CN1301607C - Method for Realizing Firewall Supporting Virtual Local Area Network - Google Patents
Method for Realizing Firewall Supporting Virtual Local Area Network Download PDFInfo
- Publication number
- CN1301607C CN1301607C CNB021008523A CN02100852A CN1301607C CN 1301607 C CN1301607 C CN 1301607C CN B021008523 A CNB021008523 A CN B021008523A CN 02100852 A CN02100852 A CN 02100852A CN 1301607 C CN1301607 C CN 1301607C
- Authority
- CN
- China
- Prior art keywords
- packet
- frame head
- vlan
- frame
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000001914 filtration Methods 0.000 claims abstract description 20
- 230000005540 biological transmission Effects 0.000 claims abstract description 8
- 238000003672 processing method Methods 0.000 claims abstract description 4
- 230000003139 buffering effect Effects 0.000 claims description 16
- 238000012545 processing Methods 0.000 claims description 11
- 230000015572 biosynthetic process Effects 0.000 claims description 3
- 238000013507 mapping Methods 0.000 claims description 2
- 239000012467 final product Substances 0.000 claims 1
- 238000005516 engineering process Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
Images
Landscapes
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention relates to a method for realizing a firewall which supports a virtual local area network (VLAN). Before data packets which reach a VLAN firewall are filtered, the data packets are respectively processed according to the frame head information of the data packets to match the filtering of the data packets in a link layer, a network layer or an application layer. The present invention comprises a method for carrying out exchange for the data packets which reach the firewall in the link layer, a processing method in the network layer and a proxy method in the application layer. The present invention respectively supports VLANs in the link layer, the network layer and the application layer according to VLAN environments, solves the problem that the existing firewall does not support or does not completely support the VLANs, and can completely realize the packet filtering, the network address transmission (NAT) and the proxy functions of the firewall in virtual network environments.
Description
Technical field:
The present invention relates to a kind of method that realizes the virtual support LAN firewall, be meant especially a kind of at the VLAN environment in link layer, network layer and application layer method to its support, belong to networking technology area.
Background technology:
Usually, an Internet protocol (Internet Protocol is called for short IP) subnet or Ethernet protocol (IPX) subnet belong to a broadcast domain, and therefore, the broadcast domain in the network is divided according to physical network.Such network configuration is considered all to be short of to some extent from efficient and safety perspective.Simultaneously, owing to the website in the network is bound in the residing physical network, and can not as required it be divided to corresponding logical subnetwork, so the structure of network lacks flexibility.For addressing this problem, thereby caused VLAN (Virtual Local Area Network, abbreviation VLAN) notion, so-called VLAN is meant that the website in the network is not limited to residing physical location, and can add a kind of network technology in the different logical subnetworks as required neatly.
At present, in switching Ethernet, utilize vlan technology, the physical network that is connected into by switch can be divided into a plurality of logical subnetworks.That is to say that the broadcast data packet that website sent among VLAN will only be forwarded to the website that belongs to same VLAN.And in conventional local area, because the corresponding relation of physical network and logical subnetwork, so the broadcast data packet that any one website sent all will be forwarded to all websites in the network.
In switching Ethernet, each website can belong to different VLAN respectively.The website that constitutes VLAN is not limited to residing physical location, and they both can be articulated in the same switch, also can be articulated in the different switches.
Can not supported vlans at present firewall product, some ways are as a VLAN virtual device fire compartment wall itself; But such way is not supported bridge again, has therefore limited the application of fire compartment wall in vlan environment.
Summary of the invention:
Main purpose of the present invention is to propose a kind of method that realizes the virtual support LAN firewall, and it in link layer, network layer and application layer supported vlans, solves the halfway problem that present fire compartment wall is not supported or supported VLAN at vlan environment; Can in virtual network environment, realize packet filtering, network address transmission (Network Address Transmission is called for short NAT) and the agent functionality of fire compartment wall fully.
The object of the present invention is achieved like this:
A kind of method that realizes the virtual support LAN firewall carries out handling respectively according to the frame head information of this packet before the packet filtering to the packet that arrives virtual local network fire wall, is engaged in the Packet Filtering of link layer, network layer or application layer; At least comprise: the method that the packet that arrives fire compartment wall is exchanged at link layer, in the processing method of network layer and the method for application level proxy;
The concrete steps that link layer carries out switching method are:
Step 100: remove the frame head information of packet, carry out Packet Filtering then;
Step 110: the formation of the filtered data bag being put into transmission interface sends;
The concrete grammar of network layer handles method is:
Step 200: receive the packet that transmits from link layer, distribute one section buffering area that is used to store the packet frame head, and remove the frame head information of this packet;
Step 210: record VLAN mark and target MAC (Media Access Control) address information;
Step 220: carry out network layer and receive the laggard line data packet filtering of processing;
Step 230: network layer sends to be handled;
Step 240: the frame head information of this packet of reconstruct, and add the VLAN mark;
Step 250: packet is sent to link layer;
The concrete grammar of application level proxy method is:
Application proxy receives the virtual local area network packet of network layer handles;
Discharge the buffering area of storage packet frame head, and when the agency sends this message, redistribute a buffering area, for the Ethernet frame head reserves corresponding length;
To ARP (Address Resolution Protocol), being called for short ARP) message carries out that fire compartment wall is replied or the fire compartment wall request is handled.
Purpose medium access control (Media Access Control) when the packet that arrives fire compartment wall is called for short MAC) when address and source MAC were in the same network segment, then the method that only exchanges by link layer at link layer exchanged this packet.
Aforesaid step 100 specifically comprises:
Step 101: the type of judgment data frame; If this Frame is general ethernet frame, then execution in step 102; If this Frame is the VLAN frame, then execution in step 103;
Step 102: the length according to general ip message Ethernet frame head moves this ethernet frame head pointer, execution in step 104;
Step 103: the length according to the VLAN frame head moves this ethernet frame head pointer;
Step 104: carry out Packet Filtering.
When the target MAC (Media Access Control) address of the packet that arrives fire compartment wall and source MAC are not in the same network segment,
Then handle this packet by the network layer handles method.
The concrete steps of removing the frame head information of this packet comprise:
Step 201: the type of judgment data frame; If this Frame is general ethernet frame, then execution in step 202; If this Frame is the VLAN frame, then execution in step 203;
Step 202: the length according to general ip message Ethernet frame head moves this ethernet frame head pointer;
Step 203: the length according to the VLAN frame head moves this ethernet frame head pointer.
Network layer receives and is treated to: in the reception of network is handled, when packet is sent to the upper-layer protocol processing, at first remove corresponding Frame frame head, obtain the type information value of packet then; Concrete step is as follows:
If this data frame head is the VLAN frame head, then the length according to the VLAN frame head moves this ethernet frame head pointer;
Taking out latter two byte of this data frame head, is upper byte with back one byte wherein, and last byte is a low byte, is combined as the type of data packet information word.
Network layer sends to handle and comprises:
Step 231: rewrite the frame head of Ethernet according to the VLAN mark that is write down and target MAC (Media Access Control) address information, and frame type is made as the virtual LAN data frame type;
Step 232: the MAC Address of mark bridge and the mapping table of interface;
Step 233: use target MAC (Media Access Control) address and source MAC in Hash (hash) table of this bridge MAC Address, to search corresponding VLAN mark respectively;
Step 234: relatively these two VLAN mark whether identical; As identical, then it is filled up in the Ethernet frame head; Otherwise, with this data packet discarding.
To address resolution protocol (Address Resolution Protocol), being called for short ARP) message carries out that fire compartment wall is replied or the fire compartment wall request is handled specific as follows:
When fire compartment wall is received the ARP request, redistribute a buffering area; When message is virtual LAN data, 4 bytes of overabsorption then, and reserve corresponding Frame length.
When fire compartment wall sent the ARP request, all vlan numbers of the circulation of ARP request message being inserted current record sent.
The present invention is directed to vlan environment respectively in link layer, network layer and application layer supported vlans, solved the halfway problem that present fire compartment wall is not supported or supported VLAN; And can in virtual network environment, realize packet filtering, the network address transmission NAT and the agent functionality of fire compartment wall fully.
The present invention is described in further detail below in conjunction with accompanying drawing and specific embodiment.
Description of drawings:
Fig. 1 is a general structure schematic diagram of the present invention.
Embodiment:
Referring to Fig. 1, the data of the present invention on fire compartment wall are surrounded by three kinds of flow directions: link layer directly exchanges, network layer NAT and application level proxy; The packet that arrives virtual local network fire wall is carried out handling respectively according to the frame head information of this packet before the packet filtering, be engaged in the Packet Filtering of link layer, network layer or application layer; At least comprise: the method that the packet that arrives fire compartment wall is exchanged at link layer, in the processing method of network layer and the method for application level proxy.
When link layer exchanges, promptly when the target MAC (Media Access Control) address of the packet that arrives fire compartment wall and source MAC are in the same network segment, do not need to change the content of packet Ethernet frame head, but the formation of directly actual content of packet being put into transmission interface; Do not need to do unnecessary processing in this case, only need correctly moving hand to be pointed to the head of IP bag, so that the state packet filtering can be carried out correct filtration.
For back two kinds of data packet streams to situation, that is: when the target MAC (Media Access Control) address of the packet that arrives fire compartment wall and source MAC are not in the same network segment, at first in internal memory, offer a buffering area, when packet passes to network layer, the data frame head of Ethernet is peeled off, on the packet before the IP layer, VLAN mark and target MAC (Media Access Control) address are kept among the buffering area; And before this packet will be sent out, earlier from internal memory, search corresponding VLAN mark, and when reconstruct Ethernet data frame head, the VLAN mark filled out again and get back in the corresponding Ethernet frame head.
It has represented the structure of normal IP message Ethernet frame head and VLAN message Ethernet frame head referring to table 1:
| Byte location | 0-5 | 6-11 | 12-13 | 14-15 | 16-17 |
| Normal IP message Ethernet frame head | |||||
| Target MAC (Media Access Control) address | Source MAC | Frame type | |||
| VLAN message Ethernet frame head | |||||
| Target MAC (Media Access Control) address | Source MAC | 0X8100 | Priority | Protocol type | |
From top table 1 as can be seen: the Ethernet frame head of VLAN message is Duoed four bytes than the frame head of general IP message, and frame type is 0x8100, and the represented protocol type of 16-17 byte is exactly the frame type of the 12-13 byte in the general ip message.
The link layer exchange to the concrete grammar that VLAN handles is:
To carry out two processing at link layer to VLAN: the first, carry out packet filtering.The second, record target MAC (Media Access Control) address and VLAN mark associated therewith.
The IP head pointer must be moved to correct position, that is: pointed IP header during packet filtering.
Bridge will write down the corresponding relation of target MAC (Media Access Control) address and interface when process frames of data, so the VLAN label record can be got off, increase the parameter of a VLAN mark.
The processing of the VLAN of network layer NAT
When network layer is NAT, do not redistribute buffering area, just in former buffering area, revise contents such as IP address, MAC Address and protocol type, so as long as correctly revise foregoing.
Network layer receives and is treated to: in the reception of network is handled, when packet is sent to the upper-layer protocol processing, at first remove corresponding Frame frame head, obtain the type information value of packet then; Concrete step is as follows:
If this data frame head is the VLAN frame head;
Then the length according to the VLAN frame head moves this ethernet frame head pointer; Taking out latter two byte of this data frame head, is upper byte with back one byte wherein, and last byte is a low byte, is combined as the type of data packet information word.
In the reception of network layer is handled, after bridge is handled message, in the time of these messages need being delivered to upper-layer protocol and handle, need correct Ethernet frame head and the correct categorical variable assignment of giving removed, so that this message of processing that the agreement on upper strata can be correct.
In the transmission of network layer is handled, in the time of sending the IP bag, rewrite the Ethernet frame head.Frame type is extended this as 0x8100 here.The VLAN mark then obtains in buffering area, searches its corresponding VLAN mark and compare these two VLAN with target MAC (Media Access Control) address and source MAC respectively to mark whether identical in the Hash table of the MAC Address of bridge; Then it is filled up in the Ethernet frame head as identical, otherwise with this data packet discarding.The purpose of doing so mainly is to prevent that the main frame between the different VLAN can communication.
The VLAN of application proxy handles
Correctly handle the message of VLAN in network layer after, application proxy just can be received this message, will discharge for one section core buffer of its distribution after handling.The agency redistributes this buffering area when sending message, for this Ethernet frame head reserves correct length.
The processing of ARP message
Being divided into fire compartment wall for the ARP message replys and two kinds of situations of fire compartment wall request.
Wherein, what fire compartment wall was replied is treated to: receive ARP when request when fire compartment wall, redistribute a buffering area, if when be VLAN then be 4 bytes of this buffering area overabsorption, and reserve correct frame length.
The fire compartment wall processing of request is: when fire compartment wall oneself sends the ARP request, can be set to 0xffffff by target MAC (Media Access Control) address, therefore there is no accurate sending direction, so all vlan numbers that this packet circulation must be inserted current record send.
It should be noted last that: above embodiment is the unrestricted technical scheme of the present invention in order to explanation only, although the present invention is had been described in detail with reference to the foregoing description, those of ordinary skill in the art is to be understood that: still can make amendment or be equal to replacement the present invention, and not breaking away from any modification or partial replacement of the spirit and scope of the present invention, it all should be encompassed in the middle of the claim scope of the present invention.
Claims (9)
1, a kind of method that realizes the virtual support LAN firewall, it is characterized in that: the packet that arrives virtual local network fire wall is carried out before the packet filtering, frame head information according to this packet is handled respectively, is engaged in the Packet Filtering of link layer, network layer or application layer; At least comprise: the method that the packet that arrives fire compartment wall is exchanged at link layer, in the processing method of network layer and the method for application level proxy;
The concrete steps that link layer carries out switching method are:
Step 100: remove the frame head information of packet, carry out Packet Filtering then;
Step 110: the formation of the filtered data bag being put into transmission interface sends;
The concrete grammar of network layer handles method is:
Step 200: receive the packet that transmits from link layer, distribute one section buffering area that is used to store the packet frame head, and remove the frame head information of this packet;
Step 210: record VLAN mark and target MAC (Media Access Control) address information;
Step 220: carry out network layer and receive the laggard line data packet filtering of processing;
Step 230: network layer sends to be handled;
Step 240: the frame head information of this packet of reconstruct, and add the VLAN mark;
Step 250: packet is sent to link layer;
The concrete grammar of application level proxy method is:
Application proxy receives the virtual local area network packet of network layer handles;
Discharge the buffering area of storage packet frame head, and when the agency sends this message, redistribute a buffering area, for the Ethernet frame head reserves corresponding length;
The ARP message is carried out that fire compartment wall is replied or the fire compartment wall request is handled.
2, the method for realization virtual support LAN firewall according to claim 1, it is characterized in that: when the target MAC (Media Access Control) address of the packet that arrives fire compartment wall and source MAC were in the same network segment, then the method that only exchanges by link layer at link layer exchanged this packet.
3, the method for realization virtual support LAN firewall according to claim 2, it is characterized in that: step 100 specifically comprises:
Step 101: the type of judgment data frame; If this Frame is general ethernet frame, then execution in step 102; If this Frame is the VLAN frame, then execution in step 103;
Step 102: the length according to general ip message Ethernet frame head moves this ethernet frame head pointer, execution in step 104;
Step 103: the length according to the VLAN frame head moves this ethernet frame head pointer;
Step 104: carry out Packet Filtering.
4, the method for realization virtual support LAN firewall according to claim 1, it is characterized in that: when the target MAC (Media Access Control) address of the packet that arrives fire compartment wall and source MAC are not in the same network segment, then handle this packet by the network layer handles method.
5, the method for realization virtual support LAN firewall according to claim 4 is characterized in that: the frame head information of removing this packet specifically comprises:
Step 201: the type of judgment data frame; If this Frame is general ethernet frame, then execution in step 202; If this Frame is the VLAN frame, then execution in step 203;
Step 202: the length according to general ip message Ethernet frame head moves this ethernet frame head pointer;
Step 203: the length according to the VLAN frame head moves this ethernet frame head pointer.
6, the method for realization virtual support LAN firewall according to claim 4, it is characterized in that: network layer receives and is treated to: in the reception of network is handled, when packet is sent to the upper-layer protocol processing, at first remove corresponding Frame frame head, obtain the type information value of packet then; Concrete step is as follows:
If this data frame head is the VLAN frame head, then the length according to the VLAN frame head moves this ethernet frame head pointer;
Taking out latter two byte of this data frame head, is upper byte with back one byte wherein, and last byte is a low byte, is combined as the type of data packet information word.
7, the method for realization virtual support LAN firewall according to claim 4 is characterized in that: network layer sends to handle and comprises:
Step 231: rewrite the frame head of Ethernet according to the VLAN mark that is write down and target MAC (Media Access Control) address information, and frame type is made as the virtual LAN data frame type;
Step 232: the MAC Address of mark bridge and the mapping table of interface;
Step 233: in the Hash table of this bridge MAC Address, search corresponding VLAN mark with target MAC (Media Access Control) address and source MAC respectively;
Step 234: relatively these two VLAN mark whether identical; As identical, then it is filled up in the Ethernet frame head; Otherwise, with this data packet discarding.
8, the method for realization virtual support LAN firewall according to claim 1 is characterized in that: ARP message fire compartment wall is replied and is treated to: when fire compartment wall is received the ARP request, redistribute a buffering area; When message is virtual LAN data, 4 bytes of overabsorption then, and reserve correct frame length and get final product.
9, the method for realization virtual support LAN firewall according to claim 1 is characterized in that: when fire compartment wall sent the ARP request, all vlan numbers of the circulation of ARP request message being inserted current record sent.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB021008523A CN1301607C (en) | 2002-02-01 | 2002-02-01 | Method for Realizing Firewall Supporting Virtual Local Area Network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB021008523A CN1301607C (en) | 2002-02-01 | 2002-02-01 | Method for Realizing Firewall Supporting Virtual Local Area Network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1435969A CN1435969A (en) | 2003-08-13 |
| CN1301607C true CN1301607C (en) | 2007-02-21 |
Family
ID=27627302
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB021008523A Expired - Fee Related CN1301607C (en) | 2002-02-01 | 2002-02-01 | Method for Realizing Firewall Supporting Virtual Local Area Network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1301607C (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100452790C (en) * | 2004-03-04 | 2009-01-14 | 上海交通大学 | Method for implementing virtual fire wall teaching experiment to multi-user |
| US7650635B2 (en) * | 2004-04-07 | 2010-01-19 | Cisco Technology, Inc. | Method and apparatus for preventing network attacks by authenticating internet control message protocol packets |
| CN1905555B (en) * | 2005-07-30 | 2010-07-07 | 华为技术有限公司 | Firewall Control System and Method Based on NGN Service |
| CN100496038C (en) * | 2005-11-03 | 2009-06-03 | 上海交通大学 | Realization method of firewall experiment system with remote large-scale multi-user concurrent control |
| US7966654B2 (en) * | 2005-11-22 | 2011-06-21 | Fortinet, Inc. | Computerized system and method for policy-based content filtering |
| CN102571738B (en) * | 2010-12-08 | 2015-09-16 | 中国电信股份有限公司 | Based on the intrusion prevention method and system that VLAN exchanges |
| CN107155182B (en) * | 2016-03-03 | 2020-12-11 | 深圳市多尼卡电子技术有限公司 | Method and device for protecting safety of cabin WiFi network |
| CN115150106B (en) * | 2021-03-16 | 2023-03-14 | 中国科学技术大学 | Safety protection method of physical machine and network node equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH07170279A (en) * | 1993-12-14 | 1995-07-04 | Nec Eng Ltd | User group setting system in lan bridge system |
| JPH10150459A (en) * | 1996-11-19 | 1998-06-02 | Hitachi Cable Ltd | Switching hub with virtual LAN function |
| US6226748B1 (en) * | 1997-06-12 | 2001-05-01 | Vpnet Technologies, Inc. | Architecture for virtual private networks |
| CN1298592A (en) * | 1998-04-27 | 2001-06-06 | 因特纳普网络服务公司 | Establish a connection in the network |
| CN1333613A (en) * | 2000-07-07 | 2002-01-30 | 冲电气工业株式会社 | Virtual LAN system capable of transmitting mark frame |
-
2002
- 2002-02-01 CN CNB021008523A patent/CN1301607C/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH07170279A (en) * | 1993-12-14 | 1995-07-04 | Nec Eng Ltd | User group setting system in lan bridge system |
| JPH10150459A (en) * | 1996-11-19 | 1998-06-02 | Hitachi Cable Ltd | Switching hub with virtual LAN function |
| US6226748B1 (en) * | 1997-06-12 | 2001-05-01 | Vpnet Technologies, Inc. | Architecture for virtual private networks |
| CN1298592A (en) * | 1998-04-27 | 2001-06-06 | 因特纳普网络服务公司 | Establish a connection in the network |
| CN1333613A (en) * | 2000-07-07 | 2002-01-30 | 冲电气工业株式会社 | Virtual LAN system capable of transmitting mark frame |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1435969A (en) | 2003-08-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100409217C (en) | Internet protocol address allocation device and method | |
| US9008084B2 (en) | Method of IPv6 at data center network with VM mobility using graceful address migration | |
| CN103858390B (en) | Distributed IP v6 neighbor discovering methods for large-scale data center exchange system | |
| CN1150725C (en) | Method and device for network packet sending query reducing number of memory accesses | |
| CN1199422C (en) | Allocating addresses to mobile stations | |
| CN1453962A (en) | Internetwork protocol and method for setting main machine address and selecting source address | |
| CN1863133A (en) | Method and apparatus for transmitting message | |
| CN1433190A (en) | Exchange node classifying and marking rules | |
| CN101030946A (en) | Method and system for realizing data service | |
| CN106713144A (en) | Read-write method of message exit information and forwarding engine | |
| CN1301607C (en) | Method for Realizing Firewall Supporting Virtual Local Area Network | |
| CN1691629A (en) | Method for implementing layer-2 equipment interconnection in resilient packet ring (RPR) based network | |
| CN1677951A (en) | Data exchange method based on virtual local area network | |
| CN1614942A (en) | Method for soluting IP address conflicts in network communication | |
| CN1866910A (en) | Data message transmission method and Ethernet bridge apparatus based on VLAN | |
| CN1398090A (en) | Tunnel encapsulation method for wireless VPN | |
| CN101052011A (en) | MPLS label distribution method, system and device | |
| CN1677950A (en) | Data exchange method based on virtual local area network | |
| CN1543132A (en) | Realization method of multicast across virtual local area network | |
| CN101052022A (en) | System and method for virtual special net user to access public net | |
| CN1859304A (en) | Method for realizing neighbour discovery | |
| CN100344122C (en) | Implementing Method for sending datagram type message from assigned port | |
| CN1249572C (en) | Plug-and-play ether net access system and method | |
| US20130077530A1 (en) | Scaling IPv6 on Multiple Devices Virtual Switching System with Port or Device Level Aggregation | |
| CN1697445A (en) | Implementation method for transferring data in virtual private network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: LEGEND WANGYU TECHNOLOGY (BEIJING) LTD. Free format text: FORMER OWNER: LIANXIANG (BEIJING) CO. LTD. Effective date: 20050218 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20050218 Address after: 100086, room 801-810, CLP information building, 6 South Avenue, Beijing, Haidian District, Zhongguancun Applicant after: Lenovo Wangyu Technology (Beijing) Ltd. Address before: 100085, No. 6, Pioneer Road, Haidian District information industry base, Beijing Applicant before: Lenovo (Beijing) Co., Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: BEIJING LEADSEC INFORMATION TECHNOLOGY CO., LTD. Free format text: FORMER NAME: LEADSEC TECHNOLOGY (BEIJING) CO., LTD. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 100086, room 801-810, CLP information building, 6 South Avenue, Beijing, Haidian District, Zhongguancun Patentee after: Beijing Leadsec Technology Co.,Ltd. Address before: 100086, room 801-810, CLP information building, 6 South Avenue, Beijing, Haidian District, Zhongguancun Patentee before: Lenovo Wangyu Technology (Beijing) Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20070221 Termination date: 20150201 |
|
| EXPY | Termination of patent right or utility model |