EP1810472A1 - Method and adapted terminal device for secure session transfer - Google Patents

Method and adapted terminal device for secure session transfer

Info

Publication number
EP1810472A1
EP1810472A1 EP04790729A EP04790729A EP1810472A1 EP 1810472 A1 EP1810472 A1 EP 1810472A1 EP 04790729 A EP04790729 A EP 04790729A EP 04790729 A EP04790729 A EP 04790729A EP 1810472 A1 EP1810472 A1 EP 1810472A1
Authority
EP
European Patent Office
Prior art keywords
terminal device
security
session
policies
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP04790729A
Other languages
German (de)
French (fr)
Inventor
Thomas Walter
Christian Schaefer
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NTT Docomo Inc
Original Assignee
NTT Docomo Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NTT Docomo Inc filed Critical NTT Docomo Inc
Publication of EP1810472A1 publication Critical patent/EP1810472A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/08Upper layer protocols
    • H04W80/10Upper layer protocols adapted for application session management, e.g. SIP [Session Initiation Protocol]

Definitions

  • the present invention relates to a method for transferring a session from a source terminal device to a target terminal device in a ubiquitous computing environment and terminal devices adapted to carry out said method.
  • the present invention relates to ubiquitous computing environments which are designed to provide users utilizing terminal devices with "anytime, anywhere, any platform” access to computing services as they move through the physical world.
  • One specific goal to be achieved is to allow applications to seamlessly follow the user around a number of terminal devices, especially mobile devices.
  • Several solutions have been discussed to provide migration on application level, i.e. the ability to move an application and its state from one terminal device to another.
  • the invention relates to terminal devices, for example personal computers, laptop computers, notebook computers, personal digital assistants (PDA) , mobile phones etc., which can be connected to a network or server via a communication channel which may be a wireless communication channel, for example WLAN or Bluetooth.
  • a user may utilize a terminal device to perform tasks, for example in a business environment.
  • the user accesses corporation resources by running a business application on the terminal device.
  • the business application is installed on the terminal device together with additional software, for example an operating system, communication middleware and specific software libraries, especially security related libraries.
  • additional software is required for setting up a connection to the corporate network and servers and for running the business application.
  • an application executes on a terminal device as a process on top of the additional software, especially the communication middleware.
  • the user By starting an application on a terminal device, the user initiates a session, which can be understood as the meaningful context of an executed application or application process since the application executes on the basis of specific data and variables related to the task performed by the user of the terminal device. At any time the state of an application process can be determined on the basis of data structures and variables as well as assigned values.
  • security is achieved in a process of transferring a session from a source terminal device to a target terminal device.
  • the security context is observed not only during the execution of an application on a terminal device but also during the transfer of a session from one terminal device to the other.
  • Fig. 1 shows a schematic diagram illustrating elements of a computing environment according to a first embodiment of the invention
  • Fig. 2 shows a diagram illustrating steps of a session transfer according to a first embodiment of the invention
  • Fig. 3 shows a schematic diagram illustrating elements of a computing environment according to a second embodiment of the invention
  • Fig. 4 shows a block diagram illustrating security policies according to the invention
  • Fig. 5 shows a diagram illustrating steps of a session transfer according to a second embodiment of the invention
  • Fig. ⁇ shows a block diagram illustrating software components according to a second embodiment of the invention.
  • Fig. 7 shows a schematic diagram illustrating elements of a computing environment according to a third embodiment of the invention
  • Fig. 8 shows a diagram illustrating steps of a session transfer according to a third embodiment of the invention
  • Fig. 9 shows a diagram illustrating steps of a negotiating step of a session transfer according to a third embodiment of the invention.
  • Fig. 10 shows a diagram illustrating further steps of a negotiating step of a session transfer according to a third embodiment of the invention.
  • Fig. 11 shows a diagram illustrating still further steps of a negotiating step of a session transfer according to a third embodiment of the invention.
  • a user utilizes a first terminal device Ia to run an application 2 in a networked environment .
  • the first terminal device Ia is linked to the network 3 via a communication channel 4a.
  • Session security is achieved by means of security policies 5 which are specified for the respective application 2 so that the application 2 can only be used when the security policies 5 are observed, creating a specific security context for the application.
  • the user desires to continue with the current task on a second terminal device Ib, which is linked to the network 3 via a communication channel 4b, the user initiates a session transfer that will transfer the session currently present on the first terminal device Ia, i.e. the source terminal device, to the second terminal device Ib, i.e. the target terminal device.
  • the user can continue with the current task on the second terminal device Ib since the respective application 2 in its state at the time of transfer initiation, i.e. the current session, and in its required security context will have been established on the second terminal device Ib.
  • the security requirements are taken into consideration during session transfer as will be described in the following with reference to Figure 2.
  • a STEP 1 of the session transfer process the security policies relating to the application of the session to be transferred are evaluated on the source terminal device to determine whether a session transfer is allowed or not. If it is confirmed that the security policies of the application allow that a session transfer can take place, the session transfer process continues to accomplish STEP 2. Otherwise the session transfer process discontinues.
  • the security policies are evaluated on said source terminal device to determine security constraints of the session to be transferred.
  • STEP 3 of the session transfer process the source terminal device negotiates the security constraints with the target device, preferably after having established a secure communication channel to said target terminal device. The negotiating step serves the purpose to ensure that a security context of at least the same strictness can be provided on the target terminal device.
  • the session transfer process continues to accomplish STEP 4. Otherwise the session transfer process discontinues.
  • the respective security context is established on said target terminal device, preferably on the basis of the security related information exchanged with the source terminal device during the step of negotiating security constraints.
  • the session is transferred from said source device to said target device. Basically, the steps that need to be performed for actually transferring the session comprise the capturing of the current state of the session on the. source terminal device and transferring the state to the target terminal device where the information is used to establish the session on the target device.
  • policies provide a high degree of flexibility because they can be tailored to the specific requirements of a particular application. Given a formal syntax, policies are precisely specified and can be enforced by a supporting software framework. According to the invention, enforcement in the context of session transfer implies that security constraints (defined by security policies) are negotiated between terminal devices and that a consistent set of security services and mechanisms is established on the target device, consistent with respect to security services and mechanisms applicable on the source device.
  • a source terminal device Ia is equipped with software to enable a user to perform a desired task in a network environment.
  • the software comprises an operating system, communications middleware, specific libraries, e.g. security libraries, and at least one application.
  • the operating system comprises software components which are required for the terminal device to perform basic operations and to provide basic functions for a user.
  • the communications middleware comprises software components that manage applications and other co-located terminal devices. Co-located terminal devices are considered to comprise terminal devices which are also connected to the network and are therefore available as target terminal devices.
  • the applications comprise software to perform a desired task, • like for example business applications, which enable a user of the terminal device to perform business tasks in a corporate environment. Business applications may be separated into business logic, i.e.
  • Security logic i.e. means to protect corporate assets.
  • Security logic is defined in terms of security policies.
  • security policies may be defined during or after application development and integration and may be bundled with an application when the application is installed within the corporate network or on a terminal device.
  • security policies comprise four types of security policies, namely authorization policies, configuration policies, delegation policies and federation policies.
  • authorization policies namely authorization policies, configuration policies, delegation policies and federation policies.
  • configuration policies namely authorization policies, configuration policies, delegation policies and federation policies.
  • federation policies namely authorization policies, configuration policies, delegation policies and federation policies.
  • the respective domains - corporate network and terminal device - and the logical relationship between policies are shown in Figure 4.
  • Authorization policies typically exist within a corporate network and control the access to resources within the network.
  • Configuration policies reflect the authorization policies of the corporate network within the domain of the terminal device user and describe the security services and capabilities required before authorization to the corporate network.
  • a policy set comprised of configuration, delegation and federation policies is installed with an application. The security context is set up if the application is being executed.
  • Delegation policies define the rules on the basis of which the functionality of an application assigned to one user (e.g. sales manager) may be delegated to another user (e.g. another sales-department manager) .
  • Authorization certificates as described further below, are preferably used in this context.
  • federation policies provide assertions regarding the validity of devices to be included in such assignment.
  • Trust certificates are the preferred containers that store and certify attribute information on devices, which are asserted according to federation policies.
  • configuration policies, delegation policies and federation policies are referred to as a policy set.
  • certificates are signed data items.
  • public-key certificates the present example according to the invention uses authorization certificates and trust certificates.
  • authorization certificates are used for delegation policy enforcement and trust certificates are used for federation policy enforcement.
  • Authorization certificates are linked to users and reflect the role and the rights of the user in the corporate environment, i.e. authorization certificates are role-based. For instance, an employee in the role of a salesperson may have access to the customer address database and his or her personal schedule. A user in the role of a sales department manager has the right to access an order database, to perform approval of orders and to revise budget figures. The sales manager may also be entitled to delegate certain task, e.g. the task of approving orders.
  • trust certificates are assigned to terminal devices. If the trust certificate proves that the terminal device is trustworthy then application and data may be delegated and transferred to said terminal device.
  • the source terminal device Ia is connected to a network 3 via a communication channel 4a.
  • access to the network 3 is granted through a firewall 6.
  • a user of the source terminal device Ia utilizes an application 2 executed on the source terminal device Ia in the framework of the security policies so that the user has controlled access to, for example, the databases A and B being part of the corporate network 3. If the user wishes to continue performing the current task on a target terminal device Ib, which is linked to the network 3 via a communication channel 4b, a process of transferring the current session from the source terminal device to the target terminal device Ib is initiated.
  • a STEP 1.1 the security requirements as expressed in a policy set relating to the application of the current task are evaluated.
  • delegation policies and federation policies define whether and in which context the application and therefore the current session can be transferred.
  • the policies are evaluated to determine whether a session transfer is generally allowed, both with respect to the user as well as with respect to the terminal device. The process terminates if a session transfer is not allowed.
  • the security policies are evaluated to determine security constraints defined by the security policies of the application.
  • a communication channel is established to connect the source terminal device and the target terminal device. The communication channel created may be set up directly between the terminal devices or may be established via the network.
  • a STEP 1.4 the security constraints are negotiated between the source terminal device and the target terminal device to determine whether a security context of similar or higher strictness can be established on the target terminal device. Only if this is possible, a respective security context is established on the target terminal device in a STEP 1.5, preferably on the basis of the application to be executed on the target terminal device. Alternatively or in addition, the information exchanged during the step of negotiating the security constraints can be included. Still further, it is possible to take into consideration also the security policy send from the source terminal device to the target terminal device in the step of negotiating security constraints. In a STEP 1.6 the session is transferred from the source terminal device to the target terminal device. Details have been described above and reference is made accordingly.
  • the evaluation of the policy set is performed by a refined communication middleware.
  • the communication middleware supports the (business) application and preferably comprises an application management component, a federation management component, a security library and network control component.
  • the application management component is the interface of the (business) application to the communication middleware.
  • This component maintains state information describing at least partly the current state of applications and provides access to the network environment via network control.
  • the network environment includes co-located terminal devices as well as corporate servers to which the terminal device is or can be connected.
  • Application management is also concerned with security policy management and enforcement.
  • the federation management component performs tasks under the control of the application management component. If an application requests access to a server or to a co-located terminal device, federation management is involved to process the request. In doing so, it queries the network environment for other terminal devices and servers, checks their capabilities, and negotiates security services available on terminal devices and servers.
  • the security library component of the present example provides • interfaces to security services.
  • Security services are implementations of cryptographic operations, such as en- and decryption algorithms, message authentication codes, etc., but as well cryptographic data structures such as keys, certificates, etc.
  • the network control component provides handles to an underlying transport and network layer. These handles implement input and output channels, which may be similar to sockets or remote procedure calls or any other communications support leveraged on the respective platform of the terminal devices or the network environment.
  • security policies linked to the specific application generate a security context -when they are applied by the application management component, advantageously making use of the security libraries.
  • the security context is enforced preferably via the network control component. It is essential to understand that every execution of an application on a terminal device implies that the security policies of the specific application are taken into account and observed.
  • the security policies given in a formal syntax, are parsed by a policy manager sub ⁇ component of the application manager component mentioned above.
  • the sub-component also ensures in the present example that the integrity of policies is checked, for example by checking signatures associated with policies, and that the security context is implemented.
  • the security context comprises an ordered list of security services invocations .
  • Security services are maintained in the security library deployed on the terminal device.
  • the policy manager sub-component identifies the required security services from the policy specification, checks for a possible binding to a security service and, if a binding can be established, includes the security service invocation in the security context.
  • security policy enforcement can be performed by the application management component and federation management component. Policy enforcement implementation ensures that the behaviour of a terminal device running an application complies with the requirements defined in the security policies. Basically, policy enforcement takes place when data is sent or received via the network control component. Additionally, policy enforcement takes place when federation management sets up communication to co-located terminal devices.
  • the present example relates to an environment in which mobile terminal devices Ia and Ib are used to perform tasks on the basis of applications 2, which may comprise business applications, providing access to a network 3, which may be a corporate network.
  • applications 2 which may comprise business applications, providing access to a network 3, which may be a corporate network.
  • a user wishes to perform a specific task in the computing environment shown in Figure 7, he or she utilizes an application 2, which is executed on a first mobile terminal device Ia. For the present example, it is assumed, that subsequently the user decides to continue with the current task on a second mobile terminal device Ib. The process of transferring the respective session from the source mobile terminal device Ia to the target mobile terminal device Ib will be described further below.
  • the terminal devices are equipped with all software required for enabling the user to perform the desired task in the networked computing environment.
  • the software of the mobile terminal devices comprises an operating system, communications middleware, specific libraries, especially security libraries, and at least one application.
  • security policies 5 are defined which relate to specific applications 2, respectively, for establishing a security context whenever a user utilizes the mobile terminal device to perform a specific task.
  • the communication channels Aa and 4b between the mobile terminal devices Ia and Ib and the network 3 are wireless communication channels, like for example WLAN or Bluetooth.
  • the mobile terminal devices Ia and Ib communicate directly via a further wireless communication channel 4c.
  • the conditions for a session transfer are determined by evaluating security policies related to the application of the current session to be transferred. Specifically, the security context is evaluated whether a transfer of the session is generally allowed. If the security policies comprise delegation policies and federation policies, as described further above, it is preferred that in STEP 10.1 the delegation policies as well as the federation policies are evaluated to determine whether for the related application a session transfer is allowed. If session transfer is not allowed, the process terminates as shown in Figure 8.
  • the source mobile terminal device Ia identifies co-located mobile terminal devices, preferably by using the wireless communication channel 4c. Thereby, a direct communication can be established between the source mobile terminal device Ia and any other mobile terminal device avoiding the network 3.
  • communication channels 4a and 4b may be used for communication via the network 3.
  • the further above mentioned federation management components which form part of the communications middleware of the terminal devices, are arranged to discover and subsequently provide communication with other terminal devices. If no terminal device is found the process terminates as shown in Figure 8.
  • a secure communication channel is established. Thereafter, the two terminal devices are connected to communicate in a protected environment, for example using a standard encryption protocol like SSL. A secure connection is required to negotiate which security context can and has to be established on the target mobile terminal device.
  • the trustworthiness of the target mobile terminal , device is approved, for example on the basis of certificates as mentioned further above. If the trustworthiness cannot be confirmed, the process terminates as shown in Figure 8. '
  • the process continues to accomplish STEP 10.5 according to which the two mobile devices negotiate the security context. Details of the negotiating step will be described with reference to Figure 9 further below. In general, four negotiation acceptance modes are defined in this example of the invention.
  • the security context can be fully reconfigured on the target terminal device.
  • the security context requires that the user makes some changes in order to reach acceptance.
  • the security context is automatically, i.e. without user interference, adjusted to reach acceptance level.
  • the user may or may not be informed about the adjustment.
  • the security context is determined unacceptable.
  • the process step of negotiating the security context is performed in the present example as follows.
  • the source device sends a message SESSION_OBLIGATION to the target device.
  • the message SESSION_OBLIGATION comprises information regarding the actual security context of the source device, for example the policy set in use on the source device.
  • the target device checks the security requirements and sends a message SESSION_CONFIRM if it can fulfil the security requirements. In this case, the source device returns a message SESSION_CONFIRM to the target device.
  • the negotiating step terminates, after having established that a session transfer is possible, and the process continues as shown in Figure 8.
  • the target device if it cannot fulfil the security requirements it sends a message SESSION_SECURITY_NEGOTIATION to the source device.
  • the source device then sends a message SESSION_SECURITY_POSSIBILITIES.
  • the message SESSION_SECURITY_POSSIBILITIES includes a list of non- negotiable security items, plus a list of negotiable security items where some alternatives are given to the preferred context.
  • the target device checks the received options and if there are no matches, the target device sends a message SESSION_DISABLE and the negotiating step continues as shown in Figure 10, i.e. the negotiating step terminates unsuccessfully.
  • the target device checks the received options and if there are matches, the target device sends a message SESSION_SECURITY_POSSIBILITIES with the non-negotiable security items and a suitable combination of the negotiable security item to the source device.
  • the source device checks the suggestion and sends a message SESSION_CONFIRM if the check is positive. Thereafter, the negotiating step terminates after having established that a session transfer is possible.
  • the check result on the source device is negative the source device sends a message SESSION_DISABLE to the target device and the negotiating step continues as shown in Figure 11, i.e. the negotiating step terminates unsuccessfully.
  • the current state of the session on the source device is captured, i.e. all information required to establish the session on the target device are determined.
  • the information concerning the current session state is transferred to the target device, as shown in STEP 10.7, and the session is established on the .target device, as indicated in STEP 10.8.
  • terminal devices in order to be used for carrying out the invention as either a source terminal device or a target terminal device, need to be arranged to comprise means for determining whether a session transfer is allowed, means for determining the security constraints of the session to be transferred, means for negotiating said security constraints, means for establishing a respective security context, and means of transferring the session.
  • the above means are implemented as software executed on said terminal devices.
  • terminal devices are mobile terminal devices, a wireless communication channel is advantageous.
  • the terminal devices are preferably capable to establish a secure communication channel.

Abstract

The invention provides a method and a process for transferring a session from a source terminal device to a target terminal device taking into consideration security requirements defined for a specific application by means of security policies. A session transfer is only performed if a security context of similar or higher strictness can be established on the target terminal device.

Description

Method and adapted terminal device for secure session transfer
FIELD OF THE INVENTION
The present invention relates to a method for transferring a session from a source terminal device to a target terminal device in a ubiquitous computing environment and terminal devices adapted to carry out said method.
BACKGROUND OF THE INVENTION
The present invention relates to ubiquitous computing environments which are designed to provide users utilizing terminal devices with "anytime, anywhere, any platform" access to computing services as they move through the physical world. One specific goal to be achieved is to allow applications to seamlessly follow the user around a number of terminal devices, especially mobile devices. Several solutions have been discussed to provide migration on application level, i.e. the ability to move an application and its state from one terminal device to another.
More specifically, the invention relates to terminal devices, for example personal computers, laptop computers, notebook computers, personal digital assistants (PDA) , mobile phones etc., which can be connected to a network or server via a communication channel which may be a wireless communication channel, for example WLAN or Bluetooth. A user may utilize a terminal device to perform tasks, for example in a business environment. In order to perform the desired business task the user accesses corporation resources by running a business application on the terminal device. Typically, the business application is installed on the terminal device together with additional software, for example an operating system, communication middleware and specific software libraries, especially security related libraries. The additional software is required for setting up a connection to the corporate network and servers and for running the business application. After having been started by a user who desires to perform a specific task, an application executes on a terminal device as a process on top of the additional software, especially the communication middleware.
By starting an application on a terminal device, the user initiates a session, which can be understood as the meaningful context of an executed application or application process since the application executes on the basis of specific data and variables related to the task performed by the user of the terminal device. At any time the state of an application process can be determined on the basis of data structures and variables as well as assigned values.
If the user desires to change the terminal device he or she is using, for example because after having started to work on his or her task using a PDA he or she wishes to continue the task on a laptop computer, it should be possible in the above mentioned ubiquitous computing environment to transfer the session to the desired terminal device. Different ways of transferring a session from a source terminal device to a target terminal device are known in the prior art, for example Erik Skow, Jiejun Kong, Thomas Phan, Fred Cheng, Richard Guy, Rajive Bagrodia, Mario Gerla, and Songwu Lu: "A Security Architecture for Application Session Handoff", International Conference on Communications (ICC 2002), April 28 - May 2, 2002 and K. Kaneko, H. Morikawa, and T. Aoyama: "Session Layer Mobility Support for 3C Everywhere Environments", Proceeding of the Sixth International Symposium on Wireless Personal Multimedia Communications (WPMC 2003), vol.2, pp.347-351, Yokosuka, Japan, October 2003. Being generally known in the art, these solutions shall not be described here in any greater detail. Basically, in order to perform a session transfer, the state of the executed application is captured on the source terminal device and transferred to the target device.
Typically, access to corporate networks and servers is only granted under specific security requirements defined in security policies providing a high degree of flexibility. Recent solutions propose to define security policies according to the specific security requirements of a particular application. Policies can be precisely specified and can be enforced by a supporting software framework, thereby creating a security context for a specific application as used by a specific user.
SUMMARY OF THE INVENTION
Against the above background it is an object of the present invention to provide a method for transferring a session having a security context from a source terminal device to a target terminal device in a ubiquitous computing environment, as well as adapted terminal devices to carry out said method.
It is a further object of the present invention to provide a method enabling a user of terminal devices in a ubiquitous computing environment, wherein said computing environment comprises a security context, to continue a task currently performed on a source terminal device to a target terminal device.
The above and other objects are achieved by a method as described in claim 1 and a process as defined in claim 11. Further, the object is achieved by terminal devices according to claims 19 and 20. Advantageous embodiments of the invention are disclosed in the subclaims.
According to the solution of the present invention, security is achieved in a process of transferring a session from a source terminal device to a target terminal device. The security context is observed not only during the execution of an application on a terminal device but also during the transfer of a session from one terminal device to the other.
BRIEF DESCRIPTION OF THE DRAWINGS
Fig. 1 shows a schematic diagram illustrating elements of a computing environment according to a first embodiment of the invention;
Fig. 2 shows a diagram illustrating steps of a session transfer according to a first embodiment of the invention;
Fig. 3 shows a schematic diagram illustrating elements of a computing environment according to a second embodiment of the invention;
Fig. 4 shows a block diagram illustrating security policies according to the invention;
Fig. 5 shows a diagram illustrating steps of a session transfer according to a second embodiment of the invention;
Fig. β shows a block diagram illustrating software components according to a second embodiment of the invention;
Fig. 7 shows a schematic diagram illustrating elements of a computing environment according to a third embodiment of the invention; Fig. 8 shows a diagram illustrating steps of a session transfer according to a third embodiment of the invention;
Fig. 9 shows a diagram illustrating steps of a negotiating step of a session transfer according to a third embodiment of the invention;
Fig. 10 shows a diagram illustrating further steps of a negotiating step of a session transfer according to a third embodiment of the invention; and
Fig. 11 shows a diagram illustrating still further steps of a negotiating step of a session transfer according to a third embodiment of the invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
In the following an example of a process of transferring a session from a source terminal device to a target terminal device in a ubiquitous computing environment will be described with reference to Figures 1 and 2. The example process utilizes the method of the present invention.
As shown in Figure 1, a user utilizes a first terminal device Ia to run an application 2 in a networked environment . The first terminal device Ia is linked to the network 3 via a communication channel 4a. Session security is achieved by means of security policies 5 which are specified for the respective application 2 so that the application 2 can only be used when the security policies 5 are observed, creating a specific security context for the application. If the user desires to continue with the current task on a second terminal device Ib, which is linked to the network 3 via a communication channel 4b, the user initiates a session transfer that will transfer the session currently present on the first terminal device Ia, i.e. the source terminal device, to the second terminal device Ib, i.e. the target terminal device. After session transfer the user can continue with the current task on the second terminal device Ib since the respective application 2 in its state at the time of transfer initiation, i.e. the current session, and in its required security context will have been established on the second terminal device Ib. According to the invention the security requirements are taken into consideration during session transfer as will be described in the following with reference to Figure 2.
According to a STEP 1 of the session transfer process, the security policies relating to the application of the session to be transferred are evaluated on the source terminal device to determine whether a session transfer is allowed or not. If it is confirmed that the security policies of the application allow that a session transfer can take place, the session transfer process continues to accomplish STEP 2. Otherwise the session transfer process discontinues. In STEP 2 of the session transfer process the security policies are evaluated on said source terminal device to determine security constraints of the session to be transferred. In STEP 3 of the session transfer process the source terminal device negotiates the security constraints with the target device, preferably after having established a secure communication channel to said target terminal device. The negotiating step serves the purpose to ensure that a security context of at least the same strictness can be provided on the target terminal device. If the required security context can be provided on the target terminal device the session transfer process continues to accomplish STEP 4. Otherwise the session transfer process discontinues. In STEP 4 of the process, the respective security context is established on said target terminal device, preferably on the basis of the security related information exchanged with the source terminal device during the step of negotiating security constraints. In STEP 5 of the session transfer process, the session is transferred from said source device to said target device. Basically, the steps that need to be performed for actually transferring the session comprise the capturing of the current state of the session on the. source terminal device and transferring the state to the target terminal device where the information is used to establish the session on the target device.
It should be noted that application oriented security policies provide a high degree of flexibility because they can be tailored to the specific requirements of a particular application. Given a formal syntax, policies are precisely specified and can be enforced by a supporting software framework. According to the invention, enforcement in the context of session transfer implies that security constraints (defined by security policies) are negotiated between terminal devices and that a consistent set of security services and mechanisms is established on the target device, consistent with respect to security services and mechanisms applicable on the source device.
In the following a more specific example of a process of transferring a session from a source terminal device to a target terminal device in a ubiquitous computing environment, said example process utilizing the method of the present invention, will be described with reference to Figures 3 to β.
In the example of Figure 3, a source terminal device Ia is equipped with software to enable a user to perform a desired task in a network environment. The software comprises an operating system, communications middleware, specific libraries, e.g. security libraries, and at least one application. The operating system comprises software components which are required for the terminal device to perform basic operations and to provide basic functions for a user. The communications middleware comprises software components that manage applications and other co-located terminal devices. Co-located terminal devices are considered to comprise terminal devices which are also connected to the network and are therefore available as target terminal devices. The applications comprise software to perform a desired task, • like for example business applications, which enable a user of the terminal device to perform business tasks in a corporate environment. Business applications may be separated into business logic, i.e. business transactions, and security logic, i.e. means to protect corporate assets. Security logic is defined in terms of security policies. For example, security policies may be defined during or after application development and integration and may be bundled with an application when the application is installed within the corporate network or on a terminal device.
In the present example, security policies comprise four types of security policies, namely authorization policies, configuration policies, delegation policies and federation policies. The respective domains - corporate network and terminal device - and the logical relationship between policies are shown in Figure 4.
Authorization policies typically exist within a corporate network and control the access to resources within the network. Configuration policies reflect the authorization policies of the corporate network within the domain of the terminal device user and describe the security services and capabilities required before authorization to the corporate network. A policy set comprised of configuration, delegation and federation policies is installed with an application. The security context is set up if the application is being executed. Delegation policies define the rules on the basis of which the functionality of an application assigned to one user (e.g. sales manager) may be delegated to another user (e.g. another sales-department manager) . Authorization certificates, as described further below, are preferably used in this context. Since one application may require that another application on a different device performs a subtask, federation policies provide assertions regarding the validity of devices to be included in such assignment. Trust certificates, as described further below, are the preferred containers that store and certify attribute information on devices, which are asserted according to federation policies. In the present example, configuration policies, delegation policies and federation policies are referred to as a policy set.
In general, certificates are signed data items. Besides public-key certificates, the present example according to the invention uses authorization certificates and trust certificates.
In the present example, authorization certificates are used for delegation policy enforcement and trust certificates are used for federation policy enforcement. Authorization certificates are linked to users and reflect the role and the rights of the user in the corporate environment, i.e. authorization certificates are role-based. For instance, an employee in the role of a salesperson may have access to the customer address database and his or her personal schedule. A user in the role of a sales department manager has the right to access an order database, to perform approval of orders and to revise budget figures. The sales manager may also be entitled to delegate certain task, e.g. the task of approving orders.
In the present example, trust certificates are assigned to terminal devices. If the trust certificate proves that the terminal device is trustworthy then application and data may be delegated and transferred to said terminal device.
As further shown in Figure 3, the source terminal device Ia is connected to a network 3 via a communication channel 4a. In this example, access to the network 3 is granted through a firewall 6. While performing the desired task, a user of the source terminal device Ia utilizes an application 2 executed on the source terminal device Ia in the framework of the security policies so that the user has controlled access to, for example, the databases A and B being part of the corporate network 3. If the user wishes to continue performing the current task on a target terminal device Ib, which is linked to the network 3 via a communication channel 4b, a process of transferring the current session from the source terminal device to the target terminal device Ib is initiated.
As shown in Figure 5, according to the present example of the invention, in a STEP 1.1 the security requirements as expressed in a policy set relating to the application of the current task are evaluated. In the example, delegation policies and federation policies define whether and in which context the application and therefore the current session can be transferred. The policies are evaluated to determine whether a session transfer is generally allowed, both with respect to the user as well as with respect to the terminal device. The process terminates if a session transfer is not allowed. In a STEP 1.2 the security policies are evaluated to determine security constraints defined by the security policies of the application. In a STEP 1.3 a communication channel is established to connect the source terminal device and the target terminal device. The communication channel created may be set up directly between the terminal devices or may be established via the network. In a STEP 1.4 the security constraints are negotiated between the source terminal device and the target terminal device to determine whether a security context of similar or higher strictness can be established on the target terminal device. Only if this is possible, a respective security context is established on the target terminal device in a STEP 1.5, preferably on the basis of the application to be executed on the target terminal device. Alternatively or in addition, the information exchanged during the step of negotiating the security constraints can be included. Still further, it is possible to take into consideration also the security policy send from the source terminal device to the target terminal device in the step of negotiating security constraints. In a STEP 1.6 the session is transferred from the source terminal device to the target terminal device. Details have been described above and reference is made accordingly.
In the present example, the evaluation of the policy set is performed by a refined communication middleware. As shown in Figure 6, the communication middleware supports the (business) application and preferably comprises an application management component, a federation management component, a security library and network control component.
In the example, the application management component is the interface of the (business) application to the communication middleware. This component maintains state information describing at least partly the current state of applications and provides access to the network environment via network control. The network environment includes co-located terminal devices as well as corporate servers to which the terminal device is or can be connected. Application management is also concerned with security policy management and enforcement.
In the present example, the federation management component performs tasks under the control of the application management component. If an application requests access to a server or to a co-located terminal device, federation management is involved to process the request. In doing so, it queries the network environment for other terminal devices and servers, checks their capabilities, and negotiates security services available on terminal devices and servers.
The security library component of the present example provides • interfaces to security services. Security services are implementations of cryptographic operations, such as en- and decryption algorithms, message authentication codes, etc., but as well cryptographic data structures such as keys, certificates, etc.
In the example, the network control component provides handles to an underlying transport and network layer. These handles implement input and output channels, which may be similar to sockets or remote procedure calls or any other communications support leveraged on the respective platform of the terminal devices or the network environment.
In the above example, security policies linked to the specific application generate a security context -when they are applied by the application management component, advantageously making use of the security libraries. The security context is enforced preferably via the network control component. It is essential to understand that every execution of an application on a terminal device implies that the security policies of the specific application are taken into account and observed. Preferably, the security policies, given in a formal syntax, are parsed by a policy manager sub¬ component of the application manager component mentioned above. The sub-component also ensures in the present example that the integrity of policies is checked, for example by checking signatures associated with policies, and that the security context is implemented.
In the example, the security context comprises an ordered list of security services invocations . Security services are maintained in the security library deployed on the terminal device. The policy manager sub-component identifies the required security services from the policy specification, checks for a possible binding to a security service and, if a binding can be established, includes the security service invocation in the security context. In addition, security policy enforcement can be performed by the application management component and federation management component. Policy enforcement implementation ensures that the behaviour of a terminal device running an application complies with the requirements defined in the security policies. Basically, policy enforcement takes place when data is sent or received via the network control component. Additionally, policy enforcement takes place when federation management sets up communication to co-located terminal devices.
In the following a further specific example of a process of transferring a session from a source terminal device to a target terminal device in a ubiquitous computing environment, said example process utilizing the method of the present invention, will be described with reference to Figures 7 to 11.
As shown in Figure 7, the present example relates to an environment in which mobile terminal devices Ia and Ib are used to perform tasks on the basis of applications 2, which may comprise business applications, providing access to a network 3, which may be a corporate network.
If a user wishes to perform a specific task in the computing environment shown in Figure 7, he or she utilizes an application 2, which is executed on a first mobile terminal device Ia. For the present example, it is assumed, that subsequently the user decides to continue with the current task on a second mobile terminal device Ib. The process of transferring the respective session from the source mobile terminal device Ia to the target mobile terminal device Ib will be described further below.
As described above, also in the present example, the terminal devices are equipped with all software required for enabling the user to perform the desired task in the networked computing environment. Preferably, the software of the mobile terminal devices comprises an operating system, communications middleware, specific libraries, especially security libraries, and at least one application. Further, security policies 5 are defined which relate to specific applications 2, respectively, for establishing a security context whenever a user utilizes the mobile terminal device to perform a specific task. Regarding further details of implementing the security context of the applications on the terminal devices, reference is made to the above examples.
In the example shown Figure 7, the communication channels Aa and 4b between the mobile terminal devices Ia and Ib and the network 3 are wireless communication channels, like for example WLAN or Bluetooth. In the present example, it is also possible that the mobile terminal devices Ia and Ib communicate directly via a further wireless communication channel 4c.
The process of transferring a session from a source mobile terminal devices to a target mobile terminal- device according to the present example is schematically shown in Figure 8. This process is also applicable in an environment in which one or both terminal devices are linked to the network via a wire bound communication channel as will become apparent also from the following description.
In a STEP 10.1, the conditions for a session transfer are determined by evaluating security policies related to the application of the current session to be transferred. Specifically, the security context is evaluated whether a transfer of the session is generally allowed. If the security policies comprise delegation policies and federation policies, as described further above, it is preferred that in STEP 10.1 the delegation policies as well as the federation policies are evaluated to determine whether for the related application a session transfer is allowed. If session transfer is not allowed, the process terminates as shown in Figure 8.
If a session transfer is allowed, the process continues to accomplish STEP 10.2 as shown in Figure 8. In this step of the present example, the source mobile terminal device Ia identifies co-located mobile terminal devices, preferably by using the wireless communication channel 4c. Thereby, a direct communication can be established between the source mobile terminal device Ia and any other mobile terminal device avoiding the network 3. Optionally, communication channels 4a and 4b may be used for communication via the network 3. Advantageously, the further above mentioned federation management components, which form part of the communications middleware of the terminal devices, are arranged to discover and subsequently provide communication with other terminal devices. If no terminal device is found the process terminates as shown in Figure 8.
In a STEP 10.3 a secure communication channel is established. Thereafter, the two terminal devices are connected to communicate in a protected environment, for example using a standard encryption protocol like SSL. A secure connection is required to negotiate which security context can and has to be established on the target mobile terminal device. In a STEP 10.4 the trustworthiness of the target mobile terminal , device is approved, for example on the basis of certificates as mentioned further above. If the trustworthiness cannot be confirmed, the process terminates as shown in Figure 8.'
If the desired target mobile terminal device is a trusted device, as indicated in Figure 8, the process continues to accomplish STEP 10.5 according to which the two mobile devices negotiate the security context. Details of the negotiating step will be described with reference to Figure 9 further below. In general, four negotiation acceptance modes are defined in this example of the invention.
a) Security Context Acceptance
In this mode, the security context can be fully reconfigured on the target terminal device.
b) Security Context Notification
The security context requires that the user makes some changes in order to reach acceptance.
c) Security Context Adaptation
The security context is automatically, i.e. without user interference, adjusted to reach acceptance level. The user may or may not be informed about the adjustment.
d) Security Context Termination
The security context is determined unacceptable.
Referring now again to Figure 9, the process step of negotiating the security context is performed in the present example as follows. The source device sends a message SESSION_OBLIGATION to the target device. The message SESSION_OBLIGATION comprises information regarding the actual security context of the source device, for example the policy set in use on the source device. The target device checks the security requirements and sends a message SESSION_CONFIRM if it can fulfil the security requirements. In this case, the source device returns a message SESSION_CONFIRM to the target device. Thereafter, the negotiating step terminates, after having established that a session transfer is possible, and the process continues as shown in Figure 8. However, as shown in Figure 9, if the target device cannot fulfil the security requirements it sends a message SESSION_SECURITY_NEGOTIATION to the source device. The source device then sends a message SESSION_SECURITY_POSSIBILITIES. The message SESSION_SECURITY_POSSIBILITIES includes a list of non- negotiable security items, plus a list of negotiable security items where some alternatives are given to the preferred context. The target device checks the received options and if there are no matches, the target device sends a message SESSION_DISABLE and the negotiating step continues as shown in Figure 10, i.e. the negotiating step terminates unsuccessfully. In the other case, as shown in Figure 9, if the target device checks the received options and if there are matches, the target device sends a message SESSION_SECURITY_POSSIBILITIES with the non-negotiable security items and a suitable combination of the negotiable security item to the source device. The source device checks the suggestion and sends a message SESSION_CONFIRM if the check is positive. Thereafter, the negotiating step terminates after having established that a session transfer is possible. On the other hand, if the check result on the source device is negative the source device sends a message SESSION_DISABLE to the target device and the negotiating step continues as shown in Figure 11, i.e. the negotiating step terminates unsuccessfully.
In case of a successful termination of the negotiating step, the security context is established and the session transfer can take place, as will be described in the following again with reference to Figure 8.
In STEP 10.6, the current state of the session on the source device is captured, i.e. all information required to establish the session on the target device are determined. The information concerning the current session state is transferred to the target device, as shown in STEP 10.7, and the session is established on the .target device, as indicated in STEP 10.8. As far as further details of these process steps are concerned reference is made to the descriptions further above relating to the actual step of transferring a session from a source terminal device to a target terminal device.
The above description of examples of the present invention shows that several advantages are achieved. For instance, security requirements are dealt with during the whole lifetime of a session - establishment, federation set-up, security context negotiation and session transfer - which is not the case in known solutions of the prior art. Further, it should be mentioned that a high degree of flexibility with respect to applied security services and mechanisms is achieved since only application-defined security services and mechanisms are applied which form the basis of security context negotiation and session state transfer. In the prior art, only hard-coded security mechanisms were provided. Still further, the session transfer method according to the invention does not necessarily require a server that mediates between source and target device.
The above description of examples of the present invention shows that terminal devices, in order to be used for carrying out the invention as either a source terminal device or a target terminal device, need to be arranged to comprise means for determining whether a session transfer is allowed, means for determining the security constraints of the session to be transferred, means for negotiating said security constraints, means for establishing a respective security context, and means of transferring the session. Preferably, the above means are implemented as software executed on said terminal devices. If terminal devices are mobile terminal devices, a wireless communication channel is advantageous. To protect the process of transferring a session, the terminal devices are preferably capable to establish a secure communication channel.

Claims

1. Method for transferring a session from a source terminal device to a target terminal device in a ubiquitous computing environment, said session comprising a security context defining security constraints, comprising the steps of
determining on said source terminal device whether a session transfer is allowed,
determining on said source terminal device the security constraints of the session to be transferred,
negotiating said security constraints with said target device,
establishing a respective security context on said target device, and
transferring the session from said source device to said target device.
2. Method according to claim 1, characterized in that said security context is expressable by means of security policies and' that the step of determining whether a session transfer is allowed comprises an evaluation of at least one of said security policies and/or said step of determining the security constraints of the session to be transferred comprises an evaluation of at least one of said security policies.
3. Method according to claim 1 or 2, characterized in that said step of negotiating said security constraints comprises exchange of security policies or information relating to security policies between said source terminal device and said target terminal device.
4. Method according to claim 1, 2 and 3, characterized in that said step of establishing a respective security context on said target device is performed on the basis of information exchanged between said source terminal
.device and said target terminal device during said step of negotiating said security constraints.
5. Method according to anyone of the preceding claims, characterized in that any communication between said source terminal device and said target terminal device takes place via secure communication channels.
6. Method according to anyone of the preceding claims, characterized in that any communication between said source terminal device and said target terminal device takes place via wireless communication channels.
7. Method according to anyone of the preceding claims, characterized in that any communication between said source terminal device and said target terminal device takes place directly between the terminal devices.
8. Method according to anyone of the preceding claims, characterized in that said source terminal device and said target terminal device are mobile terminals devices.
9. Method according to anyone of the preceding claims, characterized in that said security policies comprise at least of authorization policies, configuration policies, delegation policies and federation policies.
10. Method according to anyone of the preceding claims, characterized in that said security policies are linked to at least one application executable on said terminal devices, said application corresponding to said session to be transferred.
11. Session transfer process for transferring a session from a source terminal device to a target, terminal device in a ubiquitous computing environment, said session having a security context expressable by means of security policies, comprising the steps of
valuating said security policies on said source terminal device to determine whether a session transfer is allowed,
evaluating said security policies on said source terminal device to determine security constraints of the session to be transferred,
negotiating said security constraints with said target device,
establishing a respective security context on said target device and
transferring the session from said source device to said target device.
12. Session transfer process according to claim 11, characterized in that said step of negotiating said security constraints comprises exchange of security policies or information relating to security policies between said source terminal device and said target terminal device.
13. Session transfer process according to claim 11 or 12, characterized in that said step of establishing a respective security context on said target device is performed on the basis of information exchanged between said source terminal device and said target terminal device during said step of negotiating said security constraints.
14. Session transfer process according to anyone of the preceding claims 11 to 13, characterized in that any communication between said source terminal device and said target terminal device takes place via secure communication channels.
15. Session transfer process according to anyone of the preceding claims 11 to 14, characterized in that any communication between said source terminal device and said target terminal device takes place via wireless communication channels.
16. Session transfer process according to anyone of the preceding claims 11 to 15, characterized in that said source terminal device and said target terminal device are mobile terminals devices.
17. Session transfer process according to anyone of the preceding claims 11 to 16, characterized in that said security policies comprise at least of authorization policies, configuration policies, delegation policies and federation policies.
18. Session transfer process according to anyone of the preceding claims 11 to 17, characterized in that said security policies are linked to at least one application executable on said terminal devices, said application corresponding to said session to be transferred.
19. Terminal device adapted to carry out the method for transferring a session from a source terminal device to a target terminal device according to anyone of claims 1 to 10 comprising means for determining whether a session transfer is allowed, means for determining the security constraints of the session to be transferred, means for negotiating said security constraints, means for establishing a respective security context, and means for transferring the session.
20. Terminal device adapted to perform the session transfer process for transferring a session from a source terminal device to a target terminal device according to anyone of claims 11 to 18 comprising means for evaluating said security policies to determine whether a session transfer is allowed, means for evaluating said security policies to determine security constraints of the session to be transferred, means for negotiating said security constraints, means for establishing a respective security context and means for transferring the session.
21. Terminal device according to claim 19 or 20 characterized in that the terminal device is a mobile terminal device.
22. Terminal device according to anyone of the preceding claims 19 to 21 characterized by means to establish a wireless communication channel.
23. Terminal device according to anyone of the preceding claims 19 to 21 characterized by means to establish a secure communication channel.
EP04790729A 2004-10-21 2004-10-21 Method and adapted terminal device for secure session transfer Withdrawn EP1810472A1 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2004/011929 WO2006045323A1 (en) 2004-10-21 2004-10-21 Method and adapted terminal device for secure session transfer

Publications (1)

Publication Number Publication Date
EP1810472A1 true EP1810472A1 (en) 2007-07-25

Family

ID=34959200

Family Applications (1)

Application Number Title Priority Date Filing Date
EP04790729A Withdrawn EP1810472A1 (en) 2004-10-21 2004-10-21 Method and adapted terminal device for secure session transfer

Country Status (3)

Country Link
EP (1) EP1810472A1 (en)
JP (1) JP4733706B2 (en)
WO (1) WO2006045323A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8799486B2 (en) 2008-05-02 2014-08-05 Samsung Electronics Co., Ltd System and method for transferring a session between multiple clients

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5096588B2 (en) * 2007-10-17 2012-12-12 テレフオンアクチーボラゲット エル エム エリクソン(パブル) Method and configuration for determining security settings
US8769257B2 (en) * 2008-12-23 2014-07-01 Intel Corporation Method and apparatus for extending transport layer security protocol for power-efficient wireless security processing
KR101596955B1 (en) 2009-02-20 2016-02-23 삼성전자주식회사 Method for session transfer in a converged ip messaging system
EP2330789B1 (en) * 2009-12-04 2015-10-14 Alcatel Lucent System and method for accessing private digital content
WO2015103338A1 (en) * 2013-12-31 2015-07-09 Lookout, Inc. Cloud-based network security
US10015162B2 (en) * 2015-05-11 2018-07-03 Huawei Technologies Co., Ltd. Firewall authentication of controller-generated internet control message protocol (ICMP) echo requests
US10749970B1 (en) 2016-12-28 2020-08-18 Wells Fargo Bank, N.A. Continuous task-based communication sessions

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5812865A (en) * 1993-12-03 1998-09-22 Xerox Corporation Specifying and establishing communication data paths between particular media devices in multiple media device computing systems based on context of a user or users

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2006045323A1 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8799486B2 (en) 2008-05-02 2014-08-05 Samsung Electronics Co., Ltd System and method for transferring a session between multiple clients

Also Published As

Publication number Publication date
WO2006045323A1 (en) 2006-05-04
JP4733706B2 (en) 2011-07-27
JP2008517388A (en) 2008-05-22

Similar Documents

Publication Publication Date Title
US10397202B2 (en) Secure communication channels
US7603466B2 (en) Mobile collaborative peer-to-peer business applications
RU2390828C2 (en) Method and device for providing protected support for client device
US20160364553A1 (en) System, Apparatus And Method For Providing Protected Content In An Internet Of Things (IOT) Network
EP1942629B1 (en) Method and system for object-based multi-level security in a service oriented architecture
EP3005205B1 (en) Distribution of licenses within the radius of a local device
US20070143408A1 (en) Enterprise to enterprise instant messaging
US20050223412A1 (en) Context-sensitive confidentiality within federated environments
US20050132229A1 (en) Virtual private network based on root-trust module computing platforms
KR20160043044A (en) Gateway device for terminating a large volume of vpn connections
JP2004180280A (en) Method and system for adaptive authorization
Busold et al. Smart and secure cross-device apps for the internet of advanced things
KR20040102333A (en) Distributed authentication in a protocol-based sphere of trust in which a given external connection outside the sphere of trust may carry communications from multiple sources
CN100353713C (en) Authentic remote service heat deploying method
EP2741465B1 (en) Method and device for managing secure communications in dynamic network environments
Thota et al. Software wallet based secure participation in hyperledger fabric networks
JP4733706B2 (en) Secure session transfer method and corresponding terminal device
Liu et al. Agent-based automated trust negotiation for pervasive computing
WO2007090866A1 (en) Collaborative access control in a computer network
JP2005217679A (en) Authentication server performing authentication of communication partner
Bellavista et al. Security for mobile agents: Issues and challenges
GB2521196A (en) Secure communication channels
Kandil et al. Mobile agents' authentication using a proposed light Kerberos system
Arunkumar et al. Policy extension for data access control
Naqvi et al. Security architecture for heterogeneous distributed computing systems

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20070503

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): DE GB

DAX Request for extension of the european patent (deleted)
RBV Designated contracting states (corrected)

Designated state(s): DE GB

17Q First examination report despatched

Effective date: 20101206

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20110617