WO2005121967A1 - データ読み出し装置およびその方法 - Google Patents
データ読み出し装置およびその方法 Download PDFInfo
- Publication number
- WO2005121967A1 WO2005121967A1 PCT/JP2004/008111 JP2004008111W WO2005121967A1 WO 2005121967 A1 WO2005121967 A1 WO 2005121967A1 JP 2004008111 W JP2004008111 W JP 2004008111W WO 2005121967 A1 WO2005121967 A1 WO 2005121967A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- read
- target data
- permitted
- source
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Definitions
- the present invention relates to a data reading device and a method for reading data stored in a database in response to a request.
- Patent Documents 1 and 2 disclose a method of controlling access to a directory of a computer and a method of accessing data by rewriting a query using a mask condition.
- Patent Document 1 can only control data access in units of directories.
- Patent Document 2 it is necessary to rewrite an inquiry sentence using a mask condition, which complicates processing and settings for the processing.
- Patent Document 1 JP-A-2000-155715
- Patent Document 2 Japanese Patent Application Laid-Open No. 2002-215440
- the present invention has been made in view of the above background, and has as its object to provide a data reading device and a method thereof that enable flexible control of data access and that facilitate processing and setting for the same.
- a data reading device includes a data storage unit that stores one or more target data to be read, each including one or more element data; Permission information generating means for generating permission information in which each read source for reading the target data, target data permitted for the read source, and element data permitted for the read source are associated with each other; In response to a request from each of the reading sources, the stored object is stored based on the generated permission information.
- a data reading unit that reads target data permitted to the read source from the data; and, based on the generated permission information, the read target data to the requested read source among the read target data.
- Data selecting means for selecting the permitted element data and outputting the selected element data to the reading source.
- the apparatus further comprises an authentication unit for authenticating the read source, wherein the data read unit reads the stored target data in response to a request from the authenticated read source.
- the data selection means selects and outputs element data permitted by the authenticated reading source.
- the apparatus further comprises request accepting means for accepting the read request in response to an operation from a user, wherein the authentication means includes a user and the request accepting means, or Authenticate as read source.
- the target data is stored for each predetermined storage area
- the permission information generating means is stored in each of the read sources for reading the target data and the storage area. Then, the permission information is generated by associating the target data permitted to be read with the element data permitted to the read source.
- the permission information generating means includes a read source for reading the target data, target data permitted for the read source, and element data permitted for the read source.
- the permission information is generated by further associating the time information indicating the time permitted for the read source, and the data selection unit is configured to read the read information based on the generated permission information.
- the target data element data that is permitted to the requested read source and that is permitted to the read source based on the time information is selected and output to the read source.
- the data reading unit is provided to a function realizing unit that realizes one or more functions that can be provided to the reading source, the reading sources, and the reading source.
- a function providing means for providing a function associated with is a data read method, which stores one or more target data, each of which includes one or more element data, and reads the target data.
- Permission information that associates target data permitted to the read source with element data permitted to the read source is generated, and the generated data is generated in response to a request from each of the read sources. Based on the permission information, the target data that is permitted to the read source is read out of the stored target data, and the read target data is read based on the generated permission information. From the data, element data permitted for the requested read source is selected and output to this read source.
- the program according to the present invention is a data storage step of storing one or more target data items each including one or more element data items to be read, and a readout process of reading the target data.
- element data permitted for the requested read source is selected from the read target data, and the read source is selected.
- causing the computer to execute a data selection step to output to the computer.
- FIG. 1 is a diagram exemplifying a configuration of a client server system to which a data reading method according to the present invention is applied.
- FIG. 2 is a diagram exemplifying a hardware configuration of a server and a terminal shown in FIG. 1.
- FIG. 3 is a diagram showing a configuration of a server program which is executed in the server shown in FIGS. 1 and 2 and realizes the data reading method according to the present invention.
- FIG. 4 is a diagram showing a configuration of the AP shown in FIG. 3.
- FIG. 5 is a diagram showing a storage area of an AP DB shown in FIG. 3.
- FIG. 6 is a diagram showing user and terminal data stored in the user and terminal DB shown in FIG. 3.
- FIG. 7 is a diagram showing security mask data stored in a mask DB shown in FIG. 3.
- FIG. 8 is a diagram illustrating access conditions set for each time.
- FIG. 9 is a diagram showing execution control data stored in an execution control DB shown in FIG. 4.
- FIG. 10 is a flowchart showing the overall operation (S10) of the client server system shown in FIG.
- FIG. 1 is a second sequence diagram.
- FIG. 11 is a second sequence diagram showing an overall operation (S20) of the client server system shown in FIG. 1 and the like.
- FIG. 12 is a diagram exemplifying a first (S80) in a general client-server system using an access control list (ACL).
- ACL access control list
- FIG. 13 is a diagram exemplifying a second process (S84) in a general client-server system using an access control list (ACL).
- FIG. 14 is a diagram illustrating a third process (S86) in a general client-server system using an access control list (ACL).
- FIG. 15 is a diagram illustrating a fourth process (S88) in a general client-server system using an access control list (ACL).
- FIG. 1 is a diagram illustrating a configuration of a client server system 1 to which a data reading method according to the present invention is applied.
- a client-server system 1 includes a server 2 and client terminals 110 — 110-m (m ⁇ l, the same applies to n hereinafter) connected to a network 100 such as a LAN, WAN, or the Internet. It is connected and configured through.
- a network 100 such as a LAN, WAN, or the Internet. It is connected and configured through.
- any one of a plurality of components such as the terminal 110-1 and the terminal 110-m is specified. , It may be abbreviated as terminal 110 or the like.
- the server 2 and the terminal 110 may be collectively referred to as a node.
- the client server system 1 causes the server 2 to read data from the database in response to a request from the terminal 110 and perform various processes.
- FIG. 2 is a diagram illustrating a hardware configuration of server 2 and terminal 110 shown in FIG.
- the server 2 and the terminal 110 are composed of a main body 120 including a CPU 122, a memory 124 and their peripheral circuits, a display device, a keyboard, an input / output device 126 including a mouse, and a network 100 (FIG. 1). And a recording device 130 that writes and reads data to and from a recording medium 132 such as a CD device and an HDD device.
- a recording medium 132 such as a CD device and an HDD device.
- the server 2 and the terminal 110 have a hardware component as a general computer capable of communicating with another node.
- Each terminal 110 sends software such as a user password and a terminal identifier (ID) to the server 2 to authenticate the terminal 110 or the user, and receives a processing request to the server 2 and a processing result.
- software such as a user password and a terminal identifier (ID)
- ID terminal identifier
- Necessary software such as software for software (the error is not shown) is loaded and executed as appropriate.
- FIG. 3 is a diagram showing a configuration of a server program 3 which is executed in the server 2 shown in FIGS. 1 and 2 and realizes the data reading method according to the present invention.
- the server program 3 includes a server unit 30 and a database unit (DB unit) 36.
- DB unit database unit
- the server unit 30 includes a business application program (AP) 4-1—4_n, a user's terminal interface unit (user.terminal IF) 300, an authentication unit 302, a user's terminal management unit 304, a user's terminal DB 306, and a mask DB creation.
- AP business application program
- the DB section 36 includes an AP DB management control section 360 and an AP DB 362. Note that FIG. 3 illustrates a case in which the server unit 30 and the DB unit 36 are configured as an integrated device. The force server unit 30 and the DB unit 36 can be realized on different computers.
- FIG. 4 is a diagram showing a configuration of the AP 4 shown in FIG.
- the AP 4 includes an execution control unit 400, an execution control DB 402, an execution control DB management unit 404, a function realizing unit 11p, and an AP DB access unit 440.
- the server program 3 is supplied to the server 2 via the recording medium 132 (FIG. 2), loaded into the memory 124, and executed.
- the server program 3 controls access to the data stored in the AP DB 362 for each user or terminal 110 according to a request from the user via the terminal 110 by these components, and stores the data. Perform the processing used.
- FIG. 5 is a diagram showing a storage area of the AP DB 362 shown in FIG.
- the DB362 for AP is provided with q DB columns (not necessarily corresponding to the directory etc. in server 2), and each DB column has its own DB column. ID (DB column ID) used for identification is added.
- the AP DB 362 stores target data to be accessed by the AP 4 in each DB column.
- each target data further includes one or more element data.
- the customer data is stored as the target data in the DB column to be accessed by AP4, and the customer data includes, for example, the customer name, Customer address and customer phone number are included as element data.
- the control unit 360 stores and manages target data in the AP DB 362.
- the AP DB management 'control unit 360 reads the target data stored in the AP DB 362 in response to a request from AP 4 and outputs the data to the requested AP 4 via the filter unit 342.
- FIG. 6 is a diagram showing user / terminal data stored in the user / terminal DB 306 shown in FIG.
- the user terminal DB 306 stores user terminal data in the form of a table as shown in FIG.
- the user terminal data entry includes user / terminal authentication data # 1 ## r , security mask ID # i_l # i_r, execution control data ID # 1 # 1 # j_r, and access group # k_l ## k-1r. included.
- the user's terminal authentication data includes user authentication data required for user authentication, such as the user ID, user name, and password of the client server system 1, or
- terminal authentication data required for authentication of the terminal 110 such as the ID of the terminal 110 of the client server system 1.
- the user's terminal authentication data includes both of these data.
- the security mask ID indicates a security mask (described later with reference to FIG. 7) applied to a user / terminal authenticated based on the user / terminal authentication data included in the same entry.
- the execution control data ID and the access group are based on the user's terminal authentication data included in the same entry, and the execution control data (described later with reference to FIG. 9) applied to the authenticated user / terminal. Indicates ID and access group.
- the user's terminal management unit 304 accepts an operation from the input / output device 126 or the terminal 110, creates the user / terminal data shown in FIG. 6, stores it in the user / terminal DB 306, and manages it.
- the user 'terminal management unit 304 provides the user's terminal data stored in the user's terminal DB 306 for processing in the authentication unit 302, AP4, mask DB creation' management unit 320, and the like.
- the authentication unit 302 authenticates the user accessing the server 2 and the terminal 110 using the user / terminal data provided by the user / terminal management unit 304.
- FIG. 7 is a diagram showing security mask data stored in the mask DB 322 shown in FIG. It is.
- the mask DB 322 stores security mask data in a table format exemplified in FIG.
- security mask ID # 1 #s (Fig. 6), DB column ID # i'-1-s, security mask #j, -l #j, _s, and security mask information #k , — 1 # k, 1 are included.
- Security mask ID # 1 #s is used to identify the security mask contained in the same entry.
- DB column ID # i'_l Each of # i '_s includes one or more of DB column ID # 1 # q shown in FIG. 5, and this DB column ID is included in the same entry. Indicates the DB column to which the security mask is applied.
- the security mask #j, — 11 #j, — s is, for example, 128-bit data, and the content of the filtering process on the target data in the filter unit 342 according to the value of each bit (1 or 0). Is defined.
- the security mask information indicates the value of each bit of the security mask included in the same entry, and what kind of access to which element data of the target data is permitted.
- the lower 3 bits of the security mask are used effectively to control data access to element data (customer name 'customer address' customer telephone number) included in the target data
- the lower 3 bits (1 001) are used.
- the security mask information is the same as when granting access to the customer name and allowing access to the same (1-1010) 1 customer address and also allowing access to the (1-1100) 1 customer telephone number. Defines the meaning of each bit in the mask.
- FIG. 8 is a diagram exemplifying access conditions set for each time.
- the security mask information further includes information for changing the access condition over time.
- the security mask information uses the security mask (1 000) as the security mask valid at A and 1B shown in FIG. Is a security mask that is valid between B and C, and indicates that access is denied to all users and terminals during C and A.
- the mask DB creation 'management unit 320 accepts an operation from the input / output device 126 or the terminal 110, creates the security mask data shown in Fig. 7, stores the security mask data in the mask DB 322, and manages the mask data.
- the mask DB creation / management unit 320 provides the security mask data stored in the mask DB 322 for processing in the mask DB creation / management unit 320 and the like.
- the timer unit 340 performs time management in the server program 3, and outputs, to the filter unit 342, for example, time information used to change access conditions over time, as shown in FIG.
- FIG. 9 is a diagram showing execution control data stored in the execution control DB 402 shown in FIG.
- the execution control DB 402 stores the execution control data shown in FIG.
- the execution control data entry includes execution control data ID # 1— # t, access control AP # 11—1 # lt, access group # 1—1—1 and # l, t and execution Permitted function # ⁇ 1-1-1-1 # l "t is included.
- the execution control data ID is used to identify each entry of the execution control data.
- the access target AP indicates which AP 4 provides the function realized by the user and terminal associated with each other via the execution control data ID of each entry of the user's terminal data shown in Fig. 6. .
- the access group and the execution permission function are included in the function realizing section 420 of the AP4 specified by the access target AP with respect to the user's terminal associated via each user / terminal data entry shown in FIG. This indicates which function realizing section 420 provides the function to be realized.
- the execution control DB management unit 404 accepts an operation from the input / output device 126 or the terminal 110, creates the execution control data shown in FIG. 9, stores it in the execution control DB 402, and manages it.
- execution control DB management unit 404 provides the execution control data stored in the execution control DB 402 for processing in the execution control unit 400.
- the function realizing sections 420 are configured to realize the same or different functions, respectively, and provide various functions to the user terminal (FIG. 1) under the control of the execution control section 400.
- Execution control unit 400 according to the execution control data stored in execution control DB management unit 404, via the execution control data ID of each entry of the user terminal data (Fig. 6 ) and the access group.
- the function realizing unit 420 that realizes the function to be provided to the user's terminal associated with the user terminal is activated to provide each function.
- the AP DB access unit 440 accesses the AP DB management control unit 360 according to a request from each of the function realizing units 420, and reads out data necessary for processing in the function realizing unit 420 from the AP DB 362.
- the filter unit 342 (Fig. 3) is a function realizing unit 420 of AP4 (Fig. 4).
- the finalizer 342 further reads the security mask data (FIG. 7) from the mask DB 322 via 320, and the access to the user's terminal is permitted by the security mask and the security information among the received target data. Only the element data is selected by filtering, and the selected data is output to the function implementing unit 420 that has read the target data.
- FIGS. 10 and 11 show the overall operation (S1) of the client server system 1 shown in FIG. 0, S20) are first and second sequence diagrams.
- the user A inputs the user name (A) and the password (PW) to the terminal 110-1, and
- the terminal 110-1 issues an authentication request including a user name and a password to the server 2.
- Steps 104, 106 (S104, S106)
- the word Ninja 02 of the Sano program 3 uses the user's terminal data (FIG. 6) stored in the user's terminal DB306.
- the A is authenticated, and the terminal 110-1 is notified of the authentication.
- the server program 3 can perform authentication for both the user and the terminal. However, for the sake of concreteness and clarification, in the following description, the server program 3 will The case of performing authentication will be described.
- steps 108 and 110 when an operation for making a predetermined processing request a to the authenticated user A power server 2 is performed on the terminal 110-1, The terminal 110-1 makes a processing request a to the server 2.
- step 120 (S120) the filter unit 342 of the server unit 30 starts the filtering process on the target data al read from the AP DB 362 in the process requested by the authenticated user A.
- the target data al specified by the DB column ID of the user terminal data of user A (Fig. 6) and requested by user A is customer data, A customer name, a customer address, and a customer telephone number are included as element data.
- the content of the security mask (Fig. 7) specified by the security mask ID of the user's terminal data is (-111). Allow access to element data.
- step 140 AP4 performs the processing requested by user A according to the execution control data (Fig. 9) indicated by the user's terminal data (Fig. 6).
- DB management 'Request control unit 360 to read target data al.
- step 142 the AP DB management ′ control unit 360 reads the target DB al for the AP DB 362 and outputs it to the filter unit 342.
- the filter unit 342 performs filtering using the security mask (and security mask information as necessary; FIG. 7), and outputs all element data included in the target data to the AP 4 from which the target data al has been read. I do.
- steps 160 and 162 processes the element data (customer name, customer address, customer telephone number) input from the DB management and control wholesaler 360 for AP.
- the terminal 110-1 returns a processing response including these data to the terminal 110-1, and the terminal 110-1 indicates the returned processing response to the user ⁇ .
- steps 180 and 182 upon requesting the end of the operation for the user power Sano2, the filter unit 342 of the server program 3 ends the finolatering process (S120) for the user A.
- step 100 and 102 the user B (FIG. 1) inputs a user name ( ⁇ ) and a password to terminal 110-2.
- terminal 110-2 After inputting (PW) and performing an operation for performing authentication on server 2, terminal 110-2 issues an authentication request including a user name and password to server 2.
- the authentication unit 302 of the server program 3 uses the user terminal data (FIG. 6) stored in the user It authenticates B, and notifies terminal 110-2 of that.
- steps 108 and 110 when the authenticated user B performs an operation on the terminal 110-2 to make a predetermined processing request a to the server 2,
- the terminal 110-2 makes a processing request a to the server 2.
- step 200 (S200) the filter unit 342 of the server unit 30 starts the filtering process on the target data al read from the AP DB 362 in the process requested by the authenticated user B.
- Terminal data of user B (Fig. 6) and requested by user B for processing is customer data.
- customer name, customer address and customer telephone number are included as element data.
- User B is identified by the security mask ID in the user's terminal data.
- the content of the security mask (Fig. 7) is (1-001), which allows user B to access only the customer name in the element data included in the target data al.
- step 140 AP4 performs the processing requested by user A according to the execution control data (Fig. 9) indicated by the user's terminal data (Fig. 6).
- DB management 'Request control unit 360 to read target data al.
- step 142 the AP DB management ′ control unit 360 reads the target DB al for the AP DB 362 and outputs it to the filter unit 342.
- the finalizer 342 performs filtering using a security mask or the like, and outputs only the element data a2 indicating the customer name to the AP4 among the element data included in the target data al.
- AP4 processes the element data (customer name) input from the AP DB management / control wholesaler 360, and includes the data.
- a response is returned to the terminal 110-1, and the terminal 110-1 indicates the returned processing response to the user ⁇ .
- steps 180 and 182 when the user requests the end of the work on the server 2, the filter unit 342 of the server program 3 ends the finolatering process (S200) for the user B.
- FIG. 12 to FIG. 15 are diagrams exemplifying an access control list (first to fourth processing (S80 to S88) in a general client-server system using ACU).
- the server uses an ACL that associates the user with the processing, and provides only the processing indicated by the ACL to each user. Is adopted.
- user A is included in customer data. If the process a using all the element data included is permitted and the process B using a part of the element data included in the customer data is permitted to the user B, as shown in FIGS. 12 and 13, the server Accepts process a from user A and rejects process a from user B. Similarly, as shown in FIGS. 14 and 15, the server accepts process b from user B and rejects process b from user A.
- the client-server system 1 to which the data reading method according to the present invention is applied has the following advantages.
- the client-server system 1 it is not necessary to create a program for performing different transaction processing for each security function to be realized, so the development period and man-hours are reduced, and functions are added. Can be flexibly realized at low cost. Further, in the client server system 1, the security function can be flexibly set for each user and each target data only by changing the data of the mask DB 322 and the execution control DB 402 and the like. When is found, misconfigurations can be easily corrected by an authorized user working online.
- the security mask function can be changed every time, so that different security functions can be realized according to time without modifying the program. It may be possible to forbid all online access to server 2 before batch processing is started. Also, an update attribute or the like is added to the security mask information stored in the mask DB322. By doing so, it becomes possible to control the update transaction, so by dynamically changing the security, the control over the target data can be performed more finely.
- the update transaction is a process of updating data, such as a process of rewriting the contents in the DB when the customer telephone number changes.
- Update transactions require a strict security system to prevent unauthorized updates to data.
- the present invention is applicable to a client server system and the like.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2004/008111 WO2005121967A1 (ja) | 2004-06-10 | 2004-06-10 | データ読み出し装置およびその方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2004/008111 WO2005121967A1 (ja) | 2004-06-10 | 2004-06-10 | データ読み出し装置およびその方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2005121967A1 true WO2005121967A1 (ja) | 2005-12-22 |
Family
ID=35503247
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2004/008111 WO2005121967A1 (ja) | 2004-06-10 | 2004-06-10 | データ読み出し装置およびその方法 |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2005121967A1 (ja) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPS60118954A (ja) * | 1983-11-30 | 1985-06-26 | Fujitsu Ltd | 多レベルアクセス保護方式 |
JP2003345663A (ja) * | 2002-05-29 | 2003-12-05 | Fujitsu Ltd | データベースアクセス制御方法およびデータベースアクセス制御プログラム |
JP2004145767A (ja) * | 2002-10-25 | 2004-05-20 | Crypt Software Inc | データ処理システム、処理装置及びコンピュータプログラム |
-
2004
- 2004-06-10 WO PCT/JP2004/008111 patent/WO2005121967A1/ja active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPS60118954A (ja) * | 1983-11-30 | 1985-06-26 | Fujitsu Ltd | 多レベルアクセス保護方式 |
JP2003345663A (ja) * | 2002-05-29 | 2003-12-05 | Fujitsu Ltd | データベースアクセス制御方法およびデータベースアクセス制御プログラム |
JP2004145767A (ja) * | 2002-10-25 | 2004-05-20 | Crypt Software Inc | データ処理システム、処理装置及びコンピュータプログラム |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7509497B2 (en) | System and method for providing security to an application | |
US7483896B2 (en) | Architecture for computer-implemented authentication and authorization | |
US8667578B2 (en) | Web management authorization and delegation framework | |
US8875258B2 (en) | Constraining a login to a subset of access rights | |
US20080115223A1 (en) | Techniques for variable security access information | |
US20070300287A1 (en) | Partition Access Control System And Method For Controlling Partition Access | |
US20060259960A1 (en) | Server, method and program product for management of password policy information | |
JP2007241562A (ja) | デバイスドライバプログラムを記録したコンピュータ読取可能な記録媒体、記憶装置アクセス方法および記憶装置アクセスシステム | |
AU2004241605A1 (en) | System and method for electronic document security | |
US20070022091A1 (en) | Access based file system directory enumeration | |
WO2021108128A1 (en) | Protocol-agnostic claim configuration and verification | |
JP5229049B2 (ja) | サーバ装置、アクセス制御システム、及びアクセス制御プログラム | |
US8095970B2 (en) | Dynamically associating attribute values with objects | |
US20070208750A1 (en) | Method and system for access to distributed data | |
WO2005121967A1 (ja) | データ読み出し装置およびその方法 | |
EP4070222A1 (en) | Associating decentralized identifiers with one or more devices | |
WO2021112973A1 (en) | Identity provider that supports multiple personas for a single user | |
JPH11203366A (ja) | 情報管理システムおよびそのセキュリティ管理方法 | |
JP2006065712A (ja) | 統合認証方法、統合認証装置および統合認証のためのプログラム | |
JP5854070B2 (ja) | アクセス制御装置、端末装置、及びプログラム | |
JP2006059280A (ja) | 電子機器 | |
WO2023250403A1 (en) | Data resolution using user domain names | |
JP5505533B2 (ja) | アクセス制御装置、端末装置、及びプログラム | |
JP2004030609A (ja) | ログイン処理方法及びネットワークシステム | |
JP2000187589A (ja) | プログラムシステムのコンポーネントアクセス制御装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DPEN | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed from 20040101) | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: DE |
|
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |
|
122 | Ep: pct application non-entry in european phase |