EP4591195A1 - Système de surveillance pour vérifier l'intégrité d'un système à un stade ultérieur - Google Patents

Système de surveillance pour vérifier l'intégrité d'un système à un stade ultérieur

Info

Publication number
EP4591195A1
EP4591195A1 EP23813579.2A EP23813579A EP4591195A1 EP 4591195 A1 EP4591195 A1 EP 4591195A1 EP 23813579 A EP23813579 A EP 23813579A EP 4591195 A1 EP4591195 A1 EP 4591195A1
Authority
EP
European Patent Office
Prior art keywords
components
change
integrity
reconfigurable
designed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP23813579.2A
Other languages
German (de)
English (en)
Inventor
Rainer Falk
Christian Peter Feist
Peter Hornung
Martin Mantel
Stefan Pyka
Franz Sperl
Thomas Zeschg
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Siemens Corp
Original Assignee
Siemens AG
Siemens Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG, Siemens Corp filed Critical Siemens AG
Publication of EP4591195A1 publication Critical patent/EP4591195A1/fr
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates

Definitions

  • the present invention relates to a monitoring system for checking an integrity of a reconfigurable system.
  • the invention also relates to a higher-level system and an associated method.
  • IDS intrusion detection systems
  • HIDS host-based intrusion detection system
  • NIDS network-based intrusion detection system
  • An IDS can generally recognize a change in behavior (anomaly-based IDS) or a known attack pattern (signature-based IDS) as an attack.
  • Restore points are known for operating systems such as Microsoft Windows. If a Windows system is not working correctly, a user or administrator can return to an earlier, functional configuration state.
  • the object of the invention is to provide a solution for improved protection of the system integrity of dynamically reconfigurable systems, in particular automation systems and industrial systems.
  • the invention relates to a monitoring system for checking an integrity of a reconfigurable system, wherein the reconfigurable system has a plurality of components
  • the monitoring system comprising: a receiving unit, designed to receive a plurality of data sets, wherein each data set of the plurality of data sets originates from one of the components of the plurality of components of the reconfigurable system, wherein each data set of the plurality of data sets describes at least one configuration change that has taken place on a respective component of the plurality of components of the reconfigurable system by means of change information, wherein the change information indicates a type of the at least one configuration change that has taken place, a testing unit designed to check the admissibility of the respective configuration change that has taken place on the basis of the change information by checking the admissibility of whether the type of the at least one configuration change that has taken place is permissible and/or plausible, and an output unit designed to provide an output depending on a result of the checking.
  • the admissibility check is not based on comparing the actual configuration with a fixed, specified target configuration, but on checking whether the configuration changes made are permissible and/or plausible.
  • the type of at least one configuration change that occurred describes a type of change that occurred in a configuration of at least one component of the plurality of components of the reconfigurable system.
  • the type of change indicates how the configuration was changed.
  • the type of change indicates in particular which functional category of the configuration was changed.
  • a functional category of the configuration includes in particular security functions, network functions, control functions, communication functions, management functions, and/or identification functions.
  • a positive result of checking the admissibility of the respective configuration change means that a configuration change made to one of the components of the majority of the components of the reconfigurable system is permissible. This means that the respective component is intact. If all components of the majority of components are intact, it is concluded that the entire reconfigurable system is intact.
  • the output unit is designed to provide the output depending on the integrity of the respective components and/or the reconfigurable system.
  • a negative result of the check of the admissibility of the respective configuration change means that a configuration change made to one of the components of the majority of the components of the reconfigurable system is not permissible. This means that the respective component is not intact. If there is no integrity for at least one component of the majority of components, it is concluded that the entire reconfigurable system is not intact.
  • the output unit is designed to give the output depending on the lack of integrity of the respective components and/or the reconfigurable system.
  • the reconfigurable system is designed in particular as a cyber-physical system (CPS).
  • CPS cyber-physical system
  • a plurality is to be understood as a plural.
  • a plurality is not to be understood as a larger proportion of a certain number.
  • a plurality means in particular at least 3, preferably more than 10, particularly preferably more than 50 or more than 100. This applies both to the plurality of components and to the plurality of data sets.
  • the components of the majority of components of the reconfigurable system are designed to provide the majority of data sets.
  • the majority of data sets are each particularly privacy-protected to protect know-how, in particular through anonymization, pseudonymization, through the use of verifiable credentials/verifiable presentations, or through privacy-protecting cryptographic methods such as homomorphic encryption or secure multiparty computation.
  • Each data record of the plurality of data records is created and provided in particular by the affected component itself, by an additional component associated with the affected component or by an app of the affected component.
  • An additional component or app can repeatedly determine the configuration of a component, in particular via OPC UA or via NETCONF, and confirm the changes identified in a cryptographically protected manner compared to previously identified configurations.
  • additional information can be determined and confirmed if necessary, in particular what led to the configuration change, in particular which authentication credential and/or which communication protocol and/or which device interface was used for a configuration change (identifier or authentication credential/certificate for remote access, in particular via HTTPS, NETCONF/TLS, NETCONF/ssh, OPC UA).
  • the confirmation of integrity is particularly privacy-protected in order to protect know-how, in particular through anonymization, pseudonymization, through the use of verifiable credentials/verifiable presentations, or through privacy-protecting cryptographic methods such as homomorphic encryption or secure multiparty computation.
  • a reconfigurable system in particular a cyber-physical system
  • the plant operator several machine manufacturers of the production machines used, several device manufacturers of the automation components used, an integrator, an IT department or an IoT cloud provider in particular have a legitimate interest in system integrity monitoring.
  • they are each only responsible for a sub-area (area of responsibility, AOR). It is therefore still proposed to filter the majority of data records according to different areas of responsibility and to make them available to a respective AOR monitoring system for checking.
  • An AOR monitoring system in turn confirms whether the changes checked are permissible from the respective responsibility perspective.
  • a Cyber Physical System (CPS) overall picture is determined, which indicates from the perspective of which AOR areas of responsibility the integrity of the system is given.
  • This information is provided in particular to a production planning system or a production data management system. Production planning for further production processes or the release of manufactured products or subsequent tests on the manufactured products can be carried out depending on whether the CPS or the CPS areas used for this purpose, in particular production machines, are or were in an acceptable condition during production.
  • the information can also be passed on to a CPS component management system, in particular a unified device management system (common device management), in order to initiate a rollback of configuration changes that are not recognized as acceptable.
  • one idea of the invention is a monitoring system, in particular an integrity monitoring system, for industrial automation systems, which records the majority of data records and thus the change information of the majority of components.
  • the monitoring system checks the admissibility of the changes to the majority of the components of the reconfigurable system.
  • One aspect of the invention therefore consists in a monitoring system which reliably records configuration changes that have taken place and subsequently checks the type of configuration changes that have taken place using a program code, in particular using a smart contract. Subsequent means that the configuration changes have already taken place at the time of the check.
  • An integrity monitoring system for a reconfigurable system is thus proposed, which allows configuration changes by not recognizing changes as inadmissible before they are implemented, as is the case with known integrity monitoring tools (File Integrity Monitoring (FIM), Intrusion Detection System (IDS)), but by monitoring and plausibility-checking the type of observable changes.
  • File Integrity Monitoring File Integrity Monitoring
  • IDS Intrusion Detection System
  • this can be understood as a type of distributed ledger (“blockchain”), in which transactions (here: configuration changes of the reconfigurable system) are first recorded in a transaction database. Only subsequently is it checked whether these transactions, which are already in the database (because they were recorded first), are permissible according to a smart contract.
  • a conventional security approach is access control that tightly controls access so that only permitted actions can be carried out.
  • Another conventional approach is to detect deviations from a reference state defined as integral (set up or taught) as manipulation.
  • Such conventional security approaches assume a fixed configuration. The disadvantage is that they are therefore not suitable if configuration changes are to be made regularly in order to flexibly adapt a production system to different requirements. If set up restrictively, such security approaches would hinder flexible configuration adaptation or reconfiguration of industrial automation and control systems (in general: Industrial IoT or Cyber Physical Systems). They are therefore only useful for static industrial systems. For systems that are to be dynamically reconfigurable, however, extensive changes must be permitted.
  • the reconfigurable system is designed as: a cyber-physical system and/or an Internet of Things system and/or an industrial system and/or an automation system and/or a manufacturing system and/or a control system and/or a robot and/or a production machine and/or a driverless transport system.
  • the receiving unit is additionally designed to retrieve the plurality of data records.
  • the majority of data records can be retrieved in particular from a database by the receiving unit.
  • the majority of data records and thus the change information of the majority of components are stored in particular in a database (also referred to as a CPS Component Configuration Change Database), in particular in a relational database, in an object database or in a distributed transaction database (also referred to as a distributed ledger and/or blockchain).
  • a database also referred to as a CPS Component Configuration Change Database
  • a relational database in particular in a relational database
  • object database in an object database or in a distributed transaction database (also referred to as a distributed ledger and/or blockchain).
  • a distributed transaction database also referred to as a distributed ledger and/or blockchain
  • the majority of data records each have cryptographic protection.
  • the initiator of the at least one configuration change can also be designated as the executor of the at least one configuration change.
  • the monitoring system checks the admissibility of the configuration changes made to the majority of the components of the reconfigurable system. In addition to the type of at least one configuration change made, it can be evaluated when and/or by whom and/or at what location which change was made to a respective component of the reconfigurable system.
  • This has the advantage that further information is included in order to check the admissibility and the result of the check is more reliable.
  • the admissibility of a single configuration change can be checked.
  • the admissibility of a sequence of several configuration changes can also be checked.
  • the type of at least one configuration change made includes:
  • the testing unit is designed to test the change information of a first configuration change of a first component of the plurality of components in connection with the change information of a second configuration change of a second component of the plurality of components.
  • the at least one configuration change of a component can be recognized as inadmissible on its own, but in addition its effect on the reconfigurable system, in particular inconsistencies between the components and a further configuration change, can be recognized and assessed as inadmissible.
  • the test unit is thus particularly designed to check whether the components have been consistently reconfigured, in particular during a production setup phase.
  • testing unit is specifically designed to check whether configuration changes serve different purposes and/or are divided into different change processes. Inconsistencies in these criteria can be used to identify an impermissible configuration.
  • test unit is designed: a program code, in particular Smart Contract and/or use an artificial intelligence-based algorithm and/or at least one security policy to check admissibility.
  • the validation of configuration changes is therefore carried out in particular by a smart contract, i.e. generally by a program code. This checks according to definable criteria, which means that a configuration change to the CPS is permissible.
  • the admissibility of configuration changes that have been made is checked by an algorithm based on artificial intelligence, i.e. AI-based, in particular by training permissible configuration changes in a training phase based on criteria and detecting impermissible changes in the productive phase and, if necessary, prohibiting them, i.e. recognizing them as impermissible.
  • AI-based artificial intelligence
  • the admissibility of configuration changes that have been made is checked by an algorithm based on artificial intelligence, i.e. AI-based, in particular by training permissible configuration changes in a training phase based on criteria and detecting impermissible changes in the productive phase and, if necessary, prohibiting them, i.e. recognizing them as impermissible.
  • test unit is designed:
  • test unit is also designed
  • the monitoring system classifies components of the plurality of components and/or the reconfigurable system not only as integer or non-integer, but also provides an evaluation of the integrity, in particular in the form of a trustworthiness measure.
  • a higher evaluation means a higher probability of integrity.
  • a comparatively low evaluation means a lower probability of integrity.
  • the evaluation contains information as to which configuration change or which combination of changes changes, particularly in reference to the change(s), have led to the lower integrity rating.
  • the evaluation and/or the trustworthiness measure can be determined for the reconfigurable system as a whole. Likewise, several trustworthiness measures can be determined for different sub-areas of the reconfigurable system. The sub-areas can be fixed, but preferably the sub-areas are determined dynamically, each of which has a uniform trustworthiness measure.
  • the output is as:
  • a corresponding output is given in one embodiment.
  • an alarm is triggered or production is stopped.
  • a cryptographically protected integrity confirmation in particular an integrity attestation, is optionally created, which confirms that the reconfigurable system is currently or has been in a permissible, integral state within a defined period of time.
  • the integrity confirmation is formed and output by the output unit.
  • an integrity confirmation also referred to as integrity attestation, is formed and output in particular by a downstream integrity confirmation unit, in particular a CPS system integrity attestor. In the case of a downstream integrity confirmation unit, this receives the result of the admissibility check, which is formed by the check unit.
  • the invention also includes a higher-level system comprising: a monitoring system according to one of the preceding claims and a reconfigurable system, wherein the reconfigurable system has the plurality of components.
  • the majority of components are designed to provide the majority of data sets.
  • the components are designed in particular as automation components.
  • a unit for determining configuration changes and in particular for cryptographically protected confirmation of the detected configuration changes is provided on the components.
  • the higher-level system also has:
  • the invention also includes a method for testing an integrity of a reconfigurable system, wherein the reconfigurable system has a plurality of components, comprising the steps: receiving a plurality of data records, wherein each data record of the plurality of data records originates from one of the components of the plurality of components of the reconfigurable system, wherein each data record of the plurality of data records describes at least one configuration change that has occurred on a respective component of the plurality of components of the reconfigurable system by means of change information, wherein the change information in each case indicates a type of the at least one configuration change that has occurred, checking the admissibility of the respective configuration change that has occurred based on the change information, and outputting an output depending on a result of the checking.
  • a further development of the invention relates to a method according to the invention for checking an integrity of a reconfigurable system by means of a monitoring system according to the invention.
  • Fig. 1 is a schematic representation of a higher-level system comprising, among other things, a monitoring system according to the invention and
  • Fig. 2 is a flow diagram of the method according to the invention. DETAILED DESCRIPTION OF THE INVENTION
  • Fig. 1 shows a higher-level system comprising: a monitoring system 1 according to the invention, divided into two monitoring systems 1 for different sub-areas of a reconfigurable system 2, the reconfigurable system 2, wherein the reconfigurable system 2 has the plurality of components 21, the plurality of components 21 is connected to a database 3 via a gateway 22 and a network 5, the database 3, designed to provide the plurality of data sets 23 to the monitoring systems 1 (stored over time t) and to receive the plurality of data sets 23 from the reconfigurable system 2, wherein each data set of the plurality of data sets 23 describes at least one configuration change that has taken place on a respective component 21 of the plurality of components 21 of the reconfigurable system 2 by means of change information, wherein the change information in each case indicates a type of the at least one configuration change that has taken place, and an attestation 4, designed to Integrity attestation 41 depending on an output of the monitoring system 1.
  • Fig. 1 therefore shows in particular an implementation example with three CPS components 21 in an automation network 2.
  • two system integrity monitoring units 1 are shown for two different areas of responsibility.
  • An area of responsibility can be given, for example, by a subset of the CPS components 21 and/or by the type, ie the functional category, of configuration changes that have been made.
  • the proposed monitoring system 1, also known as integrity monitoring system 1 can be understood as a type of distributed ledger (blockchain) in which a smart contract checks the admissibility of a sequence of transactions recorded in the data sets 23.
  • blockchain distributed ledger
  • the configuration changes have already been made and the corresponding transactions are already stored in the database 3.
  • their admissibility is only checked later. In this case, multiple checks can also be carried out according to the different areas of responsibility, i.e. by a plurality of "smart contracts". A result of the check is provided.
  • an integrity attestation 41 is optionally determined by an attestation 4 to indicate whether the configuration changes already made were permissible according to the transactions stored in the database 3 or whether this was not the case.
  • the integrity attestation 41 it can be specified in particular which functional areas, in particular for which production machines or which production lines (area of responsibility) of the reconfigurable system 2 the configuration changes applied to the functional areas were permissible.
  • Fig. 2 shows a method for checking an integrity of a reconfigurable system 2, wherein the reconfigurable system 2 has a plurality of components, comprising the steps:
  • Step S1 receiving a plurality of data records, wherein each data record 23 of the plurality of data records originates from one of the components 21 of the plurality of components of the reconfigurable system 2, wherein each data record 23 of the plurality of data records contains at least one configuration change made to a respective component 21 of the plurality of components of the reconfigurable system by means of change information, the change information specifying a type of the at least one configuration change that has taken place, - step S2: checking the admissibility of the respective configuration change that has taken place based on the change information, the checking comprising checking whether the type of the at least one configuration change that has taken place is permissible and/or plausible, and - step S3: issuing an output depending on a result of the checking.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Alarm Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Testing And Monitoring For Control Systems (AREA)

Abstract

L'invention concerne un système de surveillance (1) pour vérifier une intégrité d'un système reconfigurable (2), le système reconfigurable (2) comprenant une pluralité de composants (21), le système de surveillance (1) comprenant : - une unité de réception, conçue pour recevoir une pluralité d'ensembles de données, chaque ensemble de données (23) de la pluralité d'ensembles de données provenant de l'un des composants (21) de la pluralité de composants du système reconfigurable (2), chaque ensemble de données (23) de la pluralité d'ensembles de données décrivant au moins un changement de configuration effectué sur un composant particulier (21) de la pluralité de composants du système reconfigurable (2) au moyen d'informations de changement, les informations de changement indiquant un type du ou des changements de configuration effectués dans chaque cas,-une unité de vérification, conçue pour vérifier une admissibilité du changement de configuration effectué particulier sur la base des informations de changement, et une unité de sortie, conçue pour prendre un résultat de la vérification en tant que base pour fournir une sortie. L'invention concerne également un système de niveau supérieur et un procédé associé.
EP23813579.2A 2022-11-16 2023-11-15 Système de surveillance pour vérifier l'intégrité d'un système à un stade ultérieur Pending EP4591195A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP22207862.8A EP4372589A1 (fr) 2022-11-16 2022-11-16 Système de surveillance pour tester l'intégrité d'un système en aval
PCT/EP2023/081839 WO2024105073A1 (fr) 2022-11-16 2023-11-15 Système de surveillance pour vérifier l'intégrité d'un système à un stade ultérieur

Publications (1)

Publication Number Publication Date
EP4591195A1 true EP4591195A1 (fr) 2025-07-30

Family

ID=84360179

Family Applications (2)

Application Number Title Priority Date Filing Date
EP22207862.8A Withdrawn EP4372589A1 (fr) 2022-11-16 2022-11-16 Système de surveillance pour tester l'intégrité d'un système en aval
EP23813579.2A Pending EP4591195A1 (fr) 2022-11-16 2023-11-15 Système de surveillance pour vérifier l'intégrité d'un système à un stade ultérieur

Family Applications Before (1)

Application Number Title Priority Date Filing Date
EP22207862.8A Withdrawn EP4372589A1 (fr) 2022-11-16 2022-11-16 Système de surveillance pour tester l'intégrité d'un système en aval

Country Status (3)

Country Link
EP (2) EP4372589A1 (fr)
CN (1) CN120303662A (fr)
WO (1) WO2024105073A1 (fr)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7017040B2 (en) * 2003-12-04 2006-03-21 Intel Corporation BIOS update file
US10291506B2 (en) * 2015-03-04 2019-05-14 Fisher-Rosemount Systems, Inc. Anomaly detection in industrial communications networks
IN2015CH02758A (fr) * 2015-06-01 2015-07-17 Wipro Ltd
EP3258661B1 (fr) * 2016-06-16 2020-11-18 ABB Schweiz AG Détection de changements de configuration anormale
CN112181509B (zh) * 2019-07-02 2025-02-07 施耐德电气美国股份有限公司 确保在模块化设备和外部系统之间的数据一致性

Also Published As

Publication number Publication date
EP4372589A1 (fr) 2024-05-22
WO2024105073A1 (fr) 2024-05-23
CN120303662A (zh) 2025-07-11

Similar Documents

Publication Publication Date Title
EP3488556B1 (fr) Configuration sécurisée d'un appareil
DE112004000428B4 (de) Verfahren und Systeme zum Verwalten von Sicherheitsrichtlinien
DE102021126869B4 (de) Berechtigungen für Backup-bezogene Operationen
EP2299650A1 (fr) Procédé de détection des anomalies dans un réseau de contrôle
DE10393571T5 (de) Verfahren und System zum Validieren logischer End-to-End-Zugriffspfade in Storage Area Netzwerken
DE112019000485T5 (de) System und verfahren zum bereitstellen der sicherheit für einfahrzeuginternes netzwerk
DE202024106330U1 (de) Intelligentes System zur Verbesserung der Datenintegrität durch Blockchain-Basierte Verträge
EP4154139B1 (fr) Surveillance étendue de l'intégrité d'une image de récipient
DE10249427A1 (de) System und Verfahren zum Definieren des Sicherheitszustands eines Computersystems
EP3430558B1 (fr) Détection d'un écart entre un état de sécurité d'un dispositif de calcul et un état de sécurité théorique
WO2016005273A1 (fr) Procédé de détection d'une attaque sur un environnement de travail connecté à un réseau de communication
EP3451624A1 (fr) Dispositif et procédé de commande d'un réseau de communication
DE102023103676A1 (de) Angriffswegerstellungsverfahren und Angriffswegerstellungsvorrichtung
EP4463784B1 (fr) Surveillance dynamique de l'intégrité d'un environnement d'exécution de conteneur s'exécutant sur un dispositif de calcule hôte
DE102021109515A1 (de) Verfahren und system zur erleichterung eines selbstheilenden netzwerks
WO2024105073A1 (fr) Système de surveillance pour vérifier l'intégrité d'un système à un stade ultérieur
EP3417589A1 (fr) Réduction de la capacité d'attaque d'un point faible d'un appareil par le biais d'un point d'accès à un réseau
DE202023100942U1 (de) System für sichere Datenkommunikation in Smart Home-Umgebungen durch maschinelles Lernen
EP3339994A1 (fr) Procédé de vérification d'une attribution de mandat, produit-programme informatique et dispositif
EP1643336A1 (fr) Identification de produits non équivoque
EP0567492B1 (fr) Procede et systeme pour la surveillance de manipulations sur des ordinateurs
EP4614368A1 (fr) Système et procédé de détermination d'intervalles de détection pertinents pour la sécurité informatique d'un environnement opérationnel informatique
EP3105703B1 (fr) Procédé et système de sécurisation de relations de bases de données contre un accès non autorisé
EP4345665A1 (fr) Détection d'une attaque sur un système informatique à protéger
DE112024000423T5 (de) Informationsverarbeitungsvorrichtung

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20250423

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC ME MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)