WO2006011888A1 - Architecture de machine virtuelle double pour des dispositifs medias - Google Patents

Architecture de machine virtuelle double pour des dispositifs medias Download PDF

Info

Publication number
WO2006011888A1
WO2006011888A1 PCT/US2004/022600 US2004022600W WO2006011888A1 WO 2006011888 A1 WO2006011888 A1 WO 2006011888A1 US 2004022600 W US2004022600 W US 2004022600W WO 2006011888 A1 WO2006011888 A1 WO 2006011888A1
Authority
WO
WIPO (PCT)
Prior art keywords
virtual machine
media
computing environment
level
copy protection
Prior art date
Application number
PCT/US2004/022600
Other languages
English (en)
Inventor
Scott Watson
Original Assignee
Disney Enterprises, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US10/880,060 external-priority patent/US20050033972A1/en
Application filed by Disney Enterprises, Inc. filed Critical Disney Enterprises, Inc.
Publication of WO2006011888A1 publication Critical patent/WO2006011888A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5061Partitioning or combining of resources
    • G06F9/5077Logical partitioning of resources; Management or configuration of virtualized resources
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/443OS processes, e.g. booting an STB, implementing a Java virtual machine in an STB or power management in an STB
    • H04N21/4437Implementing a Virtual Machine [VM]

Definitions

  • the disclosure relates to developing new systems and methods of security, including copy protection for removable media players.
  • a virtual machine is a term used to describe software that acts as an interface between compiler code and the microprocessor (or "hardware platform") that actually performs the program's instructions.
  • a compiler is a special program that processes statements written in a particular programming language and turns them into binary machine language or "code” that a computer's processor uses.
  • the virtual machine has an instruction set and manipulates various memory areas at run time. It is reasonably common to implement a programming language using a virtual machine; the best-known virtual machine may be the P-Code machine of UCSD Pascal. Also, a virtual machine may describe either an operating system or any program that runs in a computer.
  • Java Virtual Machine interprets compiled Java binary code (called byte code) for a computer's processor (or "hardware platform”) so that it can perform a Java program's instructions.
  • Java was designed to allow application programs to be built that could be run on any platform without having to be rewritten or recompiled by the programmer for each separate platform. Once a Java virtual machine has been provided for a platform, any Java program can run on that platform. A Java virtual machine makes this possible because it is aware of the specific instruction lengths and other particularities of the platform.
  • CSS Content Scramble System
  • a system and method of platform independent procedural copy protection is therefore provided whereby a dual virtual machine architecture is utilized.
  • the dual virtual machine architecture comprises a high level virtual machine and a low level virtual machine.
  • the low level virtual machine is designed to support low level media decryption and decoding functions, whereas the high level virtual machine is designed to handle application layer activities.
  • the architecture thereby partitions security functions from application functions.
  • a virtual machine that is best suited for procedural security more closely resembles the instruction set of an actual hardware CPU. That is, it supports pointers, and no underlying distinction is made between executable code and data.
  • This first type of virtual machine is therefore named a low-level virtual machine (virtual machine), or a re-programmable security layer.
  • the low-level virtual machine is designed to resemble a conventional CPU supporting tamper resistant software techniques.
  • the disadvantages of the low-level virtual machine is that programming errors or unexpected runtime conditions tend to be fatal.
  • the low-level virtual machine is designed to be very simple in its design and operation (viz., for example, the low-level security virtual machine emulates a small and simple set of logic gates, does not perform run-time "garbage” collection, and does not include balance checking and "exception handling” capabilities).
  • this fragility of the low-level virtual machine can be considered a strength, or advantage, so that unauthorized access or attempted piracy of media can lead to a failure in the run-time operations of the system employing this virtual machine.
  • a high-level virtual machine that manages more of the computational details "behind-the-scenes" allows more dependable application programs to be developed that behave in a more predictable and robust fashion.
  • a typical example of a high-level virtual machine is Java.
  • Java does not have support for the concepts of "pointer” or explicit memory management (which are common sources of programming errors), but does support "exception handling” which helps programs and programmers handle unexpected runtime conditions in a predictable way.
  • the high-level, or application level virtual machine is designed to be full featured, and provide for a rich application interface.
  • the present system combines the benefits of both a low-level virtual machine and a high-level virtual machine in order to provide robust platform independent security functions that work in combination with other applications. Furthermore, a trusted platform module provides hardware based root of trust by securely querying and validating the execution environment.
  • the system and method of platform independent procedural copy protection is therefore provided to media players by combining a low-level virtual machine and a high-level virtual machine for next generation media players.
  • the present "dual virtual machine" architecture provides a peer relationship between the virtual machines unlike the prior art where the virtual machines have a "stacked" relationship.
  • An example of a stacked relationship is where one virtual machine is running on top of another, such as in a PowerPC (like in a Mac) running a windows emulator (x86 emulator or virtual machine), which in turn executes Java virtual machine.
  • the present disclosure further utilizes a hardware-based embedded security subsystem such as a trusted platform module (TPM) to interface with the virtual machine architecture for providing secured cryptographic computations.
  • a hardware-based embedded security subsystem such as a trusted platform module (TPM) to interface with the virtual machine architecture for providing secured cryptographic computations.
  • TPM trusted platform module
  • the present disclosure provides procedural security and copy protection to media, such as CD's and DVD's, thereby allowing the content owner much more flexible rights management than declarative systems.
  • This flexibility can be used to implement full fledged Digital Rights Management (DRM) systems, as opposed to simple Copy Protection (CP) provided by prior art static security systems like CSS.
  • DRM Digital Rights Management
  • CP Copy Protection
  • such a dual virtual machine architecture may also operate on a PC environment and support the playback of media stored on a hard drive, solid state memory or that which is delivered over a network.
  • the present system provides copy protection to hardware, such as media players, that is not hardware specific.
  • the present system provides robust security to prevent unauthorized duplication of the media.
  • the two virtual machines are separate, the present system provides the advantages of distributed computing (viz., low computational complexity, low memory requirements, ease in implementation, and individualized functions for each virtual machine).
  • FIG. 1 is a diagram of a media player architecture in a computing environment according to an exemplary embodiment.
  • FIG. 2 is a block diagram depicting the interaction and functionalities of the low-level virtual machine and the high-level virtual machine according to an exemplary embodiment.
  • FIG. 3 is a diagram depicting an exemplary application program (e.g., MPEG-2) being run inside the "outer" security layer, where the communication between the program and the security layer occurs through APIs.
  • MPEG-2 e.g., MPEG-2
  • the system and method of the present disclosure provides a dual virtual machine architecture for use in media players.
  • One virtual machine viz., the low- level virtual machine or re-configurable security layer
  • security functions such as media decryption and decoding.
  • the low-level virtual machine may be responsible for bootstrapping the application level virtual machine.
  • the high-level or application level virtual machine handles application layer activities, like advanced user interfaces, misc. I/O, and network activities.
  • FIGS. 1 and 2 depict a media player architecture in a computing environment 10 according to an exemplary embodiment.
  • a media source e.g., a DVD, an optical disk, a solid-state device, or a network
  • media data or content e.g., a DVD, an optical disk, a solid-state device, or a network
  • security codes 12 for permitting the media to be played back on the media player
  • boot codes 16 e.g., a DVD, an optical disk, a solid-state device, or a network
  • Boot codes 16 stored on the media and which may or may not be encrypted, are made available to the firmware of a media player for processing by the virtual machines such as the security low-level virtual machine.
  • the media playback device in accordance with the present disclosure contains a central processing unit 26 capable of running at least one Virtual Machine (virtual machine).
  • the Virtual Machine in an exemplary embodiment, is a dual virtual machine architecture, comprising a low-level virtual machine (e.g., a security virtual machine) 22 and a high-level virtual machine (e.g., an application virtual machine) 24 running on the CPU 26. Programs that are run in the virtual machine may execute and enforce usage rules as well as update cryptographic algorithms.
  • the computing environment 10 may also include Application Program Interfaces (API's) 40-44 which are a set of routines or protocols for permitting various programs to communicate with each other.
  • API's Application Program Interfaces
  • any one of the virtual machines (22 or 24) may control the other virtual machine.
  • the high-level and low-level virtual machines function as peers, in a non-hierarchical manner, passing messages between themselves. These messages may be implemented as "foreign-function calls", where one virtual machine calls a routine in the other virtual machine, or as conventional messages passed along a communications channel.
  • the application virtual machine (or high-level virtual machine) 24 would call the security- virtual machine (or low-level virtual machine) 22 in order to start playback (and hence transparent decoding) of media content 18.
  • code in the security virtual machine 22 would call the application virtual machine 24 to let it know about synchronization events (e.g., an end of clip or a frame number) or decoding problems (for example security or permission problems).
  • the security virtual machine 22 would inform the application virtual machine 24 that it needs a key in order to continue playing.
  • the application virtual machine 24 would display a message, through the user interface 27, notifying the user that they may "rent” the media (or media content) for a certain duration. If the user chooses to do this, the user must engage in a transaction with a studio server to obtain an Opaque message' (decodable by the virtual machine) that contains the key.
  • the application virtual machine 24 then passes the message containing the key back to the security virtual machine 22 and the copy protection algorithms 23 for authentication.
  • the message passing between the virtual machines could occur through a "remote procedure call” (RPC) interface, message passing, "socket” or any other equivalent inter-process communication (IPC) protocol.
  • RPC remote procedure call
  • media downloaded via a communication network onto a storage medium of a device would be delivered to the security virtual machine.
  • the security virtual machine would in turn inform the application virtual machine 24 that it would require a key in order to playback the media.
  • the application virtual machine could deliver a message to the user, via the user interface, requesting the user subscribe to the media.
  • the remote site may send a unique key to the application virtual machine, on the communication network, for subsequent delivery to the security virtual machine for decoding and authorization of media playback.
  • the application level virtual machine i.e., high-level virtual machine
  • the security virtual machine i.e., low-level virtual machine
  • the high-level virtual machine may deliver a request for signature on a form to the security virtual machine.
  • the security (low-level) virtual machine may sign the form after verification and deliver it back to the high-level virtual machine.
  • the high-level virtual machine may provide the signed form to a communication network for delivery to a remote site.
  • the application layer may provide graphics on the screen for enabling an user to enter a personal identification number (PIN) in an alphanumeric field comprising N characters.
  • PIN personal identification number
  • the high- level virtual machine may deliver the N character PIN to the security virtual machine for authentication.
  • the security virtual machine would identify this as a "synchronization" problem and notify the high-level virtual machine to deliver a message to the user indicating this fact.
  • the security virtual machine 22 may : (i) load the boot code 16 (and as needed the security codes 16 as well), (ii) find and load the main application or content 18 into the high-level application layer virtual machine 24, from the media source 12, (iii) start the high-level application layer virtual machine 24. Subsequently, the high-level virtual machine 24 will obtain data such as menu functions, icons, user interface, etc. from the media source 12.
  • the media playback device further contains a processing module (e.g., a Trusted Processing Module or TPM) 32.
  • TPM Trusted Processing Module
  • the TPM specification is part of the Trusted Computing Platform Alliance (TCPA) specification created by the Trusted Computing Group (TCG) (htttp://www.trustedcomputinggroup.org).
  • TCPA Trusted Computing Platform Alliance
  • the TPM 32 contains decryption keys and handles secure cryptographic computations.
  • the media playback device further contains API's 40, 42 allowing any program running in the Virtual Machine to query the device's I/O hardware and TPM. This allows a program executing in the virtual machine to make intelligent choices for usage rules.
  • a decoding module 34, attached to the CPU 26, is further provided for unpacking encoded audio/video streams.
  • a trusted platform enables an entity to determine the state of the software or computing environment 10 in that platform and to seal data to a particular software environment in that platform. The entity deduces whether the state of the computing environment is acceptable and performs some transaction with that platform. If the transaction involves sensitive data that must be stored on the platform, the entity can ensure that that data is held in a confidential format unless the state of the computing environment in that platform is acceptable to the entity.
  • a trusted platform provides information to enable the entity to deduce the software environment in a trusted platform. That information is reliably measured and reported to the entity.
  • a trusted platform provides a means to encrypt cryptographic keys and to state the software environment that must be in place before the keys can be decrypted.
  • a "trusted measurement root” measures certain platform characteristics, logs the measurement data in a measurement store, and stores the final result in a TPM (which contains the root of trust for storing and reporting integrity metrics).
  • the TPM is therefore a secure storage location for all decryption keys.
  • the TPM also handles most cryptographic computations and functions.
  • the media playback device furthermore has secure, protected inputs and outputs 28, the ability to network with other players 30, memory devices (e.g., RAM 36 and ROM 38).
  • memory devices e.g., RAM 36 and ROM 38.
  • separate virtual machines run in the same computing environment that includes a CPU.
  • the present architecture partitions two virtual machines (viz., the high-level or application virtual machine and the low-level or security virtual machine), wherein the application and security virtual machines communicate through standardized APIs.
  • the functionalities of the application virtual machine includes providing network services to the security code being executed in the security virtual machine, whereas media access and decoding functions are mediated by the security virtual machine such that content security is transparent to application authors.
  • the security virtual machine has low impact on system resources, is a simple, has low computational complexity, secure, and appropriate software for this virtual machine may be provided by security vendors.
  • the application virtual machine has relatively larger CPU and memory impact and is responsible for user Interface and input/output functions.
  • the virtual machine's would include arbitrary combinations of low-level and high-level virtual machines.
  • applications can be written in a first virtual machine (e.g., Flash from Macromedia), and these applications may then be exported to another virtual machine (e.g., Java) residing on a player that further includes a security virtual machine.
  • a first virtual machine e.g., Flash from Macromedia
  • another virtual machine e.g., Java
  • the security system can yet be designed in the absence of a re-programmable security layer or low-level virtual machine.
  • a "static" security system may be implemented as long as the media player supports APIs (Application Programming Interfaces) that allow the Application Layer (e.g., MHP or Java) to interact with it.
  • APIs Application Programming Interfaces
  • MHP or Java Application Programming Interfaces
  • this technique allow the application layer to extend the life of the security system by acting as an programmable extension of the security subsystem, it also allows the application to enable new business models by performing functions such as fetching content licenses from the Internet after some user interaction.
  • the present system may also scramble those segments such that the correct "forward order" could be numerically labeled: 17,5,31 ,4,12, etc.
  • This information can be stored in a correct order in an encrypted (viz., desired) array in the application itself.
  • This encrypted array and its decryption can then be implemented using code obfuscation tools and techniques in the media device.
  • the goal of this obfuscation technique is to defeat simple static analysis methods, developed by hackers, that would allow a program to determine the value of the array and hence the correct order in which to play the segments.
  • the goal of the present system is to require the execution of the application code in order to generate the desired array.
  • the application code may make calls into the security layer, via the implemented API's, in order to increase the application's dependence on being run inside the environment created by the "outer" security layer as depicted in Fig. 3.
  • the array technique as mentioned above, is only one example of putting some "necessary data" in the application layer, outside of the possible compromised security layer.
  • the application layer program is designed to change from media to media in such a way that one automatic program is not practical to write by a person intending to copy the data in an unauthorized manner.
  • the present system provides copy protection to hardware, such as media players, that is not hardware specific. Additionally, the present system provides robust security to prevent unauthorized duplication of the media.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un environnement informatique logiciel permettant de fournir une authentification sécurisée de médias téléchargés à partir d'un réseau et téléchargés à partir d'un lecteur média, comprenant deux machines virtuelles fonctionnant selon le mode égal à égal. Cette machine virtuelle à faible niveau fournit des fonctions de décodage et de déchiffrage alors que la machine virtuelle à niveau élevé fournit des fonctions du niveau d'application telles que l'interface utilisateur, l'entrée/sortie.
PCT/US2004/022600 2004-06-28 2004-07-12 Architecture de machine virtuelle double pour des dispositifs medias WO2006011888A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US10/880,060 US20050033972A1 (en) 2003-06-27 2004-06-28 Dual virtual machine and trusted platform module architecture for next generation media players
PCT/US2004/021048 WO2005001666A2 (fr) 2003-06-27 2004-06-28 Double machine virtuelle et architecture de module de plate-forme fiable pour lecteurs multimedia de prochaine generation
US10/880,060 2004-06-28
USPCT/US04/21048 2004-06-28

Publications (1)

Publication Number Publication Date
WO2006011888A1 true WO2006011888A1 (fr) 2006-02-02

Family

ID=35786507

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2004/022600 WO2006011888A1 (fr) 2004-06-28 2004-07-12 Architecture de machine virtuelle double pour des dispositifs medias

Country Status (1)

Country Link
WO (1) WO2006011888A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2299446A1 (fr) * 2008-07-16 2011-03-23 Panasonic Corporation Dispositif de reproduction, procédé de reproduction et programme
EP2723093A1 (fr) * 2012-10-18 2014-04-23 Broadcom Corporation Application de boîtier décodeur dans un environnement double simultané
CN103778389A (zh) * 2012-10-18 2014-05-07 美国博通公司 不可信的框架组件与安全操作系统环境的整合
US9344762B2 (en) 2012-10-18 2016-05-17 Broadcom Corporation Integration of untrusted applications and frameworks with a secure operating system environment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5893084A (en) * 1995-04-07 1999-04-06 Gemini Systems, Inc. Method for creating specific purpose rule-based n-bit virtual machines
US20020141582A1 (en) * 2001-03-28 2002-10-03 Kocher Paul C. Content security layer providing long-term renewable security
US20020161996A1 (en) * 2001-02-23 2002-10-31 Lawrence Koved System and method for supporting digital rights management in an enhanced javaTM2 runtime environment
US20020169987A1 (en) * 2001-05-14 2002-11-14 Meushaw Robert V. Device for and method of secure computing using virtual machines
US20020184520A1 (en) * 2001-05-30 2002-12-05 Bush William R. Method and apparatus for a secure virtual machine
US20040133794A1 (en) * 2001-03-28 2004-07-08 Kocher Paul C. Self-protecting digital content

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5893084A (en) * 1995-04-07 1999-04-06 Gemini Systems, Inc. Method for creating specific purpose rule-based n-bit virtual machines
US20020161996A1 (en) * 2001-02-23 2002-10-31 Lawrence Koved System and method for supporting digital rights management in an enhanced javaTM2 runtime environment
US20020141582A1 (en) * 2001-03-28 2002-10-03 Kocher Paul C. Content security layer providing long-term renewable security
US20040133794A1 (en) * 2001-03-28 2004-07-08 Kocher Paul C. Self-protecting digital content
US20020169987A1 (en) * 2001-05-14 2002-11-14 Meushaw Robert V. Device for and method of secure computing using virtual machines
US20020184520A1 (en) * 2001-05-30 2002-12-05 Bush William R. Method and apparatus for a secure virtual machine

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
TRUSTED COMPUTING GROUP, TRUSTED COMPUTING PLATFORM ALLIANCE, 2003, pages 1 - 2, XP002294897 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2299446A1 (fr) * 2008-07-16 2011-03-23 Panasonic Corporation Dispositif de reproduction, procédé de reproduction et programme
EP2299446A4 (fr) * 2008-07-16 2014-06-11 Panasonic Corp Dispositif de reproduction, procédé de reproduction et programme
EP2723093A1 (fr) * 2012-10-18 2014-04-23 Broadcom Corporation Application de boîtier décodeur dans un environnement double simultané
CN103778389A (zh) * 2012-10-18 2014-05-07 美国博通公司 不可信的框架组件与安全操作系统环境的整合
CN103826161A (zh) * 2012-10-18 2014-05-28 美国博通公司 并行双向环境中的机顶盒应用程序
US9338522B2 (en) 2012-10-18 2016-05-10 Broadcom Corporation Integration of untrusted framework components with a secure operating system environment
US9344762B2 (en) 2012-10-18 2016-05-17 Broadcom Corporation Integration of untrusted applications and frameworks with a secure operating system environment
US9405562B2 (en) 2012-10-18 2016-08-02 Broadcom Corporation Set top box application in a concurrent dual environment
TWI551127B (zh) * 2012-10-18 2016-09-21 美國博通公司 可用作機上盒的裝置、在媒介傳送設備中使用的方法及媒介傳送裝置
CN103826161B (zh) * 2012-10-18 2017-08-11 安华高科技通用Ip(新加坡)公司 并行双向环境中的机顶盒应用程序

Similar Documents

Publication Publication Date Title
US9003539B2 (en) Multi virtual machine architecture for media devices
CA2530441C (fr) Double machine virtuelle et architecture de module de plate-forme fiable pour lecteurs multimedia de prochaine generation
KR100946042B1 (ko) 탬퍼-레지스턴트 애플리케이션 구동 방법 및 시스템과 컴퓨터 판독 가능 저장 매체
US7237123B2 (en) Systems and methods for preventing unauthorized use of digital content
US7181603B2 (en) Method of secure function loading
RU2541879C2 (ru) Механизм против мошенничества на основе доверенного объекта
JP2005527019A (ja) マルチトークンのシール及びシール解除
GB2581482A (en) Security virtual-machine software applications
Haupert et al. Honey, i shrunk your app security: The state of android app hardening
US20090199017A1 (en) One time settable tamper resistant software repository
KR101749209B1 (ko) 애플리케이션의 정보 은닉 방법 및 장치, 및 애플리케이션 실행 방법 및 장치
KR101604892B1 (ko) 안드로이드 기반 어플리케이션의 부정사용 방지 방법 및 장치
WO2006011888A1 (fr) Architecture de machine virtuelle double pour des dispositifs medias
CN100451983C (zh) 下一代媒体播放器的双虚拟机以及信任平台
MXPA06000204A (en) Dual virtual machine and trusted platform module architecture for next generation media players
AU2002219852A1 (en) Systems and methods for preventing unauthorized use of digital content
Σόφιος Trusted execution environment
Pistol Practical dynamic information-flow tracking on mobile devices
AU2010202883A1 (en) Systems and Methods for Preventing Unauthorized Use of Digital Content

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase