WO2010057065A2 - Method and apparatus to provide secure application execution - Google Patents

Method and apparatus to provide secure application execution Download PDF

Info

Publication number
WO2010057065A2
WO2010057065A2 PCT/US2009/064493 US2009064493W WO2010057065A2 WO 2010057065 A2 WO2010057065 A2 WO 2010057065A2 US 2009064493 W US2009064493 W US 2009064493W WO 2010057065 A2 WO2010057065 A2 WO 2010057065A2
Authority
WO
WIPO (PCT)
Prior art keywords
epc
instruction
data
processor
machine
Prior art date
Application number
PCT/US2009/064493
Other languages
French (fr)
Other versions
WO2010057065A3 (en
Inventor
Frank Mckeen
Uday Savagaonkar
Carlos V. Rozas
Michael A. Goldsmith
Howard C. Herbert
Asher Altman
Gary Graunke
David Durham
Simon P. Johnson
Michael E. Kounavis
Vincent R. Scarlata
Joseph Cihula
Stalinselvaraj Jeyasingh
Bernard Lint
Gil Neiger
Dion Rodgers
Ernie Brickell
Jianguo Li
Original Assignee
Intel Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corporation filed Critical Intel Corporation
Priority to JP2011536548A priority Critical patent/JP2012508938A/en
Publication of WO2010057065A2 publication Critical patent/WO2010057065A2/en
Publication of WO2010057065A3 publication Critical patent/WO2010057065A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30003Arrangements for executing specific machine instructions
    • G06F9/3004Arrangements for executing specific machine instructions to perform operations on memory
    • G06F9/30043LOAD or STORE instructions; Clear instruction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30003Arrangements for executing specific machine instructions
    • G06F9/30007Arrangements for executing specific machine instructions to perform operations on data operands
    • G06F9/30032Movement instructions, e.g. MOVE, SHIFT, ROTATE, SHUFFLE

Definitions

  • Embodiments of the invention relate generally to the field of information processing and more specifically, to the field of security in computing systems and microprocessors.
  • Figure 1 illustrates a block diagram of a microprocessor, in which at least one embodiment of the invention may be used;
  • Figure 2 illustrates a block diagram of a shared bus computer system, in which at least one embodiment of the invention may be used;
  • Figure 3 illustrates a block diagram a point-to-point interconnect computer system, in which at least one embodiment of the invention may be used.
  • Embodiments of the invention pertain to a technique for providing secure application and data in a flexible but reliable manner.
  • the attached document entitled "Secure Enclaves Architecture" is hereby incorporated by referrence as an example of at least one embodiment.
  • the incorporated reference is not intended to limit the scope of embodiments of the invention in any way and other embodiments may be used while remaining within the spirit and scope of the invention.
  • Figure 1 illustrates a microprocessor in which at least one embodiment of the invention may be used.
  • Figure 1 illustrates microprocessor 100 having one or more processor cores 105 and 110, each having associated therewith a local cache 107 and 113, respectively.
  • a shared cache memory 115 which may store versions of at least some of the information stored in each of the local caches 107 and 113.
  • microprocessor 100 may also include other logic not shown in Figure 1 , such as an integrated memory controller, integrated graphics controller, as well as other logic to perform other functions within a computer system, such as I/O control.
  • each microprocessor in a multi-processor system or each processor core in a multi-core processor may include or otherwise be associated with logic 119 to enable secure enclave techniques, in accordance with at least one embodiment.
  • the logic may include circuits, software (embodied in a tangible medium) or both to enable more efficient resource allocation among a plurality of cores or processors than in some prior art implementations.
  • Figure 2 illustrates a front-side-bus (FSB) computer system in which one embodiment of the invention may be used.
  • Any processor 201, 205, 210, or 215 may access information from any local level one (Ll) cache memory 220, 225, 230, 235, 240, 245, 250, 255 within or otherwise associated with one of the processor cores 223, 227, 233, 237, 243, 247, 253, 257. Furthermore, any processor 201, 205, 210, or 215 may access information from any one of the shared level two (L2) caches 203, 207, 213, 217 or from system memory 260 via chipset 265.
  • L2 shared level two
  • One or more of the processors in Figure 2 may include or otherwise be associated with logic 219 to enable secure enclave techniques, in accordance with at least one embodiment.
  • P2P point-to-point
  • ring interconnect systems may be used in conjunction with various embodiments of the invention, including point-to-point (P2P) interconnect systems and ring interconnect systems.
  • the P2P system of Figure 3 may include several processors, of which only two, processors 370, 380 are shown by example.
  • Processors 370, 380 may each include a local memory controller hub (MCH) 372, 382 to connect with memory 32, 34.
  • MCH local memory controller hub
  • Processors 370, 380 may exchange data via a point-to-point (PtP) interface 350 using PtP interface circuits 378, 388.
  • PtP point-to-point
  • Processors 370, 380 may each exchange data with a chipset 390 via individual PtP interfaces 352, 354 using point to point interface circuits 376, 394, 386, 398.
  • Chipset 390 may also exchange data with a high-performance graphics circuit 338 via a high- performance graphics interface 339.
  • Embodiments of the invention may be located within any processor having any number of processing cores, or within each of the PtP bus agents of Figure 3.
  • any processor core may include or otherwise be associated with a local cache memory (not shown).
  • a shared cache (not shown) may be included in either processor outside of both processors, yet connected with the processors via p2p interconnect, such that either or both processors' local cache information may be stored in the shared cache if a processor is placed into a low power mode.
  • One or more of the processors or cores in Figure 3 may include or otherwise be associated with logic 319 to enable secure enclave techniques, in accordance with at least one embodiment.
  • IP cores may be stored on a tangible, machine readable medium (“tape”) and supplied to various customers or manufacturing facilities to load into the fabrication machines that actually make the logic or processor.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Retry When Errors Occur (AREA)
  • Multi Processors (AREA)
  • Memory System Of A Hierarchy Structure (AREA)

Abstract

A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.

Description

METHOD AND APPARATUS TO PROVIDE SECURE APPLICATION
EXECUTION
Field of the Invention
Embodiments of the invention relate generally to the field of information processing and more specifically, to the field of security in computing systems and microprocessors.
Background
Securing execution and integrity of applications and their data within a computer system is of growing importance. Some prior art security techniques fail to adequately secure applications and data in a flexible but reliable manner.
Brief Description of the Drawings
Embodiments of the invention are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which like reference numerals refer to similar elements and in which: Figure 1 illustrates a block diagram of a microprocessor, in which at least one embodiment of the invention may be used;
Figure 2 illustrates a block diagram of a shared bus computer system, in which at least one embodiment of the invention may be used;
Figure 3 illustrates a block diagram a point-to-point interconnect computer system, in which at least one embodiment of the invention may be used.
Detailed Description
Embodiments of the invention pertain to a technique for providing secure application and data in a flexible but reliable manner. Although there are multiple embodiments of multiple aspects of the invention, the attached document entitled "Secure Enclaves Architecture" is hereby incorporated by referrence as an example of at least one embodiment. However, the incorporated reference is not intended to limit the scope of embodiments of the invention in any way and other embodiments may be used while remaining within the spirit and scope of the invention.
Figure 1 illustrates a microprocessor in which at least one embodiment of the invention may be used. In particular, Figure 1 illustrates microprocessor 100 having one or more processor cores 105 and 110, each having associated therewith a local cache 107 and 113, respectively. Also illustrated in Figure 1 is a shared cache memory 115 which may store versions of at least some of the information stored in each of the local caches 107 and 113. In some embodiments, microprocessor 100 may also include other logic not shown in Figure 1 , such as an integrated memory controller, integrated graphics controller, as well as other logic to perform other functions within a computer system, such as I/O control. In one embodiment, each microprocessor in a multi-processor system or each processor core in a multi-core processor may include or otherwise be associated with logic 119 to enable secure enclave techniques, in accordance with at least one embodiment. The logic may include circuits, software (embodied in a tangible medium) or both to enable more efficient resource allocation among a plurality of cores or processors than in some prior art implementations. Figure 2, for example, illustrates a front-side-bus (FSB) computer system in which one embodiment of the invention may be used. Any processor 201, 205, 210, or 215 may access information from any local level one (Ll) cache memory 220, 225, 230, 235, 240, 245, 250, 255 within or otherwise associated with one of the processor cores 223, 227, 233, 237, 243, 247, 253, 257. Furthermore, any processor 201, 205, 210, or 215 may access information from any one of the shared level two (L2) caches 203, 207, 213, 217 or from system memory 260 via chipset 265. One or more of the processors in Figure 2 may include or otherwise be associated with logic 219 to enable secure enclave techniques, in accordance with at least one embodiment.
In addition to the FSB computer system illustrated in Figure 2, other system configurations may be used in conjunction with various embodiments of the invention, including point-to-point (P2P) interconnect systems and ring interconnect systems. The P2P system of Figure 3, for example, may include several processors, of which only two, processors 370, 380 are shown by example. Processors 370, 380 may each include a local memory controller hub (MCH) 372, 382 to connect with memory 32, 34. Processors 370, 380 may exchange data via a point-to-point (PtP) interface 350 using PtP interface circuits 378, 388. Processors 370, 380 may each exchange data with a chipset 390 via individual PtP interfaces 352, 354 using point to point interface circuits 376, 394, 386, 398. Chipset 390 may also exchange data with a high-performance graphics circuit 338 via a high- performance graphics interface 339. Embodiments of the invention may be located within any processor having any number of processing cores, or within each of the PtP bus agents of Figure 3. In one embodiment, any processor core may include or otherwise be associated with a local cache memory (not shown). Furthermore, a shared cache (not shown) may be included in either processor outside of both processors, yet connected with the processors via p2p interconnect, such that either or both processors' local cache information may be stored in the shared cache if a processor is placed into a low power mode. One or more of the processors or cores in Figure 3 may include or otherwise be associated with logic 319 to enable secure enclave techniques, in accordance with at least one embodiment.
One or more aspects of at least one embodiment may be implemented by representative data stored on a machine-readable medium which represents various logic within the processor, which when read by a machine causes the machine to fabricate logic to perform the techniques described herein. Such representations, known as "IP cores" may be stored on a tangible, machine readable medium ("tape") and supplied to various customers or manufacturing facilities to load into the fabrication machines that actually make the logic or processor.
Thus, a method and apparatus for directing micro-architectural memory region accesses has been described. It is to be understood that the above description is intended to be illustrative and not restrictive. Many other embodiments will be apparent to those of skill in the art upon reading and understanding the above description. The scope of the invention should, therefore, be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled.

Claims

CLAIMSWhat is claimed is:
1. A processor comprising: execution logic to perform at least a first instruction to move protected data between an enclave page cache (EPC) and a second storage area.
2. The processor of claim 1 , wherein the data is to be moved during a performance of a program to access the protected data.
3. The processor of claim 2, wherein the program is to run in a privileged mode.
4. The processor of claim 1 , wherein the at least first instruction includes an instruction to copy data from a memory to the EPC.
5. The processor of claim 1 , wherein the at least first instruction includes an instruction to copy data from the EPC to memory.
6. The processor of claim 1 , wherein the EPC is to store information that is protected from malicious code.
7. The processor of claim 1 , wherein the EPC is to store information that is specific to a user application.
8. The processor of claim 1 , wherein the EPC is only accessible using an encrypted key.
9. A machine-readable medium having stored thereon an instruction, which if executed by a machine, causes the machine to perform a method comprising: moving protected data between an enclave page cache (EPC) and a second storage area.
10. The machine-readable medium of claim 9, wherein the data is to be moved during a performance of a program to access the protected data.
11. The machine -readable medium of claim 10, wherein the program is to run in a privileged mode.
12. The machine-readable medium of claim 9, wherein the at least first instruction includes an instruction to copy data from a memory to the EPC.
13. The machine-readable medium of claim 9, wherein the at least first instruction includes an instruction to copy data from the EPC to memory.
14. The machine-readable medium of claim 9, wherein the EPC is to store information that is protected from malicious code.
15. The machine-readable medium of claim 9, wherein the EPC is to store information that is specific to a user application.
16. The machine-readable medium of claim 9, wherein the EPC is only accessible using an encrypted key.
17. A system comprising: a storage area to store a first instruction; a processor to fetch the first instruction from the storage area, wherein the first instruction is to copy protected data between an enclave page cache (EPC) and a second storage area.
18. The system of claim 17, wherein the data is to be moved during a performance of a program to access the protected data.
19. The system of claim 18, wherein the program is to run in a privileged mode.
20. The system of claim 17, wherein the at least first instruction includes an instruction to copy data from a memory to the EPC.
21. The system of claim 17, wherein the at least first instruction includes an instruction to copy data from the EPC to memory.
22. The system of claim 17, wherein the EPC is to store information that is protected from malicious code.
23. The system of claim 17, wherein the EPC is to store information that is specific to a user application.
24. The system of claim 17, wherein the EPC is only accessible using an encrypted key.
25. A method comprising: moving information between an enclave page cache (EPC) and a storage area in response to performing a first instruction, wherein the first instruction is a special EPC access instruction, and wherein the data is to be moved during a performance of a program to access the protected data, and wherein the program is to run in a privileged mode.
26. The method of claim 25, wherein the at least first instruction includes an instruction to copy data from a memory to the EPC.
27. The method of claim 26, wherein the at least first instruction includes an instruction to copy data from the EPC to memory.
28. The method of claim 27, wherein the EPC is to store information that is protected from malicious code.
29. The method of claim 28, wherein the EPC is to store information that is specific to a user application.
30. The method of claim 29, wherein the EPC is only accessible using an encrypted key.
PCT/US2009/064493 2008-11-14 2009-11-14 Method and apparatus to provide secure application execution WO2010057065A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2011536548A JP2012508938A (en) 2008-11-14 2009-11-14 Secure application execution method and apparatus

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US19931808P 2008-11-14 2008-11-14
US61/199,318 2008-11-14
US59076709A 2009-11-13 2009-11-13
US12/590,767 2009-11-13

Publications (2)

Publication Number Publication Date
WO2010057065A2 true WO2010057065A2 (en) 2010-05-20
WO2010057065A3 WO2010057065A3 (en) 2010-08-19

Family

ID=42170755

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2009/064493 WO2010057065A2 (en) 2008-11-14 2009-11-14 Method and apparatus to provide secure application execution

Country Status (2)

Country Link
JP (1) JP2012508938A (en)
WO (1) WO2010057065A2 (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102289386A (en) * 2010-06-21 2011-12-21 英特尔公司 Uniform storage device by partial virtualization machine
WO2013058781A1 (en) 2011-10-18 2013-04-25 Intel Corporation Methods, systems and apparatus to facilitate client-based authentication
WO2014105160A1 (en) * 2012-12-28 2014-07-03 Intel Corporation Logging in secure enclaves
WO2014105161A1 (en) * 2012-12-28 2014-07-03 Intel Corporation Memory management in secure enclaves
WO2014105159A1 (en) * 2012-12-28 2014-07-03 Intel Corporation Paging in secure enclaves
EP2778899A2 (en) 2013-03-15 2014-09-17 Intel Corporation Secure rendering of display surfaces
US9087200B2 (en) 2009-12-22 2015-07-21 Intel Corporation Method and apparatus to provide secure application execution
EP2889777A3 (en) * 2013-12-27 2015-08-12 Intel IP Corporation Modifying memory permissions in a secure processing environment
US9448950B2 (en) 2013-12-24 2016-09-20 Intel Corporation Using authenticated manifests to enable external certification of multi-processor platforms
US9501668B2 (en) 2013-09-25 2016-11-22 Intel Corporation Secure video ouput path
US9606940B2 (en) 2015-03-27 2017-03-28 Intel Corporation Methods and apparatus to utilize a trusted loader in a trusted computing environment
US9705892B2 (en) 2014-06-27 2017-07-11 Intel Corporation Trusted time service for offline mode
US10552344B2 (en) 2017-12-26 2020-02-04 Intel Corporation Unblock instruction to reverse page block during paging

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9430384B2 (en) * 2013-03-31 2016-08-30 Intel Corporation Instructions and logic to provide advanced paging capabilities for secure enclave page caches

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5224166A (en) * 1992-08-11 1993-06-29 International Business Machines Corporation System for seamless processing of encrypted and non-encrypted data and instructions
US20040143748A1 (en) * 2003-01-21 2004-07-22 Kabushiki Kaisha Toshiba Data access control method for tamper resistant microprocessor using cache memory
US20050100163A1 (en) * 2003-11-10 2005-05-12 Broadcom Corporation System and method for securing executable code
US20080072004A1 (en) * 2006-09-20 2008-03-20 Arm Limited Maintaining cache coherency for secure and non-secure data access requests

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4263976B2 (en) * 2003-09-24 2009-05-13 株式会社東芝 On-chip multi-core tamper resistant processor
JP4945200B2 (en) * 2006-08-29 2012-06-06 株式会社日立製作所 Computer system and processor control method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5224166A (en) * 1992-08-11 1993-06-29 International Business Machines Corporation System for seamless processing of encrypted and non-encrypted data and instructions
US20040143748A1 (en) * 2003-01-21 2004-07-22 Kabushiki Kaisha Toshiba Data access control method for tamper resistant microprocessor using cache memory
US20050100163A1 (en) * 2003-11-10 2005-05-12 Broadcom Corporation System and method for securing executable code
US20080072004A1 (en) * 2006-09-20 2008-03-20 Arm Limited Maintaining cache coherency for secure and non-secure data access requests

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9087200B2 (en) 2009-12-22 2015-07-21 Intel Corporation Method and apparatus to provide secure application execution
US10885202B2 (en) 2009-12-22 2021-01-05 Intel Corporation Method and apparatus to provide secure application execution
US10102380B2 (en) 2009-12-22 2018-10-16 Intel Corporation Method and apparatus to provide secure application execution
JP2012009013A (en) * 2010-06-21 2012-01-12 Intel Corp Unified storage device based on partial virtualized machine
CN102289386A (en) * 2010-06-21 2011-12-21 英特尔公司 Uniform storage device by partial virtualization machine
WO2013058781A1 (en) 2011-10-18 2013-04-25 Intel Corporation Methods, systems and apparatus to facilitate client-based authentication
US9766889B2 (en) 2012-12-28 2017-09-19 Intel Corporation Memory management in secure enclaves
US9990197B2 (en) 2012-12-28 2018-06-05 Intel Corporation Memory management in secure enclaves
WO2014105160A1 (en) * 2012-12-28 2014-07-03 Intel Corporation Logging in secure enclaves
US10409597B2 (en) 2012-12-28 2019-09-10 Intel Corporation Memory management in secure enclaves
WO2014105161A1 (en) * 2012-12-28 2014-07-03 Intel Corporation Memory management in secure enclaves
WO2014105159A1 (en) * 2012-12-28 2014-07-03 Intel Corporation Paging in secure enclaves
US9690704B2 (en) 2012-12-28 2017-06-27 Intel Corporation Paging in secure enclaves
EP2778899A2 (en) 2013-03-15 2014-09-17 Intel Corporation Secure rendering of display surfaces
US9501668B2 (en) 2013-09-25 2016-11-22 Intel Corporation Secure video ouput path
US9448950B2 (en) 2013-12-24 2016-09-20 Intel Corporation Using authenticated manifests to enable external certification of multi-processor platforms
US9355262B2 (en) 2013-12-27 2016-05-31 Intel Corporation Modifying memory permissions in a secure processing environment
EP2889777A3 (en) * 2013-12-27 2015-08-12 Intel IP Corporation Modifying memory permissions in a secure processing environment
US9705892B2 (en) 2014-06-27 2017-07-11 Intel Corporation Trusted time service for offline mode
US9606940B2 (en) 2015-03-27 2017-03-28 Intel Corporation Methods and apparatus to utilize a trusted loader in a trusted computing environment
US10552344B2 (en) 2017-12-26 2020-02-04 Intel Corporation Unblock instruction to reverse page block during paging

Also Published As

Publication number Publication date
WO2010057065A3 (en) 2010-08-19
JP2012508938A (en) 2012-04-12

Similar Documents

Publication Publication Date Title
WO2010057065A2 (en) Method and apparatus to provide secure application execution
US20220237123A1 (en) Apparatuses and methods for a processor architecture
US11216556B2 (en) Side channel attack prevention by maintaining architectural state consistency
US7991965B2 (en) Technique for using memory attributes
US8140828B2 (en) Handling transaction buffer overflow in multiprocessor by re-executing after waiting for peer processors to complete pending transactions and bypassing the buffer
US11354240B2 (en) Selective execution of cache line flush operations
EP3552108B1 (en) Apparatuses and methods for a processor architecture
US11709742B2 (en) Method for migrating CPU state from an inoperable core to a spare core
CN108369553B (en) Systems, methods, and apparatus for range protection
US11188341B2 (en) System, apparatus and method for symbolic store address generation for data-parallel processor
TW201732566A (en) Method and apparatus for recovering from bad store-to-load forwarding in an out-of-order processor
CN104102549A (en) Method, device and chip for realizing mutual exclusion operation of multiple threads
US20180336034A1 (en) Near memory computing architecture
US8719500B2 (en) Technique for tracking shared data in a multi-core processor or multi-processor system
US8996923B2 (en) Apparatus and method to obtain information regarding suppressed faults

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09826885

Country of ref document: EP

Kind code of ref document: A2

WWE Wipo information: entry into national phase

Ref document number: 2011536548

Country of ref document: JP

Ref document number: 2340/DELNP/2011

Country of ref document: IN

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09826885

Country of ref document: EP

Kind code of ref document: A2