WO2015169095A1 - Procédé de vérification de confiance basée sur des protocoles d'extension de sécurité de système de nom de domaine (dnssec) et d'entité d'authentification de nom basée sur un système de nom de domaine (dns) (dane) - Google Patents

Procédé de vérification de confiance basée sur des protocoles d'extension de sécurité de système de nom de domaine (dnssec) et d'entité d'authentification de nom basée sur un système de nom de domaine (dns) (dane) Download PDF

Info

Publication number
WO2015169095A1
WO2015169095A1 PCT/CN2014/095166 CN2014095166W WO2015169095A1 WO 2015169095 A1 WO2015169095 A1 WO 2015169095A1 CN 2014095166 W CN2014095166 W CN 2014095166W WO 2015169095 A1 WO2015169095 A1 WO 2015169095A1
Authority
WO
WIPO (PCT)
Prior art keywords
verification
resource record
dane
domain name
commodity
Prior art date
Application number
PCT/CN2014/095166
Other languages
English (en)
Chinese (zh)
Inventor
孔宁
邓光青
沈烁
刘冰
黄向阳
Original Assignee
中国科学院计算机网络信息中心
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国科学院计算机网络信息中心 filed Critical 中国科学院计算机网络信息中心
Publication of WO2015169095A1 publication Critical patent/WO2015169095A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the invention relates to a trusted verification method based on DNSSEC and DANE protocol in the Internet of Things, and belongs to the technical field of networks.
  • an object of the present invention is to provide a trusted authentication method based on DNSSEC and DANE protocol in the Internet of Things.
  • the invention is based on the latest Internet domain name technology such as DNSSEC/DANE, and uses digital signature/encryption technology to formulate a sales process signature mechanism for commodity dealers, so that they are responsible for the goods sold by them, and thus cannot sell counterfeit goods. The behavior of goods is rejected.
  • the problem that the product label barcode may be forged the problem of the fraudulent use of the forged label is repeatedly solved by adding a corresponding verification server or adding an encryption card with a counting function to record the history record of the commodity label being queried. thereby:
  • a trusted authentication method based on DNSSEC and DANE protocol the steps are as follows:
  • the authoritative server allocates a subdomain name to the verification object in its DNS domain, and adds a DANE resource record storing the public key to the verification object, and the authoritative server signs the DANE resource record by using its own public key;
  • the user obtains the identifier of the verification object by using the trusted verification client, and converts the domain name into a domain name, and then initiates a query request to the DNS domain of the authoritative server;
  • the authoritative server searches for the corresponding DANE resource record according to the query request, and returns it to the trusted authentication client;
  • the user obtains the identifier of the verification object by using the trusted verification client, and sends the identifier of the verification object to the encryption card of the verification object; the encryption card encrypts the identifier by using the private key of the verification object to generate a ciphertext return.
  • the trusted verification client decrypts the ciphertext by using the public key in the return DANE resource record, and verifies the verification object;
  • Each verification object has a unique identifier, and the sub-domain name of the verification object has a one-to-one correspondence with the identifier.
  • the type of the DANE resource record is a TCPA.
  • the verification object is a dealer, a commodity, or a manufacturer.
  • a trusted authentication method based on DNSSEC and DANE protocol the steps are as follows:
  • the authoritative server allocates a subdomain name to the verification object in its DNS domain, and adds a DANE resource record storing the public key to the verification object, and the authoritative server signs the DANE resource record by using its own public key;
  • the user obtains the identifier of the verification object by using the trusted verification client, and converts the domain name into a domain name, and then initiates a query request to the DNS domain of the authoritative server;
  • the authoritative server searches for the corresponding DANE resource record according to the query request, and returns it to the trusted authentication client;
  • the trusted authentication client encrypts a random number by using a public key in the return DANE resource record, and generates a ciphertext to send to the encryption card;
  • the encryption card decrypts the ciphertext by using the private key of the verification object, and sends the decrypted random number to the trusted verification client to verify the verification object;
  • Each verification object has a unique identifier, and the sub-domain name of the verification object has a one-to-one correspondence with the identifier.
  • the type of the DANE resource record is a TCPA.
  • the verification object is a dealer, a commodity, or a manufacturer.
  • a trusted authentication method based on DNSSEC and DANE protocol the steps are as follows:
  • the commodity manufacturer submits the domain name of its verification server and the identifier of each product produced to the authoritative server to generate a resource record for each commodity;
  • the user obtains the identifier of the commodity by using the trusted verification client, and converts the domain name into a domain name, and then initiates a query request to the DNS domain of the authoritative server;
  • the authoritative server searches for the corresponding resource record according to the query request, and returns it to the trusted authentication client;
  • the trusted verification client obtains the unique serial number of the commodity, and sends the serial number to the verification server according to the domain name in the returned resource record;
  • the verification server searches its database according to the serial number, and then returns the query result to the trusted verification client to verify the commodity.
  • the domain name of the resource record is converted according to the identifier of the commodity.
  • the resource record is a NAPTR resource record or a txt resource record.
  • the method for verifying the commodity is: if the verification server searches for the product identifier from the database according to the serial number and records the number of queries, if the query is found and is the first query, the query result is returned as True; otherwise the query result is false.
  • Commodity anti-counterfeiting is an important application of Internet of Things technology.
  • the present invention mainly proposes a set of commodity anti-counterfeiting schemes for the two entities of dealers and consumers to ensure that: 1) dealers are responsible for the products they sell, if If it sells counterfeit goods, it cannot repudiate its illegal acts, thus laying a technical foundation for pursuing its corresponding legal responsibilities. 2) After purchasing the goods, the consumer can check whether the goods are counterfeit through the product label. commodity.
  • dealers are responsible for the products they sell, if If it sells counterfeit goods, it cannot repudiate its illegal acts, thus laying a technical foundation for pursuing its corresponding legal responsibilities.
  • After purchasing the goods the consumer can check whether the goods are counterfeit through the product label. commodity.
  • the following is a discussion of the corresponding technical solutions from the perspective of dealers and consumers.
  • the technical solution is as follows: First, the dealer generates a set of public and private keys by himself, and the private key is saved by the dealer himself, and should be stored on a specific encryption card, and the private key in the encryption card can only participate in the calculation and cannot be copied, that is, No one can take the private key out of the encryption card.
  • the public key is submitted to a national authority (such as the authoritative server of the national business administration), and the national authority assigns a subdomain to the distributor in its DNS domain (eg gsh.gov.cn) (assuming dealer1.gsh.gov .cn, where dealer1 corresponds to the above dealer).
  • the authoritative server adds a DANE resource record (the resource record type is TLSA) for the subdomain (ie, dealer1.gsh.gov.cn), and the domain record stores the domain name.
  • the subdomain dealer1.gsh.gov.cn of the DNS domain where the authoritative server is located is reliable.
  • the national authority has reviewed the qualifications of the distributor and added corresponding resource records (ie dealer1.gsh.gov.
  • the TLSA or DNSKEY resource record corresponding to cn, and the TLSA resource record is signed by the national authority's own public key, thus ensuring that the TLSA resource record corresponding to dealer1.gsh.gov.cn is reliable, that is, cannot be forged.
  • dealer anti-counterfeiting APP generally a special mobile phone application, which is provided by the anti-counterfeiting service provider
  • dealer identification a special type of label, registered by the dealer to the authority, authority
  • the corresponding domain name is assigned to the dealer, and the identifier is in one-to-one correspondence with the dealer.
  • the dealer anti-counterfeiting APP obtains the dealer identification, it first converts it into a domain name, and then initiates an inquiry to the DNS domain of the national authority.
  • the national authority returns the corresponding TLSA resource record to the dealer anti-counterfeiting APP, which contains the dealer's public key information.
  • the dealer anti-counterfeiting APP then scans the product identification, and then sends the product identification to the dealer encryption card, which encrypts the product identification with the dealer's private key and transmits the obtained ciphertext to the dealer anti-counterfeiting APP.
  • the dealer anti-counterfeiting APP uses the dealer's public key to decrypt the ciphertext. If it can be unlocked, the dealer is credible, otherwise it is not credible.
  • the invention also provides an anti-counterfeiting method for commodities, the technical scheme of which is similar to the anti-counterfeiting technology of the dealer, as follows: a set of public and private keys are allocated for each commodity, and the public key is stored in a subdomain of the DNS domain where the national authority is located, and the private key Stored in an encryption card. The private key in the encryption card can only be read and cannot be copied.
  • the specific details of the commodity anti-counterfeiting technology are shown in Figure 2.
  • the commodity anti-counterfeiting APP first scans the commodity to obtain the commodity identifier, and then converts the identifier into a corresponding domain name, and then queries the national authority based on the domain name for the corresponding domain name of the TCPA resource record.
  • the DNS domain where the national authority is located will return the corresponding TLSA resource record to the commodity anti-counterfeiting APP, which contains the public key of the commodity.
  • the commodity anti-counterfeiting APP sends a random number encrypted by the public key to the encryption card.
  • the encryption card then decrypts the ciphertext using the private key of the product, and sends the decrypted random number to the commodity anti-counterfeiting APP.
  • the commodity anti-counterfeiting APP checks the received random number from the encryption card, and if it matches the original random number, the commodity is true, otherwise it is false.
  • the present invention also provides a lightweight anti-counterfeiting technical solution, as follows: First, the commodity manufacturer submits the domain name of the verification server and the identification of each product to the country. The authoritative organization and the national authority generate a NAPTR resource record or a txt resource record based on the two pieces of information (the resource record is converted from the product identifier, and the product identifier and the resource record are in one-to-one correspondence), and the domain name of the resource record is converted according to the identifier of the product. The main content of the resource record is the domain name of the storage verification server.
  • the specific anti-counterfeiting process is shown in Figure 3.
  • the commodity anti-counterfeiting APP scans the merchandise and obtains its merchandise identification. Then, the commodity anti-counterfeiting APP converts the product identification into a domain name, and initiates an inquiry to the national authority, and the national authority returns a NAPTR resource record of the domain name to the commodity APP, and the record includes Verify the domain name of the server.
  • the product anti-counterfeiting APP then scans the unique serial number on the item and then sends the serial number to the verification server.
  • the verification server searches its database (stores the product identification, the product serial number, and the record in which the product serial number is queried), and returns the query result to the product anti-counterfeiting APP.
  • the commodity anti-counterfeiting APP can judge whether the commodity is true according to the result returned by the verification server. If the commodity has been inquired, the commodity is not true, otherwise it is true.
  • Figure 1 is a flow chart of the authenticity of the consumer identification dealer
  • Figure 2 is a flow chart of commodity anti-counterfeiting
  • Figure 3 is a flow chart of lightweight commodity anti-counterfeiting
  • Figure 5 is a flow chart of a heavyweight commodity anti-counterfeiting example
  • Figure 6 is a flow chart of an example of a lightweight commodity security.
  • the anti-counterfeiting process is shown in Figure 4. It can be divided into two phases: registration and query.
  • registration phase the dealer generates a pair of public and private keys, and submits the public key and the registration number of the dealer to the national authority (here assumed to be “National Internet of Things Logo Management Public Service Platform”, the same below), the national object
  • the Networked Identity Management Public Service Platform creates a TLSA resource record for the dealer that contains the dealer's public key information.
  • the dealer anti-counterfeiting APP first scans the dealer identification, and converts the obtained dealer identification (here specifically 5936) into a domain name (here specifically 5936.gsh.niot.cn), and then manages the national Internet of Things logo.
  • the public service platform queries the DNSA resource record of the domain name 5936.gsh.niot.cn.
  • the dealer anti-counterfeiting APP obtains the dealer's public key after obtaining the above-mentioned TLSA resource record returned by the national Internet of Things logo management public service platform.
  • the dealer anti-counterfeit APP then scans the merchandise identification (here 7604) and sends the identification to the dealer's encryption machine.
  • the encryption machine encrypts the product identification with its private key and returns the ciphertext to the dealer anti-counterfeit APP.
  • Dealer anti-counterfeiting APP uses domain name
  • the ciphertext is decrypted by the dealer's public key contained in the 3936.gsh.niot.cn's TTLS resource record. If it can be decrypted, the dealer is real, otherwise it is forged.
  • FIG. 5 An example of commodity anti-counterfeiting is shown in Figure 5, which is also divided into two phases: registration and query.
  • the commodity manufacturer assigns a pair of public and private keys to each commodity, and submits the public key and the commodity identifier to the national Internet of Things logo management public service platform, and the platform assigns a corresponding domain name to the commodity (here assumed to be 987604) .redwine.niot.cn) and create a TLSA resource record for the domain name, the resource record contains the public key information of the product.
  • the query process is as follows: the product anti-counterfeiting APP scans the product, obtains the product identifier 987604, and then converts it into the domain name 987604.redwine.niot.cn and queries the national Internet of Things logo management public service platform to query the TTLS resource record of the domain name. After obtaining the TLSA resource record, the commodity anti-counterfeiting APP obtains the public key of the commodity, and then the commodity anti-counterfeiting APP encrypts a random number by using the public key, and sends the encrypted ciphertext to the encryption machine.
  • the encryptor decrypts the ciphertext using its stored private key for the item 987604 and returns the decrypted random number to the commodity anti-counterfeit APP.
  • the commodity anti-counterfeiting APP compares the returned random number with the original random number. If it is consistent, the commodity is true, otherwise it is false.
  • the lightweight anti-counterfeiting process is shown in Figure 6, and is divided into two phases: registration and query.
  • the merchandise manufacturer assigns a serial number (here 987604) to each item and stores the query record for that serial number in the verification server.
  • the commodity manufacturer submits the verification server's domain name to the national Internet of Things logo management logo public service platform, and the platform assigns a domain name (here, 987604.redwine.niot.cn) to the commodity to establish a NAPTR resource record, which is recorded. Contains the domain name of the verification server.
  • the query process is as follows: the product anti-counterfeiting APP scans the product identifier first, assuming that the obtained product identifier is 987604, and then converts the identifier into a domain name, namely 987604.redwine.niot.cn.
  • the commodity anti-counterfeiting APP requests the NAPTR resource Geely of 987604.redwine.niot.cn from the National Internet of Things Logo Management Public Service Platform.
  • the commodity anti-counterfeiting APP obtains the domain name of the verification server, and then the commodity anti-counterfeiting APP scans the unique serial number of the commodity and sends it to the verification server.
  • the verification server returns the serial number related query record to the commodity anti-counterfeiting APP.
  • the commodity anti-counterfeiting APP can judge the authenticity of the commodity according to the result returned by the verification server. If it is the first query, it is true, otherwise it is false.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

La présente invention concerne un procédé de vérification de confiance basée sur des protocoles d'extension de sécurité de système de nom de domaine (DNSSEC) et d'entité d'authentification de nom basée sur un système de nom de domaine (DNS) (DANE). Le procédé comprend les opérations suivantes : 1) un groupe de paires de clés sont générées pour chaque objet à vérifier, des clés publiques sont soumises à un serveur d'autorité, et des clés privées sont stockées sur une carte de chiffrement réglée et ne peuvent pas être reproduites ; 2) le serveur d'autorité attribue un nom de sous-domaine dans son domaine DNS pour l'objet à vérifier, ajoute un enregistrement de ressource DANE pour stocker sa clé publique pour l'objet à vérifier, et signe avec la clé publique ; 3) un utilisateur obtient l'identification de l'objet à vérifier au moyen d'un client de vérification de confiance, et initie une requête d'interrogation au domaine DNS du serveur d'autorité après conversion de l'identification en un nom de domaine ; 4) le serveur d'autorité renvoie un enregistrement de ressource DANE correspondant ; 5) l'utilisateur obtient l'identification de l'objet à vérifier et envoie l'identification à la carte de chiffrement pour un chiffrement ; 6) le client de vérification de confiance réalise un déchiffrement avec la clé publique dans l'enregistrement de ressource renvoyé et vérifie l'objet à vérifier. La présente invention améliore de manière considérable la capacité propre à décourager la contrefaçon.
PCT/CN2014/095166 2014-05-05 2014-12-26 Procédé de vérification de confiance basée sur des protocoles d'extension de sécurité de système de nom de domaine (dnssec) et d'entité d'authentification de nom basée sur un système de nom de domaine (dns) (dane) WO2015169095A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410187515.7 2014-05-05
CN201410187515.7A CN103929435B (zh) 2014-05-05 2014-05-05 一种基于dnssec及dane协议的可信验证方法

Publications (1)

Publication Number Publication Date
WO2015169095A1 true WO2015169095A1 (fr) 2015-11-12

Family

ID=51147512

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/095166 WO2015169095A1 (fr) 2014-05-05 2014-12-26 Procédé de vérification de confiance basée sur des protocoles d'extension de sécurité de système de nom de domaine (dnssec) et d'entité d'authentification de nom basée sur un système de nom de domaine (dns) (dane)

Country Status (2)

Country Link
CN (1) CN103929435B (fr)
WO (1) WO2015169095A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113034096A (zh) * 2021-02-03 2021-06-25 浙江富安莱科技有限公司 一种智能研发与生产信息系统

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103929435B (zh) * 2014-05-05 2017-04-12 中国科学院计算机网络信息中心 一种基于dnssec及dane协议的可信验证方法
CN104468859B (zh) * 2014-11-27 2018-01-30 中国科学院计算机网络信息中心 支持携带服务地址信息的dane扩展查询方法和系统
US9762556B2 (en) 2015-01-09 2017-09-12 Verisign, Inc. Registering, managing, and communicating with IOT devices using domain name system processes
US9935950B2 (en) * 2015-01-12 2018-04-03 Verisign, Inc. Systems and methods for establishing ownership and delegation ownership of IOT devices using domain name system services
CN105162602B (zh) * 2015-09-01 2018-05-11 中国互联网络信息中心 一种可信网络身份管理和验证系统和方法
CN105141612A (zh) * 2015-09-01 2015-12-09 中国互联网络信息中心 一种dns数据包隐私保护方法
US9894041B2 (en) * 2015-09-25 2018-02-13 Microsoft Technology Licensing, Llc Secure domain name resolution in computer networks
CN106603225B (zh) * 2015-10-15 2019-09-06 捷玛计算机信息技术(上海)股份有限公司 为企业信息服务器提供信息验证的验证方法
CN106453352B (zh) * 2016-10-25 2020-04-17 电子科技大学 一种单系统多平台身份验证方法
CN111783135A (zh) * 2020-06-17 2020-10-16 复旦大学 一种基于dnssec的数据可信服务实现方法

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102611707A (zh) * 2012-03-21 2012-07-25 北龙中网(北京)科技有限责任公司 一种网站可信标识安装及识别方法
CN103281386A (zh) * 2013-06-03 2013-09-04 复旦大学 一种为物品标识及其解析服务提供安全保护的方法
US20130262860A1 (en) * 2012-04-02 2013-10-03 Richard Lamb Automated secure DNSSEC provisioning system
CN103929435A (zh) * 2014-05-05 2014-07-16 中国科学院计算机网络信息中心 一种基于dnssec及dane协议的可信验证方法

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100375079C (zh) * 2002-04-28 2008-03-12 联想(北京)有限公司 使用手机实现购物前随时随地鉴真的服务方法及系统
CN1912887A (zh) * 2006-08-09 2007-02-14 上海十进制网络信息科技有限公司 二维及以上多维条码标识的数据格式方法及其联网应用
KR100974621B1 (ko) * 2008-02-20 2010-08-06 부산대학교 산학협력단 Rfid 비즈니스 인식 프레임워크
CN103347036A (zh) * 2013-05-23 2013-10-09 中国科学院计算机网络信息中心 一种基于分散管理的ons架构的epc解析方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102611707A (zh) * 2012-03-21 2012-07-25 北龙中网(北京)科技有限责任公司 一种网站可信标识安装及识别方法
US20130262860A1 (en) * 2012-04-02 2013-10-03 Richard Lamb Automated secure DNSSEC provisioning system
CN103281386A (zh) * 2013-06-03 2013-09-04 复旦大学 一种为物品标识及其解析服务提供安全保护的方法
CN103929435A (zh) * 2014-05-05 2014-07-16 中国科学院计算机网络信息中心 一种基于dnssec及dane协议的可信验证方法

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113034096A (zh) * 2021-02-03 2021-06-25 浙江富安莱科技有限公司 一种智能研发与生产信息系统

Also Published As

Publication number Publication date
CN103929435A (zh) 2014-07-16
CN103929435B (zh) 2017-04-12

Similar Documents

Publication Publication Date Title
WO2015169095A1 (fr) Procédé de vérification de confiance basée sur des protocoles d'extension de sécurité de système de nom de domaine (dnssec) et d'entité d'authentification de nom basée sur un système de nom de domaine (dns) (dane)
KR102194421B1 (ko) 물리적 특성을 사용하여 제조된 물건을 표시하기 위한 방법 및 장치
JP5546728B2 (ja) 製品のマーキング、追跡、及び認証のための方法及びシステム
US8421593B2 (en) Apparatus, systems and methods for authentication of objects having multiple components
US20220245223A1 (en) Method and system for reliable authentication of the origin of a website
CN104022883B (zh) 一种基于物流网络的个人信息保护网络购物技术
CN107146120B (zh) 电子发票的生成方法及生成装置
CN104299140A (zh) 一种基于电子商务的二维码防伪溯源系统和方法
JP2016512675A (ja) 安全な取引システム及び方法
CN103093361A (zh) 一种基于物联网技术的商品双层防伪方法
US20180047032A1 (en) Merchandise anti-counterfeiting and authentication method and the non-transitory computer readable medium thereof
WO2019119541A1 (fr) Procédé et système de transfert de droits et de propriété de marchandise sur la base d'une chaîne de blocs
US11379853B2 (en) Certified quick response codes associated with top-level domains verified by trusted product certificate authority
JP6230728B2 (ja) ネットワーク情報セキュリティの確保用システムアーキテクチャ及び方法
CN106372950B (zh) 电商及网购商品的防伪认证方法
CN104182866A (zh) 适合于转手贸易等情况的产品或物品的防伪的系统及方法
US10565394B2 (en) Privacy—preserving data querying with authenticated denial of existence
CN108629603B (zh) 一种基于二维码的商品防伪方法
JP2004318645A (ja) 無線タグセキュリティ拡張方法,id管理コンピュータ装置,代理サーバ装置,それらのプログラムおよびそれらのプログラムの記録媒体
Chen et al. An RFID authentication and anti-counterfeit transaction protocol
US10645067B2 (en) Search engine for authenticated network resources
CN110798321A (zh) 一种基于区块链的物品信息服务方法
WO2017118763A1 (fr) Système, procédé, et appareil de transmission de données
CN107767141A (zh) 一种基于手机app查询商品真伪的系统与方法
KR20210156681A (ko) 데이터베이스 정보 안전을 보장하는 아키텍처 및 방법

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14891236

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14891236

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 14891236

Country of ref document: EP

Kind code of ref document: A1