EP4356565A1 - Procédé et système d'automatisation pour incorporer un dispositif d'automatisation - Google Patents

Procédé et système d'automatisation pour incorporer un dispositif d'automatisation

Info

Publication number
EP4356565A1
EP4356565A1 EP22734894.3A EP22734894A EP4356565A1 EP 4356565 A1 EP4356565 A1 EP 4356565A1 EP 22734894 A EP22734894 A EP 22734894A EP 4356565 A1 EP4356565 A1 EP 4356565A1
Authority
EP
European Patent Office
Prior art keywords
automation
proof
authentication device
authentication
dvc
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP22734894.3A
Other languages
German (de)
English (en)
Inventor
Sebastian Bode
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Publication of EP4356565A1 publication Critical patent/EP4356565A1/fr
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal

Definitions

  • the invention relates to a method and an automation system for integrating an automation device into the automation system.
  • Automation devices that are new, repaired, reconfigured, or have their software refreshed usually have to be configured before they can be used in the automation system or in interaction with other automation devices.
  • An adaptation of the automation device for example by configuring the configuration data stored on the automation device, for Integration into the automation system is also referred to as onboarding in the professional world.
  • parameterization of the automation device prior to its actual use is known for adapting an automation device for operation in a specific automation system.
  • This parameterization can include general configuration data, for example a network address permanently assigned to the automation device within the automation system, or application-specific configuration data, for example switching times of the automation device.
  • pre-shared keys or PSK or pre-shared secrets which are stored on the automation device, are used as proof of authorization.
  • Identification features of the automation device e.g. a serial number, are often used as proof of authorization or also as part of a proof of authorization for integrating the automation device into the automation system.
  • Stronger asymmetric cryptographic proofs of authorization are also known, in which a cryptographic custody module or also Trusted Platform Module, TPM for short, i.e. a hardware module for calculation and/or custody cryptographic phical data is used.
  • TPM Trusted Platform Module
  • a cryptographic key or a pair of cryptographic keys can already be stored in such a storage module when the automation device is delivered, with private cryptographic keys being stored within the automation device and not leaving it.
  • the object of the present invention is to provide means for integrating an automation device into an automation system, with which pre-installed proofs of authorization are required while maintaining the same level of security.
  • the object is achieved by a computer-implemented method having the features of patent claim 1.
  • the object is also achieved by an automation system with the features of an independent patent claim.
  • the object is also achieved by an authentication device with the entitlement with the features of a subordinate patent.
  • the object is also achieved by a computer program product for processing the method according to the invention.
  • the computer program is processed in a processor or controller, which executes the method with the processing.
  • an interface is formed between the automation device and the authentication device.
  • the interface can be designed as a logical communication channel or »session «. be formed.
  • this interface is a direct interface, so that for security reasons a direct connection between the automation device and the authentication device can be made necessary.
  • a proof of access authorization assigned to the automation device is generated.
  • the access authorization proof is generated, for example, in cooperation between the automation device and the authentication device connected to the automation device via the interface.
  • the access authorization proof can also be generated largely solely by the automation device, with data transmitted or exchanged, for example, from the authentication device via the interface being used in the generation.
  • the access authorization verification can also be generated largely solely by the authentication device, with data transmitted or exchanged from the automation device via the interface, for example, being used in the generation by the authentication device.
  • the proof of access authorization is received and authenticated on an automation server of the automation system and an access authorization is assigned to the automation device.
  • the proof of authorization received from the automation server can either be sent by the automation device or by the authentication device, see the exemplary embodiments explained further below.
  • the proof of authorization received by the automation server can be sent indirectly by the automation device or by the authentication device, ie passed on via one or more instances before it is received by the automation server.
  • the access authorization is not all-encompassing, but only refers to the reception of the proof of identity in the following procedural step. In other words, the access authorization is an intermediate stage in which the automation device has not yet been integrated into the automation system.
  • a proof of identity of the automation device authorized for access that is, the automation device to which access authorization was assigned—is received and authenticated on the automation server and the automation device whose identity has been authenticated is integrated into the automation system.
  • the integration of the automation device in the automation system is completed on the authorization side.
  • the integration of the automation device can also include parameterization, for example transmission and setting of configuration data on the automation device. This parameterization is ensured with the authorization-side means of the invention, but is neither a necessary prerequisite nor a necessary accompaniment of the method steps according to the invention or means according to the invention.
  • a presence of authentication tion device already acts as the first proof of authorization in the form of a multi-actuator authentication.
  • the authentication device can be plugged in and unplugged or connected and disconnected by an authorized service technician in order to activate or deactivate this first factor of the multi-factor authentication.
  • the interface may have to meet certain stricter requirements—for example, as an immediate direct connection, in order to additionally require the service technician to be present locally in the immediate vicinity of the automation device to be integrated.
  • an initial authentication procedure is carried out.
  • an automation server of the automation system receives evidence, documented by the authentication device, that a specific automation device has been connected to the authentication device. Based on this, the automation server can now assign properties to the automation device, for example set up access authorization or even at this stage—that is, before the automation device is finally integrated—cause the automation device to be parameterized.
  • a second authentication procedure is carried out.
  • This second authentication method now actually authenticates a proof of identity of the automation device with access authorization, using a proof of identity connected to the automation device.
  • "Connected” can also mean that the proof of identity is present in the automation device, but the proof of identity does not necessarily leave the automation device, for example by being transferred to the automation server.
  • the proof of identity can be provided, for example, by a challenge-response method in which the automation server sets a task or challenge for which the automation device must give a correct answer or response, for example to prove that the one knows certain information - a shared secret - without issuing or transmitting the proof of identity itself.
  • the proof of identity is connected to the automation device.
  • the proof of identity is not connected to the authentication device, as is possible in the first authentication method.
  • an authorization not an identity—is first linked to a proof—the access authorization proof.
  • the inventive feature of providing a first authentication method for authenticating a proof of access, followed by a second authentication method for authenticating a proof of identity has several advantages:
  • the access authorization according to the invention does not in itself allow access in the sense of integration. Rather, the access authorization according to the invention only allows access with the aim of linking an identity with an authorization, and thus the proof of identity according to the invention.
  • a particular advantage of the invention separate evidence - proof of access authorization and proof of identity - is when considering a provision or. »Deployment « of a number of automation devices, which are integrated via a single authentication device. It is true that the respective proof of access authorization generated with the cooperation of the individual authentication device granted each of the plurality of automation devices a comparable provisional access authorization. After the respective automation devices have been integrated, their respective access rights - i.e. their rights to store data in a specific memory area of the automation server or to read data from there - depend exclusively on the rights assigned to their identity, which in contrast to comparable provisional access authorization will definitely be different from automation device to automation device.
  • the access authorization proof and/or proof of identity according to the invention can be designed or used, for example, using a known public key infrastructure or PKI, for example using asymmetric or symmetric cryptographic keys and corresponding methods in connection with signing, certificate use, hierarchical trust models etc.
  • the interface between the automation device and the authentication device is formed by a direct optical or galvanic direct connection. While this interface can also be designed as a logical communication channel or "session" in a data network, possibly within the worldwide Internet, the interface in this development of the invention is a direct interface, so that for security reasons there is an immediate direct connection between the Automation device and the authentication device. Depending on the security criticality, this measure may be necessary in order to meet stricter requirements regarding the local presence of an authorized service technician in the immediate vicinity of the automation device to be integrated.
  • a direct connection is formed, for example, via an optical or galvanic patch cable.
  • Passive components for establishing the connection may also be involved in a direct connection.
  • an indirect connection is characterized in that at least one active unit is interposed in the optical or galvanic connection, for example a switch, a router, a repeater, a signal amplifier or signal shaper, a signal-optical component, etc.
  • an immediate direct connection is checked in order to rule out an indirect connection.
  • An examination or verification of a direct connection and/or an exclusion or falsification of an indirect connection means in particular that it can be ruled out that the automation device and the connected authentication device are connected together with a »transparent « network node, i.e. for example with a network switch.
  • Possible attackers could namely interpose active transparent units in a physical connection between the automation device and the connected authentication device.
  • transparent means that these units would not be recognized by existing monitoring procedures or intrusion detection procedures.
  • Such transparent units are connected in-line via a conventional LAN connection, but cannot be identified or detected by higher-layer surveillance systems, since their higher-layer effect can be compared to that of a passive patch cord.
  • the proof of access authorization is sent from the automation device to the automation server. This can be done in two ways:
  • the access authorization verification is sent from the automation device to the automation server, with the authentication device communicating exclusively with the automation device in this first embodiment.
  • the access authorization verification is sent from the authentication device to the automation server. Also in this second embodiment variant can Proof of access authorization are sent from the automation device according to the training explained here indirectly to the automation server, more specifically from the automation device to the authentication device and from this to the automation server.
  • the proof of access authorization is sent from the authentication device to the automation server.
  • the access authorization proof is sent directly from the authentication device to the automation server, with the automation device communicating exclusively with the authentication device.
  • the proof of access authorization is generated in cooperation with the automation device and the authentication device.
  • Such an interaction between automation device and authentication device is to be delimited from a mere request for a certificate or a signature provided with a private signing key and has the advantage that a transmission of sensitive evidence - for example a key that is to remain private - as well as an associated compromise to any man -in-the-middle attacks fen can be omitted in an advantageous manner.
  • Generating the proof of access authorization using a challenge-response method is a possible exemplary embodiment of such an interaction between the automation device and the authentication device for generating the proof of access authorization.
  • the proof of identity is received via a communication channel formed between the authentication device and the automation server.
  • This training one of the variants explained above applies, in which--although explained there for the case of transmission of the access authorization verification--an indirect or direct data exchange takes place via a communication channel configured between the authentication device and the automation server.
  • the embodiment explained here relates to the receipt of the proof of identity, which is transmitted via a communication channel configured between the authentication device and the automation server.
  • the communication channel for transmitting the proof of access authorization can be maintained until the proof of identity is transmitted between the authentication device and the automation server. In other words, the communication channel can be the same.
  • This communication channel can, for example, take place via one or more networks or network segments, so that measures to protect exchanged data from being compromised to secure this communication channel via any networks or network segments that are not subject to your own control have proven to be advantageous.
  • Such a safeguard can advantageously consist of encrypting the communication channel.
  • this measure is usually - although technically not completely correct - classified under the term of a Virtual Private Network or VPN.
  • the authentication device initiates the method according to the invention, for example by plugging the authentication device into a socket on the automation device or by plugging in a connection cable leading to the authentication device into the socket on the automation device.
  • the method according to the invention is initiated by actuating an input field displayed or provided on the authentication device
  • the authentication device is at least partially mobile Communication terminal is formed.
  • This configuration has the advantage of using commercially available hardware, which can be adapted to the respective application with suitable software for integrating the automation device using the mobile communication terminal as an authentication device.
  • the authentication device is at least partially configured as a network device, in particular as a router or as a network switch.
  • a router or network switch can use a communication channel in or via a reserved IP address space (for example in the case of a router) or a reserved communication channel, for example using (for example in the case of a network switch) a VLAN protocol (Virtual Local Area Network) can provide.
  • the reserved communication channel can be used both for the transmission of the access authorization proof and for the transmission of the proof of identity between the authentication device designed as a network device and the automation server.
  • the authentication device comprises a plurality of components that are communicatively coupled to one another.
  • this configuration can be provided in order to strive for redundant failsafety.
  • several components that are communicatively coupled to one another can also bring about continued multi-factor authentication.
  • provision could be made for a service technician to be entrusted with a first component of an authentication device and for a person responsible for the network-technical administration of the automation system to keep a second component of an authentication device.
  • FIG. 1 shows a schematic functional representation of communication paths for integrating an automation device into an automation system according to a first embodiment
  • FIG. 1 shows a section of an automation system whose administrative portal is represented in a simplified manner by an automation server SRV.
  • the automation system can also include servers and control components in addition to the automation server SRV.
  • the automation server SRV shown serves only as an example for one or more components that are used for onboarding automation devices.
  • an automation device DVC is integrated into an automation system in such a way that an interface IF is formed between the automation device DVC and the authentication device AUT, the automation device DVC being connected to the automation server via an additional communication channel NW SRV has.
  • This communication channel NW is usually designed as a possibly temporary, packet-oriented communication relationship or “session” via a packet-oriented network.
  • the interface IF can also apply to the interface IF.
  • the interface IF in order not to expose the connection of the interface IF to the arbitrary nature and risk of a poorly traceable network connection, which does not allow direct inspection of the connected authentication device AUT, provision can be made for the interface IF to be formed by an immediate optical or galvanic direct connection.
  • the automation device DVC to be connected and the authentication device AUT are provided with data for assigning the automation device DVC to be connected by the authentication device AUT.
  • An authentication process is then carried out, for example between the automation device DVC to be connected and the authentication device AUT.
  • the automation server SRV or an alternative higher-level system receives an access authorization certificate which, in its simplest form, contains a statement that a specific automation device DVC has been connected to the authentication device AUT.
  • the automation device DVC can now subsequently assign properties to the automation device DVC, for example setting up access rights.
  • the automation device DVC could be a controller and the authentication device AUT a USB stick.
  • the USB stick designed as an authentication device AUT contains, among other things, a Trusted Fiatform Module or TPM, for example, including a private key.
  • TPM Trusted Fiatform Module
  • the USB stick configured as an authentication device AUT thus makes it possible to carry out a challenge-response method for generating access authorization verification assigned to the automation device.
  • the associated challenge-response method can essentially be carried out on the automation device DVC to be connected and only to a lesser extent on the USB stick designed as an authentication device AUT.
  • an automation device DVC is integrated into an automation system in such a way that an interface IF is formed between the automation device DVC and the authentication device AUT, the authentication device AUT being connected to the automation server via an additional communication channel NW SRV has.
  • This communication channel NW can also be designed as a possibly temporary, packet-oriented communication relationship or “session” via a packet-oriented network.
  • the authentication device AUT could be a USB mobile phone adapter that is able to establish a mobile phone connection by submitting a subscriber identity, with the subscriber identity being embodied in a SIM card or stored as a digital eSIM in the USB mobile phone adapter.
  • the USB mobile radio adapter used as the authentication device AUT enables access to the additionally secured communication channel in a VPN network configured above the mobile radio connection, via which the exchange of the access authorization certificate and/or the identity certificate with the automation server SRV then takes place.
  • the authentication device AUT could be a programming device which registers connected devices after they have been identified.
  • the authentication device AUT could be designed as a network device, for example a router, or as a mobile terminal device, for example a smartphone.
  • the authentication device AUT could itself require authentication of a user or operator, for example when starting up or when the interface IF is set up with the automation device DVC.
  • the automation device DVC is provided with new access data in addition to existing access data after it has been integrated or "onboarded" into the automation system.
  • the automation system can also include servers and control components in addition to the automation server SRV.
  • the current device-specific operator data can also be linked to the authenticated proof of identity of the automation device by the policy enforcement server.
  • A--not shown--configuration server can be used to transfer current device-specific operator data to the policy enforcement server.
  • an authentication device permits access authorization which only results in a linking of an identity with an authorization in a subsequent step.
  • the method is particularly advantageous for manufacturers of automation devices DVC, which are sold as universal devices and are to be integrated into an automation system at a later date by the customer.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

Les dispositifs d'automatisation doivent généralement être configurés avant qu'ils puissent être utilisés dans le système d'automatisation ou en interaction avec d'autres dispositifs d'automatisation. L'adaptation du dispositif d'automatisation, par exemple en configurant les données de configuration stockées sur le dispositif d'automatisation, dans un but d'incorporation dans le système d'automatisation est également désignée parmi les experts en tant qu'intégration. La présente invention concerne des procédés pour incorporer un dispositif d'automatisation dans un système d'automatisation, avec lesquels des identifiants de procédés pré-installés sur les dispositifs d'automatisation sont rémissible tandis que la sécurité reste identique. Le procédé est particulièrement avantageux pour les fabricants de dispositifs d'automatisation qui sont vendus en tant que dispositifs universels et qui sont uniquement destinés à être incorporés dans un système d'automatisation par le client.
EP22734894.3A 2021-07-13 2022-06-08 Procédé et système d'automatisation pour incorporer un dispositif d'automatisation Pending EP4356565A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP21185262.9A EP4120624A1 (fr) 2021-07-13 2021-07-13 Procédé et système d'automatisation destinés à l'intégration d'un dispositif d'automatisation
PCT/EP2022/065573 WO2023285039A1 (fr) 2021-07-13 2022-06-08 Procédé et système d'automatisation pour incorporer un dispositif d'automatisation

Publications (1)

Publication Number Publication Date
EP4356565A1 true EP4356565A1 (fr) 2024-04-24

Family

ID=76920542

Family Applications (2)

Application Number Title Priority Date Filing Date
EP21185262.9A Withdrawn EP4120624A1 (fr) 2021-07-13 2021-07-13 Procédé et système d'automatisation destinés à l'intégration d'un dispositif d'automatisation
EP22734894.3A Pending EP4356565A1 (fr) 2021-07-13 2022-06-08 Procédé et système d'automatisation pour incorporer un dispositif d'automatisation

Family Applications Before (1)

Application Number Title Priority Date Filing Date
EP21185262.9A Withdrawn EP4120624A1 (fr) 2021-07-13 2021-07-13 Procédé et système d'automatisation destinés à l'intégration d'un dispositif d'automatisation

Country Status (3)

Country Link
EP (2) EP4120624A1 (fr)
CN (1) CN117941320A (fr)
WO (1) WO2023285039A1 (fr)

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102007046079A1 (de) * 2007-09-26 2009-04-02 Siemens Ag Verfahren zur Herstellung einer sicheren Verbindung von einem Service Techniker zu einer von einem Störfall betroffenen Komponente einer ferndiagnostizierbaren und/oder fernwartbaren Automatisierungs-Umgebung
CN110839005B (zh) * 2018-08-17 2023-08-01 恩智浦美国有限公司 装置利用云平台的安全登记

Also Published As

Publication number Publication date
WO2023285039A1 (fr) 2023-01-19
EP4120624A1 (fr) 2023-01-18
CN117941320A (zh) 2024-04-26

Similar Documents

Publication Publication Date Title
EP2250598B1 (fr) Système client/serveur de communication selon le protocole standard opc ua comportant des mécanismes d'authentification single sign-on et procédé d'exécution de single sign-on dans ce système
EP3125492B1 (fr) Procede et systeme de fabrication d'un canal de communication sur pour des terminaux
DE102004045147A1 (de) Einstellungsinformations-Verteilungsvorrichtung, Verfahren, Programm und Medium, Authentifizierungseinstellungs-Transfervorrichtung, Verfahren, Programm und Medium und Einstellungsinformations-Empfangsprogramm
DE102007025162A1 (de) Alarmgesteuerte Zugriffskontrolle in einem Unternehmensnetz
DE102009059893A1 (de) Vorrichtung und Verfahren zum Absichern eines Aushandelns von mindestens einem kryptographischen Schlüssel zwischen Geräten
EP3582033B1 (fr) Procédé de fonctionnement securisé d'un appareil de terrain
DE10045975A1 (de) Verfahren zur Steuerung des Zugriffs
EP3021524A1 (fr) Procede de realisation d'un canal de commande local entre un appareil de commande et un portail d'acces interne au batiment
EP3266186B1 (fr) Appareil de réseau et procédé d'accès à un composant de réseau dans un réseau de données
EP3935808B1 (fr) Fourniture d'un certificat numérique protégée de manière cryptographique
EP4054143A1 (fr) Authentification d'un appareil dans un réseau de communication d'une installation d'automatisation
DE102011007199A1 (de) Verfahren und Kommunikationseinrichtung zum kryptographischen Schützen einer Feldgerät-Datenkommunikation
DE102017212474A1 (de) Verfahren und Kommunikationssystem zur Überprüfung von Verbindungsparametern einer kryptographisch geschützten Kommunikationsverbindung während des Verbindungsaufbaus
EP3432539A1 (fr) Procédé d'établissement d'un canal de communication entre un dispositif serveur et un dispositif client
WO2023285039A1 (fr) Procédé et système d'automatisation pour incorporer un dispositif d'automatisation
EP3244360A1 (fr) Procede d'enregistrement d'appareils, en particulier de dispositifs de controle d'acces ou{j}d'automates de vente ou d'achat dans un serveur d'un systeme comprenant plusieurs desdits appareils
EP3585084A1 (fr) Établissement d'une autorisation d'accès à un réseau partiel d'un réseau de téléphonie mobile
DE102018002466A1 (de) Verfahren und Anordnung zum Herstellen einer sicheren Datenübertragungsverbindung
DE102016220231A1 (de) Sichere Ansteuerung von Fahrzeugkomponenten in einem Telekommunikationsnetzwerk
EP4115584B1 (fr) Accès sécure et documenté d'une application à une clé
EP3451263A1 (fr) Système de sécurité permettant l'exécution d'une application électronique
WO2023222312A1 (fr) Approvisionnement des terminaux de réseaux de radiocommunication
DE112023000147T5 (de) Sicherer unverwalteter netzwerk-switch und entsprechende methoden
EP3809661A1 (fr) Procédé d'authentification d'un dispositif client lors d'un accès à un serveur d'application
WO2023217645A1 (fr) Système d'accès sécurisé

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20240115

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR