[go: up one dir, main page]

WO2006000529A1 - Procede permettant d'associer une application a un module d'identification d'abonne dans un appareil, et appareil utilisant ce procede - Google Patents

Procede permettant d'associer une application a un module d'identification d'abonne dans un appareil, et appareil utilisant ce procede Download PDF

Info

Publication number
WO2006000529A1
WO2006000529A1 PCT/EP2005/052662 EP2005052662W WO2006000529A1 WO 2006000529 A1 WO2006000529 A1 WO 2006000529A1 EP 2005052662 W EP2005052662 W EP 2005052662W WO 2006000529 A1 WO2006000529 A1 WO 2006000529A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
subscriber identity
hash
values
identity module
Prior art date
Application number
PCT/EP2005/052662
Other languages
English (en)
Inventor
Stefan Andersson
Marcus Liwell
Original Assignee
Sony Ericsson Mobile Communications Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from EP04102926A external-priority patent/EP1619915A1/fr
Application filed by Sony Ericsson Mobile Communications Ab filed Critical Sony Ericsson Mobile Communications Ab
Publication of WO2006000529A1 publication Critical patent/WO2006000529A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • H04W12/48Security arrangements using identity modules using secure binding, e.g. securely binding identity modules to devices, services or applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity

Definitions

  • the present invention relates to a method for associating an application with a subscriber identity module in an apparatus, especially a mobile phone terminal adapted to run applications within the framework of a virtual machine.
  • the invention enables enabling or disabling of applications based on information contained on a subscriber identity module without requiring root certificates stored 0 on the subscriber identity module.
  • the invention also relates to an apparatus implementing the method.
  • a known example is a MIDLet, which is the term of an application in the Java environment.
  • Applications are enabled by letting them access the equipment through an interface, the control of which is dependent of e.g. the origin of the application. The origin is verified and validated by signatures and certificates linked to a root certificate in the equipment.
  • the origin of the application may e.g. be the manufacturer or operator.
  • the user i.e. the subscriber, is associated with an identification module, e.g. the SIM card of the GSM system.
  • the SIM is issued by the operator of the mobile system to which the subscriber is subscribing.
  • the operator wants to control that only his own applications are enabled in a phone with a SIM card belonging to this 5 operator.
  • MIDP Mobile Information Device Profile 2.0
  • MIDP Mobile Information Device Profile 2.0
  • the mobile phone contains logic such that the applications are only enabled when a SIM card with the correct root certificate is inserted in the phone.
  • a more detailed description of the prior art procedure may be 0 found in the detailed description.
  • some operators have not implemented a support for handling of operator root certificates on the SIM card. To solve this, operators have required solutions where the operator root certificate is stored on a memory in the phone. This solution suffers from one major shortcoming.
  • the problem is that is does not 5 prevent MDDLets belonging to one operator from running in the operator domain belonging to another operator.
  • the present invention solves this problem by instead linking the applications to other domain identity information contained only on the SIM card, such as the International Mobile Subscriber Identity, IMSI.
  • IMSI International Mobile Subscriber Identity
  • the application contains an identification directly linking it to information on the SIM.
  • hashes of roots are stored in the phone, but a specific hash must be validated by matching it with information contained on the SIM.
  • a MIDLet is associated with a hash of root as in the prior art, but a MIDLet is only enabled if it matches a valid hash of root.
  • the invention gives the operator control of which applications are enabled without having to implement support of root certificates on the SIM card.
  • the invention provides a method for associating an application with a subscriber identity module in an apparatus having: a module reader for such a subscriber identity module, a virtual machine for running at least one application, wherein an interface between the application and the apparatus is dependent on a domain associated with the application and the application is permitted to be run only if it is enabled.
  • the method comprises the steps of: linking the application with a value capable of being linked with a domain identity, DID, value of a type that is contained on such a subscriber identity module; enabling or disabling the application by performing the steps of: reading a corresponding DID value from a subscriber identity module inserted in the apparatus; comparing the DID value of the application with the DID value of the subscriber identity module; if the DID values match, enabling the application in the associated domain, otherwise disabling the application.
  • the method comprises the steps of: linking the application with a hash of a root certificate; storing in the apparatus one or several domain identity, DID, values of a type that is contained on such a subscriber identity module, and each such DID value being linked with a hash of a specific root certificate forming linked pairs of DID values and hash of root certificates; enabling or disabling the application by performing the steps of: reading a corresponding DID value from a subscriber identity module inserted in the apparatus; comparing the DID values of the linked pairs of DID values and hash of root certificates with the DID value of the subscriber identity module; if the DID values match, declaring any matched pairs of DID values and hash of root certificates valid; comparing the hash of root certificate of the application with the hash of root certificate of any valid pairs of DID values and hash of root certificates; if the hash of root certificate of the application and the hash of root certificate of any of the valid pairs of DID values and hash of root certificates match, enabling the
  • one or several linked pairs of DID values and hash of root certificates are stored in the apparatus during the manufacturing or customization of the apparatus.
  • one or several pairs of empty DID values and hash of root certificates DID values may be stored in the apparatus, wherein the DID values are to be generated by a subscriber identity module.
  • the DID values may be locked to the ones generated by the first SIM card inserted into the phone.
  • the DID value is contained in the International Mobile Subscriber Identity, IMSI.
  • the DID value may be any subset of the IMSI, such as the MNC or MCC numbers.
  • the DID value is contained in a field on the subscriber identity module, such as the GIDl or GID2 fields.
  • the DID value may be contained in a combination of the IMSI and the GIDl or GID2 fields.
  • the enabling or disabling of an application is performed after downloading a new application.
  • the enabling or disabling of an application is performed after installing an external memory with an application in the apparatus.
  • the enabling or disabling of an application is performed on power on of the apparatus.
  • the applications may be locked to the applications enabled by means of the subscriber identity module present in the apparatus at the first power on.
  • the enabling or disabling of an application is performed after inserting a subscriber identity module into the apparatus.
  • the invention provides an apparatus having: a module reader for a subscriber identity module, a virtual machine for running at least one application, an interface between the application and the apparatus dependent on a domain associated with the application and the application being permitted to be ran only if it is enabled, the application being linked with a value capable of being linked with a domain identity, DID, value of a type that is contained on such a subscriber identity module; and a security manager for controlling the interface.
  • the security manager for enabling or disabling the application, is adapted to perform the steps of: reading a corresponding DED value from a subscriber identity module inserted in the apparatus; comparing the DID value of the application and with the DID value of the subscriber identity module; if the DID values match, enabling the application in the associated domain, otherwise disabling the application.
  • the apparatus comprises a memory for storing one or several domain identity, DID, values of a type that is contained on such a subscriber identity module, each such DID value being linked with a hash of a specific root certificate forming linked pairs of DID values and hash of root certificates; wherein the security manager, for enabling or disabling the application, is adapted to perform the steps of: reading a corresponding DID value from a subscriber identity module inserted in the apparatus; comparing the DID values of the linked pairs of DID values and hash of root certificates with the DID value of the subscriber identity module; if the DID values match, declaring any matched pairs of DID values and hash of root certificates valid; comparing the hash of root certificate of the application with the hash of root certificate of any valid pairs of DID values and hash of root certificates; if the hash of root certificate of the application and the hash of root certificate of any of the valid pairs of DID values and hash of root certificates match, enabling the application in the associated domain, otherwise
  • one or several linked pairs of DEO values and hash of root certificates are stored in the apparatus.
  • one or several pairs of empty DEO values and hash of root certificates DEO values may be stored in the apparatus, wherein the DEO values are to be generated by a subscriber identity module.
  • the security manager may be adapted to lock the DEO values to the ones generated by the first SIM card inserted into the phone.
  • the DED value is of a type contained in the International Mobile Subscriber Identity, IMSI.
  • the DEO value may be any subset of the EMSI, such as the MNC or MCC numbers.
  • the DEO value is of a type contained in a field on the subscriber identity module, such as the GIDl or GED2 fields.
  • the DEO value may be contained in a combination of the IMSI and the GDDl or GID2 fields.
  • the security manager is adapted to perform the enabling or disabling of an application after downloading a new application.
  • the security manager is adapted to perform the enabling or disabling of an application after installing an external memory with an application in the apparatus.
  • the security manager is adapted to perform the enabling or disabling of an application on power on of the apparatus.
  • the security manager may be adapted to lock the permissions of the applications to the applications enabled by means of the subscriber identity module present in the apparatus at the first power on.
  • the security manager is adapted to perform the enabling or disabling of an application after inserting a subscriber identity module into the apparatus.
  • the apparatus may be a portable telephone, a pager, a communicator, a smart phone or an electronic organiser.
  • the subscriber identity module is a SIM card.
  • Fig. 1 is a schematic diagram of entities and the procedure for verifying and validating a MIDLet downloaded in the mobile telephone over the air
  • Fig. 2 is a schematic drawing of the security model and location of various root certificates in a mobile telephone
  • Fig. 3 is a schematic drawing of entities and the procedure for enabling an application with the root stored on the SIM
  • Fig. 4 is a schematic drawing of the entities and procedure according to a first embodiment of the present invention for enabling an application when the application is associated with a domain identifier stored on the SIM
  • Fig. 5 is a schematic drawing of entities and the procedure of another embodiment of the present invention for enabling an application when the application is linked with a root and domain identifier/root pairs are stored in a phone and in turn associated with a domain identifier on the SIM.
  • GSM Global System for Mobile communications
  • the mobile phone is linked to a subscriber and a specific telephone number by means of the SIM card, which is an active (smart) card inserted in the telephone.
  • the phone is provided with a reader for retrieving information from the SIM card and may also write information to the card, e.g. using it as a memory for storing phone number etc, as is known in the art.
  • Applications may be downloaded to the phone and run on a special platform, a so called virtual machine, usually implemented as a Java environment.
  • the invention does not exclude other kinds of third party applications, such as native code, and the phone may be an open phone based on Symbian OS, which implements a mechanism similar to the Java environment.
  • the mobile terminal may be e.g. a portable telephone, a pager, a communicator, a smart phone or an electronic organiser.
  • the MIDP 2.0 security framework defines a domain based security model. In that model a domain is a set of capabilities, i.e. a sandbox, and an associated root certificate.
  • the sandbox may be regarded as a set of rules for accessing entities of the mobile phone through an interface from the application running in the virtual machine.
  • a MIDLet i.e. an application in a Java environment
  • the phone 1 contains a certificate chain in a jad (Java descriptor) file and a root certificate.
  • the MIDLet contains a signature and is carrying information locking it to a specific domain, e.g. an operator domain.
  • a root certificate is stored in the phone 1, in a memory or on the SIM card.
  • the MIDLet is provided with a signature and a certificate by an application developer 3 in cooperation with a certificate authority 2 using a secure system for exchange of certificates with private keys.
  • the procedure for verification and validation of the MIDLet is conventional and does not form part of the present invention.
  • Fig. 2 illustrates a phone 1 and possible locations of root certificates.
  • MTOLets (1...n) 5 are run in a virtual machine 4.
  • a security manager 6 controls the access of the MIDLets through an interface (not shown).
  • the security manager 6 needs information from the root certificates, of which some may be stored in a flash memory 7 and others may be stored in a SIM card 8.
  • the SIM card is shown as separate from the phone 1 even though it is actually inserted in the phone when in use.
  • a MIDLet 4 When a MIDLet 4 is installed or downloaded the signature is verified as follows: 1. The certificate chain is read from the .jad file stored in the phone 1. 2. A root certificate is retrieved from the phone 1 or from the SIM 8. 3. The certificate chain is validated and linked to a specific root certificate. 4. The MIDLet is assigned to the domain defined by the root certificate. As may be seen from fig. 2, the root certificate can reside either on the SIM 8 or in the phone 1. As mentioned in the introduction, the MIDP 2.0 specification stipulates that the operator root certificate must reside on the SIM, and never in the phone.
  • the object of the present invention is to introduce a similar prevention mechanism as described where we stop MIDLets belonging to one operator from running in the operator domain belonging to another operator, however without requiring the root to be stored on the SIM card. Since there are no roots available on the SIM, the mechanism will have to be modified.
  • the MIDLet is linked with other information contained on the SIM, generally a domain identifier, DID, value. Examples of possible DID values are set forth below in connection with the second embodiment.
  • the MIDLet has to be provided with a corresponding DID value by the developer or another provider of the application.
  • the procedure is performed as follows. This is done on downloading of the application, on installing the application, on power-on of the phone and/or on inserting the SIM. 1.
  • the DID is read from the SIM 8.
  • the DID of the SIM is compared with the DID of the MIDLet 5. 3. If the two DID values match, the MIDLet is enabled and may proceed to be used in the associated domain, otherwise the MIDLet is disabled.
  • the MIDLet 5 has to be linked with a DID value, which requires the provider to modify the MIDLet.
  • the MIDLet is linked to the hash of the root, as in the prior art.
  • the hash value of the root is bound to something contained on the SIM card, i.e. not a root certificate but something else related to e.g. the operator.
  • This information contained on the SIM is used for validation of possible candidates for hash values of root certificates.
  • various hash values are stored in the phone, e.g. in a flash memory, and linked with specific information contained on SIM cards, so to speak candidate DID values.
  • these pairs of hash values and candidate DID values may be validated by comparing with DID values contained on the SIM.
  • the allowed DID values should be a part of the customization information together with the operator root certificate.
  • the mechanisms described here should be combined with a reasonably secure customization scheme to ensure the integrity of the operator root and associated DID value.
  • hash values are stored in the phone, but they are not linked with specific information contained on SIM cards during the manufacturing or customization. Instead, this information is "empty" and adapted to be retrieved from a SIM card, suitably the first SIM card inserted into the phone.
  • the candidate DID values are generated by the SIM card.
  • the candidate DID values are locked to the ones generated by the first SIM card inserted into the phone, but DID values from further SIM cards may be accepted.
  • the enabling procedure is described with reference to fig. 5.
  • the DID value is contained in the IMSI number.
  • the procedure is performed on various occasions as discussed below. 1.
  • the IMSI is read from the SIM 8. 2.
  • the IMSI is compared to the IMSI information of the pairs 9 of IMSI information values and hashes of roots stored in the flash memory 7. 3. If the IMSI information values match, the hash of root of this pair 9 is considered valid and the hash of root can be used. 4.
  • the valid hash of root of the pair 9 is compared to the hash of the root assigned to the MIDLet 5 in the associated domain in the virtual machine 4. 5. If the hash values match, the MIDLet is enabled and may proceed to be used, otherwise it is disabled.
  • the IMSI International Mobile Subscriber Identity
  • the IMSI is unique for each subscriber and contains fifteen figures in various fields. It is possible to lock the MTDLets to subsets of the IMSI, such as the MNC (Mobile Network Code), and MCC (Mobile Country Code) numbers.
  • the MNC and MCC numbers are fields forming parts of the IMSI. It is also possible to bind the MIDLet to other information contained on the SIM, such as the (Group Identifier Level) GIDl and GID 2 fields. Today, these fields are free to use for the operator and are e.g. used for SIMlock, operator binding, defining various types of subscriptions, etc. It is also possible to use combinations of the IMSI fields and the GID fields.
  • the syntax describing the numbers may include various characters, such as *, ? as well as the ten digits 0...9. By incorporating this information in the hash of root/DID value pairs, it is possible to achieve a very fine grained distribution of permissions for the applications.
  • the procedure of enabling an application described above may be performed at any time. It is suitable that it is performed after downloading a new application, which may be over the air or by inserting an external memory containing the application. The enabling procedure may also be performed thereafter on installing the application. A new enabling procedure should also be performed on changing the SIM, i.e. as soon as a subscriber identity module is inserted into the apparatus (whether it is the same SIM as before or another one). This may and should result in that some applications are no longer enabled.
  • the enabling procedure is performed on start-up of the phone, i.e. on power-on.
  • the invention gives a possibility to lock the enabled applications similar to the SIMlock feature autolock, i.e. the enablement of applications in e.g. the operator domain is bound to the enablement performed by means of the SIM present at the first power-on of the phone. It will be seen that the invention prevents applications belonging to one operator from running in the operator domain belonging to another operator, even if the root is stored in the handset, i.e. the phone or any other media apart from the SIM connected to the phone.
  • the invention may be implemented by various combinations of hardware and software, as will be appreciated by a person skilled in the art The scope of the inventions is only limited by the claims below.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé permettant d'associer une application à un module (8) d'identification d'abonné dans un appareil, en particulier dans un poste téléphonique mobile conçu pour exécuter des applications (5) dans le cadre d'applications d'une machine virtuelle (4). L'invention concerne en outre un appareil mettant en oeuvre de procédé. Le procédé et l'appareil décrits permettent de résoudre le problème de l'activation et de la désactivation des applications (5) en fonction de l'information contenue dans un module (8) d'identification d'abonné (SIM), sans nécessiter le stockage de certificats racines dans le module SIM. Au lieu de cela, les applications sont associées à d'autres informations d'identification de domaine contenues dans la carte SIM. Dans un des modes décrits, l'application contient une identification qui l'associe directement à une information enregistrée sur la carte SIM. Dans un mode différent, des condensés (hash) de certificats racine (9) sont stockées dans le téléphone, mais chaque condensé spécifique doit être validé par l'association avec une information contenue dans la carte SIM (8).
PCT/EP2005/052662 2004-06-24 2005-06-09 Procede permettant d'associer une application a un module d'identification d'abonne dans un appareil, et appareil utilisant ce procede WO2006000529A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
EP04102926A EP1619915A1 (fr) 2004-06-24 2004-06-24 Procédé pour associer une application à un module d'identite d'abonne
EP04102926.5 2004-06-24
US58567904P 2004-07-06 2004-07-06
US60/585,679 2004-07-06

Publications (1)

Publication Number Publication Date
WO2006000529A1 true WO2006000529A1 (fr) 2006-01-05

Family

ID=35781570

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2005/052662 WO2006000529A1 (fr) 2004-06-24 2005-06-09 Procede permettant d'associer une application a un module d'identification d'abonne dans un appareil, et appareil utilisant ce procede

Country Status (1)

Country Link
WO (1) WO2006000529A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012020036A1 (fr) 2010-08-13 2012-02-16 F. Hoffmann-La Roche Ag Inhibiteurs du virus de l'hépatite c
WO2017033133A1 (fr) * 2015-08-27 2017-03-02 Bayly John Station mobile et procédé associé permettant de présenter des tâches
WO2017172436A2 (fr) 2016-03-30 2017-10-05 T-Mobile Usa, Inc. Critères avancés de verrouillage de dispositif

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"3rd GENERATION PARTNERSHIP PROJECT; TECHNICAL SPECIFICATION GROUP TERMINALS; MOBILE EXECUTION ENVIRONMENT; FUNCTIONAL DESCRIPTION;", 3GPP TS 23057 V6.2.0, September 2003 (2003-09-01), pages 1 - 89, XP002307241 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012020036A1 (fr) 2010-08-13 2012-02-16 F. Hoffmann-La Roche Ag Inhibiteurs du virus de l'hépatite c
WO2017033133A1 (fr) * 2015-08-27 2017-03-02 Bayly John Station mobile et procédé associé permettant de présenter des tâches
WO2017172436A2 (fr) 2016-03-30 2017-10-05 T-Mobile Usa, Inc. Critères avancés de verrouillage de dispositif
EP3437299A4 (fr) * 2016-03-30 2019-10-02 T-Mobile USA, Inc. Critères avancés de verrouillage de dispositif

Similar Documents

Publication Publication Date Title
EP1455499B1 (fr) Elément de sécurité procédé de commande et terminal mobile
KR101030819B1 (ko) 애플리케이션을 장치에 로딩하는 방법, 장치 및 스마트카드
US7900048B2 (en) Method for loading an application in a device, device and smart card therefor
KR101504855B1 (ko) 단말에 포함된 uicc에 포함된 데이터를 보안 서버 상에 내보내기 위한 방법
EP1875758B1 (fr) Accès limité à la configuration des caractéristiques d'un terminal mobile
KR100664110B1 (ko) 이동 통신 단말기의 사용제한 설정 방법
CN102420902B (zh) 一种分类管理功能使用权限的方法及移动终端
US20080003980A1 (en) Subsidy-controlled handset device via a sim card using asymmetric verification and method thereof
US20100299748A1 (en) Method for alteration of integrity protected data in a device, computer program product and device implementing the method
US11272370B2 (en) Method for managing profiles in embedded universal integrated circuit cards
WO2006000529A1 (fr) Procede permettant d'associer une application a un module d'identification d'abonne dans un appareil, et appareil utilisant ce procede
EP1619915A1 (fr) Procédé pour associer une application à un module d'identite d'abonne
EP2452478B2 (fr) Procédé de gestion d'une application embarquée dans un dispositif électronique sécurisé
EP2263362B1 (fr) Procédé et organisation se rapportant à un dispositif de communication
EP4629681A1 (fr) Élément sécurisé et procédé de fonctionnement
Mayes et al. Smart cards for mobile communications
Ραπτοδήμος Design and implementation of an android application for extraction of security related data from SIM/USIM
KR20080069451A (ko) 콘텐츠 인증 기능을 갖는 단말기 및 그 방법

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase