CN102075339B - VPN management platform, and implementation method and system for VPN service - Google Patents
VPN management platform, and implementation method and system for VPN service Download PDFInfo
- Publication number
- CN102075339B CN102075339B CN200910223563.6A CN200910223563A CN102075339B CN 102075339 B CN102075339 B CN 102075339B CN 200910223563 A CN200910223563 A CN 200910223563A CN 102075339 B CN102075339 B CN 102075339B
- Authority
- CN
- China
- Prior art keywords
- vpn
- gateway
- management platform
- acs
- parameter configuration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000012423 maintenance Methods 0.000 claims abstract description 28
- 238000003860 storage Methods 0.000 claims description 10
- 230000027455 binding Effects 0.000 claims description 9
- 238000009739 binding Methods 0.000 claims description 9
- 230000005540 biological transmission Effects 0.000 claims description 5
- 230000008859 change Effects 0.000 claims description 5
- 230000006870 function Effects 0.000 description 9
- 230000008569 process Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 101100207372 Curvularia clavata TR09 gene Proteins 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000004927 fusion Effects 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 230000014759 maintenance of location Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 239000000344 soap Substances 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses an implementation method and a system for a virtual private network (VPN) service. The method comprises the following steps that: a VPN management platform receives VPN account number information from a VPN user and acquires corresponding gateway information according to the information on correspondence between the VPN account number and the gateway; the VPN management platform generates VPN parameter configuration information corresponding to the gateway and sends the VPN parameter configuration information to an auto-configuration server (ACS) management platform; the ACS management platform forwards the VPN parameter configuration information to the corresponding gateway; and the corresponding gateway receives and loads the VPN parameter configuration information. In the invention, the VPN management platform and the ACS management platform are used for collaborative operation, so that the unified management of VPN service for the enterprise gateway is realized, VPN configuration discrepancy between an end-to-end mode and a remote access mode of the enterprise gateway is eliminated, and the problems of complicated management and difficult maintenance of gateway VPN configuration are solved.
Description
Technical field
The present invention relates to Virtual Private Network (VPN, Virtual Private Network) technical field, relate in particular to the method and system that realize VPN management platform, vpn service unified management.
Background technology
Along with the fast development of IT application in enterprises and ecommerce, the scale of enterprise is increasing, and region is also more and more wider, and increasing branch and mobile office personnel, make enterprise more and more higher to the demand of network, and rethinks its WAN strategy.IP VPN due to its fail safe, low cost, the advantage such as can expand, won the favor of increasing enterprise/operator.At present, operator is just at enterprises large scale deployment enterprise gateway equipment, for enterprise provides access networking and VPN service.Enterprise gateway is set up mobile personnel VPN client by long-range access module and is connected with the VPN between enterprise gateway, for mobile office personnel provide telecommuting service; Between the enterprise gateway of enterprise branch office, set up the VPN of end-to-end pattern, met the interconnected demand of enterprise mobile working and branch.But IP VPN configuration parameter is complicated, but also need to distinguish occupation mode, respectively the VPN of long-range access module and end-to-end pattern is configured, the serious application hindering in LiaoIPVPN enterprise, especially medium-sized and small enterprises user is short in understanding to computer, network knowledge, and the ability of maintenance is poor.
Terminal management system ACS based on TR069 agreement (Automatic Configuration Server) is being widely used and is disposing, and ACS grasps the variation of IP address of terminal completely as the management system of various terminals, as the first perception point of terminal configuration change.By ACS obtain terminal IP address, to terminal, to issue VPN configuration parameter be feasible technically.
Fig. 1 illustrates the structural representation that ACS management platform in prior art configured and issued the system of gateway automatically.(application number is 200610109663.2 to patent application " automatic configuration system of ipsec security strategy and method in home gateway ", the applying date is 2006.08.15, applicant is China Telecommunication Stock Co., Ltd, publication number is CN1905452A, within open day, is 2007.01.31) in provided the detailed description of this system.As shown in Figure 1, this system 100 is to provide device id by user, and ACS management platform 102 generates configuration and is automatically issued to gateway 104.User and operator sign after vpn service, ACS management platform is formulated corresponding security strategy according to operation situation and/or customer requirement, and realize by the mode of policy database or Policy Directories table, security strategy is converted into TR069 parameter and by device id, is handed down to appointment gateway, and by gateway, realized the loading of security strategy, thereby reach the object of automatic configuration VPN parameter.
But, the instruction based on prior art, those skilled in the art know it and also have following defect:
1, in prior art, by ACS management platform, generate security strategy and automatically issue, and by ACS, being responsible for the management of vpn service, having increased the complexity of ACS management platform, being unfavorable for the simple realization of systemic-function;
2, in prior art, user is often during a newly-increased end-to-end VPN node, all needing provides device id sign to operator, so that ACS management platform issues VPN configuration parameter to respective gateway, has increased difficulty and complexity that user opens vpn service;
3,, in prior art, the device identification mistake providing once user or the O&M personnel of operator misoperation, can cause setting up wrong VPN and connect foundation, causes safety problem;
4, prior art does not support the parameter of the long-range access module VPN of client automatically to configure.Because the IP address of client is unfixing, do not accept again the unified management of ACS management platform, need user to adopt manual mode to configure the VPN parameter of VPN client, but also the client that need to guarantee long-range access is consistent with the VPN parameter configuration between the gateway that will access, increased the configuration difficulty of long-range access client.Meanwhile, if gateway does not possess fixed ip address, there is no again binding domain name, client cannot be set up VPN with this gateway and be connected.
Summary of the invention
The technical problem that the present invention will solve is to provide a kind of method and system that realize the unified access of vpn service, without user's h.323-configured gateway parameter, user-friendly, maintenance and management.
Another technical problem that the present invention will solve is to provide a kind of VPN management platform, by VPN management platform, be responsible for the configuration management of vpn service, ACS management platform is responsible for the conversion of agreement and the forwarding of parameter configuration, and that reduces ACS management platform realizes difficulty and complexity.
Another technical problem that the present invention will solve is to give user self by VPN connection status, VPN user's etc. management, and user can increase and delete VPN user, be convenient to user newly-built, remove and rebuild VPN and be connected.
Another technical problem that the present invention will solve is to solve prior art can not realize the problem that under the long-range access module of client, VPN parameter configures automatically.The invention provides following technical scheme:
One aspect of the present invention provides a kind of implementation method of vpn service, and the method comprises: VPN management platform receives the VPN account information from VPN user, according to the VPN account of storage and the corresponding informance of gateway, obtains corresponding gateway information; VPN management platform generates the VPN parameter configuration of corresponding gateway, and VPN parameter configuration is sent to ACS management platform; ACS management platform is transmitted to corresponding gateway by VPN parameter configuration; Corresponding gateway receives and loads VPN parameter configuration.
In an embodiment of the implementation method of vpn service provided by the invention, when VPN user is VPN client, VPN user's corresponding gateway information is the accessing gateway information of VPN client; VPN management platform generates the VPN parameter configuration of long-range access module, and the method also comprises: VPN management platform sends to VPN client by the VPN parameter configuration of VPN client; VPN client is connected with the VPN that IAD is set up long-range access module.
In an embodiment of the implementation method of vpn service provided by the invention, when VPN user is gateway, VPN user's corresponding gateway information is for to set up the end-to-end opposite end gateway information being connected with gateway; The method also comprises: VPN management platform sends to opposite end gateway by the parameter configuration of gateway by ACS; Gateway is set up end-to-end VPN with opposite end gateway and is connected.
In an embodiment of the implementation method of vpn service provided by the invention, the method also comprises: set up after the VPN connection of long-range access module, and after VPN client ip address changes, the VPN account information that VPN client resends to VPN management platform; Wherein VPN account information comprises: domain name, username and password.
In an embodiment of the implementation method of vpn service provided by the invention, the method also comprises: when gateway is reached the standard grade, the device id of gateway, place domain name, username and password are transmitted to VPN management platform by ACS management platform; VPN management platform to gateway authentication by after device id, domain name and user name are bound, and the state of gateway is updated to VPN login state.
In an embodiment of the implementation method of vpn service provided by the invention, the method also comprises, when the IP address of gateway changes, gateway will send IP change notification to ACS management platform; ACS management platform is revised " device id " of gateway and the binding relationship of " IP address ", simultaneously by ACS management platform notice VPN management platform; VPN management platform checks out affected gateway and VPN client in same VPN territory, directly to VPN client, issues new VPN configuration parameter, and to affected gateway, re-issue new VPN configuration parameter by ACS management platform.
Another aspect of the present invention provides a kind of system that realizes of vpn service, and this system comprises: VPN management platform, for receiving the VPN account information from VPN user, obtains corresponding gateway information according to the VPN account of storage and the corresponding informance of gateway; Generate the VPN parameter configuration of corresponding gateway, and VPN parameter configuration is sent to ACS management platform; ACS management platform, for receiving the VPN parameter configuration sending from VPN management platform, and sends to corresponding gateway by VPN parameter configuration; Corresponding gateway, the VPN parameter configuration forwarding for receiving ACS management platform, and load VPN parameter configuration.
In an embodiment of the system that realizes of vpn service provided by the invention, VPN management platform is also used to VPN user that VPN account management interface is provided, the query interface of current VPN connection status is provided to VPN user, and newly-built, remove or rebuild the interface that VPN connects, to ACS management platform transmission state, check request, and the VPN connection status that receives the current gateway that ACS management platform returns; To ACS management platform, send VPN and connect maintenance request, the VPN of gateway is connected and safeguarded; ACS management platform is also checked request for receiving from the state of VPN management platform, and is transmitted to gateway; Receive the VPN connection status that gateway reports, and be transmitted to VPN management platform; Reception connects maintenance request from the VPN of VPN management platform, and is transmitted to gateway; Receive the VPN state information that gateway reports, and be transmitted to VPN management platform; Gateway is also checked request for receiving the state of ACS management platform forwarding, and to ACS management platform, returns to the VPN connection status of current gateway; The VPN that receives the forwarding of ACS management platform connects maintenance request to the VPN of gateway is connected and safeguarded, and returns and safeguard result to ACS management platform.
Another aspect of the present invention provides a kind of VPN management platform, and this VPN management platform comprises: VPN configuration parameter transceiver module, for receiving the VPN account information from VPN user, sends to VPN parameter configuration module by VPN account; Reception, from the VPN parameter configuration of VPN parameter configuration module, sends to ACS management platform by VPN parameter configuration; VPN account management module, for the VPN account of storing and the corresponding informance of gateway; VPN parameter configuration module, be used for receiving VPN account information, according to the VPN account of VPN account management module storage and the corresponding informance of gateway, obtain corresponding gateway information, generate the VPN parameter configuration of corresponding gateway, VPN parameter configuration is sent to VPN configuration parameter transceiver module.
In an embodiment of VPN management platform provided by the invention, VPN management platform also comprises: VPN state is checked and maintenance module, for providing query interface to VPN user, to VPN configuration parameter transceiver module, send VPN status query request, the VPN user's that reception ACS management platform is returned VPN connection status, obtain current VPN connection status, and send request newly-built, that remove or rebuild VPN connection to VPN configuration parameter transceiver module, so that VPN user is newly-built with corresponding gateway, remove or rebuild VPN, connect.
In an embodiment of VPN management platform provided by the invention, VPN account management module is also used to VPN account number that VPN account management interface is provided, and VPN user be take enterprise as unit creation territory, and in same territory, creates a plurality of user names; Wherein, the combination of territory and user name sign VPN account number.
The implementation method and the system that the invention provides a kind of VPN management platform, vpn service, user only need to configure domain name, user name, password, and realizes the automatic configuration to VPN user by VPN management platform; Enterprise operation and attendant do not need to provide the IP address of terminal or device identification, complicated VPN configuration parameter can complete the configuration of the long-range access module of enterprise gateway, end-to-end pattern VPN yet, the state simultaneously can long-range real time inspection VPN connecting, promotes the application of VPN technologies in medium-sized and small enterprises.
Accompanying drawing explanation
Fig. 1 illustrates the structural representation that ACS management platform in prior art configured and issued the system of gateway automatically;
Fig. 2 illustrates the structural representation of an embodiment of the system that realizes of vpn service according to the present invention;
Fig. 3 illustrates the schematic flow sheet of an embodiment of the implementation method of vpn service of the present invention;
Fig. 4 illustrates the structural representation of an embodiment of VPN management platform according to the present invention;
Fig. 5 illustrates the structural representation of an embodiment of the system that realizes of vpn service according to the present invention;
Fig. 6 illustrates the structural representation of an embodiment of the system that realizes of vpn service according to the present invention;
Fig. 7 illustrates the structural representation of an embodiment of the system that realizes of vpn service according to the present invention;
Fig. 8 shows the schematic flow sheet of the embodiment that in the implementation method of the vpn service according to the present invention, gateway is registered to VPN management platform;
Fig. 9 shows that in the implementation method of the vpn service according to the present invention, VPN management platform sends the schematic flow sheet of an embodiment of VPN parameter configuration to gateway;
Figure 10 illustrates in the implementation method of the vpn service according to the present invention VPN client to the flow chart of an embodiment of the long-range access of VPN management platform.
Embodiment
With reference to the accompanying drawings the present invention is described more fully, the various embodiment that the present invention is exemplary are described.
Fig. 2 illustrates the structural representation of an embodiment of the system that realizes of vpn service according to the present invention.
As shown in Figure 2, the system that realizes 200 of vpn service mainly comprises: VPN management platform 202, ACS management platform 204 and VPN user (gateway 206 or VPN client 208 as shown), VPN user can be VPN client or the gateway that enterprise or family are used.
Wherein, VPN management platform 202, for receiving the VPN account information from VPN user, obtains corresponding gateway information according to the corresponding informance of the VPN account of its storage and gateway; Generate the VPN parameter configuration of corresponding gateway, and VPN parameter configuration is sent to ACS management platform 204.In embodiments of the invention, VPN account information comprises: domain name, username and password.
ACS management platform 204, for receiving the VPN parameter configuration sending from VPN management platform 202, and sends to corresponding gateway by VPN parameter configuration.In the present invention, VPN management platform can require the object connect according to user, generates the VPN parameter configuration of corresponding gateway according to VPN parameter configuration template (as according to the parameter configuration with predetermined format of the Information generations such as gateway or client domain name, device id, user name).
Gateway, the VPN parameter configuration forwarding for receiving ACS management platform 204, and load VPN parameter configuration, sets up VPN with VPN user and is connected thereby realize.
In an embodiment of the system that realizes of vpn service provided by the invention, VPN management platform 202 is also used to VPN user that VPN account management interface is provided, the query interface of current VPN connection status is provided to VPN user, and newly-built, remove or rebuild the interface that VPN connects, to ACS management platform transmission state, check request, and the VPN connection status that receives the current gateway that ACS management platform returns; To ACS management platform, send VPN and connect maintenance request, the VPN of gateway is connected and safeguarded.Specifically, VPN management platform 202Wei operator and/or user provide VPN account management interface, user can be take enterprise as territory of unit creation by VPN account management interface, in each territory, can create a plurality of users' the information such as user name, and identify a VPN account by the combination in " territory " and " user name "; This VPN account can a corresponding gateway or the VPN client of a long-range access.In the present invention, VPN management platform is responsible for setting up VPN account number, the binding relationship of the device id of gateway and IP address; When setting up the VPN of long-range access module, connect, the VPN account corresponding to gateway that will access be searched and be specified to VPN management platform 202 need to for the user of the VPN client of long-range access.VPN management platform 202 is the object for requiring to connect according to user also, according to VPN parameter configuration template (as according to the parameter configuration with predetermined format of the Information generations such as gateway or client domain name, device id, user name), generates VPN parameter configuration with configuration of enterprise gateway and VPN client; The query interface of current VPN connection status is provided to user, and newly-built, remove or rebuild the interface that VPN connects to check that the current VPN connection status of gateway is connected and makes attended operation with VPN to current.
In an embodiment of the system that realizes of vpn service provided by the invention, ACS management platform 204 is also checked request for receiving from the state of VPN management platform, and is transmitted to gateway; Receive the VPN connection status that gateway reports, and be transmitted to VPN management platform; Reception connects maintenance request from the VPN of VPN management platform, and is transmitted to gateway; Receive the VPN state information that gateway reports, and be transmitted to VPN management platform.Between ACS management platform 204 and VPN management platform 202 and gateway, realize and exchanging visits, the main management of being responsible for gateway, the log-on message sending for receiving enterprise gateway, and forward log-on message to VPN management platform; Reception, from the VPN parameter configuration of VPN management platform 202, converts this VPN parameter configuration to TR069 agreement (CPE wide area network management agreement, the widely used RPC method based on SOAP in Web service of new generation; For subscriber equipment, TR069 agreement mainly realizes the function of following four aspects: subscriber equipment is configuration and dynamic business configuration automatically; Management to the software of subscriber equipment and firmware; The state of subscriber equipment and performance are monitored; Then be forwarded to and specify gateway so that the VPN relevant parameter of new gateway more diagnosis to communication failure); Be responsible for to receive the VPN state information that gateway reports simultaneously, and to the state information of VPN management platform 202 forward gateways.
In an embodiment of the system that realizes of vpn service provided by the invention, gateway is also checked request for receiving the state of ACS management platform forwarding, and to ACS management platform, returns to the VPN connection status of current gateway; The VPN that receives the forwarding of ACS management platform connects maintenance request to the VPN of gateway is connected and safeguarded, and returns and safeguard result to ACS management platform.In the present invention, gateway can be home gateway or the enterprise gateway of supporting TR069 agreement, be mainly used in to VPN management platform, sending registration message (account of gateway) by ACS management platform 204, this log-on message comprises: gateway device ID, (enterprise) domain name and user name, also can comprise the log-in password that user name is corresponding.202 pairs of gateways that send registration message of VPN management platform authenticate, and after authentication, VPN management platform 202 is carried out bindings by the device id of this gateway, domain name and user name, wherein " domain name+user name " corresponding gateway.The VPN parameter configuration that gateway receives from VPN management platform 202 by ACS management platform 204, to upgrade the VPN relevant parameter of this gateway device; Reception is checked request from the state of VPN management platform 202, by ACS management platform 204, to VPN management platform 202, feeds back the current VPN connection status of gateway; Reception connects maintenance request from the VPN of VPN management platform 202, VPN is connected and is safeguarded, and safeguard result to ACS management platform 204 feedbacks.
In an embodiment of the system that realizes of vpn service provided by the invention, VPN user comprises the VPN client of long-range access; VPN client can increase following functions by forms such as software or firmwares on the basis of general VPN client: can accept the VPN configuration parameter from VPN management platform, and according to the VPN configuration of parameter modification client; The software that can provide by VPN client is directly submitted enterprise domain name, user name and password to VPN management platform; And VPN client is regularly obtained configuration parameter and loads from VPN management platform.When the access of the VPN of long-range access client realizes the system 200 of the unified access of vpn service, to VPN management platform 202, submit log-on message (as submitted the log-on messages such as enterprise domain name, user name and password to VPN management platform by connection interface) to, VPN management platform 202, after completing user authentication, is handed down to VPN client by VPN relevant parameter.VPN management platform 202 receives after the log-on message of VPN client, finds and needs remote access gateway; VPN management platform 202 generates the VPN parameter configuration of gateway, and VPN parameter configuration is sent to ACS management platform 204; ACS management platform 204 is transmitted to gateway by VPN parameter configuration; Gateway receives and loads VPN parameter configuration, and the VPN that sets up long-range access module with VPN client is connected.Thereby realizing client is connected with specifying the VPN between gateway.
In an embodiment of the system that realizes of vpn service provided by the invention, when gateway is reached the standard grade, the accounts such as the device id of gateway, place domain name, username and password are transmitted to VPN management platform by ACS management platform and register; VPN management platform to gateway authentication by after device id, domain name and user name are bound, and the state of gateway is updated to VPN login state.
In an embodiment of the system that realizes of vpn service provided by the invention, when gateway is restarted at every turn or IP address changes, gateway sends log-on message via ACS management platform 204 to VPN management platform 202; When VPN management platform 202 finds that the IP of gateways changes, can reconfigure the VPN parameter of affected gateway in the territory that VPN connects or client.Specifically, the VPN connection for end-to-end pattern, when the IP address of gateway changes, can have influence on the VPN parameter configuration of opposite end gateway; VPN for long-range access module connects, and when the IP address of gateway changes, can have influence on the VPN parameter configuration of the client of long-range access.ACS management platform is safeguarded the device id of gateway and the binding relationship of IP address, when gateway ip address changes, gateway can be by change notification ACS management platform, and then revise " device id " of gateway and the binding relationship of " IP address " by ACS management platform, simultaneously by ACS management platform notice VPN management platform; VPN management platform can check out affected gateway and VPN client in same VPN territory, directly to VPN client, issues new configuration parameter, and to affected gateway, re-issue configuration parameter by ACS management platform.
In an embodiment of the system that realizes of vpn service provided by the invention, VPN management platform 202 can adopt the gateway management system of the standard of supporting TR069 agreement, and the account management function increasing in this gateway management system, VPN parameter configuration function, VPN state is checked and the function such as maintenance module.
In an embodiment of the system that realizes of vpn service provided by the invention, ACS management platform 204 can adopt the terminal management system of the standard of supporting TR069 agreement, and in this terminal management system, needs to increase VPN parameter forwarding capability functions of modules.
In an embodiment of the system that realizes of vpn service provided by the invention, gateway can be home gateway or the enterprise gateway of supporting TR069 agreement, and in this gateway, increase the function that sends VPN log-on messages to VPN management platform 202, and from ACS management platform 204, obtain VPN parameter configuration and to functions such as VPN management platform 202 feedback configuration object informations by TR069 agreement.
In an embodiment of the system that realizes of vpn service provided by the invention, VPN client can be to support the VPN client of long-range access module, has the function that regularly reports the parameters such as log-on message and load VPN parameter configuration to VPN management platform.
The system that realizes of vpn service provided by the invention, the corresponding software installation kit of client software packing in VPN client, can be arranged on user's PC or on other terminal equipment, user just can long-rangely be linked on the gateway of appointment by input enterprise domain name, user name and password, realizes by VPN remote access.Compare with general long-range access client software, the system that realizes the unified access of vpn service provided by the invention does not need manually to configure complicated VPN configuration parameter, by VPN management platform parameter configuration template, automatically generates VPN configuration parameter; The management of VPN management platform can be accepted, by VPN management platform, the state that VPN connects can be checked; When the IP address of gateway changes, VPN management platform can proactive notification VPN client be revised corresponding configuration parameter.
Fig. 3 illustrates the schematic flow sheet of an embodiment of the implementation method of vpn service of the present invention.
As shown in Figure 3, in the flow process 300 of the implementation method of vpn service, step 302, VPN user sends VPN account information to VPN management platform.For example, in the present invention, VPN user can be VPN client or the gateway that enterprise or family are used, and VPN account information comprises: domain name, username and password.
The implementation method of vpn service provided by the invention and system, set up VPN management platform, adopt VPN management platform and the collaborative work of ACS management platform, realize the unified management to gateway vpn service, eliminated the otherness of the end-to-end pattern of gateway and long-range access module VPN configuration.
Fig. 4 illustrates the structural representation of an embodiment of VPN management platform according to the present invention.
As shown in Figure 4, VPN management platform 400 mainly comprises: VPN account management module 402, VPN parameter configuration module 404 and VPN configuration parameter transceiver module 406.
Wherein, VPN account management module 402, for the VPN account of storing and the corresponding informance of gateway.
VPN parameter configuration module 404, be used for receiving VPN account information, according to the VPN account of VPN account management module 402 storages and the corresponding informance of gateway, obtain corresponding gateway information, generate VPN parameter configuration, VPN parameter configuration is sent to VPN configuration parameter transceiver module.
VPN configuration parameter transceiver module 406, for receiving the VPN account information from VPN user's (as gateway 403 or VPN client 405), sends to VPN parameter configuration module 404 by VPN parameter configuration; Reception, from the VPN parameter configuration of VPN parameter configuration module 404, sends to ACS management platform 401 by VPN parameter configuration.
In an embodiment of VPN management platform provided by the invention, VPN account management module 402 is also used to VPN account number that VPN account management interface is provided, and VPN user be take enterprise as unit creation territory, and can create a plurality of user names in same territory; Wherein, the combination of territory and user name sign VPN account number.
In an embodiment of VPN management platform provided by the invention, VPN management platform 400 further comprises: VPN state is checked and maintenance module 408, for providing query interface to VPN user, to VPN configuration parameter transceiver module, send VPN status query request, the VPN user's that reception ACS management platform 401 is returned VPN connection status, obtain current VPN connection status, and send request newly-built, that remove or rebuild described VPN connection to VPN configuration parameter transceiver module, so that VPN user is newly-built with corresponding gateway, remove or rebuild VPN, connect.
Fig. 5 illustrates the structural representation of an embodiment of the system that realizes of vpn service of the present invention.
As shown in Figure 5, the system that realizes 500 of vpn service mainly comprises the VPN client 508 of VPN management platform 502, ACS management platform 504, gateway 506 and long-range access; Wherein the VPN client 508 of ACS management platform 504, gateway 506 and long-range access can be respectively to have same or analogous functional module with the VPN client of the management platform of ACS shown in Fig. 2 204, gateway and long-range access; For for purpose of brevity, repeat no more here.
As shown in Figure 5, the VPN management platform 502 realizing in the unified system 500 accessing of vpn service comprises that VPN account management module 5022, VPN parameter configuration module 5024, VPN state are checked and maintenance module 5026 and VPN configuration parameter transceiver module 5028.
Wherein, VPN account management module 5022, for the VPN account of storing and the corresponding informance of gateway, Bing Wei operator and/or user provide VPN account management interface to manage VPN account, user can be take enterprise as unit creation territory, and in each territory, can create a plurality of users' the information such as user name; And can identify VPN account's (as a gateway or client) by the combination in " territory " and " user name ".
VPN parameter configuration module 5024, be used for receiving VPN account information, according to the VPN account of VPN account management module 5022 storages and the corresponding informance of gateway, obtain corresponding gateway information, generate VPN parameter configuration, VPN parameter configuration is sent to VPN configuration parameter transceiver module.
VPN state is checked and maintenance module 5026, for providing query interface to VPN user, to VPN configuration parameter transceiver module, send VPN status query request, the VPN user's that reception ACS management platform 504 is returned VPN connection status, obtain current VPN connection status, and send request newly-built, that remove or rebuild described VPN connection to VPN configuration parameter transceiver module, so that VPN user is newly-built with corresponding gateway, remove or rebuild VPN, connect, to check that the current VPN connection status of gateway is connected and makes attended operation with VPN to current.When VPN connects while breaking down, VPN management platform can display alarm information, and telecom operation and attendant or enterprise administrator can log in VPN management platform and check warning information.
VPN configuration parameter transceiver module 5028, for receiving the VPN account information from VPN user's (as gateway 506 or VPN client 508), sends to VPN parameter configuration module 5024 by VPN parameter configuration; Reception, from the VPN parameter configuration of VPN parameter configuration module 5024, sends to ACS management platform 504 by VPN parameter configuration; Receive the VPN state that VPN state is checked and maintenance module 5026 sends and check request, and check request to ACS management platform 504 transmission states, and the VPN connection status that receives the VPN user that ACS management platform 504 returns; Receive the VPN that VPN state is checked and maintenance module 5026 sends and connect maintenance request, and send VPN connection maintenance request to ACS management platform 504, VPN user's VPN is connected and safeguarded.
Fig. 6 illustrates the structural representation of an embodiment of the system that realizes of vpn service of the present invention.
As shown in Figure 6, the system that realizes 600 of vpn service mainly comprises the VPN client 608 of VPN management platform 602, ACS management platform 604, gateway 606 and long-range access; Wherein the VPN client 608 of VPN management platform 602, gateway 606 and long-range access can be respectively to have same or analogous functional module with the VPN client 508 of the management platform of VPN shown in Fig. 5 502, gateway 506 and long-range access; For for purpose of brevity, repeat no more here.
As shown in Figure 6, ACS management platform 604 in the system that realizes 600 of vpn service comprises VPN parameter forwarding module 6042, the VPN account information sending for receiving gateway 606, and forward this VPN account information to the VPN account management module 6022 of VPN management platform 602; The VPN parameter configuration that reception issues from the VPN parameter configuration module 6024 of VPN management platform 602, and forward these VPN parameter configuration with the VPN relevant parameter of new gateway 606 more to gateway 606; Reception is checked request from the state that VPN turntable is checked and maintenance module 6026 issues of VPN management platform, and is transmitted to gateway 606; Receive the VPN connection status that gateway 606 reports, and the VPN turntable that is transmitted to VPN management platform 606 is checked and maintenance module 6026; Reception connects maintenance request from the VPN that VPN turntable is checked and maintenance module 6026 issues of VPN management platform 602, the VPN of gateway 606 is connected and is safeguarded, and check and maintenance module 6026 returns and safeguards result to the VPN turntable of VPN management platform; Receive the VPN state information that gateway reports, to the state of VPN management platform feedback gateway.In prior art scheme, in ACS management platform, there is no VPN parameter forwarding module.
Fig. 7 illustrates the structural representation of an embodiment of the system that realizes of vpn service according to the present invention.
As shown in Figure 7, realize the VPN client 708 that the unified system 700 accessing of vpn service mainly comprises VPN management platform 702, ACS management platform 704, gateway 706 and long-range access; Wherein the VPN client 708 of VPN management platform 702, ACS management platform 704 and long-range access can be respectively to have same or analogous functional module with the VPN client 608 of the management platform of VPN shown in Fig. 6 602, ACS management platform 604 and long-range access; For for purpose of brevity, repeat no more here.
As shown in Figure 7, the gateway 706 of realizing in the unified system 700 accessing of vpn service comprises: gateway registration module 7062 and VPN parameter configuration module 7064.
Wherein, gateway registration module 7062, for sending the VPN log-on message of this gateway to VPN management platform 702.
VPN parameter configuration module 7064, for obtaining from ACS management platform 704 the VPN parameter configuration that VPN management platform 702 issues by TR069 agreement, and to VPN management platform 702 feedback configuration object informations.
The system that realizes the unified access of vpn service provided by the invention, VPN management platform is responsible for the configuration management of vpn service, in the process of configuration VPN, not needing to specify is long-range access module or end-to-end pattern VPN, realize the fusion of long-range access module and end-to-end pattern VPN, solved the allocation problem that prior art scheme can not realize long-range access module VPN.Secondly, VPN management platform is responsible for the configuration management of vpn service in the present invention, ACS management platform is only responsible for the conversion of agreement and the forwarding of configuration, has reduced the complexity of ACS management platform; By VPN account's management, give user, user can increase and delete VPN account, is convenient to user and safeguards that (as operations such as increase, deletion or changes) VPN connects; The possibility that provides wrong device identification or operator's O&M personnel misoperation to cause safety problem due to user is also provided simultaneously.
Fig. 8 shows the schematic flow sheet of the embodiment that in the method that realizes the unified access of vpn service according to the present invention, gateway is registered to VPN management platform.
As shown in Figure 8, step 802, gateway sends log-on message to ACS management platform.For example, when gateway is reached the standard grade, by the information reportings such as device id, (enterprise) domain name, user name and/or password corresponding to this gateway to ACS management platform.
Step 810, if the log-on message of this gateway does not pass through the authentication of VPN management platform, VPN management platform is refused registration and the access of this gateway so.
VPN for end-to-end pattern connects, and when the IP address of gateway changes, can have influence on the VPN parameter configuration of opposite end gateway; VPN for long-range access module connects, and when the IP address of gateway changes, can have influence on the VPN parameter configuration of the client of long-range access.Provided by the invention realization in the embodiment that in the unified method accessing of vpn service, gateway is registered to VPN management platform, when gateway is restarted at every turn or IP address changes, gateway sends log-on message via ACS management platform to VPN management platform; When VPN management platform finds that the IP of gateway changes, can reconfigure the VPN parameter of affected respective gateway in VPN territory or client.
Fig. 9 shows that in the implementation method of the vpn service according to the present invention, VPN management platform sends the schematic flow sheet of an embodiment of VPN parameter configuration to gateway.
As shown in Figure 9, step 902, VPN management platform generates the VPN parameter configuration of described gateway.For example, user selects to set up the account number that VPN connects, and the user that account is corresponding succeeds in registration before being; The VPN parameter configuration module of VPN management platform generates according to the user account number that will set up VPN connection the VPN parameter configuration that its gateway is corresponding.
In the method that realizes the unified access of vpn service provided by the invention, VPN management platform sends in an embodiment of VPN parameter configuration to gateway, the method flow process also comprises: first operator and/or user create territory by VPN management platform, and in territory newly-built user account.For example, VPN account management module that user provides by VPN management platform creates territory, and in territory newly-built user account number (comprising username and password).
In the method that realizes the unified access of vpn service provided by the invention, VPN management platform sends in an embodiment of VPN parameter configuration to gateway, after gateway loads the success of VPN configuration information to the successful message of VPN management platform feedback configuration, VPN management platform receives after the successful feedback information of gateway configuration of ACS management platform forwarding, will upgrade the VPN connection state information of this gateway.
Figure 10 illustrates in the implementation method of the vpn service according to the present invention VPN client to the flow chart of an embodiment of the long-range access of VPN management platform.
As shown in figure 10, step 1002, VPN client sends registration message to VPN management platform.For example, VPN client is initiated long-range access request to VPN management platform, and sends to VPN management platform the message contain log-on message, and log-on message can comprise the domain name, username and password of this client etc.
In the implementation method of vpn service provided by the invention, VPN client is in an embodiment of VPN management platform registration, after the IP address of client changes, VPN client reports registration request again to VPN management platform, thereby again completes the flow process of registration and long-range access request.
The implementation method of vpn service provided by the invention and system, by setting up VPN management platform, with the collaborative work of ACS management platform, realize the unified management to enterprise gateway vpn service, and eliminate the otherness of the end-to-end pattern of enterprise gateway and long-range access module VPN configuration.With reference to the exemplary description of aforementioned the present invention, those skilled in the art can clearly know the present invention and have the following advantages:
1, for the complexity of ACS management platform in prior art, the problem that is unfavorable for the simple realization of systemic-function, the present invention adopts VPN management platform to be responsible for the disposition and management of vpn service, and the configuration that ACS management platform is responsible for that VPN management platform is generated is converted into TR069 agreement and is issued to appointment gateway and VPN client; Thereby simplified the complexity that ACS management platform realizes, be user-friendly to and safeguard.
2, for prior art, do not support the problem that the parameter of the long-range access module VPN of client configures automatically, the present invention divides territory management by VPN, in same territory, can distribute a plurality of VPN accounts; In VPN management platform, territory and VPN account can identify a gateway or client uniquely, by VPN management platform, realize the fusion of long-range access module and end and end pattern VPN, between same intradomain gateway, set up end-to-end VPN and connect, between pc client and gateway, set up long-range access VPN and be connected.
While 3, often increasing an end-to-end VPN node newly for user in prior art, all needing provides device id sign to operator, has increased user and has opened the difficulty of vpn service and the problem of complexity; In the present invention, by VPN management platform, by VPN account's management, give user, user can increase and delete VPN account, and being convenient to user increases, deletes or change VPN connection.
4, for the device identification mistake providing once user in prior art or the O&M personnel of operator misoperation, can cause setting up wrong VPN and connect foundation, cause safety problem; In the present invention, user only need to configure domain name, user name, password in VPN client, just can pass through the long-range IAD of VPN.In addition, user does not need the state that logging in gateway just can real time inspection VPN connects.
Embodiments of the invention provide for example with for the purpose of describing, and are not exhaustively or limit the invention to disclosed form.Many modifications and variations are apparent for the ordinary skill in the art.Selecting and describing embodiment is for better explanation principle of the present invention and practical application, thereby and makes those of ordinary skill in the art can understand the various embodiment with various modifications that the present invention's design is suitable for special-purpose.
Claims (11)
1. an implementation method for vpn service, is characterized in that, described method comprises:
VPN management platform receives the VPN account information from VPN user, according to the described VPN account of storage and the corresponding informance of gateway, obtains corresponding gateway information;
Described VPN management platform generates the VPN parameter configuration of corresponding gateway, and described VPN parameter configuration is sent to Automatic Configuration Server ACS management platform;
Described ACS management platform is transmitted to corresponding gateway by described VPN parameter configuration;
Corresponding gateway receives and loads described VPN parameter configuration.
2. method according to claim 1, is characterized in that, when described VPN user is VPN client, described VPN user's corresponding gateway information is the accessing gateway information of described VPN client; Described VPN management platform generates the VPN parameter configuration of long-range access module, and described method also comprises:
Described VPN management platform sends to described VPN client by the VPN parameter configuration of described VPN client;
The VPN that described VPN client is set up long-range access module with IAD is connected.
3. method according to claim 1, is characterized in that, when described VPN user is gateway, described VPN user's corresponding gateway information is for to set up the end-to-end opposite end gateway information being connected with gateway; Described method also comprises:
Described VPN management platform sends to opposite end gateway by the parameter configuration of gateway by described ACS;
Gateway is set up end-to-end VPN with opposite end gateway and is connected.
4. method according to claim 2, it is characterized in that, described method also comprises: set up after the VPN connection of long-range access module, after the IP address of described VPN client changes, described VPN client resends described VPN account information to described VPN management platform; Wherein said VPN account information comprises: domain name, username and password.
5. method according to claim 3, is characterized in that, described method also comprises: when gateway is reached the standard grade, the device id of gateway, place domain name, username and password are transmitted to described VPN management platform by described ACS management platform; Described VPN management platform to gateway authentication by after described device id, domain name and described user name are bound, and the state of gateway is updated to VPN login state.
6. method according to claim 1, is characterized in that, described method also comprises, when the IP address of described gateway changes, described gateway will send IP change notification to described ACS management platform;
Described ACS management platform is revised " device id " of described gateway and the binding relationship of " IP address ", notifies described VPN management platform by described ACS management platform simultaneously;
Described VPN management platform checks out affected described gateway and VPN client in same VPN territory, directly to described VPN client, issue new VPN configuration parameter, and to affected described gateway, re-issue described new VPN configuration parameter by described ACS management platform.
7. the system that realizes of vpn service, is characterized in that, described system comprises:
VPN management platform, for receiving the VPN account information from VPN user, obtains corresponding gateway information according to the described VPN account of storage and the corresponding informance of gateway; Generate the VPN parameter configuration of corresponding gateway, and described VPN parameter configuration is sent to Automatic Configuration Server ACS management platform;
Described ACS management platform, for receiving the described VPN parameter configuration sending from described VPN management platform, and sends to corresponding gateway by described VPN parameter configuration;
Corresponding gateway, the described VPN parameter configuration forwarding for receiving described ACS management platform, and load described VPN parameter configuration.
8. system according to claim 7, it is characterized in that, described VPN management platform is also used to described VPN user that VPN account management interface is provided, the query interface of current VPN connection status is provided to described VPN user, and newly-built, remove or rebuild the interface that described VPN connects, to described ACS management platform transmission state, check request, and the VPN connection status that receives the current described gateway that described ACS management platform returns; To described ACS management platform, send VPN and connect maintenance request, the VPN of described gateway is connected and safeguarded;
Described ACS management platform is also checked request for receiving from the state of described VPN management platform, and is transmitted to described gateway; Receive the described VPN connection status that described gateway reports, and be transmitted to described VPN management platform; Reception connects maintenance request from the VPN of described VPN management platform, and is transmitted to described gateway; Receive the VPN state information that described gateway reports, and be transmitted to described VPN management platform;
Described gateway is also checked request for receiving the described state of described ACS management platform forwarding, and to described ACS management platform, returns to the VPN connection status of current described gateway; The described VPN that receives described ACS management platform forwarding connects maintenance request to the VPN of described gateway is connected and safeguarded, and returns and safeguard result to described ACS management platform.
9. a VPN management platform, is characterized in that, described VPN management platform comprises:
VPN configuration parameter transceiver module, for receiving the VPN account information from VPN user, sends to VPN parameter configuration module by described VPN account; Reception, from the VPN parameter configuration of described VPN parameter configuration module, sends to Automatic Configuration Server ACS management platform by VPN parameter configuration;
VPN account management module, for the described VPN account of storing and the corresponding informance of gateway;
Described VPN parameter configuration module, be used for receiving described VPN account information, according to the described VPN account of described VPN account management module storage and the corresponding informance of gateway, obtain corresponding gateway information, the VPN parameter configuration that generates corresponding gateway, sends to described VPN configuration parameter transceiver module by described VPN parameter configuration.
10. VPN management platform according to claim 9, it is characterized in that, described VPN management platform also comprises: VPN state is checked and maintenance module, for providing query interface to described VPN user, to described VPN configuration parameter transceiver module, send VPN status query request, receive the described VPN user's that described ACS management platform returns VPN connection status, obtain current VPN connection status, and send newly-built to described VPN configuration parameter transceiver module, remove or rebuild the request that described VPN connects, so that described VPN user is newly-built with described corresponding gateway, removing or rebuild described VPN connects.
11. VPN management platforms according to claim 9, it is characterized in that, described VPN account management module is also used to described VPN account number that VPN account management interface is provided, and described VPN user be take enterprise as unit creation territory, and in same territory, creates a plurality of user names; Wherein, the combination of described territory and described user name identifies described VPN account number.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910223563.6A CN102075339B (en) | 2009-11-23 | 2009-11-23 | VPN management platform, and implementation method and system for VPN service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910223563.6A CN102075339B (en) | 2009-11-23 | 2009-11-23 | VPN management platform, and implementation method and system for VPN service |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102075339A CN102075339A (en) | 2011-05-25 |
| CN102075339B true CN102075339B (en) | 2014-03-19 |
Family
ID=44033694
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910223563.6A Active CN102075339B (en) | 2009-11-23 | 2009-11-23 | VPN management platform, and implementation method and system for VPN service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102075339B (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102611574A (en) * | 2012-02-23 | 2012-07-25 | 成都飞鱼星科技开发有限公司 | Automatic configuration system and configuration method for VPN (Virtual Private Network) |
| CN103684958B (en) * | 2012-09-14 | 2017-04-19 | 中国电信股份有限公司 | Method and system for providing flexible VPN (virtual private network) service and VPN service center |
| CN104104569B (en) * | 2013-04-01 | 2017-08-29 | 华为技术有限公司 | Set up the method and server of vpn tunneling |
| CN103281694B (en) * | 2013-06-20 | 2017-02-08 | 福建伊时代信息科技股份有限公司 | Configuration file distributing method and device |
| CN104717313B (en) * | 2013-12-17 | 2018-08-14 | 华为技术有限公司 | mDNS gateway address configuration method and device |
| CN105119934A (en) * | 2015-09-11 | 2015-12-02 | 北京星网锐捷网络技术有限公司 | Deployment method of virtual private network branch, headquarter equipment and branch equipment |
| CN106027354B (en) * | 2016-05-19 | 2019-03-15 | 杭州迪普科技股份有限公司 | The reflow method and device of VPN client |
| CN107154865A (en) * | 2017-04-13 | 2017-09-12 | 上海寰创通信科技股份有限公司 | A kind of method based on outer net managing intranet equipment |
| US12231892B2 (en) | 2017-09-27 | 2025-02-18 | Ubiquiti Inc. | Systems for automatic secured remote access to a local network |
| WO2019067802A1 (en) * | 2017-09-27 | 2019-04-04 | Ubiquiti Networks, Inc. | Systems for automatic secured remote access to a local network |
| CN109379383B (en) * | 2018-12-10 | 2021-01-26 | 杭州迪普科技股份有限公司 | Virtual private network VPN client and implementation method |
| CN113271218B (en) * | 2020-02-17 | 2023-03-21 | 中国电信股份有限公司 | VPN service configuration method, system, orchestrator and storage medium |
| CN111726367B (en) * | 2020-06-30 | 2022-11-11 | 锐捷网络股份有限公司 | Method, device, system and equipment for binding access of Customer Premises Equipment (CPE) |
| CN115314523A (en) * | 2022-08-03 | 2022-11-08 | 上海船舶运输科学研究所有限公司 | VPN-based marine communication gateway remote management system and method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1866855A (en) * | 2005-09-13 | 2006-11-22 | 华为技术有限公司 | System for tele-managing local network device and realization method |
| CN101453396A (en) * | 2007-11-29 | 2009-06-10 | 华为技术有限公司 | Method and system for multiple service provider device management |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008089305A2 (en) * | 2007-01-17 | 2008-07-24 | Nortel Networks Limited | Border gateway protocol procedures for mpls and layer-2 vpn using ethernet-based tunnels |
-
2009
- 2009-11-23 CN CN200910223563.6A patent/CN102075339B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1866855A (en) * | 2005-09-13 | 2006-11-22 | 华为技术有限公司 | System for tele-managing local network device and realization method |
| CN101453396A (en) * | 2007-11-29 | 2009-06-10 | 华为技术有限公司 | Method and system for multiple service provider device management |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102075339A (en) | 2011-05-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102075339B (en) | VPN management platform, and implementation method and system for VPN service | |
| US11178049B2 (en) | Device deployment and net work management using a self-service portal | |
| KR100942480B1 (en) | Communication devices, systems, and methods for remotely managing local network devices | |
| US8713177B2 (en) | Remote management of networked systems using secure modular platform | |
| CN110086652B (en) | Management system and method for service network element in 5G core network | |
| CN100499510C (en) | Method for positioning fault and service maintenance platform | |
| US20160294575A1 (en) | System, Apparatus, and Method for Automatically Configuring Application Terminals in Home Network | |
| CN105991796B (en) | A kind of method and system of the configuration service of the user terminal in on-premise network | |
| CN109474508B (en) | VPN networking method, VPN networking system, VPN master node equipment and VPN master node medium | |
| RU2533638C2 (en) | Data configuration method and device | |
| CN104767649A (en) | Bare metal server deployment method and device | |
| CN110677383B (en) | Firewall wall opening method and device, storage medium and computer equipment | |
| CN102739455A (en) | Method and device for configuring network device | |
| CN103281408B (en) | A kind of method that reverse registration penetrates network | |
| CN101951325A (en) | Network terminal configuration system based on automatic discovery and configuration method thereof | |
| CN105652831A (en) | Interaction method and interaction system of building equipment | |
| KR20110055561A (en) | Development, testing, and demonstration of automated solutions using web-based virtual machines and JYP tunneling | |
| CN103179080B (en) | The cloud computer system of a kind of Internet user and the method for connection cloud computer | |
| US9485217B2 (en) | Method for configuring network nodes of a telecommunications network, telecommunications network, program and computer program product | |
| CN105490861A (en) | System and method of management of network management device | |
| CN101188515A (en) | Method and device for automatically discovering network element device | |
| CN101212346B (en) | Software version management method and device for network element management system | |
| CN105119934A (en) | Deployment method of virtual private network branch, headquarter equipment and branch equipment | |
| CN101867509A (en) | Device, system and method for automatically configuring application terminal in household network | |
| CN108243050B (en) | Method and equipment for configuring routing table |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |