WO2000027089A1 - Secure authentication for access to back-end resources - Google Patents

Secure authentication for access to back-end resources Download PDF

Info

Publication number
WO2000027089A1
WO2000027089A1 PCT/US1999/025215 US9925215W WO0027089A1 WO 2000027089 A1 WO2000027089 A1 WO 2000027089A1 US 9925215 W US9925215 W US 9925215W WO 0027089 A1 WO0027089 A1 WO 0027089A1
Authority
WO
WIPO (PCT)
Prior art keywords
client
web
authorization device
access
server
Prior art date
Application number
PCT/US1999/025215
Other languages
French (fr)
Inventor
Steven M. Orrin
James P. Russell
Brian D. Goldberg
Zbigniew T. Olik
Mordechai Ovits
Paul Benenson
Daniel H. Marcellus
Original Assignee
Lockstar, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lockstar, Inc. filed Critical Lockstar, Inc.
Priority to AU12368/00A priority Critical patent/AU1236800A/en
Publication of WO2000027089A1 publication Critical patent/WO2000027089A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Definitions

  • Figure 1 is a block diagram of a system providing security and authentication
  • Figure 2 is a flow chart of the operation of the system of Figure 1.
  • Data security and user authentication can be achieved in an Internet environment by establishing a secure channel from the user or client to the back-end resource and then by providing an authorization device which the user in turn employs to access the back-end resource.
  • a client 10 accesses a back-end system 20 on which a back- end resource 22 resides, through a client-accessible system 30.
  • the back- end resource 22 may be a database or some other source of data or device that the client wishes to access.
  • the interconnection 14 between the client 10 and the client- accessible system 30 can be over a network such as the Internet or through some other medium.
  • the link 16 between the client-accessible system 30 and the back-end system 20 can be over a network such as the Internet or through some other data link.
  • a secure connection from the client 10 to the back-end system 20 can be created using a secure protocol such as SSL (secure socket layer).
  • SSL secure socket layer
  • SSL secure socket layer
  • a public key certificate, attesting to and establishing the identity of the client 10 is requested from the client by the enabler 24.
  • the public key certificate is then used by the back-end system 20 to create the secure session.
  • the enabler 24 also provides a certificate to the client 10.
  • the process begins with a query from the client 10.
  • the client 10 To acquire a specific piece of information from the back-end resource 22, the client 10 enters a pre-determined URL on its Internet browser 12 specifying a port on the client-accessible system 30 linked to the router 34.
  • the URL may assume the following form: https://hostname:7777/abc.cgi
  • the "https" designation within the above URL indicates that a secure session - in this example, SSL - is to be established between the browser 12 and the client-accessible system 30. Since the URL specifies "hostname:7777,” the browser 12 will create a secure session at port 7777 of the destination known as "hostname.” That port indicates the location of the router 34, which passes the query to the enabler 24.
  • the browser 12 sends along the rest of the URL (e.g., "abc.cgi"), the actual request, through the router 34 in encrypted form. Note that all information exchanged from hereon out is encrypted.
  • the request, "abc.cgi,” is the name of the routine that will retrieve the information from the back-end resource 22.
  • the router 34 passes this encrypted message to the enabler 24 on the back-end system 20.
  • the enabler 24 decrypts the request and determines whether the request will be authorized and access permitted.
  • the enabler 24 will send a message back to the client 10 over the secure connection.
  • the message can contain a redirection command such as a new or redirect URL, sending the client 10 to a different port on the client-accessible system 30, or to an entirely different client-accessible system, through which the desired information will be provided.
  • the redirect URL may be of the form: https://hostname/abc.cgi? ⁇ W ⁇ Again, abc.cgi is the routine for retrieving the information.
  • the redirect URL may also contains an authorization device, designated W in the URL above.
  • One such authorization device can be a web ticket. This authorization device or web ticket is the permission from the back-end resource 22 allowing the web-server 32 to act on behalf of the client for the purpose of accessing the requested information.
  • the client 10 When the client 10 receives the messages with the authorization device or web ticket, it arrives of course in encrypted form. By virtue of the act of decrypting the message (in SSL, using the originally-created session key), the client 10 has further authenticated itself. Thus, the process described here offers dual authentication, once upon creating the secure session and again when the client 10 decrypts the redirect message.
  • the client 10 then goes to the new or redirect URL, entering a presentation server such as a a web-server 32 on the original client- accessible system 30 through a different port (e.g., port 443 - the default secure port) or perhaps another web-server residing on a different system.
  • a presentation server such as a web-server 32 on the original client- accessible system 30 through a different port (e.g., port 443 - the default secure port) or perhaps another web-server residing on a different system.
  • the presentation server will be referred to as a "web-server” hereafter, but it should be understood that the depicted web- server may be any suitable device.
  • the redirect URL also contains an "https" designation, indicating that a secure session is to be created between the web-server 32 and the client 10.
  • the authorization device or web ticket is forwarded to the back- end system 20 and, if the authorization device is deemed to be valid, the request is honored.
  • the requested information is then passed from the back- end resource 22 to the web-server 32, which generates a web page containing the information. This page is then sent to the client 10 via the secure connection.
  • the web ticket may include a time stamp to limit the time of its validity.
  • the authorizing elements of the web ticket can be changed after a period of time, effectively invalidating the web ticket at the time of the change, or it may be usable only once.
  • the foregoing method can be used with multiple back-end resources and/or client-accessible systems.
  • the client accessible system could have multiple routers.
  • the method can be used in a system with multiple layers of client-accessible systems, i.e., web-servers, application servers, and the like.
  • the method is repeated in "nested" fashion, repeating the process of establishing a secure session, exchanging certificates, and providing a redirect with an authorization device at each layer until the last layer, a back-end resource, is reached.
  • SSL is used to create a secure session.
  • a method for permitting a client to access a back-end resource via network-based client-accessible systems comprising web-servers, comprising the steps of: establishing a first secure connection between the client and the back- end system via a client-accessible system, the step of establishing a first secure connection comprising the step of obtaining client authentication; initiating a request by the client for information from the back-end resource; generating an authorization device and redirection command; passing the authorization device and the redirection command to the client; establishing a second secure connection between the client and a web-server according to the redirection command; presenting the authorization device to the back-end system; passing the information from the back-end resource to the web-server; and passing the information from the web-server to the client via the second secure connection.
  • step of obtaining client authentication comprises the steps of providing a client certificate to the back-end resource and using the client certificate to create the secure session.
  • a method as set forth in claim 1 further comprising the step of encrypting the authorization device and redirection command prior to the step of passing the authorization device and redirection command to the client.
  • a method for establishing a secure connection between a client and a back-end system via network-based client-accessible systems comprising web-servers comprising the steps of: establishing a first secure connection between the client and the back- end system via a client-accessible system, the step of establishing a first secure connection comprising the step of obtaining client authentication; initiating a request by the client for information from the back-end resource; generating an authorization device and redirection command; passing the authorization device and the redirection command to the client; establishing a second secure connection between the client and a web-server according to the redirection command; and presenting the authorization device to the back-end system.
  • step of obtaining client authentication comprises the steps of providing a client certificate to the back-end resource and using the client certificate to create the secure session.
  • a method for authorizing remote client access to a back-end resource via a web-server on a network comprising the steps of: generating an authorization device; passing the authorization device to the client through a first secure connection; establishing a second secure connection between the client and a web-server; passing the authorization device to the web-server via the second secure connection; passing the authorization device from the web-server to the back-end resource; passing the information from the back-end resource to the web-server; and passing the information from the web-server to the client via the second secure connection.
  • a system for establishing a secure connection between a client and a back-end resource comprising: a back-end system comprising the back-end resource; and an enabler, the enabler comprising means for authenticating the client; and means for authorizing retrieval of information for the client; and at least one network-based client-accessible system comprising at least one web-server; and a router comprising means for communicating with the client and the enabler.
  • a system as set forth in claim 8, where the means for authenticating the client comprises means for receiving a certificate of authentication from the client via the router.
  • means for authorizing retrieval comprises means for generating an authorizing device for receipt by the client via the router and subsequent presentation to the back-end system.

Abstract

By establishing a secure channel from a client to a back-end resource after the client is authenticated, both security and authentication can be achieved. Before access is permitted, two levels of authentication are provided by first seeking a client-side certificate and then having the client subsequently decrypt an encrypted message. Authorization for access to a back-end resource can be controlled by requiring a transaction-specific authorization device provided to the client in the encrypted message.

Description

SECURE AUTHENTICATION FOR ACCESS TO BACK-END RESOURCES
Technical Field and Background Art This application claims the benefit of U.S. Provisional Application no. 60/106,290, filed October 30, 1998.
Traditionally, access to back-end resources, such as corporate databases, has been accomplished within secure mainframe environments or other internal networks. In such settings, security and user authentication are achieved with a high degree of reliability.
With the advent of the Internet, remote users need to access such resources from outside the protected environment. However, when these resources are accessed over the Internet, additional measures are required to provide assurances of security and user authentication.
Brief Description of the Drawings
Figure 1 is a block diagram of a system providing security and authentication;
Figure 2 is a flow chart of the operation of the system of Figure 1.
Modes for Carrying Out the Invention
Data security and user authentication can be achieved in an Internet environment by establishing a secure channel from the user or client to the back-end resource and then by providing an authorization device which the user in turn employs to access the back-end resource.
In one configuration, illustrated in the block diagram of Figure 1 , a client 10, using an Internet browser 12 equipped with the means necessary to create a secure session, accesses a back-end system 20 on which a back- end resource 22 resides, through a client-accessible system 30. The back- end resource 22 may be a database or some other source of data or device that the client wishes to access. The interconnection 14 between the client 10 and the client- accessible system 30 can be over a network such as the Internet or through some other medium. Similarly, the link 16 between the client-accessible system 30 and the back-end system 20 can be over a network such as the Internet or through some other data link. The process has two parts: first, a secure connection is established and the client is authenticated and, second, the client accesses the desired information. A secure connection from the client 10 to the back-end system 20 can be created using a secure protocol such as SSL (secure socket layer). Software resident on the client-accessible system 30, designated a router 34, and on the back-end system 20, designated an enabler 24, allows the establishment of the secure session from the client 10 to the back-end system 20 using well-known techniques for the purpose of authenticating the client 10. In the case of SSL, a public key certificate, attesting to and establishing the identity of the client 10, is requested from the client by the enabler 24. The public key certificate is then used by the back-end system 20 to create the secure session. As is customary in SSL, the enabler 24 also provides a certificate to the client 10.
The process begins with a query from the client 10. To acquire a specific piece of information from the back-end resource 22, the client 10 enters a pre-determined URL on its Internet browser 12 specifying a port on the client-accessible system 30 linked to the router 34. The URL may assume the following form: https://hostname:7777/abc.cgi The "https" designation within the above URL indicates that a secure session - in this example, SSL - is to be established between the browser 12 and the client-accessible system 30. Since the URL specifies "hostname:7777," the browser 12 will create a secure session at port 7777 of the destination known as "hostname." That port indicates the location of the router 34, which passes the query to the enabler 24.
Once a secure session is created between the client 10 and the back- end system 20, the browser 12 sends along the rest of the URL (e.g., "abc.cgi"), the actual request, through the router 34 in encrypted form. Note that all information exchanged from hereon out is encrypted. The request, "abc.cgi," is the name of the routine that will retrieve the information from the back-end resource 22. The router 34 passes this encrypted message to the enabler 24 on the back-end system 20. The enabler 24 decrypts the request and determines whether the request will be authorized and access permitted.
Assuming that the client 10 is authorized entry, the enabler 24 will send a message back to the client 10 over the secure connection. The message can contain a redirection command such as a new or redirect URL, sending the client 10 to a different port on the client-accessible system 30, or to an entirely different client-accessible system, through which the desired information will be provided. The redirect URL may be of the form: https://hostname/abc.cgi?{W} Again, abc.cgi is the routine for retrieving the information. The redirect URL may also contains an authorization device, designated W in the URL above. One such authorization device can be a web ticket. This authorization device or web ticket is the permission from the back-end resource 22 allowing the web-server 32 to act on behalf of the client for the purpose of accessing the requested information.
When the client 10 receives the messages with the authorization device or web ticket, it arrives of course in encrypted form. By virtue of the act of decrypting the message (in SSL, using the originally-created session key), the client 10 has further authenticated itself. Thus, the process described here offers dual authentication, once upon creating the secure session and again when the client 10 decrypts the redirect message.
The client 10 then goes to the new or redirect URL, entering a presentation server such as a a web-server 32 on the original client- accessible system 30 through a different port (e.g., port 443 - the default secure port) or perhaps another web-server residing on a different system. For purposes of this discussion, the presentation server will be referred to as a "web-server" hereafter, but it should be understood that the depicted web- server may be any suitable device.
The redirect URL also contains an "https" designation, indicating that a secure session is to be created between the web-server 32 and the client 10. The authorization device or web ticket is forwarded to the back- end system 20 and, if the authorization device is deemed to be valid, the request is honored. The requested information is then passed from the back- end resource 22 to the web-server 32, which generates a web page containing the information. This page is then sent to the client 10 via the secure connection.
The web ticket may include a time stamp to limit the time of its validity. Alternatively, the authorizing elements of the web ticket can be changed after a period of time, effectively invalidating the web ticket at the time of the change, or it may be usable only once. The foregoing method can be used with multiple back-end resources and/or client-accessible systems. For example, the client accessible system could have multiple routers. Further, the method can be used in a system with multiple layers of client-accessible systems, i.e., web-servers, application servers, and the like. Where there are multiple layers, the method is repeated in "nested" fashion, repeating the process of establishing a secure session, exchanging certificates, and providing a redirect with an authorization device at each layer until the last layer, a back-end resource, is reached. In the foregoing examples, SSL is used to create a secure session.
Other schemes could be employed to achieve the same purpose.
What is claimed is:
1. A method for permitting a client to access a back-end resource via network-based client-accessible systems comprising web-servers, comprising the steps of: establishing a first secure connection between the client and the back- end system via a client-accessible system, the step of establishing a first secure connection comprising the step of obtaining client authentication; initiating a request by the client for information from the back-end resource; generating an authorization device and redirection command; passing the authorization device and the redirection command to the client; establishing a second secure connection between the client and a web-server according to the redirection command; presenting the authorization device to the back-end system; passing the information from the back-end resource to the web-server; and passing the information from the web-server to the client via the second secure connection.
2. A method as set forth in claim 1 , where the step of obtaining client authentication comprises the steps of providing a client certificate to the back-end resource and using the client certificate to create the secure session.
3. A method as set forth in claim 1 , further comprising the step of encrypting the authorization device and redirection command prior to the step of passing the authorization device and redirection command to the client.
4. A method for establishing a secure connection between a client and a back-end system via network-based client-accessible systems comprising web-servers, comprising the steps of: establishing a first secure connection between the client and the back- end system via a client-accessible system, the step of establishing a first secure connection comprising the step of obtaining client authentication; initiating a request by the client for information from the back-end resource; generating an authorization device and redirection command; passing the authorization device and the redirection command to the client; establishing a second secure connection between the client and a web-server according to the redirection command; and presenting the authorization device to the back-end system.
5. A method as set forth in claim 4, where the step of obtaining client authentication comprises the steps of providing a client certificate to the back-end resource and using the client certificate to create the secure session.
6. A method for authorizing remote client access to a back-end resource via a web-server on a network, comprising the steps of: generating an authorization device; passing the authorization device to the client through a first secure connection; establishing a second secure connection between the client and a web-server; passing the authorization device to the web-server via the second secure connection; passing the authorization device from the web-server to the back-end resource; passing the information from the back-end resource to the web-server; and passing the information from the web-server to the client via the second secure connection.
7. A method as set forth in claim 6, further comprising the step of encrypting the authorization device and redirection command prior to the step of passing the authorization device and redirection command to the client.
8. A system for establishing a secure connection between a client and a back-end resource; comprising: a back-end system comprising the back-end resource; and an enabler, the enabler comprising means for authenticating the client; and means for authorizing retrieval of information for the client; and at least one network-based client-accessible system comprising at least one web-server; and a router comprising means for communicating with the client and the enabler.
9. A system as set forth in claim 8, where the means for authenticating the client comprises means for receiving a certificate of authentication from the client via the router.
10. A system as set forth in claim 8, where the means for authorizing retrieval comprises means for generating an authorizing device for receipt by the client via the router and subsequent presentation to the back-end system.
PCT/US1999/025215 1998-10-30 1999-10-28 Secure authentication for access to back-end resources WO2000027089A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU12368/00A AU1236800A (en) 1998-10-30 1999-10-28 Secure authentication for access to back-end resources

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10629098P 1998-10-30 1998-10-30
US60/106,290 1998-10-30

Publications (1)

Publication Number Publication Date
WO2000027089A1 true WO2000027089A1 (en) 2000-05-11

Family

ID=22310618

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1999/025215 WO2000027089A1 (en) 1998-10-30 1999-10-28 Secure authentication for access to back-end resources

Country Status (2)

Country Link
AU (1) AU1236800A (en)
WO (1) WO2000027089A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1427160A2 (en) 2002-12-05 2004-06-09 Microsoft Corporation Methods and systems for authentication of a user for sub-locations of a network location
WO2005015872A1 (en) * 2003-07-17 2005-02-17 International Business Machines Corporation Method and system for stepping up to certificate-based authentication without breaking an existing ssl session
US6986037B1 (en) * 2000-04-07 2006-01-10 Sendmail, Inc. Electronic mail system with authentication/encryption methodology for allowing connections to/from a message transfer agent
EP1777912A1 (en) * 2001-11-02 2007-04-25 Juniper Networks, Inc. Method and system for providing secure access to resources on private networks
EP1976181A1 (en) * 2006-01-13 2008-10-01 Huawei Technologies Co., Ltd. A method, apparatus and data download system for controlling the validity of the download transaction
US7877440B2 (en) 2001-11-02 2011-01-25 Juniper Networks, Inc. Web resource request processing
US8782414B2 (en) 2007-05-07 2014-07-15 Microsoft Corporation Mutually authenticated secure channel

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998036522A1 (en) * 1997-02-12 1998-08-20 Gte Laboratories Incorporated Method for providing secure remote command execution
US5805803A (en) * 1997-05-13 1998-09-08 Digital Equipment Corporation Secure web tunnel
WO1998040809A2 (en) * 1997-03-13 1998-09-17 Cha! Technologies, Inc. Method and system for secure online transaction processing

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998036522A1 (en) * 1997-02-12 1998-08-20 Gte Laboratories Incorporated Method for providing secure remote command execution
WO1998040809A2 (en) * 1997-03-13 1998-09-17 Cha! Technologies, Inc. Method and system for secure online transaction processing
US5805803A (en) * 1997-05-13 1998-09-08 Digital Equipment Corporation Secure web tunnel

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6986037B1 (en) * 2000-04-07 2006-01-10 Sendmail, Inc. Electronic mail system with authentication/encryption methodology for allowing connections to/from a message transfer agent
EP1777912A1 (en) * 2001-11-02 2007-04-25 Juniper Networks, Inc. Method and system for providing secure access to resources on private networks
US7877440B2 (en) 2001-11-02 2011-01-25 Juniper Networks, Inc. Web resource request processing
EP1427160A2 (en) 2002-12-05 2004-06-09 Microsoft Corporation Methods and systems for authentication of a user for sub-locations of a network location
EP1427160A3 (en) * 2002-12-05 2008-09-24 Microsoft Corporation Methods and systems for authentication of a user for sub-locations of a network location
AU2003262473B2 (en) * 2002-12-05 2009-05-28 Microsoft Technology Licensing, Llc Methods and systems for authentication of a user for sub-locations of a network location
WO2005015872A1 (en) * 2003-07-17 2005-02-17 International Business Machines Corporation Method and system for stepping up to certificate-based authentication without breaking an existing ssl session
US7395424B2 (en) 2003-07-17 2008-07-01 International Business Machines Corporation Method and system for stepping up to certificate-based authentication without breaking an existing SSL session
KR100946110B1 (en) * 2003-07-17 2010-03-10 인터내셔널 비지네스 머신즈 코포레이션 Method and system for stepping up to certificate-based authentication without breaking an existing ssl session
EP1976181A1 (en) * 2006-01-13 2008-10-01 Huawei Technologies Co., Ltd. A method, apparatus and data download system for controlling the validity of the download transaction
EP1976181A4 (en) * 2006-01-13 2010-02-24 Huawei Tech Co Ltd A method, apparatus and data download system for controlling the validity of the download transaction
US8782414B2 (en) 2007-05-07 2014-07-15 Microsoft Corporation Mutually authenticated secure channel

Also Published As

Publication number Publication date
AU1236800A (en) 2000-05-22

Similar Documents

Publication Publication Date Title
JP4867663B2 (en) Network communication system
CA2280869C (en) System for providing secure remote command execution network
US7366900B2 (en) Platform-neutral system and method for providing secure remote operations over an insecure computer network
US9619632B2 (en) System for providing session-based network privacy, private, persistent storage, and discretionary access control for sharing private data
US7774612B1 (en) Method and system for single signon for multiple remote sites of a computer network
US7313816B2 (en) Method and system for authenticating a user in a web-based environment
US6986047B2 (en) Method and apparatus for serving content from a semi-trusted server
KR100702421B1 (en) Method and system for web-based cross-domain single-sign-on authentication
US7197568B2 (en) Secure cache of web session information using web browser cookies
US20030065956A1 (en) Challenge-response data communication protocol
US20010034841A1 (en) Method for providing simultaneous parallel secure command execution on multiple remote hosts
WO2001047176A1 (en) Method and apparatus for a revolving encrypting and decrypting process
WO2000027089A1 (en) Secure authentication for access to back-end resources
WO2001054342A1 (en) Method and apparatus for secure storage of personal data in web-based applications using symmetric encryption and distributed key components
JP2002328905A (en) Client authentication method, authentication device, program and storage medium

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref country code: AU

Ref document number: 2000 12368

Kind code of ref document: A

Format of ref document f/p: F

AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase