WO2011036616A1 - A method and a system for providing a deployment lifecycle management of cryptographic objects - Google Patents
A method and a system for providing a deployment lifecycle management of cryptographic objects Download PDFInfo
- Publication number
- WO2011036616A1 WO2011036616A1 PCT/IB2010/054215 IB2010054215W WO2011036616A1 WO 2011036616 A1 WO2011036616 A1 WO 2011036616A1 IB 2010054215 W IB2010054215 W IB 2010054215W WO 2011036616 A1 WO2011036616 A1 WO 2011036616A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- deployment
- cods
- cryptographic
- distribution
- key
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
Definitions
- the present invention relates to a method and a system for providing a deployment lifecycle management of cryptographic objects in particular cryptographic keys consumed by key use entities of a network.
- Key management is a process by which cryptographic keys are created according to appropriate policies and delivered to units that consume these keys for different applications. Cryptographic keys are possibly deleted at the end of their lifecycle.
- At least one execution unit for running asynchronously a deployment process for providing deployment specifications for cryptographic objects (CO) and a distribution process for executing deployment related operations in response to CO deployment specifications recorded in a persistent data store.
- CO cryptographic objects
- an interface for receiving at least one CO deployment specification which indicates a deployment of one or more cryptographic objects to one or more key use entities according to a predetermined deployment pattern.
- the CO deployment specification is provided by a key management system or input by a user into that system for deployment lifecycle management.
- the data store is a persistent data store and comprises data fields for exchanging message information data between the deployment process and the distribution process,
- a distribution action data field is provided for denoting a specific action required by the respective CO deployment specification and wherein a distribution status data field is providing for indicating an execution status of the respective CO deployment specification.
- cryptographic keys including private keys, public keys, symmetric secret keys and key pairs, cryptographic certificates signed by a key or certificate authority,
- the CO deployment specification for a cryptographic object comprises
- At least one CO deployment pattern specifying the distribution of cryptographic object from sources to destinations
- said deployment specification further comprising
- one or more CO attributes of said cryptographic object in particular timing attributes.
- the key use entity consumes cryptographic objects, said key use entity comprising a node in a network or an application running on a node of a network.
- Another aspect of the present invention further provides a data network comprising network entities which consume cryptographic objects distributed by a distribution manager which executes deployment related operations in a distribution process to distribute the cryptographic objects to the entities in response to CO deployment specifications recorded in a data store by a deployment manager in a deployment process,
- Another aspect of the invention provides a method for performing a deployment lifecycle management of cryptographic objects comprising the steps of:
- deployment process and the distribution process are performed independently in an asynchronous manner.
- FIG. 1 shows a block diagram for illustrating a possible embodiment of a system for deployment lifecycle management according to the present invention
- Fig. 2 shows a diagram for illustrating a possible embodiment of a method for
- Fig. 3 shows a state diagram for illustrating a possible embodiment of the system method for a lifecycle management according to the present invention.
- a system 1 for a deployment lifecycle management comprises in a possible embodiment a distribution management unit 2 having an interface 2A for receiving CO deployment specifications (CODS) and an interface 2B for distributing cryptographic objects CO.
- the distribution management unit 2 comprises at least one execution unit 2C such as a microprocessor for running or executing processes.
- the distribution management unit 2 further comprises at least one persistent data store 2D for recording CO deployment specifications CODS.
- the interface 2 A is provided for receiving at least one CO deployment specification CODS which indicates a deployment of one or more cryptographic objects CO to one or more key use entities 3-1, 3-2, 3-3, 3-N as shown in Fig. 1.
- the key use entities 3-i consume each one or several cryptographic objects CO.
- the key use entity 3-i can be in a possible embodiment be a node of a network such as a data network.
- the key use entity 3-i can be an application running on a node of a network.
- Each node of the network can comprise several applications each forming a key use entity consuming one or several cryptographic objects CO.
- the distribution management unit 2 receives via its interface 2A at least one CO deployment specification CODS from a key management system 4.
- the distribution management system can receive an CO deployment specification CODS as an input from a user.
- the CO deployment specification CODS indicates the deployment of one or more cryptographic objects CO to one or more key use entities 3-i according to a predetermined mapping pattern.
- each CO deployment specification CODS can comprise an indication for adding of a cryptographic object CO to a key use entity 3-i or for deleting a cryptographic object from a key use entity 3-i of a network.
- the CO deployment specification CODS can comprise in a possible embodiment an indication for transmitting a cryptographic object CO to a key use entity 3-i of a network in response to an application requirement.
- the CO deployment specification CODS can comprise furthermore an indication for updating an existing cryptographic object CO used by a key use entity 3-i or for updating one of the attributes of the respective cryptographic object CO.
- Each cryptographic object CO can comprise one or several keys such as private keys, public keys, symmetric or asymmetric keys as well as key pairs.
- the cryptographic object CO can also be formed by a cryptographic certificate signed by key certificate authority.
- the cryptographic object can also be formed by cryptographic secret data or by user credentials of a user.
- the CO deployment specification CODS provided for a cryptographic object CO comprises an CO deployment specification.
- This CO deployment specification can comprise in a possible embodiment at least one CO deployment source, at least one CO deployment destination and at least one CO deployment pattern specifying the distribution of cryptographic objects CO from object sources to object destinations.
- the deployment specification can further comprise one or more CO attributes of the respective cryptographic objects. These object attributes can comprise timing attributes.
- the execution unit 2C can execute several processes at the same time.
- the execution unit 2C runs asynchronously a deployment process PI for providing CO deployment specifications CODS for cryptographic objects CO and a distribution process P2 for executing deployment related operations in response to CO deployment specifications CODS recorded in the persistent data store 2D.
- the distribution process P2 and the deployment process PI are performed independently in an asynchronous manner. Both processes PI, P2 are decoupled and work asynchronously.
- the deployment process PI run on the execution unit 2C can comprise in a possible embodiment a validation of a received CO deployment specification CODS against a predetermined security policy.
- the deployment process PI can update a deployment specification object attribute or can perform a withdrawal of a CODS. The actual withdrawal of a CO from a KUE is done by the distribution process.
- the distribution process P2 which can be executed on the same or a different execution unit 2C of the distribution management unit 2 comprises the execution of each validated CO deployment specification CODS recorded in the persistent data store 2D. This is performed by distributing cryptographic objects CO to the key use entity 3-i of the network according to the respective CO deployment specification CODS, by updating or refreshing existing cryptographic objects used by the key use entities 3-i of the network according to the respective CO deployment specification CODS and by withdrawing cryptographic objects CO from key use entities 3-i of the network according to the respective deployment specification.
- the data store 2D is a persistent data store and comprises several data fields allowing the two independently running processes PI, P2 to communicate with each other. Accordingly, the persistent data store 2D comprises data fields for exchanging message information data between the deployment process PI and the distribution process P2.
- a distribution action data field is provided for denoting a specific action required by the respective CO deployment specification CODS.
- a distribution status data field is provided for indicating an execution status of the respective CO deployment specification CODS.
- the distribution action data field of the persistent data store 2D indicates an action type.
- This action type can comprise a hold action which informs the distribution process P2 to skip the respective CO deployment as the CO deployment specification CODS is not ready.
- the action type can further comprise a deploy action which indicates a requirement ready to deploy.
- the action type can comprise an update action which indicates that the CO deployment specification CODS is modified and to instruct the distribution process P2 to refresh the CO deployment by executing the corresponding deployment related operations again.
- the action type can comprise a withdraw type which indicates that an existing CO deployment is to be withdrawn by the distribution process P2.
- the persistent data store 2D can comprise the distribution status data field indicating an execution status.
- This execution status can comprise an inert or init status which indicates that the respective CO deployment specification CODS is waiting for being executed by the distribution process P2.
- the execution status can further comprise a running status which indicates that the respective CO deployment specification CODS is currently executed by the distribution process P2.
- execution status can comprise a done status which indicates that the CO deployment has been successfully executed by the distribution process P2 according to the corresponding CO deployment specification CODS.
- execution status can comprise a try again status which indicates that the execution of the CO deployment has been attempted by the distribution process P2 at least once but has not been finished successfully.
- the method and system according to the present invention separate the task of specifying deployment requirements from the distribution task, namely the task of actual execution of deployment related operations so that the distribution task can be completely automated without human intervention.
- the first process refers to as the deployment process PI which can be devoted to interacting with the administrator or security officer through a user interface and receiving and validating the deployment requirements such as deploying one or more cryptographic keys or certificates to one or more end points such as key use entities 3-i according to a specific pattern, updating deployment specific attributes, withdrawing a deployment etc.
- Validated deployment specifications are then recorded in the persistent data store 2D.
- the second process P2 refers to the distribution process which forms a process responsible for the actual executing of deployment specifications that are stored in the persistent data store 2D.
- the distribution process P2 is responsible for actions such as distributing cryptographic keys or certificates to endpoints such as key use entities 3-i, updating an existing deployment such as refreshing a key or certificate and withdrawing cryptographic keys or certificates from endpoints such as key use entities.
- the message passing between the two processes PI, P2 is performed through the persistent data store 2D in which records and status of deployment specifications can be stored and accessed by both processes PI, P2.
- the key management system is provided to enable organisations using cryptography to manage a risk and meet regulatory requirements, to provide lifetime management of cryptographic keys K and of digital certificates C across a plurality of applications and thousands of servers, end users and network devices.
- a complete life cycle for deployment and distribution of cryptographic objects CO comprises a validation, execution, update and withdrawal of cryptographic objects.
- a challenge for managing the lifecycle of cryptographic CO deployment and distribution is that specifying a valid deployment requirement meeting the application does not violate at the same time a security policy.
- the actual distribution of a cryptographic object CO such as a key K to remote network endpoints or delete a key at a remote endpoint can be a lengthy process keeping an administrator waiting for a complete confirmation in a conventional system.
- the method and system according to the present invention offers a asynchronous deployment and distribution breaking down the conventional sequential chain into two independent processes PI, P2 working asynchronously.
- the task of specifying deployment requirements is separated from the task of actual executing deployment related operations by the system according to the present invention. Consequently the actual execution of deployment related operations can be performed without human intervention.
- the first process PI is devoted to interacting with administrator through a user interface to receiving deployment requirements such as deploying one or more cryptographic objects CO to one or more endpoints according to a specific pattern. Furthermore, deployment specific attributes can be modified, expired keys or certificates can be refreshed involving a deployment specification. Furthermore, it is possible to withdraw an existing deployment.
- the CO deployment specifications CODS can be generated automatically by other components of the system. For example when a lifecycle managing engine of the KMS decides to expire a cryptographic key or certificate all the deployments involving this key or certificate will have to be withdrawn accordingly. This results in appropriate deployment specification created automatically rather than manually. In a possible embodiment an CO deployment specification CODS entered by an administrator is not accepted until it is validated against a predetermined security policy.
- the process is referred to as the deployment process PI.
- the other process P2 which is responsible for actual execution of the accepted deployment specification that is stored in the persistent data store 2D is the distribution process P2.
- This process P2 is responsible for actions such as distributing keys or certificates to endpoints 3-i, modifying deployment related attributes of an existing deployment, refreshing expired keys or certificates involved in a deployment and finally withdrawing keys K or certificates C from endpoints or key use entities 3-i as shown in Fig. 1.
- Both processes PI, P2 communicate with each other through the persistent data store 2D in which the status of deployment specifications is kept.
- a deployment process PI informs the distribution process P2 that new deployment specifications are coming.
- the distribution process P2 periodically checks the status of CO deployment specifications CODS in the persistent data store 2D and then takes actions accordingly. Both variants can be used to trigger the execution of CO deployment specifications CODS.
- the decoupled processes PI, P2 of asynchronous deployment and distribution to coordinate the lifecycle management of key certificates deployment and distribution are illustrated in Fig. 2.
- the CO deployment specification CODS stored in the persistent data store 2D can use two fields to exchange information between the deployment process PI and the distribution process P2.
- the first data field is the distribution action data field and the second data field is the distribution status data field.
- the distribution action data field can take values from the following four action types: hold, deploy, update, withdraw.
- the distribution status data field can represent the execution status of the deployment specification and can comprise the following four states: init, running, done, try again.
- the distribution action data field is primarily used by the deployment process PI to communicate with the distribution process P2 regarding which operations the deployment specification anticipates.
- the distribution status data field is used for the distribution process to process step by step the actual execution of a CO deployment specification CODS.
- the above-mentioned states in both the distribution action data field and the distribution status data field can be extended to achieve a finer control over the distribution process.
- the lifecycle of a deployment is modelled as a combination of the distribution action data field and the distribution status data field as shown in Fig. 3.
- the shown state transitions are exemplary to illustrate how a distribution process handles a deployment specification in the persistent data store 2D.
- the distribution process finishes a deployment specification with failure it marks it as “try again” and there is a background scheduling mechanism to change the status from "try again” to "init”.
- the distribution process attempts then to execute it again.
- an administrator can query the status of any deployment specification by looking up the status field and take appropriate actions.
- the present invention can be used in a data network.
- This data network can comprise network entities which consume cryptographic objects CO distributed by a distribution manager such as a distribution management unit 2 shown in Fig. 1.
- This distribution management unit 2 executes deployment related operations in a distribution process P2 to distribute the cryptographic objects CO to the network entities 3 in response to CO deployment specifications CODS recorded in a data store 2D by the distribution management unit 2 in a deployment process PI.
- the distribution process P2 and the deployment process PI are performed independently in an asynchronous manner.
- the method for performing a deployment lifecycle management of cryptographic objects CO can comprise the steps of providing at least one CO deployment specification CODS for a cryptographic object CO in a deployment process PI and executing the deployment related operations in response to the provided CO deployment specifications CODS in a distribution process P2, wherein the deployment process PI and the distribution process P2 are performed independently in an asynchronous manner.
- This method can be performed by a computer program comprising instructions for performing the method.
- This computer program can be stored on a data carrier and be loaded to computer or server.
- Key use entities 3-i as shown in Fig. 1 can be any kind of nodes or devices provided in a network in particular in data network.
- the key use entities 3-i can consume any kind of cryptographic keys or certificates or credentials or secret data.
- the entities 3-i shown in Fig. 1 can communicate with each other via communication lines or networks or wireless.
- the persistent data store 2D can be integrated in the distribution management unit 2 as shown in Fig. 1 but can also be accessed by the execution unit 2C via a network.
- the key use entities 3- i can be mobile or immobile nodes of a data network.
- the distribution management unit 2 is integrated in the key management system 4 as shown in Fig. 1.
- the distribution management unit 2 can comprise a user interface for an administrator or an operator.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP10765504.5A EP2481184B1 (en) | 2009-09-25 | 2010-09-17 | A method and a system for providing a deployment lifecycle management of cryptographic objects |
JP2012530392A JP2013506335A (en) | 2009-09-25 | 2010-09-17 | Method, system, data network, and data carrier for providing deployment lifecycle management of cryptographic objects |
CN201080042426.3A CN102577226B (en) | 2009-09-25 | 2010-09-17 | The method and system that the deployment life cycle of cipher object manages is provided |
US13/497,002 US20120179918A1 (en) | 2009-09-25 | 2010-09-17 | Method and a system for providing a deployment lifecycle management of cryptographic objects |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP09171408 | 2009-09-25 | ||
EP09171408.9 | 2009-09-25 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011036616A1 true WO2011036616A1 (en) | 2011-03-31 |
Family
ID=43303668
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2010/054215 WO2011036616A1 (en) | 2009-09-25 | 2010-09-17 | A method and a system for providing a deployment lifecycle management of cryptographic objects |
Country Status (6)
Country | Link |
---|---|
US (1) | US20120179918A1 (en) |
EP (1) | EP2481184B1 (en) |
JP (1) | JP2013506335A (en) |
CN (1) | CN102577226B (en) |
TW (1) | TW201116023A (en) |
WO (1) | WO2011036616A1 (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10038551B2 (en) | 2015-11-29 | 2018-07-31 | International Business Machines Corporation | Securing enterprise data on mobile devices |
US9967102B2 (en) | 2015-12-18 | 2018-05-08 | International Business Machines Corporation | Managing transfer of device ownership |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6108788A (en) * | 1997-12-08 | 2000-08-22 | Entrust Technologies Limited | Certificate management system and method for a communication security system |
WO2001006727A2 (en) * | 1999-07-16 | 2001-01-25 | Spyrus, Inc. | Method and system for a policy enforcing module |
WO2001054374A2 (en) * | 2000-01-17 | 2001-07-26 | Certicom Corp. | Customized public key infrastructure and developing tool |
US20040022390A1 (en) * | 2002-08-02 | 2004-02-05 | Mcdonald Jeremy D. | System and method for data protection and secure sharing of information over a computer network |
WO2008042318A2 (en) * | 2006-09-29 | 2008-04-10 | Cipheroptics, Inc. | Systems and methods for management of secured networks with distributed keys |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7228326B2 (en) * | 2002-01-18 | 2007-06-05 | Bea Systems, Inc. | Systems and methods for application deployment |
US7231664B2 (en) * | 2002-09-04 | 2007-06-12 | Secure Computing Corporation | System and method for transmitting and receiving secure data in a virtual private group |
JP2004171212A (en) * | 2002-11-19 | 2004-06-17 | Hitachi Ltd | Service implementation method and service provision system |
CN101317181B (en) * | 2005-10-21 | 2010-05-19 | 诺基亚公司 | Apparatus and method for secure authentication response in a mobile terminal |
US7751559B2 (en) * | 2006-09-07 | 2010-07-06 | International Business Machines Corporation | Secure transmission of cryptographic key |
JP3955906B1 (en) * | 2006-09-27 | 2007-08-08 | クオリティ株式会社 | Software management system and software management program |
US20080083011A1 (en) * | 2006-09-29 | 2008-04-03 | Mcalister Donald | Protocol/API between a key server (KAP) and an enforcement point (PEP) |
US8646026B2 (en) * | 2007-03-28 | 2014-02-04 | Oracle International Corporation | Smart web services security policy selection and validation |
US20080319909A1 (en) * | 2007-06-25 | 2008-12-25 | Perkins George S | System and method for managing the lifecycle of encryption keys |
US8422686B2 (en) * | 2008-06-19 | 2013-04-16 | International Business Machines Corporation | Automated validation and execution of cryptographic key and certificate deployment and distribution |
US8213618B2 (en) * | 2008-12-30 | 2012-07-03 | Intel Corporation | Protecting content on client platforms |
US8341427B2 (en) * | 2009-02-16 | 2012-12-25 | Microsoft Corporation | Trusted cloud computing and services framework |
-
2010
- 2010-06-10 TW TW099118848A patent/TW201116023A/en unknown
- 2010-09-17 JP JP2012530392A patent/JP2013506335A/en active Pending
- 2010-09-17 EP EP10765504.5A patent/EP2481184B1/en active Active
- 2010-09-17 WO PCT/IB2010/054215 patent/WO2011036616A1/en active Application Filing
- 2010-09-17 CN CN201080042426.3A patent/CN102577226B/en active Active
- 2010-09-17 US US13/497,002 patent/US20120179918A1/en not_active Abandoned
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6108788A (en) * | 1997-12-08 | 2000-08-22 | Entrust Technologies Limited | Certificate management system and method for a communication security system |
WO2001006727A2 (en) * | 1999-07-16 | 2001-01-25 | Spyrus, Inc. | Method and system for a policy enforcing module |
WO2001054374A2 (en) * | 2000-01-17 | 2001-07-26 | Certicom Corp. | Customized public key infrastructure and developing tool |
US20040022390A1 (en) * | 2002-08-02 | 2004-02-05 | Mcdonald Jeremy D. | System and method for data protection and secure sharing of information over a computer network |
WO2008042318A2 (en) * | 2006-09-29 | 2008-04-10 | Cipheroptics, Inc. | Systems and methods for management of secured networks with distributed keys |
Also Published As
Publication number | Publication date |
---|---|
CN102577226A (en) | 2012-07-11 |
EP2481184B1 (en) | 2018-02-28 |
EP2481184A1 (en) | 2012-08-01 |
JP2013506335A (en) | 2013-02-21 |
TW201116023A (en) | 2011-05-01 |
CN102577226B (en) | 2016-03-02 |
US20120179918A1 (en) | 2012-07-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2545677B1 (en) | Automated certificate management | |
US10069914B1 (en) | Distributed storage system for long term data storage | |
EP3050245B1 (en) | Centralized policy management for security keys | |
US8307404B2 (en) | Policy-management infrastructure | |
US20180373887A1 (en) | Distributed storage system for long term data storage | |
JP4902120B2 (en) | System and method for distributing software updates | |
TW201020918A (en) | Method and system for policy based lifecycle management of virtual software appliances | |
US9043456B2 (en) | Identity data management system for high volume production of product-specific identity data | |
US20150086018A1 (en) | Centralized key discovery and management | |
CN112835977B (en) | Database management method and system based on block chain | |
US9305146B2 (en) | License management device, license management system, license management method, and program | |
US11838406B2 (en) | Systems and methods for control-data plane partitioning in virtual distributed ledger networks | |
JP2007157135A (en) | Method and apparatus for implementing secure clock in device having no internal power source | |
US20150156193A1 (en) | Creating and managing certificates in a role-based certificate store | |
US11165663B2 (en) | Network management using a distributed ledger | |
EP2481184B1 (en) | A method and a system for providing a deployment lifecycle management of cryptographic objects | |
CN109981280A (en) | A kind of electronic data evidence obtaining method and system | |
US20150100545A1 (en) | Distributed database system and a non-transitory computer readable medium | |
CN102215131A (en) | Management method and device of functional License | |
CN112506705B (en) | Distributed storage configuration information backup method and device | |
CN113227918A (en) | Constrained operation of field devices | |
US20230121514A1 (en) | Portable object storage system for data transport | |
CN114066461A (en) | Identity information management method based on block chain, node and block chain system | |
JP2022036503A (en) | Secure element, key addition method, and key addition program | |
CN110366728A (en) | Data archiving method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201080042426.3 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10765504 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2012530392 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13497002 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2010765504 Country of ref document: EP |