EP1371035A1 - Verification of access compliance of subjects with objects in a data processing system with a security policy - Google Patents
Verification of access compliance of subjects with objects in a data processing system with a security policyInfo
- Publication number
- EP1371035A1 EP1371035A1 EP02713020A EP02713020A EP1371035A1 EP 1371035 A1 EP1371035 A1 EP 1371035A1 EP 02713020 A EP02713020 A EP 02713020A EP 02713020 A EP02713020 A EP 02713020A EP 1371035 A1 EP1371035 A1 EP 1371035A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- access
- rules
- given
- security
- group
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/357—Cards having a plurality of specified features
- G06Q20/3576—Multiple memory zones on card
- G06Q20/35765—Access rights to memory zones
Definitions
- the present invention relates generally to the verification of the conformity of access conditions by first elements to second elements with security rules defining a security policy.
- the first 0 elements are subjects constituting users or software modules of a data processing means.
- the second elements are objects such as applications implemented in the data processing means. More particularly, the invention relates to conditions of access to applications implemented in a smart card, also known as a microcontroller or integrated circuit card, which comprises several applications relating to various services, such as 0 applications of electronic commerce, electronic wallet, loyalty service, etc.
- the invention is therefore particularly directed towards the compliance of any operation relating to an application in a multi-application smart card 5 with security rules.
- the operation can be a loading or a modification of the application, or modifications of the conditions of access to the application, or even a request for access to the application to perform an action on it.
- each application has its own 5 data for which the provider the application defines access rights specific to the application.
- Access rights are means of connection between external accesses which can be users of the card or else software modules, such as user interfaces, and internal accesses to the card such as applications, possibly via the through other applications or other application software elements in the card.
- Control of access conditions is based on the authentication of subjects, such as users, which are "active" elements which manipulate information contained in objects, such as applications, which are "passive" elements containing data.
- the access rights of subjects to objects are governed by access control rules between subjects and objects. Each rule includes a right of access, i.e. a link between a subject and an object in the form of an action which can be performed by the subject on the object.
- the matrix MA relates to three subjects SI, S2 and S3, such as three users, and to three objects 01, 02 and 03, such as files and programs.
- Each box of the matrix at the intersection of a row and a column contains access rights, that is to say privileged actions which can be performed by the respective subject on the respective object.
- the access rights can be positive to authorize a predetermined action of a subject on a object, or can be negative to prohibit a predetermined action of a subject on an object.
- subject S2 can read and execute object 02 but cannot write to this object
- subject S3 can record and read object 03 but cannot execute object 03.
- access control rules are generally treated according to two approaches.
- the first approach consists of access control lists ACL (Access Control List) corresponding to the rows of the access matrix MA and each specifying the access rights of subjects to the object associated with the row.
- ACL Access Control List
- ACL access control lists define user access to files included in the card.
- the second approach consists of capacities corresponding to the columns of the MA matrix and each specifying the access rights of the subject associated with the column on the objects.
- access control relates to applet methods for multi-application smart cards of the JavaCard type in which programs in Java language have been written.
- the capacities are in the form of pointers making it possible to make calls to objects, in predetermined applets constituting subjects.
- the access rights are expressed in the form of access control rules. It is then necessary to verify and guarantee that the access rights are complete and consistent with respect to a policy, that is to say that they offer at least two properties, completeness and consistency.
- the completeness of the access right ensures that for any subject and any object, there is at least one access right specifying whether the subject is authorized or not to access the object.
- the consistency of the access rights guarantees that for any subject and any object, if several access rights to the object are defined, the access rights all specify the same type of positive or negative right.
- the completeness of access rights vis-à-vis a security policy ensures that access rights define all the rights specified by the security policy.
- the consistency of access rights vis-à-vis a policy ensures that access rights are limited to those defined by the security policy and do not define more rights.
- the completeness and consistency properties of access rights with a security policy cannot be checked. The developer in charge of defining access rights is therefore unable to verify that the specified access rights correspond to the rules of the desired security policy.
- the present invention aims to provide a method for verifying the conformity of the access rights of several subjects to several objects, such as applications in a multi-application card, with a global security policy which is implemented by the card manager who can be a different person from the developer of each application.
- This process thus guarantees the completeness and consistency of the access rights vis-à-vis a security policy: the access rights define all the rights specified by the security policy according to the completeness property, and are limited to these security policy rights depending on consistency property.
- a method for verifying a set of access rules from first elements to second elements in a data processing system each rule defining a right of a first element to perform an action on a second element, is characterized in that it comprises, a definition of security rules for the access of the first elements to the second elements, and for each operation relating to a second given element, a comparison of at least one access rule given to the second element given with the security rules so as to accept the operation when the access rule complies with all the security rules and to report the non-conformity of the operation when the access rule does not comply with one of the security rules.
- the first elements are for example subjects such as users
- the second elements are for example objects, such as applications in a multi-application smart card included in the processing system. data.
- the data processing system comprises a portable electronic object in which at least the second elements are installed, and a security means external to the portable electronic object in which the security rules are installed and which performs the comparison.
- the data processing system is a portable electronic object in which at least the second elements and the security rules are installed and which performs the comparison.
- FIG. 1 is a diagram showing a control matrix between three subjects and three objects, already commented on according to the prior art
- - Figure 2 is a schematic block diagram of a data processing system for the implementation of the conformity control method according to a first embodiment of the invention
- - Figure 3 is an algorithm of the compliance verification method according to the invention.
- An electronic data processing system as illustrated in FIG. 2 comprises a portable electronic object such as a smart card CA and a terminal TE equipped with a keyboard CL and a reader LE for reading the data in the menu.
- the CA card "chip” is a microcontroller comprising a microprocessor PR and three memories MO, MNV and MA.
- the MO type ROM memory includes an operating system OS of the card.
- the MNV memory is a non-volatile memory of the programmable and erasable type, like an EEPROM memory.
- the memory MNV contains data notably linked to the possessor and the supplier of the card and in particular AP applications constituting objects within the meaning of the invention and data linked to access to AP applications, such as access rules R and Su subjects.
- the memory MA is of the RAM type and intended in particular to receive data from the terminal TE of the card. All the components PR, MO, MNV and MA are linked together by an internal bus BU. When the card CA is inserted into the reader LE of the terminal TE, the bus BU is connected to the terminal TE through a contact link LI when the card is of the type with electrical contacts.
- a security policy defined by security rules RS relating to all the applications AP in the smart card CA is pre-stored in the terminal TE.
- the TE terminal belongs to the distributor of the smart card, which may be different from each application developer responsible for definition of access rules for at least one respective application.
- the terminal containing the security rules and verifying the compliance of the access rules with the security rules is a server connected by a telecommunications network to a reception terminal of the smart card.
- the security rules RS defining the security policy are installed in the ROM memory MO of the smart card CA which constitutes the processing system for data.
- EG ⁇ G1, ... Gp, ... GP ⁇ relating to subjects each having at least one access to the object Ob, a subject in a group having all the access rights granted to this group, and a subject that can belong to one or more groups,
- a set of access right rule ER ⁇ RI, ... Re, ... RE ⁇ with 1 ⁇ e ⁇ E governing access subjects from the set ES and groups from the set EG to the given object Ob, and a set of security rules RS applicable to all the subjects from the set giving access to the object Ob and rules from security RS1 to RSP applicable respectively to groups Gl to GP to access the object Ob.
- R (or RS) designates a right, that is to say an action such as reading, writing, execution or recording, which can be performed by any subject Su on any given object Ob
- access control is governed by the following rules of positive law:
- a first initial step ET1 defines a security policy PS which includes security rules RS which are common to all the objects 01 to OB of the set EO as well as security rules respectively for groups of subject predetermined and predetermined objects, and in particular for the groups G1 to GP associated with the given object Ob.
- the security policy is implemented in the terminal TE, or in the memory MNV of the smart card CA.
- the second initial step ET2 defines the four groups ES, EO, EG and ER to implement them in the memories MO and MNV of the smart card CA.
- the next step ET3 concerns the triggering of an operation on the given object Ob.
- This operation can be the loading of the given object Ob, for example as a new application, into the EEPROM memory MNV of the card CA, including the access rules specific to the application defined in a previous step ET2 and written in the MNV memory, or a modification of the access rule relating to the given object Ob.
- the modification of an access rule can be a deletion or an addition of an access rule relating to a subject Su or a group Gp and of course to the given object Ob.
- the operation on the given object Ob can simply be a request for right access to the object given by a subject Su or a group Gp of the type (SuROb) or (GpROb), or a modification of one or several subjects or a group having access to the given object Ob, that is to say a deletion or an addition of one or more subjects or a group.
- Verification of conformity proper by comparison of access rules relating to the object given Ob to all security rules starts at step ET4.
- this conformity check is carried out periodically, for example every twenty four hours when the smart card CA is used, or else all the M operations relating to the given object Ob, where M denotes an integer at least equal to 2 .
- all the positive and negative access rules Re relating to the given object Ob and to any subject Sq for a direct right or to any group Gp for an indirect right have their conformity checked against all security rules RS and RSp whatever the index p defined by the security policy for the object Ob, as indicated in steps ET81, ET82, ET83 and ET9 which then directly follow the step ET4 through a negative response to intermediate step ET6 or after step ET7.
- the verification of the compliance of an access rule results from a comparison of this rule with each of the security rules.
- a security rule common to all subjects and groups relating to the Ob object may be a write ban on the Ob object
- an RSp security rule for the Gp group may be an authorization to read the object given Ob by all the subjects belonging to the group Gp.
- the method distinguishes operations relating only to a subject Su, such as a request for direct access from the subject Su to the object Ob or an addition of the subject Su, in step ET5, and a operation relating only to a given group Gp, such as a request for indirect access to the given object Ob or an addition or deletion of the subject or modification of the law relating to the Gp group, as indicated in step ET6. If none of the conditions of steps ET5 and ET6 is satisfied, the method goes directly from step ET4 to step ET81 already commented on.
- step ET7 When the operation is related only to a subject Su and the object Ob, the ST5 is followed by a step in ET7 • Gp which all groups that contain the subject Su are detected.
- step ET81 is replaced by step ET82 which checks the conformity of all the positive and negative access rules relating to the given object Ob and directly to the subject Su or indirectly to the groups Gp containing the subject Su . These access rules are compared with all the common security rules RS and with the security rules RS1 to RSp and in particular relating to the group Gp in step ET9.
- steps ET7 and ET82 the method thus verifies that the capacity of a subject Su relative to the given object Ob complies with the security policy PS.
- step ET6 When the operation on the given object Ob relates only to a group of subject Gp in step ET6, all the access right rules of positive type (GpROb) and negative non (GpROb) have their conformity verified by comparison with all the common security rules RS and the security rules RS1 to RSp relating to all the groups, and particularly relating to the given group Gp, at a step ET83.
- the method verifies that the access control list concerning all the access rights of the subjects in a given group Gp is in accordance with the security policy PS.
- step ET81, or ET82 or ET83 If after the step ET81, or ET82 or ET83, the compared access rules do indeed comply with the security rules, the operation requested in step ET3 is accepted in step ET10, and the method returns to step - ET3 for a conformity check relating to another operation on the Ob object, or to an operation on another object.
- step ET11 refuses the operation requested in step ET3, and the method then returns to step ET3.
- the refusal of the operation requested in step ET11 may be accompanied by a rejection of the smart card CA, or a deletion of the access right rule or rules which did not comply with the rules of security.
- step ET1 defines two security rules RS1 and RS2.
- the group Gl is not authorized to write on the objects of the set EO, and therefore including on the given object Ob.
- group G2 is not authorized to read objects from the EO assembly.
- steps ET6 and ET83 of the method according to FIG. 3 are carried out.
- a Gl group read access request appear in step ET9 a conformity for the subject SI belonging only to the group Gl between the read access rule of the group Gl and the security rule in prohibition of writing of the group Gl, and a conformity for the subject S3 between the group G2 write access right rule and the group G2 read prohibition security rule.
- step ET9 signals a lack of conformity for the subject S2 which belongs to both the groups Gl and G2.
- the read access right rule relating to the group Gl does not comply with the read prohibition security rule for the group G2, and the write access right rule for the group.
- G2 does not comply with the Gl group write security prohibition rule.
- the step ET11 then proceeds to the removal of the read and write access rights of the subject S2 which retains only the access right in execution in common with the other subjects SI and S3.
- FIG. 3 relates to the conformity of operations on a given object Ob, more generally, any operation relating to any of the objects 01 to OB of the set EO can cause a verification of conformity general of all access control lists and capacities relating to all objects 01 to OB in relation to all the security rules of the security policy. Such a general compliance check is preferably carried out at least during the commissioning and personalization of the CA smart card.
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Computer Networks & Wireless Communication (AREA)
- Accounting & Taxation (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0103486 | 2001-03-13 | ||
FR0103486A FR2822256B1 (en) | 2001-03-13 | 2001-03-13 | VERIFICATION OF CONFORMITY OF ACCESS TO OBJECTS IN A DATA PROCESSING SYSTEM WITH A SECURITY POLICY |
PCT/FR2002/000844 WO2002073552A1 (en) | 2001-03-13 | 2002-03-08 | Verification of access compliance of subjects with objects in a data processing system with a security policy |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1371035A1 true EP1371035A1 (en) | 2003-12-17 |
Family
ID=8861128
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP02713020A Ceased EP1371035A1 (en) | 2001-03-13 | 2002-03-08 | Verification of access compliance of subjects with objects in a data processing system with a security policy |
Country Status (5)
Country | Link |
---|---|
US (1) | US20040172370A1 (en) |
EP (1) | EP1371035A1 (en) |
CN (1) | CN1507608B (en) |
FR (1) | FR2822256B1 (en) |
WO (1) | WO2002073552A1 (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040139021A1 (en) | 2002-10-07 | 2004-07-15 | Visa International Service Association | Method and system for facilitating data access and management on a secure token |
DE60329162C5 (en) * | 2003-03-03 | 2016-08-11 | Nokia Technologies Oy | Security element control method and mobile terminal |
EP1622009A1 (en) * | 2004-07-27 | 2006-02-01 | Texas Instruments Incorporated | JSM architecture and systems |
US20060047826A1 (en) * | 2004-08-25 | 2006-03-02 | International Business Machines Corp. | Client computer self health check |
EP1927956A1 (en) * | 2006-11-30 | 2008-06-04 | Incard SA | Multi-applications IC Card with secure management of applications |
US8881240B1 (en) * | 2010-12-06 | 2014-11-04 | Adobe Systems Incorporated | Method and apparatus for automatically administrating access rights for confidential information |
CN108073801A (en) * | 2016-11-10 | 2018-05-25 | 北京国双科技有限公司 | Right management method and device |
FR3077150B1 (en) * | 2018-01-23 | 2020-11-20 | Idemia France | METHOD OF CHECKING THE RULES OF DEPENDENCY OF OBJECTS UPDATED IN A MICROCIRCUIT, AND CORRESPONDING DEVICE |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5220604A (en) * | 1990-09-28 | 1993-06-15 | Digital Equipment Corporation | Method for performing group exclusion in hierarchical group structures |
FR2673476B1 (en) * | 1991-01-18 | 1996-04-12 | Gemplus Card Int | SECURE METHOD FOR LOADING MULTIPLE APPLICATIONS INTO A MICROPROCESSOR MEMORY CARD. |
FR2687816B1 (en) * | 1992-02-24 | 1994-04-08 | Gemplus Card International | METHOD FOR PERSONALIZING A CHIP CARD. |
FR2748834B1 (en) * | 1996-05-17 | 1999-02-12 | Gemplus Card Int | COMMUNICATION SYSTEM ALLOWING SECURE AND INDEPENDENT MANAGEMENT OF A PLURALITY OF APPLICATIONS BY EACH USER CARD, USER CARD AND CORRESPONDING MANAGEMENT METHOD |
US6158010A (en) * | 1998-10-28 | 2000-12-05 | Crosslogix, Inc. | System and method for maintaining security in a distributed computer network |
US6779113B1 (en) * | 1999-11-05 | 2004-08-17 | Microsoft Corporation | Integrated circuit card with situation dependent identity authentication |
US7225460B2 (en) * | 2000-05-09 | 2007-05-29 | International Business Machine Corporation | Enterprise privacy manager |
US7114168B1 (en) * | 2000-09-29 | 2006-09-26 | Intel Corporation | Method and apparatus for determining scope of content domain |
-
2001
- 2001-03-13 FR FR0103486A patent/FR2822256B1/en not_active Expired - Fee Related
-
2002
- 2002-03-08 WO PCT/FR2002/000844 patent/WO2002073552A1/en not_active Application Discontinuation
- 2002-03-08 US US10/471,566 patent/US20040172370A1/en not_active Abandoned
- 2002-03-08 CN CN02809455.7A patent/CN1507608B/en not_active Expired - Lifetime
- 2002-03-08 EP EP02713020A patent/EP1371035A1/en not_active Ceased
Non-Patent Citations (1)
Title |
---|
DREYER L C J ET AL: "A workbench for privacy policies", COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE, 1998. COMPSAC '98. PROC EEDINGS. THE TWENTY-SECOND ANNUAL INTERNATIONAL VIENNA, AUSTRIA 19-21 AUG. 1998, LOS ALAMITOS, CA, USA,IEEE COMPUT. SOC, US, 19 August 1998 (1998-08-19), pages 350 - 355, XP010305456, ISBN: 978-0-8186-8585-9, DOI: 10.1109/CMPSAC.1998.716679 * |
Also Published As
Publication number | Publication date |
---|---|
US20040172370A1 (en) | 2004-09-02 |
FR2822256B1 (en) | 2003-05-30 |
CN1507608A (en) | 2004-06-23 |
CN1507608B (en) | 2010-04-28 |
FR2822256A1 (en) | 2002-09-20 |
WO2002073552A1 (en) | 2002-09-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1766588B1 (en) | Security module component | |
FR2748834A1 (en) | COMMUNICATION SYSTEM ALLOWING SECURE AND INDEPENDENT MANAGEMENT OF A PLURALITY OF APPLICATIONS BY EACH USER CARD, USER CARD AND CORRESPONDING MANAGEMENT METHOD | |
FR2800480A1 (en) | Security system for protection of files in smart cards, uses rules sets for file access to maintain both confidentiality and integrity of data by controlling access and file operations | |
FR2686170A1 (en) | MEMORY CARD FOR MICROCOMPUTER. | |
CN100377024C (en) | Method and system for acquiring resource usage log and computer product | |
EP1371035A1 (en) | Verification of access compliance of subjects with objects in a data processing system with a security policy | |
FR2820848A1 (en) | DYNAMIC MANAGEMENT OF LIST OF ACCESS RIGHTS IN A PORTABLE ELECTRONIC OBJECT | |
CN114244598B (en) | Intranet data access control method, device, equipment and storage medium | |
WO2002005511A1 (en) | Security module | |
FR2833374A1 (en) | METHOD AND DEVICE FOR CONTROLLING ACCESS IN AN ONBOARD SYSTEM | |
CN111245620B (en) | Mobile security application architecture in terminal and construction method thereof | |
EP1368716B1 (en) | Anti-cloning method | |
FR2757972A1 (en) | METHOD FOR SECURING A SECURITY MODULE, AND RELATED SECURITY MODULE | |
EP2336938B1 (en) | Method for controlling access to a contactless interface in an integrated circuit with double communication interface, with and without contact | |
CA2324303A1 (en) | Chip card reader telecommunication terminal | |
FR2923041A1 (en) | METHOD OF OPENING SECURED TO THIRDS OF A MICROCIRCUIT CARD. | |
EP3336789B1 (en) | Method for accessing shared data in a file tree structure managed by a file system using a legacy mechanism | |
EP1609326A2 (en) | Method of protecting a mobile-telephone-type telecommunication terminal | |
EP3648491B1 (en) | Multi-configuration secure element and associated method | |
FR3062501A1 (en) | METHOD FOR SECURING ELECTRONIC OPERATION | |
FR2822257A1 (en) | VERIFICATION OF THE CONSISTENCY OF CONDITIONS OF ACCESS OF SUBJECTS TO OBJECTS IN A DATA PROCESSING MEANS | |
EP2812864B1 (en) | Payment system, payment terminal of said system, and associated payment method | |
EP2280380A1 (en) | Method for customising an electronic entity, and electronic entity implementing this method | |
FR2789774A1 (en) | Security module for secure comparison of an authentication code with one stored in memory has additional auxiliary registers in which randomly chosen data words are placed for use in authenticating the code in the main registers | |
WO2003065181A1 (en) | Method for controlling the use of digital contents by means of a security module or a chipcard comprising said module |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20031013 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR |
|
AX | Request for extension of the european patent |
Extension state: AL LT LV MK RO SI |
|
RIN1 | Information on inventor provided before grant (corrected) |
Inventor name: PAULIAC, MIREILLE Inventor name: BIDAN, CHRISTOPHE |
|
17Q | First examination report despatched |
Effective date: 20061204 |
|
17Q | First examination report despatched |
Effective date: 20061204 |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: GEMALTO SA |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R003 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
18R | Application refused |
Effective date: 20130605 |