WO1998002815A1 - Appareil et methodes destines a assurer la securite des transmissions dans un reseau d'ordinateurs - Google Patents

Appareil et methodes destines a assurer la securite des transmissions dans un reseau d'ordinateurs Download PDF

Info

Publication number
WO1998002815A1
WO1998002815A1 PCT/US1997/012083 US9712083W WO9802815A1 WO 1998002815 A1 WO1998002815 A1 WO 1998002815A1 US 9712083 W US9712083 W US 9712083W WO 9802815 A1 WO9802815 A1 WO 9802815A1
Authority
WO
WIPO (PCT)
Prior art keywords
message packet
security key
time reference
time
packet
Prior art date
Application number
PCT/US1997/012083
Other languages
English (en)
Inventor
Andrei Godoroja
Glenn S. Fawcett
Joseph P. R. Tosey
Original Assignee
Glenayre Electronics, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Glenayre Electronics, Inc. filed Critical Glenayre Electronics, Inc.
Priority to PCT/US1997/012083 priority Critical patent/WO1998002815A1/fr
Priority to AU37248/97A priority patent/AU3724897A/en
Priority to GB9900104A priority patent/GB2330284B/en
Publication of WO1998002815A1 publication Critical patent/WO1998002815A1/fr
Priority to SE9900033A priority patent/SE9900033L/xx

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/16Multipoint routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/26Flow control; Congestion control using explicit feedback to the source, e.g. choke packets
    • H04L47/263Rate modification at the source after receiving feedback
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/28Flow control; Congestion control in relation to timing considerations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/37Slow start
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • H04L67/62Establishing a time schedule for servicing the requests
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/121Timestamp

Definitions

  • This invention relates to message transmission security in computer networks, and more particularly to apparatus and methods for validating message transmissions communicated in a computer network.
  • Computer networks are configurable according to several different models.
  • a computer network has a plurality of communicatively interconnected components, or nodes, that are each capable of sending and receiving messages from one another. Such messages include information requests and/or data. Each component acts as a server and a client with respect to the other components.
  • the components may be fully interconnected such that each component has communication connections with all of the other components.
  • a computer network of this design is particularly suited for using a multicast transmission protocol. In a multicast transmission protocol, message transmissions sourced by one node are communicated through the network to all other nodes.
  • a node in a computer network may malfunction and erroneously fill the computer network communication channels with invalid or improper message transmissions.
  • a computer network's communication channels may be flooded with invalid or improper message transmissions originating from a hostile source outside the computer network.
  • a computer network typically acknowledges and attempts to process each message transmission as if it were valid. Considerable processing time and resources are wasted before the computer network discovers, if ever, the erroneous nature of the transmissions. Consequently, invalid message transmissions unnecessarily burden the processing resources of a computer network. This problem is magnified when a computer network uses a multicast transmission protocol because each node in such a computer network is individually burdened by processing the invalid transmissions.
  • Some systems attempt to address these problems by including a special code in each message transmission.
  • the code is designed to verify that the message was generated by a valid node.
  • hostile nodes analyzing valid message transmissions may identify the code portion of the message and simply copy the code into an invalid message, thus giving the message an appearance of validity.
  • the invalid messages continue to present an unnecessary burden on the computer network's processing resources.
  • the present invention is a computer network and method that enables network components to efficiently make a determination regarding the validity of transmissions communicated over the network.
  • the computer network is comprised of a plurality of communicatively interconnected components.
  • Abstract entities called “nodes” operate to represent the components in the network.
  • the components identify and communicate with one another through their respective abstract nodes.
  • message transmissions, or packets, transmitted from one node to another include a header and a body.
  • the body of the packet includes data and/or information requests.
  • the header includes addressing information, security and time codes, and other information relevant to the packet transmission.
  • a portion of the packet header is reserved for storing a time reference indicative of the time at which the particular packet originated.
  • Another portion of the packet header is reserved for storing a unique security key generated by an algorithm that combines a known password with the stored time reference.
  • the receiving node When a node receives a packet encoded in accordance with the invention, the receiving node reads the time reference stored in the packet header and compares it against a present time reference. If the comparison indicates that the packet is "old," i.e., the time of origination stored in the packet header is outside of a predetermined window of acceptable time, the entire packet is presumed invalid and is immediately discarded.
  • the receiving node also independently generates a security key from the known password and the stored time reference. The generated key is compared with the security key stored in the packet header. If the two keys do not correspond, the entire packet is presumed invalid and is immediately discarded.
  • the invention preserves node processing capacity for otherwise valid tasks.
  • discarded packets are logged to indicate configuration or security problems to the network operator.
  • FIGURE 1 is a graph illustrating a computer network suitable for the present invention
  • FIGURE 2 illustrates a message packet with a header and body
  • FIGURE 3 is a graph illustrating a computer network with which an external node has established connections.
  • FIGURE 1 A computer network suitable to employ the present invention is illustrated in FIGURE 1.
  • network components represented by nodes A, B, C, D, E and F all have communication links to one another.
  • the communication links are illustrated as lines extending from each node to the other remaining nodes.
  • Each node is capable of sending and receiving messages to and from any of the other nodes.
  • nodes A, B, C, D, E and F may be independent, standalone computers or may form part of other larger computing devices. Each node has computing capacity to formulate and send message transmissions, or packets, to other nodes. Each node also has computing capacity to receive and process packets from the other nodes.
  • a computer network of such design is known and can be readily constructed by persons of ordinary skill in the computer network art. Referring to FIGURE 2, a message packet 10 transmitted from a source node to a destination node has a header 12 and a body 14.
  • the body 14 may include data, information requests, or portions thereof.
  • the header 12 includes information relevant to the transmission and security of the message packet.
  • This information includes addressing information (e.g., an identification of the source and destination node), optional security fields, and indications of the amount of data communicated by the packet.
  • a portion 16 of the header 12 is reserved for storing a time reference indicative of the time at which the particular packet originated. Also reserved is a portion 18 for storing a security key. As described in greater detail below, the time reference and the security key stored in a packet header is used by the node receiving the packet to determine the validity of the packet transmission.
  • Each of the nodes shown in FIGURE 1 has access to a clock mechanism (not shown) that maintains a time reference.
  • a clock mechanism may be resident in each individual network component. Alternatively, the network components may have access to a central clock mechanism. In any event, it is essential that the network components share reference to a common time frame.
  • each clock mechanism is synchronized with a common time frame. While it is preferable that the synchronization be exact, for purposes of the present invention, a certain amount of time difference may be tolerated. For example, it may be sufficient that all of the nodes are synchronized within two minutes to the same time reference (that is, plus or minus one minute).
  • Each of the nodes shown in FIGURE 1 also has access to one or more passwords to be used in communicating with the other nodes.
  • a single password is used by all nodes in a network belonging to one carrier or organization.
  • a different password is provided to each of the several organizations. In this manner, each node will use one password for communication to other commonly owned nodes, and other passwords for communication with nodes belonging to other organizations that access the network.
  • a node when generating a message packet, a node references its clock mechanism and obtains a present time reference. This time reference is recorded in the time portion 16 of the header 12.
  • a preferred embodiment of the invention uses a UNIX time format.
  • a 32-bit Internet time format is also suitable.
  • Packet security is further established by generating and including a security key in the key portion 18 of the message packet header 12.
  • a node uses a predetermined key-generating algorithm to generate a unique security key for each packet. The key-generating algorithm combines a known password with the present time reference recorded in the time portion 16 of the header 12.
  • the key-generating algorithm may use conventional encoding techniques (e.g., performing addition, subtraction, multiplication, division, raising to a power, calculating a root, performing logic comparisons, etc.) using the password, time reference information, and other variables, if applicable, along with randomly-selected numbers, as operands, to generate a security key in a manner which is difficult to reverse.
  • encoding techniques e.g., performing addition, subtraction, multiplication, division, raising to a power, calculating a root, performing logic comparisons, etc.
  • the following routine is used to generate a security key.
  • Variable “in” is an array of values that includes the password and the time reference recorded in the packet header.
  • Variable “out” is the security key sent with the packet.
  • void security_key_hash unsigned long in [12], unsigned long out [2]) ⁇ unsigned long ex[72]; unsigned long rO, rl, r2, r3, r4, r5; unsigned int i;
  • packet validity is determined by inspection of the time reference and the security key stored in the packet header.
  • the destination node references a clock mechanism to obtain a present time reference.
  • the destination node compares the present time reference with the time reference recorded in the packet header. In this manner, the time stored in the packet header is used in determining the "age" of the packet.
  • the node accomplishes the comparison step by subtracting the time reference in the header from the present time reference.
  • the result is a time differential reflecting the time difference between origination of the packet at its source to reception of the packet at its destination.
  • a predetermined amount of time is allotted for normal packet transmission delay. If the time differential resulting from the comparison step is greater than the allotted time for normal packet transmission, the packet is presumed to be invalid and is immediately removed from further consideration. The destination node discards, ignores, erases, or otherwise denies the packet further consideration.
  • the destination node may accomplish the comparison step by first obtaining a present time reference and then subtracting a predetermined amount of time from that time reference. If the time reference recorded in the message packet is earlier than the time reference resulting from the subtraction step, the packet is presumed to be "old” and therefore invalid. Because "old" message packets do not receive further consideration, processing resources of the computer network are conserved.
  • packet validity is established by inspection of the security key stored in the packet header.
  • the destination node uses the password associated with the packet transmission and the time reference representing when the packet originated, along with other variables, if applicable, in a key- generating algorithm to generate a security key that should correspond with the key stored in the packet header. If the generated security key does not correspond with the security key recorded in the packet header, it is presumed that the source node does not know the password, does not know the time, or does not have a proper key- generating routine. The packet is presumed to be invalid and is immediately removed from further consideration. As described above, the destination node discards, ignores, erases, or otherwise denies the packet further consideration.
  • the invention provides a solution for situations in which a valid network node malfunctions or otherwise becomes hostile to the operation of the network and floods the network communication channels with duplicate, out-of-date messages.
  • a computer network constructed in accordance with the invention uses a time-based mechanism to determine the age of the message.
  • the time information recorded in the message header will indicate that the message is "old" and presumably invalid.
  • the invalid messages are ignored, thus preserving valuable processing time of network components for otherwise valid tasks.
  • the time savings is multiplied in computer networks that use broadcast communication, such as networks using a multicast transmission protocol.
  • the invention thus reduces the overall processing burdens on a computer network.
  • the invention also provides a solution for situations in which a node outside of the computer network obtains communication access to the network.
  • node X is shown as having obtained communication access to the network through nodes A, B, and C.
  • Node X may be hostile to the normal operation of the network and flood the network's communication channels with invalid messages. Messages originated by hostile node X will likely lack a proper time reference in the message header, or will lack a time reference synchronized with the clock mechanisms of the network.
  • the invalidity of the messages will be quickly determined because the time information in the messages will not be within the acceptable time window established by the network.
  • a computer network constructed in accordance with the invention also uses a key-based mechanism to determine the validity of a message transmission.
  • a security key included with a message transmission is generated by a unique combination of a password, a time reference, and other variables as applicable.
  • messages originated by hostile node X will likely lack a proper security key in the message header.
  • a proper security key requires knowledge of a password, a time reference, and a other variables as applicable.
  • the invention links a password with a time reference to provide a security key for establishing and determining the validity of message transmissions communicated over a computer network.
  • the invention is particularly useful in computer networks that employ User Datagram Protocol (UDP) for communications control.
  • UDP is a "connectionless" transport protocol and accordingly, nodes do not require specific connection establishment with other nodes to send a message.
  • a connectionless environment is particularly susceptible to the situation described above where external hostile node X obtains access to the network. Once node X obtains access to the network, node X is capable of communicating invalid packets to any or all of the nodes in the computer network.
  • the invention provides means for nodes in a computer network to determine the validity of message transmissions and exclude those transmissions that do not fit the proper criteria.
  • the receiving nodes find that the time reference or the security key is invalid in any packet, the nodes can assume that the sending node does not know the password or proper time reference and the packet is discarded.
  • FIGURE 1 shows a fully meshed connection-oriented network
  • the present invention may be used with computer networks of other topologies and configurations for both point-to-point and broadcast-type transmission.
  • Network configurations that appear as a ring, a star, or a line are commonly known and are suitable for carrying out the invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention se rapporte à une méthode qui concerne un réseau d'ordinateurs et sert à valider un paquet de messages muni d'un en-tête et d'un corps, communiqué par un noeud source à un noeud cible. Le noeud source et le noeud cible ont accès à une horloge synchronisée avec une base de temps commune. La méthode consiste à générer un premier code de sécurité en utilisant une référence de temps, enregistrée dans la partie temps de l'en-tête et obtenue de l'horloge, ainsi qu'un mot de passe connu du noeud source et du noeud cible; à faire en sorte que le noeud source communique au noeud cible le premier code de sécurité avec un paquet de messages; et, lorsque le premier code de sécurité et le paquet de messages auront été reçus par le noeud cible, à générer un deuxième code de sécurité en utilisant le mot de passe et la référence de temps, et à comparer le deuxième code de sécurité au premier. Le paquet de messages est éliminé si le deuxième code de sécurité ne correspond pas au premier.
PCT/US1997/012083 1996-07-12 1997-07-11 Appareil et methodes destines a assurer la securite des transmissions dans un reseau d'ordinateurs WO1998002815A1 (fr)

Priority Applications (4)

Application Number Priority Date Filing Date Title
PCT/US1997/012083 WO1998002815A1 (fr) 1996-07-12 1997-07-11 Appareil et methodes destines a assurer la securite des transmissions dans un reseau d'ordinateurs
AU37248/97A AU3724897A (en) 1996-07-12 1997-07-11 Apparatus and methods for transmission security in a computer network
GB9900104A GB2330284B (en) 1996-07-12 1997-07-11 Apparatus and methods for transmission security in a computer network
SE9900033A SE9900033L (sv) 1996-07-12 1999-01-08 Anordning och metod för överföringssäkerhet i ett datornätverk

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US2161796P 1996-07-12 1996-07-12
US60/021,617 1996-07-12
US2204596P 1996-07-22 1996-07-22
US60/022,045 1996-07-22
PCT/US1997/012083 WO1998002815A1 (fr) 1996-07-12 1997-07-11 Appareil et methodes destines a assurer la securite des transmissions dans un reseau d'ordinateurs

Publications (1)

Publication Number Publication Date
WO1998002815A1 true WO1998002815A1 (fr) 1998-01-22

Family

ID=27361679

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1997/012083 WO1998002815A1 (fr) 1996-07-12 1997-07-11 Appareil et methodes destines a assurer la securite des transmissions dans un reseau d'ordinateurs

Country Status (1)

Country Link
WO (1) WO1998002815A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2355322A (en) * 1999-10-05 2001-04-18 Authoriszor Ltd System and method for positive client identification
WO2004051922A1 (fr) * 2002-12-02 2004-06-17 Pro-Corp Holdings International Limited Systeme et procede d'echange de paquets de donnees
WO2005002172A1 (fr) 2003-06-27 2005-01-06 Nokia Corporation Traversee de protocole securisee
CN109979116A (zh) * 2019-04-01 2019-07-05 深圳市摩线科技有限公司 一种关于设备租赁的离线密码加密方法

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4023163A (en) * 1975-09-19 1977-05-10 Johnson Controls, Inc. High security alarm transmission system
US5058161A (en) * 1985-11-27 1991-10-15 Kenneth Weiss Method and apparatus for secure identification and verification
US5079767A (en) * 1988-09-27 1992-01-07 Digital Equipment Corporation Method of multicast message distribution
US5081678A (en) * 1989-06-28 1992-01-14 Digital Equipment Corporation Method for utilizing an encrypted key as a key identifier in a data packet in a computer network
US5113499A (en) * 1989-04-28 1992-05-12 Sprint International Communications Corp. Telecommunication access management system for a packet switching network
US5175765A (en) * 1989-05-09 1992-12-29 Digital Equipment Corporation Robust data broadcast over a distributed network with malicious failures
US5428645A (en) * 1992-11-03 1995-06-27 International Business Machines Corporation Anonymous time synchronization method
US5455865A (en) * 1989-05-09 1995-10-03 Digital Equipment Corporation Robust packet routing over a distributed network containing malicious failures

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4023163A (en) * 1975-09-19 1977-05-10 Johnson Controls, Inc. High security alarm transmission system
US5058161A (en) * 1985-11-27 1991-10-15 Kenneth Weiss Method and apparatus for secure identification and verification
US5079767A (en) * 1988-09-27 1992-01-07 Digital Equipment Corporation Method of multicast message distribution
US5113499A (en) * 1989-04-28 1992-05-12 Sprint International Communications Corp. Telecommunication access management system for a packet switching network
US5175765A (en) * 1989-05-09 1992-12-29 Digital Equipment Corporation Robust data broadcast over a distributed network with malicious failures
US5455865A (en) * 1989-05-09 1995-10-03 Digital Equipment Corporation Robust packet routing over a distributed network containing malicious failures
US5081678A (en) * 1989-06-28 1992-01-14 Digital Equipment Corporation Method for utilizing an encrypted key as a key identifier in a data packet in a computer network
US5428645A (en) * 1992-11-03 1995-06-27 International Business Machines Corporation Anonymous time synchronization method

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2355322A (en) * 1999-10-05 2001-04-18 Authoriszor Ltd System and method for positive client identification
WO2004051922A1 (fr) * 2002-12-02 2004-06-17 Pro-Corp Holdings International Limited Systeme et procede d'echange de paquets de donnees
WO2005002172A1 (fr) 2003-06-27 2005-01-06 Nokia Corporation Traversee de protocole securisee
CN109979116A (zh) * 2019-04-01 2019-07-05 深圳市摩线科技有限公司 一种关于设备租赁的离线密码加密方法
CN109979116B (zh) * 2019-04-01 2021-04-20 深圳市摩线科技有限公司 一种关于设备租赁的离线密码加密方法

Similar Documents

Publication Publication Date Title
US6032258A (en) Apparatus and methods for transmission security in a computer network
Karn et al. Photuris: Session-key management protocol
Amir et al. Secure group communication using robust contributory key agreement
Kaufman et al. Internet key exchange protocol version 2 (IKEv2)
KR100199077B1 (ko) 데이타 통신망 내에서의 키 동기화 유지 방법 및 키 동기화 시스템
AU725712B2 (en) Network security device
CN1960233B (zh) 重复分组检测器、方法、程序存储设备和互连网络
US6725276B1 (en) Apparatus and method for authenticating messages transmitted across different multicast domains
CN112106322A (zh) 基于密码的阈值令牌生成
CN111404672B (zh) 量子密钥分发方法及装置
JP2001508627A (ja) 改良されたネットワークセキュリティ装置
HUT68148A (en) Method and system for digital signal processing
US20060155981A1 (en) Network device, network system and group management method
Liu et al. A lightweight authentication scheme based on self‐updating strategy for space information network
US8230229B2 (en) Security in computing networks
WO2000062503A2 (fr) Dispositif et procede d'authentification de messages dans un systeme multi-diffusion
US20090113065A1 (en) Integrity mechanism for file transfer in communications networks
Höglund et al. Lightweight certificate revocation for low-power IoT with end-to-end security
WO1998002815A1 (fr) Appareil et methodes destines a assurer la securite des transmissions dans un reseau d'ordinateurs
Herlea et al. On securely scheduling a meeting
US20080313461A1 (en) Security association verification and recovery
Cohen et al. Brief announcement: Not a coincidence: Sub-quadratic asynchronous byzantine agreement whp
EP1949591B1 (fr) Securite dans des reseaux informatiques
Golebiewski et al. Stealing secrets with SSL/TLS and SSH-kleptographic attacks
Boyd A framework for design of key establishment protocols

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 97196344.4

Country of ref document: CN

AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH HU IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU ZW AM AZ BY KG KZ MD RU TJ TM

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH KE LS MW SD SZ UG ZW AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT

121 Ep: the epo has been informed by wipo that ep was designated in this application
CFP Corrected version of a pamphlet front page

Free format text: REVISED ABSTRACT RECEIVED BY THE INTERNATIONAL BUREAU AFTER COMPLETION OF THE TECHNICAL PREPARATIONS FOR INTERNATIONAL PUBLICATION

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
ENP Entry into the national phase

Ref document number: 9900104

Country of ref document: GB

Kind code of ref document: A

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref document number: 1998506170

Country of ref document: JP

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: CA