WO2009043304A1 - Procédé, système, et dispositif permettant la vérification de la relation d'adresse de couche de lien de données et son correspondant de transmission - Google Patents

Procédé, système, et dispositif permettant la vérification de la relation d'adresse de couche de lien de données et son correspondant de transmission Download PDF

Info

Publication number
WO2009043304A1
WO2009043304A1 PCT/CN2008/072562 CN2008072562W WO2009043304A1 WO 2009043304 A1 WO2009043304 A1 WO 2009043304A1 CN 2008072562 W CN2008072562 W CN 2008072562W WO 2009043304 A1 WO2009043304 A1 WO 2009043304A1
Authority
WO
WIPO (PCT)
Prior art keywords
data link
link layer
layer address
sender
address
Prior art date
Application number
PCT/CN2008/072562
Other languages
English (en)
Chinese (zh)
Inventor
Sheng Jiang
Zhongqi Xia
Marcelo Bagnulo Brown
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2009043304A1 publication Critical patent/WO2009043304A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/35Network arrangements, protocols or services for addressing or naming involving non-standard use of addresses for implementing network functionalities, e.g. coding subscription information within the address or functional addressing, i.e. assigning an address to a function
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/324Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the data link layer [OSI layer 2], e.g. HDLC

Definitions

  • the present invention relates to the field of network communication technologies, and in particular, to a method, system, and apparatus for verifying a relationship between a data link layer address and a sender thereof. Background technique
  • the data link layer is the necessary level for network data transmission, and the communication security requirements are constantly improving.
  • the open air interface brings threatening link layer data transmission. A secure cyber attack.
  • These network attacks mainly include: (1) The attacker provides a large number of invalid media access control (MAC, Media Access Control) addresses to the network switch, causing the content addressed memory (CAM, Call Access Management) table to be flooded, resulting in an intruder. See the information in the local virtual local area network (VLAN). (2) The attacker forces the spanning tree protocol to update by attacking the spanning tree protocol. The attacker masquerades his own system into the root bridge in the topology to obtain various data frames. (3) The attacker spoofs the MAC address of the attacked host and sends a data link layer control message to rewrite the corresponding entry in the CAM table, so that the switch forwards the data packet with the destination address of the attacked host to the attacker.
  • MAC media access control
  • CAM content addressed memory
  • VLAN virtual local area network
  • the attacker obtains the Address Resolution Protocol (ARP) table by illegally modifying the correspondence between the MAC address and the IP address saved on the switch, and implements service denial or man-in-the-middle attacks.
  • the attacker attacks by using a fake MAC address to broadcast a Dynamic Host Configure Protocol (DHCP) request. If there are enough requests, the network attacker can exhaust DHCP for a period of time. The address space provided by the server, and then the attacker establishes a fake DHCP server in his system to react to new DHCP requests from clients on the network.
  • ARP Address Resolution Protocol
  • DHCP Dynamic Host Configure Protocol
  • a MAC address is an address used on a data link layer, also called a physical address.
  • the link address is the physical address of the NIC produced by the manufacturer and is unique to each device.
  • the packet switching and forwarding of the data link layer in the Ethernet are all identified by the MAC address.
  • Each packet transmitted on the data link layer contains the MAC address of the network card that sends the packet, and the binding of the MAC address.
  • MAC address-based authentication is applied in various security mechanisms at the data link layer, such as binding authentication mechanism for MAC address and IP address; Data Link Layer Access Control List (ACL): Access Control A list is actually a collection of allowed and rejected matching criteria.
  • 802.1x authentication by verifying the identity sent by the client, that is, the username and password, to determine whether the user has the right to use the network service provided by the network system.
  • the network card driver does not read the MAC address from the hardware memory device when transmitting the data link layer, but creates a buffer area in the memory.
  • the data link layer message reads the source MAC address from the buffer. Therefore, the user can modify the source MAC address in the data link layer packet actually sent through the operating system. Since the MAC address can be modified, the various security mechanisms based on the MAC address lose their original meaning.
  • the existing data link layer address uses a fixed address corresponding to the physical hardware, does not have the authentication of the fixed address ownership, is easily spoofed by a potential attacker on the same link, and is secured by various data link layers.
  • Most of the mechanisms are based on the premise that the MAC address is unique, permanent, and not spoofable, but the MAC address can be forged. The attacker can fake the MAC address and then steal the IP address, bypassing the binding authentication mechanism of the MAC address and IP address. An attacker can spoof a router that uses an access control list by changing its MAC address to an address allowed by a known access control list. An attacker can use the opened network service by impersonating a legitimate user's MAC address and port after the authenticated user passes the 802.1x authentication.
  • Embodiments of the present invention provide a method, system, and apparatus for verifying a relationship between a data link layer address and a sender thereof, and a data link layer address capable of generating an embedded security mechanism, and a data link layer of the embedded security mechanism The address is verified with its sender relationship to improve the security of data link layer data transmission.
  • An embodiment of the present invention provides a method for verifying a relationship between a data link layer address and a sender thereof, including: Receiving a packet, where the source address of the packet is a data link layer address of the sender, and the data link address is embedded with security information;
  • the embodiment of the present invention further provides a network interaction system, including a sending device and a receiving device, where the sending device includes:
  • a sending unit configured to send a message, where a source address of the packet is a data link layer address of the sender, and the data link address is embedded with security information;
  • the receiving device includes:
  • a receiving unit configured to receive the packet
  • a calculating unit configured to perform, by using a first preset rule, a data link layer address corresponding parameter of the sender, to obtain an operation result
  • the address verification unit is configured to compare and determine that the operation result corresponds to the data link layer address of the sender, and determine that the data link layer address is owned by the sender.
  • An embodiment of the present invention provides a device for verifying a sender address, including: a sending unit, configured to send a message, where a source address of the packet is a data link layer address of the sender, and the data link address is Embedded with security information.
  • the embodiment of the present invention further provides a receiving device for verifying a sender address, including: a receiving unit, configured to receive a packet, where a source address of the packet is a data link layer address of the sender, and the data link The address is embedded with security information; the calculating unit is configured to perform operation on the data link layer address parameter of the sender by using a first preset rule to obtain an operation result;
  • An address verification unit configured to compare the operation result with the data link layer of the sender When the address corresponds, it is verified that the data link layer address is owned by the sender.
  • the received data packet uses the data link layer address of the embedded security information of the sender as the source address, and the data link layer address of the embedded security information in the data packet may be extracted. And calculating, by using the data link layer address corresponding parameter of the embedded security information, when the operation result corresponds to the data link layer address, the data link layer address is considered to be owned by the sender. Therefore, it can be known whether the data link layer address of the transmitted data message is owned by the sender, thereby improving the security of the data link layer data transmission.
  • FIG. 1 is a flowchart of a verification method according to an embodiment of the present invention
  • FIG. 2 is a flowchart of generating a data link layer address according to Embodiment 1 of the present invention
  • FIG. 3 is a flowchart of verifying a data link layer address according to Embodiment 1 of the present invention
  • FIG. 5 is a flowchart of verifying a data link layer address according to Embodiment 2 of the present invention
  • FIG. 6 is a schematic diagram of a system according to an embodiment of the present invention.
  • FIG. 7 is a schematic diagram of a sending apparatus according to an embodiment of the present invention.
  • FIG. 8 is a schematic diagram of a receiving apparatus according to an embodiment of the present invention. detailed description
  • the embodiment of the invention provides a method, a system and a device for verifying a relationship between a data link layer address and a sender thereof, and for verifying a correspondence between a sender and a data link layer address thereof during network data transmission, thereby avoiding counterfeiting
  • the phenomenon of data link layer address thereby improving the security of data link layer data transmission.
  • the method includes the following steps: 101: Receive a message, where the message uses a data link layer address of a security information embedded by a sender as a source address.
  • the security information includes: a public-private key pair of the sender; or a symmetric key agreed in advance.
  • the method for generating the data link layer address is: the sender presets the security information of the data link layer address; the sender performs the operation on the security information by using the second preset rule, where the data link
  • the layer address corresponding parameter is a collection of all actual parameter values used in generating the data link layer address.
  • the operation result corresponding to the data link layer address includes: when the first preset rule and the second preset rule are the same, the operation result is the same as the data link layer address; When the first preset rule and the second preset rule are different, the operation result needs to have a corresponding relationship with the data link layer address, so that the receiver can use the operation result to the data link layer address. Confirm the relationship with the sender.
  • the first preset rule and/or the second preset rule are reproducible, irreversible, and the like, and are the same as or similar to the first preset rule and/or the second preset rule. Descriptions are all features that are protected by the present invention.
  • the packet further includes: the data link layer address corresponding parameter; correspondingly, the calculating, by the first preset rule, the data link layer address corresponding parameter comprises: extracting the report The data link layer address in the text corresponds to a parameter, and the parameter is operated by the first preset rule.
  • the packet is signed by the sender.
  • the receiving the message includes: verifying the signature data of the packet.
  • a flowchart of a first example of generating a data link layer address includes:
  • the network node generates a 256-bit random modified value
  • the chaotic algorithm SHA-256 Using the chaotic algorithm SHA-256, adding 1 byte of zero to the modified value, and then attaching the public key and the extended parameter to form an input sequence, performing a chaotic operation on the input sequence, and then taking the most of the chaotic operation result
  • the left N bits, the N bits are at least (16 * security level) bits.
  • step 203 detecting whether the leftmost (16* security level) bit of the chaotic value 2 is all zeros, all 0s to the next step, otherwise, the random modification value is incremented by 1, returning to step 202;
  • the 16* security level is a variable, and the security level ranges from 0 to 7.
  • the address conflict detection scheme is used to detect whether the generated new address conflicts with the existing address. If the conflict occurs, the conflict count value is incremented by one, and the process returns to step 205. After three consecutive conflicts, the process is aborted and an error is reported.
  • step 303 if yes, go to step 303, otherwise, go to step 302;
  • step 307 Verify chaos value 2 Whether the leftmost (16* security level) bit is all zeros; If not, execute step 302 to exit the verification process; if yes, go to step 308.
  • the 16* security level is a variable, and the security level ranges from 0 to 7.
  • a flowchart of a second example of generating a data link layer address according to an embodiment of the present invention includes:
  • the network node generates a 128-bit random modified value
  • the chaotic algorithm 402 Using the chaotic algorithm SHA-384, adding a 4-byte zero to the modified value, and then performing a chaotic operation on the public key and the extended parameter in a sequence synthesized from left to right, and then taking the leftmost N bits of the chaotic operation result.
  • the N bits are at least (8* security level) bits. Normally, you can directly take the leftmost 64 bits as the chaotic value 2;
  • 403 Detect whether the leftmost (8* security level) bit of the chaotic value 2 is all zeros, and the security level ranges from 0 to 7, all 0s enter the next step, otherwise, the random modification value is incremented by 1, and the step is returned. 402; wherein, the 8* security level is a variable, and the security level ranges from 0 to 7.
  • the address conflict detection scheme is used to detect whether the generated new address conflicts with the existing address. If the conflict occurs, the conflict count value is incremented by one, and the process returns to step 405. After three consecutive conflicts, the process is aborted and an error is reported.
  • FIG. 5 a flowchart of a second example of verifying a data link layer address provided by an embodiment of the present invention is provided. include:
  • step 501 Check whether the conflict count value in the data link layer address parameter is less than 2, that is, one of 0, 1, 2, if yes, go to step 503, otherwise, go to step 502;
  • the chaotic SHA-384 algorithm is used for the data link layer address parameter, and the leftmost 21 bits of the chaotic output value are taken as the chaotic value 1.
  • step 504 Comparing whether the rightmost 21 bits of the data link layer address are equal to the chaotic value 1; unequal, executing step 502, or if so, executing step 505;
  • 505 From the data link layer address, take 25-27 bits from the left, a total of 3 bits, as a security level; 506: replace the vendor identifier, padding bit, and collision count value in the data link layer address parameter All zeros, and then use the chaotic SHA-384 algorithm on the modified data link layer address parameter to obtain a chaotic value of 2;
  • step 507 Verify that the leftmost (8* security level) bit is all zeros; if not, go to step 110, 302 to exit the verification process; if yes, go to step 508.
  • FIG. 6 is a schematic diagram of a system according to an embodiment of the present invention, including: a sending device 601, a receiving device 602;
  • the sending device 601 includes:
  • the sending unit 603 is configured to send a message, where the message uses a data link layer address of the embedded security information of the sender as the source address.
  • the security information includes: a public-private key pair of the sender; or a symmetric key agreed in advance.
  • the receiving device 602 includes:
  • the receiving unit 611 is configured to receive the packet, where the source address of the packet is a data link layer address of the sender, and the data link address is embedded with security information;
  • the obtaining unit 604 is configured to obtain the data link layer address of the sender from the message received by the receiving unit 611.
  • the calculating unit 605 is configured to pass the first pre-data link layer address parameter to the sender Set the rule to perform the operation and get the result of the operation.
  • the data link layer address corresponding parameter is a collection of actual parameter values used in generating the data link layer address.
  • the address verification unit 606 is configured to verify that the data link layer address is owned by the sender when the operation result is compared with the data link layer address of the sender.
  • the sending device 601 further includes:
  • a signing unit 607 configured to sign the message
  • the receiving device 602 further includes:
  • the signature verification unit 608 is configured to verify the signature data of the packet.
  • the sending device 601 further includes:
  • a preset unit 609 configured to preset security information for generating a data link layer address
  • the generating unit 610 is configured to perform, by using the second preset rule, the security information to generate a data link layer address and the data link layer address corresponding parameter.
  • the first preset rule and/or the second preset rule are: by using the preset security information of the sender, the sending device 601 further includes: an information adding unit 612, Adding a data link layer address corresponding parameter to the packet;
  • the obtaining unit 604 further includes: extracting a data link layer address corresponding parameter in the packet; and the calculating unit 605 further includes: performing, by using the first preset rule, the parameter.
  • FIG. 7 is a schematic diagram of a sending apparatus according to an embodiment of the present invention, including:
  • the sending unit 603 is configured to send a message, where the message uses a data link layer address of the embedded security information of the sender as the source address.
  • the security information includes: a public-private key pair of the sender; or a symmetric key agreed in advance.
  • the transmitting device further includes:
  • a signing unit 607 configured to sign the message
  • a preset unit 609 configured to preset security information for generating a data link layer address
  • the generating unit 610 is configured to perform, by using the second preset rule, the security information to generate a data link layer address and the data link layer address corresponding parameter.
  • the first preset rule and/or the second preset rule are: using a chaotic calculation for the preset security information of the sender
  • the sending device 601 further includes: an information adding unit 612, configured to add a data link layer address corresponding parameter to the packet.
  • FIG. 8 is a schematic diagram of a receiving apparatus according to an embodiment of the present invention, including:
  • the receiving unit 611 is configured to receive the packet.
  • the obtaining unit 604 is configured to obtain the data link layer address of the sender from the message received by the receiving unit 611.
  • the calculating unit 605 is configured to perform operation on the data link layer address parameter of the sender by using a first preset rule to obtain an operation result.
  • the data link layer address corresponding parameter is a collection of all actual parameter values used in generating the data link layer address.
  • the address verification unit 606 is configured to verify that the data link layer address is owned by the sender when the operation result is compared with the data link layer address of the sender.
  • the receiving device further includes:
  • the signature verification unit 608 is configured to verify the signature data of the packet.
  • the obtaining unit 604 further includes: extracting a data link layer address corresponding parameter in the packet;
  • the calculating unit 605 further includes: performing an operation on the parameter by using a first preset rule.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

La présente invention concerne un procédé permettant la vérification de la relation d'adresse de couche de lien de données et son correspondant émetteur comprenant : la réception d'un message, l'utilisation d'une adresse de couche de lien de données incorporée avec une information de sécurité du correspondant émetteur comme adresse source par le message (101) ; l'extraction de l'adresse de couche de lien de données (102), le calcul d'un paramètre correspondant de l'adresse de couche de lien de données par une première règle prédéterminée, et l'acquisition du résultat calculé (103), le paramètre correspondant de l'adresse de couche de lien de données étant un ensemble de toutes les valeurs de paramètres utilisés lors de la génération de l'adresse de la couche de lien de données ; lorsque le résultat calculé correspond à l'adresse de la couche de lien de données , l'adresse de la couche de lien de données est maintenue par le correspondant émetteur (104). L'invention concerne également un système et un dispositif correspondants, l'adresse de la couche de lien de données du correspondant émetteur est vérifiée par un destinataire, évitant ainsi le problème de falsification de l'adresse de la couche de lien de données, et donc améliorant la sécurité de transmission de données dans la couche de lien de données.
PCT/CN2008/072562 2007-09-30 2008-09-27 Procédé, système, et dispositif permettant la vérification de la relation d'adresse de couche de lien de données et son correspondant de transmission WO2009043304A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200710149993.9 2007-09-30
CN200710149993.9A CN101399814B (zh) 2007-09-30 2007-09-30 验证数据链路层地址与其发送方关系的方法、系统及装置

Publications (1)

Publication Number Publication Date
WO2009043304A1 true WO2009043304A1 (fr) 2009-04-09

Family

ID=40518069

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/072562 WO2009043304A1 (fr) 2007-09-30 2008-09-27 Procédé, système, et dispositif permettant la vérification de la relation d'adresse de couche de lien de données et son correspondant de transmission

Country Status (2)

Country Link
CN (1) CN101399814B (fr)
WO (1) WO2009043304A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103618678A (zh) * 2013-11-18 2014-03-05 北京星网锐捷网络技术有限公司 自适应多链路聚合的方法、装置及系统
CN114025001A (zh) * 2021-10-25 2022-02-08 安庆师范大学 一种基于云服务的席卡信息传输控制系统

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103840984B (zh) * 2014-02-28 2018-02-09 新华三技术有限公司 检测无网管型以太网交换机配置文件冲突的方法和装置
WO2017012089A1 (fr) 2015-07-22 2017-01-26 华为技术有限公司 Procédé, dispositif et système de communication basés sur une couche de liaison de données
CN105939402A (zh) * 2016-03-03 2016-09-14 杭州迪普科技有限公司 Mac表项的获取方法及装置
CN115292624B (zh) * 2022-10-08 2023-08-04 成都同步新创科技股份有限公司 基于http协议的通用报文处理方法及装置

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030179753A1 (en) * 2000-07-07 2003-09-25 Jean-Pierre Mercuriali Method of setting up communications in a packet switching system
US20050076108A1 (en) * 2003-10-01 2005-04-07 Santera Systems, Inc. Methods and systems for per-session network address translation (NAT) learning and firewall filtering in media gateway
CN1819593A (zh) * 2004-11-01 2006-08-16 联想(新加坡)私人有限公司 信息处理器和数据传输系统及方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030179753A1 (en) * 2000-07-07 2003-09-25 Jean-Pierre Mercuriali Method of setting up communications in a packet switching system
US20050076108A1 (en) * 2003-10-01 2005-04-07 Santera Systems, Inc. Methods and systems for per-session network address translation (NAT) learning and firewall filtering in media gateway
CN1819593A (zh) * 2004-11-01 2006-08-16 联想(新加坡)私人有限公司 信息处理器和数据传输系统及方法

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103618678A (zh) * 2013-11-18 2014-03-05 北京星网锐捷网络技术有限公司 自适应多链路聚合的方法、装置及系统
CN114025001A (zh) * 2021-10-25 2022-02-08 安庆师范大学 一种基于云服务的席卡信息传输控制系统

Also Published As

Publication number Publication date
CN101399814A (zh) 2009-04-01
CN101399814B (zh) 2012-08-08

Similar Documents

Publication Publication Date Title
JP4944845B2 (ja) インターネットプロトコルのアドレス機構
AlSa'deh et al. Secure neighbor discovery: Review, challenges, perspectives, and recommendations
US8473744B2 (en) Methods and systems for unilateral authentication of messages
US7620733B1 (en) DNS anti-spoofing using UDP
US8843751B2 (en) IP address delegation
Hijazi et al. Address resolution protocol spoofing attacks and security approaches: A survey
Goyal et al. An efficient solution to the ARP cache poisoning problem
US8880891B2 (en) Method, system and apparatus for establishing communication
EP1574009B1 (fr) Systemes et dispositifs utilisant des donnees d'identification lors des communications reseau
WO2009043304A1 (fr) Procédé, système, et dispositif permettant la vérification de la relation d'adresse de couche de lien de données et son correspondant de transmission
CN115118489B (zh) 用户、设备、IPv6网络地址绑定的网络接入认证系统及方法
Alsadeh et al. Cryptographically Generated Addresses (CGAs): Possible attacks and proposed mitigation approaches
Al-Ani et al. Ndpsec: neighbor discovery protocol security mechanism
Guangxue et al. A quick CGA generation method
El Ksimi et al. Towards a new algorithm to optimize IPv6 neighbor discovery security for small objects networks
Salim et al. Preventing ARP spoofing attacks through gratuitous decision packet
US8364949B1 (en) Authentication for TCP-based routing and management protocols
CN110401646B (zh) IPv6安全邻居发现过渡环境中CGA参数探测方法及装置
Pansa et al. Architecture and protocols for secure LAN by using a software-level certificate and cancellation of ARP protocol
JP6488001B2 (ja) コンピュータ・ネットワーク・インフラストラクチャにおける外部コンピュータシステムのブロック解除方法、そのようなコンピュータ・ネットワーク・インフラストラクチャを有する分散コンピュータネットワーク、およびコンピュータプログラム製品
El Ksimi et al. An enhancement approach for securing neighbor discovery in IPv6 networks
Liu et al. Study on attacking and defending techniques in IPv6 networks
Song et al. Anonymous-address-resolution model
Zhu et al. A web database Security model using the Host identity protocol
Ahmed et al. A novel algorithm to prevent man in the middle attack in LAN environment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08836191

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08836191

Country of ref document: EP

Kind code of ref document: A1