WO2004105309A2 - Access authentication - Google Patents

Access authentication Download PDF

Info

Publication number
WO2004105309A2
WO2004105309A2 PCT/EP2004/005522 EP2004005522W WO2004105309A2 WO 2004105309 A2 WO2004105309 A2 WO 2004105309A2 EP 2004005522 W EP2004005522 W EP 2004005522W WO 2004105309 A2 WO2004105309 A2 WO 2004105309A2
Authority
WO
WIPO (PCT)
Prior art keywords
client
session secret
service provider
server
key value
Prior art date
Application number
PCT/EP2004/005522
Other languages
French (fr)
Other versions
WO2004105309A3 (en
Inventor
Jens Bjarme
Michael Skoog
Patrik Schalin
Bernard Smeets
Original Assignee
Telefonaktiebolaget L M Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from EP03253137A external-priority patent/EP1480374B1/en
Application filed by Telefonaktiebolaget L M Ericsson (Publ) filed Critical Telefonaktiebolaget L M Ericsson (Publ)
Publication of WO2004105309A2 publication Critical patent/WO2004105309A2/en
Publication of WO2004105309A3 publication Critical patent/WO2004105309A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/067Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the present invention relates to a method and system for access authentication.
  • it relates to protecting networks against unauthorized access and to a method and system to securely authenticate network access credentials for clients (or users) .
  • a networked system with authentication it is typical for multiple computer systems, for example, to be connected together through a communications link, which comprises the network.
  • the network system also provides a degree of security which establishes the services provided by the network that can be accessed by a program or user.
  • a user is required to "logon" to the 1 network for the system to allow access to the network services it provides .
  • the logon mechanism typically requires the user to enter identificationio ' information such as a username and a password or other identification information, hereinafter referred to as credentials.
  • An authentication procedure for validating the entered credentials against known information is carried out to verify that the user is permitted to access the network services.
  • the validation process may involve directly comparing the information or comparing information using well-known encryption and decryption techniques.
  • the network system may store passwords for each user that is allowed to access the network. For example, during the authentication procedure, the entered password for that username or other credentials may be compared with the previously stored password information by using the entered password to encrypt a randomly agreed number. When a match occurs, the user is permitted access to the network services requested.
  • a separate logon mechanism is required by each network and by the computer system (the local node) to gain access to the local services when a secure local environment is maintained.
  • f(x) y
  • p be a large prime number
  • g a generator of the multiplicative group modp (that is, the numbers in the range 1,..., p - l )
  • the inverse function called the discrete log function, is difficult to compute.
  • use of the function g x m.o ⁇ p as a session key makes it difficult to compute its inverse and therefore, a third party would have difficulty interpreting the session key.
  • the principles of the Diffie-Hellman key exchange protocol are illustrated in Fig. 1.
  • A transmits its public key value X to party B.
  • party B chooses a random integer y from the group Zq (party B' s private key value) .
  • Kerberos authentication and authorization system is disclosed for example, in Technical Report, MIT Project Athena, Cambridge, MA, 1987.
  • the object of the present invention is to provide user authentication in a network system for clients (or users) already logged onto the network once without having to re-enter credentials more than once and without having to access credentials for the domain. Furthermore, the access authentication that results is not platform dependent.
  • the service provider may be provided on a server.
  • Figure 1 illustrates the steps of the Diffie-Hellman key exchange protocol
  • Figure 2 illustrates the network system incorporating the access authentication in accordance with an embodiment of the present invention
  • Figure 3 illustrates a flow chart of the method steps of the access authentication of an embodiment of the present invention.
  • At least one server or service provider 201 is connected to at least one client (user) 203 via a network system 205 which includes a secure communication link that allows the client to authenicate the service provider and provides message integrity and confidentiality protection.
  • the server 201 comprises calculating means 207, 209, 211 and comparison means 213 and a file storage system 215.
  • the client 203 comprises calculating means 217, 219, 221.
  • the server 201 calculates its private key value R. in calculating means 207. This may be derived by selecting a random integer from a set of integer values.
  • the client 203 calculates its private key value R- in calculating means 217. Again this may be derived by selecting a random integer from the same set of integer values from which the server' s private key value has been selected.
  • the server 201 calculates its public key value N. in calculating means 209. The server's public key value is calculated as follows:
  • A is a generator; R. the server's private key value and p is a large prime number.
  • the server's public key value N. is then stored in a designated secure area in the file system 215, step 304.
  • the designated secure area may comprise at least one secret folder or folders selected from the existing folders on the network.
  • the server has one folder for each authentication group, i.e. for each group of users that have the same permissions.
  • the secret folder may be assigned to any folder on the existing network.
  • only the server is given write permissions for the secret folder or folders.
  • a system administrator administrates the secret folder or folders by granting certain users read rights to the folders. Therefore, a user that wants authentication, would need to have at least read rights for a specific secret folder.
  • step 305 the client ⁇ s public key value N c ' is calculated by calculating means 219.
  • the client's public key value N c is calculated as follows:
  • N c -4 ⁇ cn ⁇ od /
  • A is a generator; R c the client's private key value and p is a large prime number.
  • step 306 the client 203 sends the client's public key value N. to the server 201 over the secured communication link.
  • the client 203 retrieves the server's public key value N s from the file store 215 over the secured communication link providing that the user on the client 203 has the read rights for the secret folder in which the server' s public key value is stored.
  • the client 203 calculates its session key S c in the calculating means 221 as follows:
  • step 309 the client 203 sends its session key S c to the server 201.
  • step 310 the server 201 calculates its session key S. in the calculating means 211 as follows:
  • step 311 the server's session key and the client's session key are compared by the comparison means 213. If the session keys are verified, the server grant permissions to the client for a specific service on the network.
  • Diffie-Hellman is used to make a secure exchange of a public key between a server and a client.
  • the public key is based upon a random number selected by the server and placed in a server chosen folder on an existing network.
  • a new public key is constructed for each new authentication. If the user that asks for authentication can read the public key, calculate a session key from the public key and if the session key is verified by the server, the user is authenticated by the server and can then use the specific services he wants to get access to.

Abstract

A method of authenticating a client for a service on a network, wherein the client is authenticated by a service provider and granted permissions for the service if the client can read a service provider session secret, calculate a client session secret and upon comparison of the service provider and client session secrets grant permissions.

Description

ACCESS AUTHENTICATION
TECHNICAL FIELD
The present invention relates to a method and system for access authentication. In particular, it relates to protecting networks against unauthorized access and to a method and system to securely authenticate network access credentials for clients (or users) .
BACKGROUND OF THE INVENTION
In a networked system with authentication, it is typical for multiple computer systems, for example, to be connected together through a communications link, which comprises the network. The network system also provides a degree of security which establishes the services provided by the network that can be accessed by a program or user. Typically, a user is required to "logon" to the1 network for the system to allow access to the network services it provides . The logon mechanism typically requires the user to enter identificatio ' information such as a username and a password or other identification information, hereinafter referred to as credentials. An authentication procedure for validating the entered credentials against known information is carried out to verify that the user is permitted to access the network services. The validation process may involve directly comparing the information or comparing information using well-known encryption and decryption techniques. For example, the network system may store passwords for each user that is allowed to access the network. For example, during the authentication procedure, the entered password for that username or other credentials may be compared with the previously stored password information by using the entered password to encrypt a randomly agreed number. When a match occurs, the user is permitted access to the network services requested. Typically, a separate logon mechanism is required by each network and by the computer system (the local node) to gain access to the local services when a secure local environment is maintained.
Increasingly, users can communicate with a networked computer system over a public communication network or over a wireless communication link. Such communication links, however, are not secure and the transmission of credentials may be easily intercepted and interpreted by a third party, particularly, if the credentials have not been encrypted before it is sent over the communication link.
Furthermore, it may be necessary to repeat the authentication procedure and, therefore, users already logged onto the network are prompted to reenter their credentials for reverifica ion.
In addition to authentication, public key exchange is an important part of communication across a network. Once a user has been authenticated, a secure communication channel must be set up between the user and the network services. This is generally accomplished by the user and a network driver or service provider exchanging a public key, called a session key, for use during communication subsequent to authentication . Authentication over a network, especially a public network like the Internet or a wireless communication link, is difficult because the communication environment between the client and server is not secure. One known solution is exchanging sessions keys based on the Diffie-Hellman key exchange protocol. By way of background and to understand the terminology used hereinafter, the basic principles of the Diffie- Hellman key exchange protocol will be explained.
For a one-way function f(x) such as modular exponentiation, it is computationally infeasible to find the value of x from the function value y , where f(x) = y ■ Let p be a large prime number and g a generator of the multiplicative group modp (that is, the numbers in the range 1,..., p - l ) . Then f(x) = gx modp is generally assumed to be a one-way function. The inverse function, called the discrete log function, is difficult to compute. Thus, use of the function gx m.oάp as a session key makes it difficult to compute its inverse and therefore, a third party would have difficulty interpreting the session key.
The Diffie-Hellman key exchange protocol as described, for example, in W. Diffie and M. Hellman, New
Directions in Cryptography, IEEE Transactions on Information Theory, vol. 22, no. 6, 644-654, 1976, makes use of this function to generate sessions keys between two parties (say A and B) which wish to communicate with each other.
The principles of the Diffie-Hellman key exchange protocol are illustrated in Fig. 1. The first party A in step 102 chooses a random integer x from a group Zq where Zq = { 0 , 1, ... , q-1} . This is known as party A' s private key value. In step 104 A computes X = gx mod p , where p is a prime number and g is a generator. X is known as party A' s public key value. In step 106, A transmits its public key value X to party B. In step 108 party B chooses a random integer y from the group Zq (party B' s private key value) . In step 110 B computes its public key value, Y - gy xoadp and transmits Y to party A in 112. Finally, party A computes gxy = (gy) mod p and party B computes
Figure imgf000006_0001
mod_p , steps
114, 116. Since gxy = gyx = k , Parties A and B now have a shared secret key k .
Beside the DH solution the problem of secure access to services has been the issue of the Kerberos and DSSA/SPX protocols. These protocols are designed to meet many security requirements in networked computer systems. Their deployment is however demanding in both (computer) management efforts and setup costs. The latter as a result of the need to have a secure way to setup the key infrastructure. It would, instead, be desirable to reuse the normally already exisiting standard management of users and their access rights, and avoid the need of a key infrastructure .
Kerberos authentication and authorization system is disclosed for example, in Technical Report, MIT Project Athena, Cambridge, MA, 1987.
For DSSA/SPX see Computer Security by D Gollmann, J Wiley, Nov 2000.
SUMMARY OF THE INVENTION
The object of the present invention is to provide user authentication in a network system for clients (or users) already logged onto the network once without having to re-enter credentials more than once and without having to access credentials for the domain. Furthermore, the access authentication that results is not platform dependent.
This is achieved by authenticating a client and granting the client permissions for a service if the client can read a session secret, calculate a session key and successfully have the session key verified by a service provider. The service provider may be provided on a server.
BRIEF DESCRIPTION OF DRAWINGS
Embodiments of the present invention will now be described with reference to the accompanying drawings in which: Figure 1 illustrates the steps of the Diffie-Hellman key exchange protocol ;
Figure 2 illustrates the network system incorporating the access authentication in accordance with an embodiment of the present invention; and Figure 3 illustrates a flow chart of the method steps of the access authentication of an embodiment of the present invention. DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS
As illustrated in Figure 2, in accordance with an embodiment of the present invention, at least one server or service provider 201 is connected to at least one client (user) 203 via a network system 205 which includes a secure communication link that allows the client to authenicate the service provider and provides message integrity and confidentiality protection. The server 201 comprises calculating means 207, 209, 211 and comparison means 213 and a file storage system 215. The client 203 comprises calculating means 217, 219, 221.
The method steps of an embodiment of the present invention will now be described with reference to Figures 2 and 3. In step 301 of figure 3, the server 201 calculates its private key value R. in calculating means 207. This may be derived by selecting a random integer from a set of integer values. In step 302, the client 203 calculates its private key value R- in calculating means 217. Again this may be derived by selecting a random integer from the same set of integer values from which the server' s private key value has been selected. In step 303, the server 201 calculates its public key value N. in calculating means 209. The server's public key value is calculated as follows:
Ns = ^smodp
wherein A is a generator; R. the server's private key value and p is a large prime number. The server's public key value N. is then stored in a designated secure area in the file system 215, step 304. The designated secure area may comprise at least one secret folder or folders selected from the existing folders on the network. Preferably, the server has one folder for each authentication group, i.e. for each group of users that have the same permissions. The secret folder may be assigned to any folder on the existing network. Preferably, only the server is given write permissions for the secret folder or folders. A system administrator administrates the secret folder or folders by granting certain users read rights to the folders. Therefore, a user that wants authentication, would need to have at least read rights for a specific secret folder.
In step 305, the clientΛs public key value Nc ' is calculated by calculating means 219. The client's public key value Nc is calculated as follows:
Nc = -4Λcnιod/
wherein A is a generator; Rc the client's private key value and p is a large prime number.
In step 306, the client 203 sends the client's public key value N. to the server 201 over the secured communication link. In step 307, the client 203 retrieves the server's public key value Ns from the file store 215 over the secured communication link providing that the user on the client 203 has the read rights for the secret folder in which the server' s public key value is stored. In step 308, the client 203 calculates its session key Sc in the calculating means 221 as follows:
Sc =NsRcmodp
In step 309, the client 203 sends its session key Sc to the server 201.
In step 310, the server 201 calculates its session key S. in the calculating means 211 as follows:
Ss =NcRsmod p
In step 311, the server's session key and the client's session key are compared by the comparison means 213. If the session keys are verified, the server grant permissions to the client for a specific service on the network.
In this way, Diffie-Hellman is used to make a secure exchange of a public key between a server and a client. The public key is based upon a random number selected by the server and placed in a server chosen folder on an existing network. A new public key is constructed for each new authentication. If the user that asks for authentication can read the public key, calculate a session key from the public key and if the session key is verified by the server, the user is authenticated by the server and can then use the specific services he wants to get access to.
This means that all administration of the users is made using the existing read rights for the users on the network, for example a user requests a service that is guarded by the authentication system of the present invention. The user requests the system administrator to grant read rights to the secret folder on the network. After this is done the server can authenticate the user without further user interaction.
Although a preferred embodiment of the method and system of the present invention has been illustrated in the accompanying drawings and described in the forgoing detailed description, it will be understood that the invention is not limited to the embodiment disclosed, but is capable of numerous variations, modifications without departing from the scope of the invention as set out in the following claims.

Claims

CLAIMS :
1. A method of authenticating a client logged onto a network for a service on the network, the method comprising the steps of: the client reading a prestored service provider session secret ; the client calculating a client session secret based on the read service provider session secret; and a service provider authenticating the client and granting permissions to the client for the service upon comparison of the service provider session secret and the client session secret.
2. A method according to claim 1, wherein the method further comprises the step of: establishing a secured connection between the client and the service provider, prior to the client reading the prestored service provider session secret, that allows the service provider to authenticate the client and provides message integrity and confidentiality protection.
3. A method according to claim 2, wherein the client and service provider communicate utilising the Diffie-Hellman key exchange protocol .
4. A method according to claim 3, wherein the client session secret is calculated from a service provider public key value and a client private key value; the method further comprising the steps of: computing a service provider session secret from the client public key value and the service provider private key value .
5. A method according to claim 4, wherein the client private key value and the service provider private key value is a random integer selected from the same set of integer values .
6. A method according to claim 4 or 5 , wherein the service provider public key Ns is calculated as follows:
Ns = AKS mod p ,
wherein ^ is a generator, Rs the service provider private key value and p is a prime number.
7. A method according to any one of claims 4 to 6 , wherein the client public key value Nc is calculated as follows:
Nc =^cmod ,
where A is a generator, Rc the client private key value and p is a prime number.
8. A method according to any one of claims 4 to 7 , wherein the service provider session key Ss is calculated as follows:
Sy = N§smodp ,
wherein Rs the service provider private key value, Nc is the client public key value and p is a prime number.
9. A method according to any one of claims 4 to 8, wherein the client session key Sc is calculated as follows:
SC =NS-Rc mod p ,
wherein Rc is the client private key value, Ns is the service provider public key value and p is a prime number.
10. A method according to any one of the preceding claims, wherein the method further comprises the step of: storing the session secret in a designated secure area .
11. A method according to claim 10, wherein the method further comprises the steps of: determining the client's rights; and allowing the client access to the designated secure area on the basis of the determined rights.
12. A method according to any one of the preceding claims, wherein the method further comprises the step of: generating a session secret for each authentication.
13. A system comprising: at least one server; at least one client in communication with the server; means for authenticating the client for a service, wherein the client comprises means for retrieving a server session secret, means for calculating a client session secret based on the server session secret and the server comprises means for authenticating the client and granting permissions to the client for a service upon comparison of the server session secret and the client session secret.
15. A client in communication with a server, the client including means for retrieving a server session secret and means for calculating a client session secret based on the server session secret such that the server authenticates the client and grants permissions to the client for a service upon comparison of the server session secret and the client session secret.
16. A server in communication with at least one client; the server comprising means for authenticating a client for a service if the client can retrieve a server session secret and be verified upon comparison of the server session secret and a client session secret .
PCT/EP2004/005522 2003-05-20 2004-05-21 Access authentication WO2004105309A2 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
EP03253137A EP1480374B1 (en) 2003-05-20 2003-05-20 Access authentication
EP03253137.8 2003-05-20
US47383403P 2003-05-27 2003-05-27
US60/473,834 2003-05-27

Publications (2)

Publication Number Publication Date
WO2004105309A2 true WO2004105309A2 (en) 2004-12-02
WO2004105309A3 WO2004105309A3 (en) 2005-02-17

Family

ID=33477643

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2004/005522 WO2004105309A2 (en) 2003-05-20 2004-05-21 Access authentication

Country Status (1)

Country Link
WO (1) WO2004105309A2 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5668876A (en) * 1994-06-24 1997-09-16 Telefonaktiebolaget Lm Ericsson User authentication method and apparatus
US6226383B1 (en) * 1996-04-17 2001-05-01 Integrity Sciences, Inc. Cryptographic methods for remote authentication
US20020023213A1 (en) * 2000-06-12 2002-02-21 Tia Walker Encryption system that dynamically locates keys

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5668876A (en) * 1994-06-24 1997-09-16 Telefonaktiebolaget Lm Ericsson User authentication method and apparatus
US6226383B1 (en) * 1996-04-17 2001-05-01 Integrity Sciences, Inc. Cryptographic methods for remote authentication
US20020023213A1 (en) * 2000-06-12 2002-02-21 Tia Walker Encryption system that dynamically locates keys

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
MENEZES A ET AL: "Handbook of Applied Cryptography , IDENTIFICATION AND ENTITY AUTHENTICATION" HANDBOOK OF APPLIED CRYPTOGRAPHY, CRC PRESS SERIES ON DISCRETE MATHEMATICES AND ITS APPLICATIONS, BOCA RATON, FL, CRC PRESS, US, 1997, pages 385-424, XP002262234 ISBN: 0-8493-8523-7 *
MENEZES A ET AL: "Handbook of Applied Cryptography KEY ESTABLISHMENT PROTOCOLS" HANDBOOK OF APPLIED CRYPTOGRAPHY, CRC PRESS SERIES ON DISCRETE MATHEMATICES AND ITS APPLICATIONS, BOCA RATON, FL, CRC PRESS, US, 1997, pages 489-541, XP002304953 ISBN: 0-8493-8523-7 *

Also Published As

Publication number Publication date
WO2004105309A3 (en) 2005-02-17

Similar Documents

Publication Publication Date Title
Chang et al. An efficient and secure multi-server password authentication scheme using smart cards
US7366900B2 (en) Platform-neutral system and method for providing secure remote operations over an insecure computer network
EP1927211B1 (en) Authentication method and apparatus utilizing proof-of-authentication module
Brainard et al. A New {Two-Server} Approach for Authentication with Short Secrets
US8413221B2 (en) Methods and apparatus for delegated authentication
CA2280869C (en) System for providing secure remote command execution network
EP2098006B1 (en) Authentication delegation based on re-verification of cryptographic evidence
US7865936B2 (en) System and method for controlling access to multiple public networks and for controlling access to multiple private networks
JP4790731B2 (en) Derived seed
US20010034841A1 (en) Method for providing simultaneous parallel secure command execution on multiple remote hosts
EP1147637A1 (en) Seamless integration of application programs with security key infrastructure
JP2003536320A (en) System, method and software for remote password authentication using multiple servers
EP1697818A2 (en) Authentication system for networked computer applications
Tsaur A flexible user authentication scheme for multi-server internet services
US20140149738A1 (en) Method for accessing a service of a service provider by providing anonymously an attribute or a set of attributes of a user
Bajpai et al. Security service level agreements based authentication and authorization model for accessing cloud services
EP1480374B1 (en) Access authentication
Bajpai et al. Authentication and authorization interface using security service level agreements for accessing cloud services
WO2004105309A2 (en) Access authentication
Vandenwauver et al. Public Key Extensions used in SESAME V4
WO2005055516A1 (en) Method and apparatus for data certification by a plurality of users using a single key pair
Chew et al. IAuth: An authentication system for Internet applications
Hakim A remote authentication model using smart cards
Zidaric-Sudovacki Secure WWW Server for Lotus Notes

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase