defense level of the current operating system;
S3、远程连接操作系统,获取防护路径的类型;S3. Remotely connect to the operating system to obtain the type of protection path;
S4、针对不同的防护路径类型,设置相应的权限校验方法;S4. For different protection path types, set corresponding authority verification methods;
S5、读取防护规则路径对应的权限值,与规则路径实际的防护结果做对比,如果防护错误,错误值加1;S5. Read the authority value corresponding to the protection rule path, and compare it with the actual protection result of the rule path. If the protection is wrong, add 1 to the error value;
S6、持续验证直到所有规则验证完毕,如果错误值为0,则所有防护规则都验证通过,否则返回防护失效的安全规则数量以及具体的规则信息。S6. Continue to verify until all the rules are verified. If the error value is 0, all the protection rules have passed the verification. Otherwise, the number of safety rules with protection failure and specific rule information are returned.
优选地,所述操作系统类型通过操作系统的/etc/system-release文件获取。Preferably, the operating system type is obtained through the /etc/system-release file of the operating system.
优选地,过滤后的规则以字典类型的数据进行存储。Preferably, the filtered rules are stored as dictionary-type data.
优选地,所述防护路径的类型包括目录、二进制文件、普通文件以及数据文件。Preferably, the types of the protection path include directories, binary files, ordinary files and data files.
本发明还提供了一种远程系统安全规则自动化验证系统,所述系统包括:The present invention also provides an automatic verification system for remote system security rules, the system comprising:
系统类型获取模块,用于远程登录操作系统,获取操作系统类型;The system type obtaining module is used for remotely logging into the operating system to obtain the operating system type;
规则过滤模块,用于根据操作系统类型,以及当前操作系统的防御级别,过滤安全规则库中的规则;The rule filtering module is used to filter the rules in the security rule base according to the operating system type and the defense level of the current operating system;
路径类型获取模块,用于远程连接操作系统,获取防护路径的类型;The path type acquisition module is used to remotely connect to the operating system to obtain the type of protection path;
权限校验设置模块,用于针对不同的防护路径类型,设置相应的权限校验方法;The authority verification setting module is used to set the corresponding authority verification method for different protection path types;
防护对比模块,用于读取防护规则路径对应的权限值,与规则路径实际的防护结果做对比;The protection comparison module is used to read the authority value corresponding to the protection rule path, and compare it with the actual protection result of the rule path;
循环验证模块,用于持续验证直到所有规则验证完毕,如果错误值为0,则所有防护规则都验证通过,否则返回防护失效的安全规则数量以及具体的规则信息。The cycle verification module is used for continuous verification until all rules are verified. If the error value is 0, all protection rules have passed the verification. Otherwise, the number of safety rules with protection failure and specific rule information are returned.
优选地,所述操作系统类型通过操作系统的/etc/system-release文件获取。Preferably, the operating system type is obtained through the /etc/system-release file of the operating system.
优选地,过滤后的规则以字典类型的数据进行存储。Preferably, the filtered rules are stored as dictionary-type data.
优选地,所述防护路径的类型包括目录、二进制文件、普通文件以及数据文件。Preferably, the types of the protection path include directories, binary files, ordinary files and data files.
发明内容中提供的效果仅仅是实施例的效果,而不是发明所有的全部效果,上述技术方案中的一个技术方案具有如下优点或有益效果:The effects provided in the summary of the invention are only the effects of the embodiments, rather than all the effects of the invention. One of the above technical solutions has the following advantages or beneficial effects:
与现有技术相比,本发明通过解析安全规则文件,获取规则路径和规则权限,远程登录客户端机器,获取客户端机器操作系统,对规则路径和权限进行相应验证。支持获取客户端机器的操作系统及当前防御级别,并按照操作系统以及防御级别自动获取防御规则,针对防御规则进行测试,防御规则路径可以是针对目录、二进制文件、普通文件、数据文件等,根据安全规则路径判断路径类型,针对不同路径类型制定相应的测试方法。读取防护规则路径对应的权限值,与规则路径实际的防护结果做对比。若对比不一致,则认为防护规则未合理生效,实现对安全规则的自动化验证。Compared with the prior art, the present invention acquires the rule path and authority by parsing the security rule file, logs in the client machine remotely, obtains the operating system of the client machine, and verifies the rule path and authority accordingly. It supports obtaining the operating system and current defense level of the client machine, and automatically obtains defense rules according to the operating system and defense level, and tests the defense rules. The defense rule path can be for directories, binary files, ordinary files, data files, etc., according to The security rule path judges the path type, and formulates corresponding test methods for different path types. Read the permission value corresponding to the protection rule path, and compare it with the actual protection result of the rule path. If the comparison is inconsistent, it is considered that the protection rules have not taken effect reasonably, and the automatic verification of the security rules is realized.
附图说明Description of drawings
图1为本发明实施例中所提供的一种远程系统安全规则自动化验证方法流程图;Fig. 1 is a flow chart of a remote system security rule automatic verification method provided in an embodiment of the present invention;
图2为本发明实施例中所提供的一种远程系统安全规则自动化验证系统结构框图。FIG. 2 is a structural block diagram of an automatic verification system for remote system security rules provided in an embodiment of the present invention.
具体实施方式Detailed ways
为了能清楚说明本方案的技术特点,下面通过具体实施方式,并结合其附图,对本发明进行详细阐述。下文的公开提供了许多不同的实施例或例子用来实现本发明的不同结构。为了简化本发明的公开,下文中对特定例子的部件和设置进行描述。此外,本发明可以在不同例子中重复参考数字和/或字母。这种重复是为了简化和清楚的目的,其本身不指示所讨论各种实施例和/或设置之间的关系。应当注意,在附图中所图示的部件不一定按比例绘制。本发明省略了对公知组件和处理技术及工艺的描述以避免不必要地限制本发明。In order to clearly illustrate the technical features of the present solution, the present invention will be described in detail below through specific implementation methods and in conjunction with the accompanying drawings. The following disclosure provides many different embodiments or examples for implementing different structures of the present invention. To simplify the disclosure of the present invention, components and arrangements of specific examples are described below. Furthermore, the present invention may repeat reference numerals and/or letters in different instances. This repetition is for the purpose of simplicity and clarity and does not in itself indicate a relationship between the various embodiments and/or arrangements discussed. It should be noted that components illustrated in the figures are not necessarily drawn to scale. Descriptions of well-known components and processing techniques and processes are omitted herein to avoid unnecessarily limiting the present invention.
下面结合附图对本发明实施例所提供的一种远程系统安全规则自动化验证方法与系统进行详细说明。A method and system for automatic verification of remote system security rules provided by embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
如图1所示,本发明实施例公开了一种远程系统安全规则自动化验证方法,包括以下步骤:As shown in Figure 1, the embodiment of the present invention discloses a remote system security rule automatic verification method, including the following steps:
S1、远程登录操作系统,获取操作系统类型;S1. Log in to the operating system remotely to obtain the operating system type;
S2、根据操作系统类型,以及当前操作系统的防御级别,过滤安全规则库中的规则;S2. Filter the rules in the security rule base according to the operating system type and the defense level of the current operating system;
S3、远程连接操作系统,获取防护路径的类型;S3. Remotely connect to the operating system to obtain the type of protection path;
S4、针对不同的防护路径类型,设置相应的权限校验方法;S4. For different protection path types, set corresponding authority verification methods;
S5、读取防护规则路径对应的权限值,与规则路径实际的防护结果做对比;S5. Read the authority value corresponding to the protection rule path, and compare it with the actual protection result of the rule path;
S6、持续验证直到所有规则验证完毕。S6. Continue to verify until all rules are verified.
通过SSH登录操作系统,获取操作系统类型,例如通过查看操作系统的/etc/system-release文件等方式获取操作系统类型,操作系统类型的返回值进行规范化处理,例如操作系统返回值为Redhat6。本申请支持多个IP,并依次验证多个客户端系统的安全规则。Log in to the operating system through SSH to obtain the operating system type. For example, obtain the operating system type by viewing the /etc/system-release file of the operating system. The return value of the operating system type is standardized. For example, the return value of the operating system is Redhat6. This application supports multiple IPs, and sequentially verifies the security rules of multiple client systems.
根据获取的操作系统的类型以及当前操作系统的防御级别,过滤安全规则库中的规则,并将过滤后的规则返回,将其存储为合适的数据类型,例如数据类型为字典类型。该方法根据操作系统的安全防护级别进行验证,且根据操作系统和安全规则级别进行过滤,实现根据操作系统以及防御级别进行自动获取防御规则。According to the type of the obtained operating system and the defense level of the current operating system, the rules in the security rule base are filtered, and the filtered rules are returned and stored as a suitable data type, for example, the data type is a dictionary type. The method performs verification according to the security protection level of the operating system, and performs filtering according to the operating system and the security rule level, so as to realize automatic acquisition of defense rules according to the operating system and the defense level.
通过远程连接操作系统,获取防护路径的类型,所述防护路径的类型包括目录、二进制文件、普通文件以及数据文件等。By remotely connecting to the operating system, the type of the protection path is obtained, and the type of the protection path includes a directory, a binary file, an ordinary file, and a data file.
在获取防护路径的类型后,根据不同的防护路径类型设置相应的权限校验方法,如目录写权限、文件的写权限等,实现对安全规则路径类型的区分,并根据不同的路径类型制定相应的测试方法。After obtaining the type of protection path, set the corresponding permission verification method according to different protection path types, such as directory write permission, file write permission, etc., to realize the distinction of security rule path types, and formulate corresponding test method.
读取防护规则路径对应的权限值,与规则路径实际的防护结果做对比,例如权限值为5,则规则路径允许读和执行,而不允许写,如果防护结果错误,则记录到日志文件,并将错误值加1。Read the permission value corresponding to the protection rule path, and compare it with the actual protection result of the rule path. For example, if the permission value is 5, the rule path allows reading and execution, but not writing. If the protection result is wrong, it will be recorded in the log file. and increment the error value by 1.
循环验证直到所有规则验证完毕,如果错误值为0,则所有防护规则都验证通过,安全规则验证断言成功;否则,返回防护失效的安全规则数量以及具体的规则信息,安全规则验证断言失败。The verification is repeated until all the rules are verified. If the error value is 0, all protection rules have passed the verification, and the safety rule verification assertion is successful; otherwise, the number of safety rules with protection failure and specific rule information are returned, and the safety rule verification assertion fails.
本发明实施例通过解析安全规则文件,获取规则路径和规则权限,远程登录客户端机器,获取客户端机器操作系统,对规则路径和权限进行相应验证。支持获取客户端机器的操作系统及当前防御级别,并按照操作系统以及防御级别自动获取防御规则,针对防御规则进行测试,防御规则路径可以是针对目录、二进制文件、普通文件、数据文件等,根据安全规则路径判断路径类型,针对不同路径类型制定相应的测试方法。读取防护规则路径对应的权限值,与规则路径实际的防护结果做对比。若对比不一致,则认为防护规则未合理生效,实现对安全规则的自动化验证。The embodiment of the present invention obtains the rule path and authority by analyzing the security rule file, remotely logs in the client machine, obtains the operating system of the client machine, and performs corresponding verification on the rule path and authority. It supports obtaining the operating system and current defense level of the client machine, and automatically obtains defense rules according to the operating system and defense level, and tests the defense rules. The defense rule path can be for directories, binary files, ordinary files, data files, etc., according to The security rule path judges the path type, and formulates corresponding test methods for different path types. Read the permission value corresponding to the protection rule path, and compare it with the actual protection result of the rule path. If the comparison is inconsistent, it is considered that the protection rules have not taken effect reasonably, and the automatic verification of the security rules is realized.
如图2所示,本发明实施例还公开了一种远程系统安全规则自动化验证系统,所述系统包括:As shown in Figure 2, the embodiment of the present invention also discloses a remote system security rule automatic verification system, the system includes:
系统类型获取模块,用于远程登录操作系统,获取操作系统类型;所述操作系统类型通过操作系统的/etc/system-release文件获取;The system type obtaining module is used for remotely logging into the operating system to obtain the operating system type; the operating system type is obtained through the /etc/system-release file of the operating system;
规则过滤模块,用于根据操作系统类型,以及当前操作系统的防御级别,过滤安全规则库中的规则;过滤后的规则以字典类型的数据进行存储;The rule filtering module is used to filter the rules in the security rule base according to the operating system type and the defense level of the current operating system; the filtered rules are stored in dictionary type data;
路径类型获取模块,用于远程连接操作系统,获取防护路径的类型;所述防护路径的类型包括目录、二进制文件、普通文件以及数据文件;The path type acquisition module is used to remotely connect to the operating system to obtain the type of the protection path; the type of the protection path includes directories, binary files, ordinary files and data files;
权限校验设置模块,用于针对不同的防护路径类型,设置相应的权限校验方法;如目录写权限、文件的写权限等,实现对安全规则路径类型的区分,并根据不同的路径类型制定相应的测试方法;The permission verification setting module is used to set the corresponding permission verification method for different protection path types; such as directory write permission, file write permission, etc., to realize the distinction of security rule path types, and to formulate according to different path types corresponding test methods;
防护对比模块,用于读取防护规则路径对应的权限值,与规则路径实际的防护结果做对比;例如权限值为5,则规则路径允许读和执行,而不允许写,如果防护结果错误,则记录到日志文件,并将错误值加1;The protection comparison module is used to read the permission value corresponding to the protection rule path, and compare it with the actual protection result of the rule path; for example, if the permission value is 5, the rule path allows reading and execution, but not writing. If the protection result is wrong, Then record to the log file and add 1 to the error value;
循环验证模块,用于持续验证直到所有规则验证完毕,如果错误值为0,则所有防护规则都验证通过,否则返回防护失效的安全规则数量以及具体的规则信息。The cycle verification module is used for continuous verification until all rules are verified. If the error value is 0, all protection rules have passed the verification. Otherwise, the number of safety rules with protection failure and specific rule information are returned.
以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内所作的任何修改、等同替换和改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements and improvements made within the spirit and principles of the present invention should be included in the protection of the present invention. within range.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810825831.0ACN109040044A (en) | 2018-07-25 | 2018-07-25 | A kind of remote system safety regulation automatic verification method and system |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810825831.0ACN109040044A (en) | 2018-07-25 | 2018-07-25 | A kind of remote system safety regulation automatic verification method and system |
| Publication Number | Publication Date |
|---|---|
| CN109040044Atrue CN109040044A (en) | 2018-12-18 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810825831.0APendingCN109040044A (en) | 2018-07-25 | 2018-07-25 | A kind of remote system safety regulation automatic verification method and system |
| Country | Link |
|---|---|
| CN (1) | CN109040044A (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111131152A (en)* | 2019-11-15 | 2020-05-08 | 苏州浪潮智能科技有限公司 | Automatic verification method and system for a cross-platform remote login protection system |
| CN111565203A (en)* | 2020-07-16 | 2020-08-21 | 腾讯科技(深圳)有限公司 | Method, device and system for protecting service request and computer equipment |
| CN113992422A (en)* | 2021-11-04 | 2022-01-28 | 中海油信息科技有限公司北京分公司 | Dynamic configuration method for firewall rules |
| CN114510714A (en)* | 2022-01-14 | 2022-05-17 | 麒麟软件有限公司 | A testing method and system for Kysec security mechanism |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101816006A (en)* | 2007-09-12 | 2010-08-25 | 国际商业机器公司 | Security policy validation for web services |
| US20110030028A1 (en)* | 2009-07-30 | 2011-02-03 | Menten Lawrence E | Extensible Protocol Validation |
| CN103905464A (en)* | 2014-04-21 | 2014-07-02 | 西安电子科技大学 | Network security strategy verification system and method on basis of formalizing method |
| CN103944890A (en)* | 2014-04-08 | 2014-07-23 | 山东乾云启创信息科技有限公司 | Virtual interaction system and method based on client/server mode |
| CN104580157A (en)* | 2014-12-14 | 2015-04-29 | 中国航天科工集团第二研究院七〇六所 | Intelligent strategy validity verifying method based on dynamic message building technology |
| CN105653725A (en)* | 2016-01-22 | 2016-06-08 | 湖南大学 | MYSQL database mandatory access control self-adaptive optimization method based on conditional random fields |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101816006A (en)* | 2007-09-12 | 2010-08-25 | 国际商业机器公司 | Security policy validation for web services |
| US20110030028A1 (en)* | 2009-07-30 | 2011-02-03 | Menten Lawrence E | Extensible Protocol Validation |
| CN103944890A (en)* | 2014-04-08 | 2014-07-23 | 山东乾云启创信息科技有限公司 | Virtual interaction system and method based on client/server mode |
| CN103905464A (en)* | 2014-04-21 | 2014-07-02 | 西安电子科技大学 | Network security strategy verification system and method on basis of formalizing method |
| CN104580157A (en)* | 2014-12-14 | 2015-04-29 | 中国航天科工集团第二研究院七〇六所 | Intelligent strategy validity verifying method based on dynamic message building technology |
| CN105653725A (en)* | 2016-01-22 | 2016-06-08 | 湖南大学 | MYSQL database mandatory access control self-adaptive optimization method based on conditional random fields |
| Title |
|---|
| JIANLI MA ; GUOAI XU ; YIXIAN YANG ; YONG JI: "Information system security function validating using model checking", 《2010 2ND INTERNATIONAL CONFERENCE ON COMPUTER ENGINEERING AND TECHNOLOGY》* |
| 马健丽: "信息系统安全功能符合性检验关键技术研究", 《中国博士学位论文全文数库 信息科技辑》* |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111131152A (en)* | 2019-11-15 | 2020-05-08 | 苏州浪潮智能科技有限公司 | Automatic verification method and system for a cross-platform remote login protection system |
| CN111131152B (en)* | 2019-11-15 | 2022-06-10 | 苏州浪潮智能科技有限公司 | Automatic verification method and system for cross-platform remote login protection system |
| CN111565203A (en)* | 2020-07-16 | 2020-08-21 | 腾讯科技(深圳)有限公司 | Method, device and system for protecting service request and computer equipment |
| CN113992422A (en)* | 2021-11-04 | 2022-01-28 | 中海油信息科技有限公司北京分公司 | Dynamic configuration method for firewall rules |
| CN113992422B (en)* | 2021-11-04 | 2024-03-26 | 中海油信息科技有限公司北京分公司 | Firewall rule dynamic configuration method |
| CN114510714A (en)* | 2022-01-14 | 2022-05-17 | 麒麟软件有限公司 | A testing method and system for Kysec security mechanism |
| Publication | Publication Date | Title |
|---|---|---|
| KR101947760B1 (en) | Secure authentication server for smart contract | |
| Gupta et al. | PHP-sensor: a prototype method to discover workflow violation and XSS vulnerabilities in PHP web applications | |
| US10057280B2 (en) | Methods and systems of detecting and analyzing correlated operations in a common storage | |
| CN109040044A (en) | A kind of remote system safety regulation automatic verification method and system | |
| US7975296B2 (en) | Automated security threat testing of web pages | |
| US8572750B2 (en) | Web application exploit mitigation in an information technology environment | |
| Kals et al. | Secubat: a web vulnerability scanner | |
| Bisht et al. | XSS-GUARD: precise dynamic prevention of cross-site scripting attacks | |
| KR101001132B1 (en) | Method and system for determining vulnerability of web application | |
| US20180075240A1 (en) | Method and device for detecting a suspicious process by analyzing data flow characteristics of a computing device | |
| Gupta et al. | JS‐SAN: defense mechanism for HTML5‐based web applications against javascript code injection vulnerabilities | |
| Gupta et al. | XSS‐immune: a Google chrome extension‐based XSS defensive framework for contemporary platforms of web applications | |
| CN107426202B (en) | Method for automatically testing WAF (Wireless Access Filter) interception rule | |
| CN116842531B (en) | Code vaccine-based vulnerability real-time verification method, device, equipment and medium | |
| US20180198817A1 (en) | Persistent cross-site scripting vulnerability detection | |
| CN111611592A (en) | A kind of big data platform security assessment method and device | |
| CN111967018A (en) | Method for automatically detecting Tomcat known vulnerability | |
| Ferrari et al. | Nosql breakdown: A large-scale analysis of misconfigured nosql services | |
| CN110851838A (en) | Cloud testing system and security testing method based on Internet | |
| Rane et al. | Comparative analysis of automated scanning and manual penetration testing for enhanced cybersecurity | |
| KR102258965B1 (en) | Method and device for classifying range of web attack types by using information on method field of http protocol and information on content-type field of http protocol | |
| CN114021123A (en) | Construction method, safety inspection method, device and medium of behavior baseline library | |
| Ludinard et al. | Detecting attacks against data in web applications | |
| Woodraska et al. | Security mutation testing of the FileZilla FTP server | |
| Lin et al. | The automatic defense mechanism for malicious injection attack |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication | Application publication date:20181218 |