CN1980237A - Method for apparatus for identifying module of accessing network - Google Patents
Method for apparatus for identifying module of accessing network Download PDFInfo
- Publication number
- CN1980237A CN1980237A CN 200610105977 CN200610105977A CN1980237A CN 1980237 A CN1980237 A CN 1980237A CN 200610105977 CN200610105977 CN 200610105977 CN 200610105977 A CN200610105977 A CN 200610105977A CN 1980237 A CN1980237 A CN 1980237A
- Authority
- CN
- China
- Prior art keywords
- module
- accesses network
- storehouse
- identification characteristics
- unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The method includes steps: when application program accesses network, the method intercepts operations of accessing network in order to obtain stack information of intercepted threaded; based on the stack information to trace back the stack, and based on address of command pushed to stack to find out operations of accessing network are sent from which module call sequence so as to determine which module wants to access network; then, based on character of module to identify unauthentic modules automatically in order to send warning to user.
Description
Invention field
The present invention relates to a kind of method that is used to discern the process of accesses network, particularly a kind ofly can specifically identify the method and apparatus of the module of accesses network in the process, and the computer system that adopts this device.
Background technology
Along with development of internet technology, safety problem progressively becomes the focus that people pay close attention to.At present, not only panoramic virus is threatening the safety of user machine system, those can be stolen user profile by accesses network, duplicate user file, even " wooden horse " program of destruction user machine system more allows numerous computer users feel hard to guard against.
Extremely strong " wooden horse " program of this aggressiveness comes down to a kind of Long-distance Control instrument by the client/service mode operation, it can load serve end program automatically in user's computer, and according to the request of remote control terminal (client) the program corresponding program of operation automatically under the unwitting situation of user, for example on user's computer, upload, file in download, peep user's documentum privatum, steal various passwords and password information or the like.
" wooden horse " program why be difficult to take precautions against be because its usually adopt extremely cunning means come hidden oneself, make domestic consumer after having suffered " wooden horse ", be difficult to realize.For example, " wooden horse " program can be concealed by methods such as revised file attribute, filename or modification ports.For example JavaScript, VBScript, ActiveX, XLM or the like also can become the propagation medium of " wooden horse " program in addition.Now, at the stealthy means of these routines of " wooden horse " program, existing antivirus software has adopted corresponding countermeasure, thereby can remove " wooden horse " program to a certain extent.
Yet, along with the renewal of virus technology, except these stealth technologies commonly used, a kind of renewal, more hidden " wooden horse " program loading method have appearred in the recent period again.This new " wooden horse " program is injected into the memory modules group of a certain normal procedure by modes such as hook or remote thread injections with himself module, becomes the part of the memory modules of this program.Even, the module that some " wooden horse " program is also replaced normal procedure with the module of self, thus realize loading.
This new " wooden horse " stealth technology makes that " wooden horse " program does not increase any new file after loading, does not need to open new port, does not start new process.That is to say that " wooden horse " program thereby uses the conventional method that searches " wooden horse " program to monitor less than it almost without any characterizing symptom at all when normal operation.But, in case the program that the control end of " wooden horse " program after service end is sent information specific, is hidden just bring into operation immediately, thereby invasion and attack user's computer system.
Therefore, need to propose the method that a kind of new strick precaution " wooden horse " is attacked at present, to guarantee in time to find " wooden horse " program, particularly can find to adopt " wooden horse " program of this new stealth technology, thereby avoid its destruction or control user's computer system.
Summary of the invention
One object of the present invention is to provide whether a kind of module that can identify accesses network intelligently is the method for " wooden horse " program injection module, thereby finds in time that for the user " wooden horse " program provides possibility.
To achieve these goals, the present invention proposes a kind of method of discerning the module of accesses network, this method may further comprise the steps: the action of tackling a thread accesses network in the process; By reviewing described storehouse, obtain the instruction address that is pressed into described storehouse according to the stack information of the described thread of being tackled; According to described instruction address, search for the module relevant with the action of described accesses network; According to the feature of the described module that searches out, judge whether described module is credible.
In addition, the invention allows for the device that is used to realize said method, and the computer system that comprises this device.
The action that the method that the present invention proposes can find out accesses network by which sequence of modules is called and is started, and can identify these modules that participate in this accesses network action is injection modules of module or " wooden horse " program of believable normal procedure, thereby is that possibility has been created in discovery in time and the invasion and attack of prevention " wooden horse " program.
By content, and along with understanding more comprehensively to of the present invention below in conjunction with the description of the drawings and claims, above-mentioned and other purpose of the present invention and effect will become clear more and easy to understand.
Description of drawings
Describe the present invention below with reference to the drawings and specific embodiments, wherein:
Fig. 1 illustrates the flow chart of the method for the module that is used to discern accesses network in the embodiment of the invention;
Fig. 2 illustrates the structured flowchart of the device of the method that is used to according to an embodiment of the invention to realize that the present invention proposes.
Embodiment
Although " wooden horse " application categories is various and vary, all " wooden horse " programs all have a common characteristic, and that is exactly by outside (control end) transmission information of network.In view of these characteristics, the present invention proposes: in the application access network, the action of Intercept Interview network is with the storehouse of the thread that obtains to be tackled; Which send by module by reviewing the action that storehouse searches out this accesses network then; According to the feature of these modules, judge the injection module that these modules are believable program module or " wooden horse " at last.Like this, according to the method that the present invention proposes, can before outwards send information by network, " wooden horse " program find " wooden horse " program and stop its injurious act.
Describe the specific implementation process of the above-mentioned thought of the present invention's proposition in detail below in conjunction with accompanying drawing.
Fig. 1 is the method flow diagram of module that is used to discern accesses network according to the embodiment of the invention.As shown in Figure 1, the method that the present invention proposes can comprise the Intercept Interview network action, review storehouse and search for the module of accesses network, and the module three parts that search out of identification.Below will describe the concrete operations of these three parts one by one in detail.
The action of Intercept Interview network
As shown in Figure 1, when the process of an application program will be carried out some access to netwoks activity, a certain thread in this process can send the action (step S110) of accesses network.According to different agreements, the action of this accesses network can have multiple possibility, and for example, according to transmission control protocol (TCP), this action promptly begins Listen for beginning to monitor the connection request from the other side's tcp port; And according to User Datagram Protoco (UDP) (UDP), this action is then for beginning to create address object etc.
When thread sent the action of this accesses network, firewall software can be intercepted these incidents (step S120).Subsequently, find the thread that sends this accesses network action, and obtain the stack information of this thread thus, as (the step S130) such as values of base pointer register (EBP) according to the incident of being intercepted.
Certainly, can also adopt other modes to obtain stack information, for example in driving, directly search the position of storehouse etc.These methods are conspicuous to those skilled in the art, thereby omit specific descriptions herein.
Review storehouse
Because all can be during each function call with current register EBP and EIP (instruction pointer, be used in reference to instruction address pending in internal memory) value be pressed into storehouse, thereby always can be pressed into the current base address (EBP) of calling employed stack area of storehouse when calling at every turn, review whole storehouse, thereby obtain to be pressed into when calling instruction address---the EIP (step S210) of storehouse at every turn.
Then, in step S220, start address and the end address of reviewing each module in the EIP value of at every turn calling that obtains in the storehouse process and the process compared.If this EIP value is in the address realm of certain module, then the module relevant with the action of this accesses network found in expression.Otherwise expression is not found corresponding module and needn't be continued again and seeks.If found corresponding module in step S220, this module that then will search joins in the module chained list relevant with the action of this accesses network (step S230).Subsequently, continue to read EBP and the EIP (step S210) of storehouse (step S240) when once calling before obtaining, and repeated execution of steps S220 to S240, thereby all modules of calling in the current thread found.
After all modules relevant with this accesses network action have all found, finish to review storehouse.At this moment, flow process goes to step S310, continues to judge that each module in the module chained list that searches out is believable program module, still the module of " wooden horse " program injection.
Module identification
As shown in Figure 1, find after all modules that participate in current accesses network action reviewing storehouse, according to the feature of module, whether the module in the identification module chained list is credible.In the present invention, the feature identification of module can adopt multiple mode to realize according to the different attribute of module, below exemplarily provides the method for module identification, but the present invention is not limited to this.
For example, can come identification module whether credible as Business Name or company's signature (digital signature) according to the identification information of module.
Usually, believable module generally all includes Business Name in module.If certain module does not have the Business Name sign, this module just can be identified as an incredible module so, and in other words, it may be the module of " wooden horse " program injection.
Whether if module has company signature (as digital signature), then can judge for the signature of same company whether this module is credible according to the signature of the signature of this module and this application program.For example, for the system module of Microsoft, generally have the signature of Microsoft, this is known.If company's signature of signature of the company in the module and application program is different, and this module does not have the signature of Microsoft, this module just is likely an incredible module so.
In addition, easy to use in order to make the user, the method that the present invention proposes also can comprise sets up a knowledge base that possesses self-learning function.When the program that designs according to the present invention is moved in a certain system for the first time, this knowledge base is normal module in the learning system automatically, and with the identification information of this module and this module, wait as company's signature to record in the knowledge base, the inquiry after being provided with is used.Certainly, also can pre-install a known knowledge base before operation, this knowledge base has comprised known trusted module, and the signature of known company etc., for example comprise the program module of Microsoft certification etc., so that the user uses.The user is when moving designed according to this invention program, and the self-learning function of program can progressively add believable module information in knowledge base.After having such knowledge base, at identification module whether in the believable step, the information of the trusted module in the identification information (as module title or company's signature) of the module that searches out and the knowledge base is compared, thereby whether identify this module credible.
In addition, " wooden horse " program of injecting at the mode of adopt replacing normal module, the present invention also proposes in the self study process of described knowledge base to calculate the characteristic value of trusted module, for example calculates one section feature code of trusted module or behavioural characteristic (as cycle-index etc.) etc.Like this, when detecting this trusted module, the characteristic value of detected module and the characteristic value of this module in the knowledge base can be compared, if comparative result is represented the characteristic value difference of these two modules next time, then this module is incredible module, otherwise represents that this module is credible.Adopt this method can prevent that believable module is by the replacement of " wooden horse " program module.
Whether the module that can identify accesses network according to above method is credible.According to the result of identification, allow trusted module accesses network (step S320), and for incredible module, as long as whenever detect an insincere module, just to user give a warning (step S410).Concrete warning mode is as follows: in the application access network, and fire compartment wall prompting user; Simultaneously, the module column that participates in access to netwoks is enumerated,, use redness to cause that the user notes, outwards diffuse information by network to prevent " wooden horse " program for incredible module.If the user allows certain insincere module accesses network, then this module information is charged in the knowledge base.Like this, the method that adopts the present invention to propose, the user just might in time find and stop its operation before " wooden horse " program is implemented invasion and attack.
The method of the module of the identification accesses network that the present invention proposes has below been described in conjunction with the accompanying drawings.Method proposed by the invention can be realized by software, also can be realized by hardware as required, and perhaps the mode that is combined by software and hardware realizes.
Below in conjunction with the concise and to the point structure of describing a kind of device of the module that is used to discern accesses network of accompanying drawing 2.As shown in Figure 2, the device 100 of the module of the identification accesses network that the present invention proposes comprises: interception unit 110, review unit 120 and recognition unit 130, wherein review unit 120 and specifically comprise storehouse trace unit 121, instruction address acquiring unit 123 and search unit 125.
In Fig. 2, interception unit 110 is used for tackling the action of a thread accesses network of a process, and obtains the stack information of the thread tackled.In reviewing unit 120, storehouse trace unit 121 bases are pressed into the current base address of calling employed stack area of storehouse at every turn and review storehouse when calling.Instruction fetch unit 123 is used to obtain to be pressed into when calling the EIP of described storehouse at every turn.Then, the initial sum termination address that search unit 125 will obtain calls all modules in the EIP that is pressed into storehouse and the described process at every turn compares, to search out corresponding module.At last, recognition unit 130 judges according to the feature of the described module that searches out whether described module is credible.
Fig. 2 only shows a kind of of device of the module of the identification accesses network that the present invention proposes may structure.Yet, it should be appreciated by those skilled in the art that being used to that the present invention proposes realize that the concrete structure of the inventive method is not limited to this, can also adopt multiple other structures to realize.
Beneficial effect
Below describe the present invention in conjunction with the accompanying drawings in detail.The method of the module of the identification accesses network that the present invention proposes searches all modules that participate in access to netwoks by reviewing storehouse, thereby the action of accesses network can be navigated to module level.Then, this method is by the differentiation to the credibility of all modules of searching out, and the module that identifies these accesses network is normal procedure or " wooden horse " program.Thereby the method that the present invention proposes can be tackled by stealthy " wooden horse " program of module injection mode.
In addition, because the method that the present invention proposes at first is the action of Intercept Interview network and all modules that obtain to participate in access to netwoks, whether it credible according to the module feature identification that participates in access to netwoks then, thereby can help the user to find new, unknown " wooden horse " program.
In addition, the method that the present invention proposes also comprises setting up to have the knowledge base of self-learning function, thereby can upgrade the information of trusted module automatically, and is user-friendly.
Whether moreover the method that the present invention proposes is the characteristic value of trusted module in the calculation knowledge storehouse also, comprises feature code or behavioural characteristic, thereby can discern former trusted module according to the characteristic value of module and substituted by the module of " wooden horse " program.
Therefore, the method that adopts the present invention to propose, the user can in time find to inject the module of known or unknown " wooden horse " program of normal procedure, for the user system of using a computer has increased safety curtain one.
It will be appreciated by those skilled in the art that the disclosed method and apparatus that is used to discern the module of accesses network of the invention described above, can also on the basis that does not break away from content of the present invention, make various improvement.Therefore, protection scope of the present invention should be determined by the content of appending claims.
Claims (15)
1, a kind of method that is used to discern the module of accesses network comprises:
A) action of a thread accesses network in process of interception is with the stack information of the thread that obtains to be tackled;
B) review described storehouse according to the stack information of described thread,, search for the module relevant with the action of described accesses network with according to the instruction address that is pressed into described storehouse;
C) according to the feature of the described module that searches out, judge whether described module is credible.
2, the method for claim 1, wherein said step b also comprises:
The initial sum termination address that is pressed into all modules in the described instruction address of described storehouse and the described process is compared, if described instruction address falls into the address realm of described certain module of process, then this module is the described module relevant with action described accesses network that search out; Otherwise expression has searched out all described modules relevant with the action of described accesses network.
3, the method described in claim 1 or 2, wherein said step c comprises:
The feature of described module comprises the identification characteristics of described module.
4, method as claimed in claim 3, the identification characteristics of wherein said module comprises: the Business Name of described module, or the company of described module signature.
5, method as claimed in claim 3, wherein said step c comprises:
If the identification characteristics of the described module that searches out does not exist, the identification characteristics that perhaps described identification characteristics is not known identification characteristics and described module is different with the identification characteristics of the application program that described process is carried out, and judges that then described module is insincere.
6, method as claimed in claim 3, wherein said step c also comprises and sets up a knowledge base that comprises trusted module and identification characteristics thereof; And
According to the identification characteristics of the trusted module in this knowledge base and the identification characteristics of the described module that searches out, judge whether the described module that searches out is credible.
7, method as claimed in claim 6, wherein said knowledge base is set up by learning by oneself function.
8, method as claimed in claim 6, wherein said knowledge base also comprises the characteristic value of trusted module, and according to the characteristic value of the described module that searches out and the characteristic value of described trusted module, judge whether the described module that searches out is credible, and wherein this characteristic value is used to identify the attribute of trusted module itself.
9, as claim 6 or 8 described methods, wherein after the user permits described insincere module accesses network, with described insincere module feature as the trusted module representative record in knowledge base.
10, a kind of device that is used to discern the module of accesses network comprises:
Interception unit is used for tackling the action of a thread accesses network of a process, and obtains the stack information of the thread tackled;
Review the unit, the stack information that is used for the described thread that obtains according to described interception unit is reviewed described storehouse, with according to the instruction address that is pressed into described storehouse, searches for the module relevant with the action of described accesses network;
Recognition unit is used for the feature according to the described module that searches out, and judges whether described module is credible.
11, device as claimed in claim 10, the wherein said unit of reviewing comprises:
The storehouse trace unit is used for reviewing described storehouse based on call the current base address of calling employed stack area that is pressed into storehouse at every turn;
The instruction address acquiring unit is used for the base address based on the stack area of described storehouse trace unit acquisition, obtains to be pressed into when calling the described instruction address of described storehouse at every turn.
12, device as claimed in claim 11, the wherein said unit of reviewing also comprises:
Search unit, be used for the initial sum termination address of described instruction address and described all modules of process is compared, if described instruction address falls into the address realm of described certain module of process, then this module is the described module relevant with action described accesses network that search out.
13, as arbitrary described device among the claim 10-12, the wherein said unit of reviewing also comprises a knowledge base that comprises trusted module and identification characteristics thereof; And
Described recognition unit according to the identification characteristics of the trusted module in this knowledge base and the identification characteristics of the described module that searches out, judges whether the described module that searches out is credible.
14, device as claimed in claim 13, wherein said knowledge base also comprises the characteristic value of trusted module, wherein this characteristic value is used to identify the attribute of trusted module itself, and
Described recognition unit judges according to the characteristic value of the described module that searches out and the characteristic value of described trusted module whether the described module that searches out is credible.
15, a kind of computer system comprises as arbitrary described device that is used to discern the module of accesses network among the claim 10-14.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006101059775A CN100521687C (en) | 2005-12-09 | 2006-07-21 | Method and apparatus for identifying module of accessing network |
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200510129499 | 2005-12-09 | ||
| CN200510129499.7 | 2005-12-09 | ||
| CNB2006101059775A CN100521687C (en) | 2005-12-09 | 2006-07-21 | Method and apparatus for identifying module of accessing network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1980237A true CN1980237A (en) | 2007-06-13 |
| CN100521687C CN100521687C (en) | 2009-07-29 |
Family
ID=38131235
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006101059775A Active CN100521687C (en) | 2005-12-09 | 2006-07-21 | Method and apparatus for identifying module of accessing network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100521687C (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102148844A (en) * | 2010-02-09 | 2011-08-10 | 深圳市金蝶中间件有限公司 | Memory leak positioning method, server, client and system |
| US8588071B2 (en) | 2008-03-12 | 2013-11-19 | Telefonaktiebolaget L M Ericsson (Publ) | Device and method for adaptation of target rate of video signals |
| CN103455757A (en) * | 2012-05-31 | 2013-12-18 | 北京金山安全软件有限公司 | Method and device for identifying virus |
| WO2015154226A1 (en) * | 2014-04-08 | 2015-10-15 | 华为技术有限公司 | Method, device and processor for data communication in virtualized environment |
| CN107122663A (en) * | 2017-04-28 | 2017-09-01 | 成都梆梆信息科技有限公司 | A kind of detection method for injection attack and device |
| CN116595527A (en) * | 2023-07-18 | 2023-08-15 | 中孚安全技术有限公司 | Method, system and device for detecting memory Trojan horse and readable storage medium |
-
2006
- 2006-07-21 CN CNB2006101059775A patent/CN100521687C/en active Active
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8588071B2 (en) | 2008-03-12 | 2013-11-19 | Telefonaktiebolaget L M Ericsson (Publ) | Device and method for adaptation of target rate of video signals |
| CN102148844A (en) * | 2010-02-09 | 2011-08-10 | 深圳市金蝶中间件有限公司 | Memory leak positioning method, server, client and system |
| CN103455757A (en) * | 2012-05-31 | 2013-12-18 | 北京金山安全软件有限公司 | Method and device for identifying virus |
| CN103455757B (en) * | 2012-05-31 | 2016-08-17 | 北京金山安全软件有限公司 | Method and device for identifying virus |
| WO2015154226A1 (en) * | 2014-04-08 | 2015-10-15 | 华为技术有限公司 | Method, device and processor for data communication in virtualized environment |
| CN105164636A (en) * | 2014-04-08 | 2015-12-16 | 华为技术有限公司 | Method, device and processor for data communication in virtualized environment |
| CN105164636B (en) * | 2014-04-08 | 2018-02-13 | 华为技术有限公司 | The method, apparatus and processor of a kind of data communication in virtualized environment |
| US10733687B2 (en) | 2014-04-08 | 2020-08-04 | Huawei Technologies Co., Ltd. | Method and apparatus for data communication in virtualized environment, and processor |
| CN107122663A (en) * | 2017-04-28 | 2017-09-01 | 成都梆梆信息科技有限公司 | A kind of detection method for injection attack and device |
| CN107122663B (en) * | 2017-04-28 | 2021-04-02 | 北京梆梆安全科技有限公司 | Injection attack detection method and device |
| CN116595527A (en) * | 2023-07-18 | 2023-08-15 | 中孚安全技术有限公司 | Method, system and device for detecting memory Trojan horse and readable storage medium |
| CN116595527B (en) * | 2023-07-18 | 2023-10-20 | 中孚安全技术有限公司 | Method, system and device for detecting memory Trojan horse and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100521687C (en) | 2009-07-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2653994B1 (en) | Information security techniques including detection, interdiction and/or mitigation of memory injection attacks | |
| US8561192B2 (en) | Method and apparatus for automatically protecting a computer against a harmful program | |
| CN100521687C (en) | Method and apparatus for identifying module of accessing network | |
| KR101122646B1 (en) | Method and device against intelligent bots by masquerading virtual machine information | |
| US20120324575A1 (en) | System, Method, Program, and Recording Medium for Detecting and Blocking Unwanted Programs in Real Time Based on Process Behavior Analysis and Recording Medium for Storing Program | |
| KR101700731B1 (en) | Method and apparatus for accessing application | |
| US7281267B2 (en) | Software audit system | |
| US8918878B2 (en) | Restoration of file damage caused by malware | |
| CN111651757A (en) | Attack behavior monitoring method, device, equipment and storage medium | |
| US8397292B2 (en) | Method and device for online secure logging-on | |
| RU2634173C1 (en) | System and detecting method of remote administration application | |
| CN101005497A (en) | System and method for preventing vicious code attach | |
| CN102932329A (en) | Method and device for intercepting behaviors of program, and client equipment | |
| US9294491B2 (en) | Device-specific content delivery | |
| CN113055399A (en) | Attack success detection method, system and related device for injection attack | |
| CN111800405A (en) | Detection method, detection device and storage medium | |
| CN111241546B (en) | Malicious software behavior detection method and device | |
| KR100832804B1 (en) | Database security system and method based on profiling | |
| US20120246723A1 (en) | Windows kernel alteration searching method | |
| GB2574209A (en) | Threat control | |
| CN110417615B (en) | Check switch control method, device and equipment and computer readable storage medium | |
| WO2021212739A1 (en) | Network attack defense method and apparatus, device, system and storage medium | |
| JP2003006027A (en) | Method for automatically setting access control policy and its system | |
| CN112565162B (en) | Method and device for detecting account stealing behavior | |
| CN106022111B (en) | Processing method and device for hiding pop-up window and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: BEIJING RISING INTERNATIONAL TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: BEIJING RISING INTERNATIONAL SOFTWARE CO., LTD. Effective date: 20100413 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100080 NO.1302, ZHONGKE BUILDING, NO.22, ZHONGGUANCUN AVENUE, BEIJING CITY TO: 100190 ROOM 1301, ZHONGKE BUILDING, NO.22, ZHONGGUANCUN AVENUE, HAIDIAN DISTRICT, BEIJING CITY |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20100413 Address after: 100190 Beijing City, Haidian District Zhongguancun Street Branch No. 22 building, room 1301 Patentee after: Beijing Rising Information Technology Co., Ltd. Address before: 100080, No. 22, Zhongguancun Avenue, 1302, Beijing Patentee before: Beijing Rising International Software Co., Ltd. |
|
| C56 | Change in the name or address of the patentee | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100190 Beijing City, Haidian District Zhongguancun Street Branch No. 22 building, room 1301 Patentee after: Beijing Rising Information Technology Co., Ltd Address before: 100190 Beijing City, Haidian District Zhongguancun Street Branch No. 22 building, room 1301 Patentee before: Beijing Rising Information Technology Co., Ltd. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 100190 Beijing City, Haidian District Zhongguancun Street Branch No. 22 building, room 1301 Patentee after: Beijing net an Technology Limited by Share Ltd Address before: 100190 Beijing City, Haidian District Zhongguancun Street Branch No. 22 building, room 1301 Patentee before: Beijing Rising Information Technology Co., Ltd |
|
| CP01 | Change in the name or title of a patent holder |