EP2084679A1 - Tragbare elektronische einheit und verfahren zur fernsperre einer funktion der tragbaren elektronischen einheit - Google Patents

Tragbare elektronische einheit und verfahren zur fernsperre einer funktion der tragbaren elektronischen einheit

Info

Publication number
EP2084679A1
EP2084679A1 EP07866428A EP07866428A EP2084679A1 EP 2084679 A1 EP2084679 A1 EP 2084679A1 EP 07866428 A EP07866428 A EP 07866428A EP 07866428 A EP07866428 A EP 07866428A EP 2084679 A1 EP2084679 A1 EP 2084679A1
Authority
EP
European Patent Office
Prior art keywords
electronic entity
revocation
authorization
message
functionality
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP07866428A
Other languages
English (en)
French (fr)
Inventor
Marc Bertin
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Idemia France SAS
Original Assignee
Oberthur Technologies SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Oberthur Technologies SA filed Critical Oberthur Technologies SA
Publication of EP2084679A1 publication Critical patent/EP2084679A1/de
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/629Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/88Detecting or preventing theft or loss
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/355Personalisation of cards for use
    • G06Q20/3552Downloading or loading of personalisation data

Definitions

  • the present invention relates to a portable electronic entity and a method of remotely blocking a functionality of such a portable electronic entity.
  • the invention is particularly concerned with portable and removable electronic entities, preferably comprising a non-volatile memory and a microcontroller.
  • portable and removable electronic entities consist of an electronic key called "USB” (acronym for "Universal Serial Bus” for universal serial bus), that is to say a key whose physical interface with a host computer is compliant to the USB specification, and able to communicate according to a protocol compliant with the USB specification, a microcircuit card, for example a microcircuit card compliant with the ISO7816 standard, or an MMC card (acronym for "MultiMedia Card”).
  • Removable portable electronic entities are known that offer various features or services, for example:
  • USB memory keys which can be connected to a host station for storing, for example, data stored by this host station,
  • smart cards (compliant with the ISO7816 standard) that can, for example, be connected to a host station via a reader, or a USB key, to secure an internet transaction,
  • the issuer or service provider who owns the portable electronic entity is able to revoke certain electronic entities, for example when a holder of an electronic entity has stopped paying his subscription or when an electronic entity has been lost or stolen.
  • a typical solution for allowing this revocation is that the host stations on which the electronic entity connects to implement said functionality or provide said service or the servers that collaborate with the electronic entity to implement said functionality or provide said service can access "black" lists of portable electronic entities, which prohibit service or functionality for the revoked electronic entity.
  • Such an approach has the disadvantage of requiring that the black lists of host stations and servers are frequently updated, which is expensive and sometimes impossible.
  • a revoked electronic entity may continue to contribute to implementing said service in collaboration with a remote station or server whose blacklist has not yet been updated. The use of such a blacklist is not always feasible.
  • a conventional solution is to send revocation messages to the electronic entity.
  • a person attempting to fraudulently use the electronic entity may intercept and block said revocation messages by implementing, for example, the necessary means within the host station to which the electronic entity is connected.
  • the present invention aims to remedy these disadvantages.
  • the present invention provides a method for revoking and authorizing a feature of a portable electronic entity, which comprises: a step of determining the status of the electronic entity, by a server, from the identifier of said electronic entity, a step of sending to the electronic entity, by the server, according to said status, either of a message of revocation of said functionality, or of an authorization message of said functionality, said messages of revocation and authorization can not be distinguished, except by means of a secret memorized by the electronic entity,
  • the authorization and revocation messages have the same length, in number of data transmitted. Thanks to these provisions, the length of the messages can not be used to distinguish them.
  • said revocation step is irreversible.
  • the revocation can, for example, revoke the authorization mechanism of at least one feature.
  • the revocation step preferably renders inoperative the subsequent reception of an authorization message of the functionality.
  • said revocation step renders the electronic entity completely unusable. Thus, there is no more risk that the electronic entity is used fraudulently later.
  • said revocation step disables said functionality. Thanks to these provisions, the present invention can be used to suspend rights to services when the subscriber of these rights has not paid the amount of these subscriptions.
  • the method as briefly described above comprises a step of connecting said electronic entity to a host station and a step of transmitting the identifier of the electronic entity from said portable electronic entity to the server, by via a communication network.
  • said portable electronic entity is an electronic key known as "USB” (acronym for “Universal Serial Bus”), that is to say a key whose physical interface with a host computer is compliant with the USB specification, and able to communicate according to a protocol compliant with the USB specification.
  • USB an electronic key known as "USB” (acronym for "Universal Serial Bus”)
  • the step of determining the status is preceded by a step of sending an authorization request from the electronic entity to the server. Thanks to these provisions, the electronic entity, and therefore the issuer or the service provider owning the electronic entity can control the times at which the electronic entity can be revoked by the server.
  • the step of transmitting a request includes a step of authenticating the electronic entity. Thanks to these provisions, server attacks are avoided by a falsified electronic entity.
  • the step of issuing an authorization request takes place each time the electronic entity is powered up. It is thus sure that, as soon as the server is informed of the revocation of a feature on a portable electronic entity, it can no longer use this feature.
  • the method as briefly described above includes a step of signing, by the server, each authorization or revocation message.
  • These provisions prevent a virus or other malicious software on the host station may revoke one or all of the functionalities of the portable electronic entity.
  • the method as briefly described above includes a step of encryption, by the server, of each authorization or revocation message. This provides a simple and easy way to make the authorization and revocation messages indistinguishable.
  • the authorization and revocation messages recognized by the portable electronic entity are variable over time. Thus, they can be transmitted in the clear, but they have a different meaning over time, for example depending on the value of shared information, typically unknown to an attacker (for example, a counter of messages exchanged, messages authorization and revocation having, for example, inverted meanings when the counter is odd).
  • the authorization and / or revocation messages are for single use only. Thus, they can only be used once, which prohibits the use of a copied message to trigger a subsequent authorization.
  • an automatic launching of a communication application with the server is performed. This automatic loading can be carried out, for example, in the form of an application "autorun.exe” which starts automatically when the host station reads the contents of the portable electronic entity. In this way the application is easily launched without complex manipulation for the user.
  • the present invention relates to a portable electronic entity, which comprises:
  • a means of communicating an identifier means for producing, at least partially, a functionality
  • a revocation means adapted to revoke said functionality if the message is a revocation message
  • an authorization means adapted to authorize said functionality if the message is an authorization message.
  • FIG. 1 represents, schematically, an embodiment particular of the electronic entity object of the present invention connected to a host station and to a remote authorization server and
  • FIG. 2 represents, in the form of a logic diagram, the steps implemented in a particular embodiment of the method that is the subject of the present invention.
  • FIG. 1 shows a server 100 holding a database 110 of portable electronic entity statuses and connected to a communication network, or computer network 130, for example the Internet.
  • a server 120 implements services accessible to carriers of portable electronic entities.
  • a host station 140 is also connected to the network 130 and, via a connector 150, to a portable electronic entity 160 object of the present invention.
  • the host station 140 is, for example, a general purpose computer, or personal computer.
  • the portable electronic entity 160 comprises, in addition to a portion of the connector 150, a hub 165, a microcontroller 170, a non-volatile memory 175.
  • the microcontroller 170 includes a memory (not shown) retaining at least one secret necessary to decrypt a message and / or verify its signature, for example in the form of cryptographic keys.
  • the memory 175 retains a program 180 implementing, in collaboration with the microcontroller 170, connection and / or transaction securing.
  • the program 180 also implements functionalities of the portable electronic entity 160, for example banking transaction functionalities.
  • the memory 175 also retains an electronic address 185 of the server 100 and an identifier 190 of the portable electronic entity 160.
  • the hub 165 allows the communication of the host station with, on the one hand, the microcontroller 170 and, on the other hand, the nonvolatile memory 175.
  • the microcontroller 170 is of secure type, such as, for example a chip card microcontroller and includes an EEPROM memory (not shown). If it is secure, preferably the microcontroller complies with FIPS security requirements (acronym for "Federal
  • the non-volatile memory 175 is, for example, a flash memory.
  • the memory 175 is associated with a controller simulating a compact disc player, or CD-ROM.
  • the program 180 and the server 120 correspond, for example, to at least one functionality of banking applications, mobile telephony, identification, access an online service (voice over IP, for example) or pay television.
  • the program 180 is preferably of automatic launching type as soon as the portable electronic entity is powered via the connector 150.
  • the program 180 is, for example, of type
  • the program 180 is preferentially available in the memory 175 of the portable electronic entity 160, in several versions adapted to operate on different types of host station 200, for example with different operating systems.
  • the program implements cryptographic means.
  • the e-mail address 185 of the server 100 is, for example, a URL (acronym for "Universal Resource Locator” for universal resource locator).
  • the identifier of the portable electronic entity 190 is a unique identifier, that is to say that there are no two portable electronic entities that have the same identifier.
  • the portable electronic entity 160 is directly connected to the server 100 via a passive host station, for example of the portable electronic entity reader type.
  • the portable electronic entity 160 includes, for example, a contactless communication interface, preferably a short-range contactless contact interface. It can thus be a contactless smart card or dual interface (both non-contact and contact interface) for example in accordance with the IS014443 standard.
  • the portable electronic entity may also be a passport comprising in the thickness of its cover a secure microcontroller provided with contactless communication means in accordance with the ISO14443 standard. Communication with such an electronic entity can be achieved using the contactless interface, or the contact interface if the electronic entity also includes one.
  • the network 130 is a mobile communication network.
  • the portable electronic entity may be, for example, a USB key, a smart card or an MMC card.
  • FIG. 2 shows that, upon connection of the portable electronic entity 160 to the host station 140, step 205, the portable electronic entity is powered by the host station during a step 210.
  • the program 180 automatically loads into the memory of the host station 140, possibly after a selection, for example depending on the operating system of the host station 140.
  • the program 180 automatically starts on the host station 140.
  • the loading and automatic launching of the program 180 can be performed, for example, in the form of an "autorun.exe" application which is automatically launched when the host station 140 accesses the contents of the portable electronic entity 160. In this way the program 180 is easily launched without complex manipulation for the user.
  • the program 180 launched on the host station 140 connects to the server 100, implementing the e-mail address 185 of the server 100.
  • the program s' authenticates by implementing its cryptographic means and those of the portable electronic entity 160. With the authentication of the portable electronic entity 160, it is avoided, at the server 100, attacks by a falsified or simulated electronic entity.
  • the program 180 launched on the host station 140 sends, to the server 100, an authorization request for use of at least one feature, this request representing the identifier 190.
  • the server performs a search, in the database 110, of the status of each required functionality for the portable electronic entity, by implementing the identifier 190.
  • the server determines whether the status of the required functionality of the portable electronic entity is "authorized” or "revoked”. If the status is "revoked", during a step 245, the server 100 sends to the microcontroller 170, via the network 130 and the program 180 launched on the host station 140, a response formed of a message of signed and encrypted revocation.
  • the microcontroller 170 verifies the signature of the server 100. For example, the server uses a private key whose portable electronic entity knows or can know the public key. It is observed that, thanks to the signature of the messages, it is avoided that a virus or another malicious software present on the host station 140 can revoke one or all the functionalities of the portable electronic entity 160.
  • the microcontroller 170 decrypts the received message. For example, the server uses a public key whose portable electronic entity retains the associated private key. Then, during a step 255, the microcontroller 170 interprets the received message, that is to say determines whether it means a revocation, as in this case, or authorization. In the case where, as here, it is a revocation, the microcontroller 170 writes in its EEPROM, verified at each power up, a binary information representative of a "revoked" status of each required functionality. The microcontroller 170 then sends the program 180 a message blocking each revoked feature. In the case where all the features of the program 180 are revoked, the microcontroller no longer responds to the messages that are transmitted to it. More generally, according to the embodiments, the revocation step:
  • the server 100 sends to the microcontroller 170, via the network 130 and the program 180 launched on the host station 140, a response consisting of a signed and encrypted authorization message.
  • the microcontroller 170 verifies the signature of the server 100 and, if the signature is valid, performs the decryption of the received message.
  • the microcontroller 170 interprets the message received, that is, ie determines whether it means an authorization, as in this case, or a revocation.
  • the microcontroller 170 writes, in the memory 175, a binary value allowing the implementation of the functionality and, for example, the provision of digital content. , or access to another service, through the server 120.
  • the authorization and revocation messages have the same length, in number of data transmitted.
  • step 230 allows the electronic entity and, therefore, the issuer or the service provider owning the electronic entity, to control the times at which the electronic entity can be revoked by the server. .
  • the electronic entity instead of sending a request to the server 100 at each launch of the program 180 on the host station 140, the electronic entity keeps, in memory, a counter of the number of implementations of a feature that is incremented or decremented at each of these implementations. This counter is, for example, initialized, after each procedure in this authorization variant exposed with reference to FIG. 2, to such a value that, after one day, the number of authentication will not be exhausted, but probably exhausted after, say, a week.
  • a server of a mobile communication network may send authorization messages that cause the counter reset or a revocation message, for example every day.
  • the revocation and authorization messages can not be distinguished, except with the aid of a secret stored by the secure electronic entity.
  • the authorization and revocation messages may be masked by steganography methods.
  • the authorization and / or revocation messages are for single use, that is to say they can only be used once, which prohibits the use of a copied message to trigger subsequent authorization.
  • the portable electronic entity generates a pseudo-random code and transmits it to the server, in the request sent to the during step 230, the server using this code to generate the message transmitted in response.
  • the interpretation of the messages made during steps 255 and 270 is such that the authorization and revocation messages considered or recognized by this portable electronic entity 160 are variable over time. Thus, they can be transmitted in the clear, but they have a different meaning over time, for example according to the value of shared information, typically unknown to an attacker (for example, a counter of messages exchanged, messages authorization and revocation having, for example, inverted meanings when the counter is odd).
  • the portable electronic entity 160 expects, in order to implement a feature, an authorization message from an authorization server 100 and you can not distinguish a revocation message from an authorization message. It is therefore impossible to prevent the receipt of the revocation messages by the electronic entity without prohibiting the use of a feature by this portable electronic entity. It is observed that the use of the revocation messages makes it possible to limit the risks associated with attacks, in particular the attacks consisting in trying to fraudulently authorize the functionality.
EP07866428A 2006-11-02 2007-10-24 Tragbare elektronische einheit und verfahren zur fernsperre einer funktion der tragbaren elektronischen einheit Ceased EP2084679A1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR0654698A FR2908194B1 (fr) 2006-11-02 2006-11-02 Entite electronique portable et procede de blocage, a distance, d'une fonctionnalite d'une telle entite electronique portable
PCT/FR2007/001754 WO2008053095A1 (fr) 2006-11-02 2007-10-24 Entite electronique portable et procede de blocage, a distance, d'une fonctionnalite d'une telle entite electronique portable

Publications (1)

Publication Number Publication Date
EP2084679A1 true EP2084679A1 (de) 2009-08-05

Family

ID=38123749

Family Applications (1)

Application Number Title Priority Date Filing Date
EP07866428A Ceased EP2084679A1 (de) 2006-11-02 2007-10-24 Tragbare elektronische einheit und verfahren zur fernsperre einer funktion der tragbaren elektronischen einheit

Country Status (3)

Country Link
EP (1) EP2084679A1 (de)
FR (1) FR2908194B1 (de)
WO (1) WO2008053095A1 (de)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8320962B2 (en) * 2009-06-05 2012-11-27 Visa International Service Association Contactless disablement
FR2999747B1 (fr) * 2012-12-19 2018-05-04 Idemia France Procede de securisation d'un dispositif apte a communiquer avec un lecteur selon deux protocoles d'authentification

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6005942A (en) * 1997-03-24 1999-12-21 Visa International Service Association System and method for a multi-application smart card which can facilitate a post-issuance download of an application onto the smart card
US20040203601A1 (en) * 2002-12-19 2004-10-14 Morriss Matthew James Method and apparatus for activating a restrictive operating mode of a wireless communication device

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6612487B2 (en) * 2000-02-14 2003-09-02 Mas Inco Corporation Method and system for account activation
US20020186845A1 (en) * 2001-06-11 2002-12-12 Santanu Dutta Method and apparatus for remotely disabling and enabling access to secure transaction functions of a mobile terminal
DE10143876A1 (de) * 2001-09-06 2003-03-27 Alcatel Sa Blockierungs-Server
US7503066B2 (en) * 2002-04-16 2009-03-10 Panasonic Corporation Deactivation system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6005942A (en) * 1997-03-24 1999-12-21 Visa International Service Association System and method for a multi-application smart card which can facilitate a post-issuance download of an application onto the smart card
US20040203601A1 (en) * 2002-12-19 2004-10-14 Morriss Matthew James Method and apparatus for activating a restrictive operating mode of a wireless communication device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of WO2008053095A1 *

Also Published As

Publication number Publication date
FR2908194A1 (fr) 2008-05-09
FR2908194B1 (fr) 2009-02-13
WO2008053095A1 (fr) 2008-05-08

Similar Documents

Publication Publication Date Title
EP3221815B1 (de) Verfahren zur sicherung von zahlungstransaktionstoken
EP1549011A1 (de) Kommunikationsverfahren und System zwischen einem Endgerät und mindestens einer Kommunikationsvorrichtung
EP2249543B1 (de) Verfahren zum Autorisieren einer Verbindung zwischen einem IT-Endgerät und einem Ursprungsserver
FR2989799A1 (fr) Procede de transfert d'un dispositif a un autre de droits d'acces a un service
EP2614458A2 (de) Authentifizierungsverfahren für den zugang zu einer website
EP1911194A1 (de) Verfahren zur kontrolle sicherer transaktionen anhand eines einzelnen physikalischen geräts, entsprechendes physikalisches gerät, system und computerprogramm
WO2006106250A1 (fr) Communication securisee entre un dispositif de traitement de donnees et un module de securite
WO2006082310A1 (fr) Procede de pre-authentification rapide par reconnaissance de la distance
CA2888662A1 (fr) Systeme et procede de securisation des echanges de donnees, objet portable utilisateur et dispositif distant de telechargement de donnees
WO2020064890A1 (fr) Procede de traitement d'une transaction, dispositif, systeme et programme correspondant
EP2118825B1 (de) Tragbare elektronische entität und kommunikationsverfahren
EP2306668B1 (de) System und Verfahren einer gesicherten Online-Transaktion
EP3588418A1 (de) Verfahren zur durchführung einer transaktion, endgerät, server und entsprechendes computerprogramm
EP2084679A1 (de) Tragbare elektronische einheit und verfahren zur fernsperre einer funktion der tragbaren elektronischen einheit
EP3136283B1 (de) Vorrichtung und verfahren zur sicherung der ausgetauschten befehle zwischen einem endgerät und einem integrierten schaltkreis
EP3095223B1 (de) Verfahren zur übertragung von verschlüsselten daten, empfangsverfahren, vorrichtungen und computerprogramme im zusammenhang damit
CA2973836A1 (fr) Procede de traitement de donnees par un dispositif electronique d'acquisition de donnees, dispositif et programme correspondant
EP2813962A1 (de) Methode der Zugangskontrolle zu einem bestimmten Typ von Diensten, und Authentifizierungsvorrichtung für die Zugangskontrolle zu einem solchen Typ von Diensten
FR3053549A1 (fr) Procede d'authentification de donnees de paiement, dispositifs et programmes correspondants.
EP3570238B1 (de) Verfahren zur durchführung einer transaktion, endgerät, server und entsprechendes computerprogramm
WO2017077211A1 (fr) Communication entre deux éléments de sécurité insérés dans deux objets communicants
FR3007929A1 (fr) Procede d'authentification d'un utilisateur d'un terminal mobile
FR3124288A1 (fr) Technique d’accès à un support de stockage.
FR3053548A1 (fr) Procede d'authentification de donnees de paiement, dispositifs et programmes correspondants.
WO2016034812A1 (fr) Sécurisation de clés de cryptage pour transaction sur un dispositif dépourvu de module sécurisé

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20081127

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC MT NL PL PT RO SE SI SK TR

17Q First examination report despatched

Effective date: 20091204

DAX Request for extension of the european patent (deleted)
REG Reference to a national code

Ref country code: DE

Ref legal event code: R003

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20151126