WO2021229351A1 - System and method for determining a security status of a firmware executing on one or more devices - Google Patents

System and method for determining a security status of a firmware executing on one or more devices Download PDF

Info

Publication number
WO2021229351A1
WO2021229351A1 PCT/IB2021/053614 IB2021053614W WO2021229351A1 WO 2021229351 A1 WO2021229351 A1 WO 2021229351A1 IB 2021053614 W IB2021053614 W IB 2021053614W WO 2021229351 A1 WO2021229351 A1 WO 2021229351A1
Authority
WO
WIPO (PCT)
Prior art keywords
devices
firmware
version
executing
unsecure
Prior art date
Application number
PCT/IB2021/053614
Other languages
French (fr)
Inventor
Mini TT
Original Assignee
Abb Schweiz Ag
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Abb Schweiz Ag filed Critical Abb Schweiz Ag
Publication of WO2021229351A1 publication Critical patent/WO2021229351A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 

Definitions

  • TITLE “SYSTEM AND METHOD FOR DETERMINING A SECURITY STATUS OF A FIRMWARE EXECUTING ON ONE OR MORE DEVICES”
  • the present disclosure generally relates to a security status determination of a firmware. Particularly, the present disclosure relates to a system and method for determining a security status of a firmware executing on one or more devices configured on premises.
  • DRM Digi Remote Manager®
  • DRM is a secure platform for monitoring and controlling distributed IoT devices.
  • DRM is capable of performing mass firmware updates to all specified devices or device groups.
  • the user has to manually specify the devices or the group of devices for which the firmware update is required.
  • the user has to create a profile and a schedule for updating the security firmware.
  • Manage Engine a Firmware Vulnerability Management software
  • a Network Configuration Manager in the Manage Engine identifies the potential vulnerabilities in the network devices and takes necessary action.
  • the Network Configuration Manager works in accordance with NIST (National Institute of Standards and Technology) by fetching firmware vulnerability data and correlating it with the network devices, which are currently managed in an infrastructure.
  • an embodiment herein provides a first aspect, a method for determining a security status of a firmware executing on one or more devices configured on premises.
  • the method includes the steps of: receiving a firmware version executing on each of the one or more devices from a computing device; comparing the received firmware version executing on each of the one or more devices with details stored in a memory to: identify a first set of devices from the one or more devices executing a secure version of the firmware; identify a second set of devices from the one or more devices executing an unsecure version of the firmware.
  • the method includes the steps of: determining the security status information for the one or more devices based on the identified secure version of the firmware executing on the first set of devices and the unsecure version of the firmware executing on the second set of devices; communicating the security status information of the one or more devices to the computing device.
  • the security status information of the one or more devices comprises the first set of devices executing the secure version of the firmware and the second set of devices executing the unsecure version of the firmware.
  • the method further includes the steps of: determining the secure version of the firmware for each of the second set of devices upon determining that the second set of devices executing the unsecure version of the firmware; and communicating the secure version of the firmware for each of the second set of devices executing the unsecure version of the firmware to the computing device.
  • the secure version for each of the second set of devices are determined based on features extension and known vulnerabilities associated with the current version of the firmware executing on each of the second set of devices.
  • the memory stores one or more firmware versions executing on the one or more devices, details of upgrades present in the current version of the firmware executing on the one or more devices, which comprises an information of features extensions and information about known vulnerabilities of all versions of the firmware.
  • the method performed by the computing device includes the steps of: receiving device information from the one or more devices associated with the computing device; checking whether the received device information of the one or more devices, consist a signature corresponding to a current version of the firmware by comparing the received device information with a predetermined information of the one or more devices stored in the computing device; identifying the firmware version executing on each of the one or more devices by comparing the received device information with the predetermined information; communicating the firmware version executing on each of the one or more devices; and receiving, the security status information of the one or more devices.
  • the security status information comprises the first set of devices executing the secure version of the firmware and a second set of devices executing the unsecure version of the firmware.
  • the device information comprises a Platform Configuration Register, which consist the signature of current version of the firmware executing on the one or more devices.
  • the method further includes the step of: receiving the secure version of the firmware for each of the second set of devices executing the unsecure version of the firmware.
  • the method further includes the step of: providing a plant- wide visualization that represents the security status of the firmware executing on the one or more devices.
  • the security status represents the first set of devices executing the secure version of the firmware and the second set of devices executing the unsecure version of the firmware.
  • the plant-wide visualization specifies the secure version of the firmware for each of the second set of devices that are executing the unsecure version of the firmware.
  • the predetermined information comprises a device name, a device identification number, a firmware name, a firmware type, a version of the firmware, a signature corresponding to each version of the firmware, the security status of the firmware and information about known vulnerabilities associated with each version of the firmware.
  • a system for determining a security status of a firmware executing on one or more devices configured on the premises includes a master device and a computing device.
  • the master device includes a memory and a processor.
  • the processor is configured to receive a firmware version executing on each of the one or more devices from the computing device; compare the received firmware version executing on each of the one or more devices with details stored in a memory to: identify the first set of devices from the one or more devices executing a secure version of the firmware; identify the second set of devices from the one or more devices executing an unsecure version of the firmware.
  • the processor is further configured to determine the security status information for the one or more devices based on the identified secure version of the firmware executing on the first set of devices and the unsecure version of the firmware executing on the second set of devices; determine the secure version of the firmware for each of the second set of devices upon determining that the second set of devices executing the unsecure version of the firmware; and communicate the security status information of the one or more devices to the computing device.
  • the secure version for each of the second set of devices are determined based on features extension and known vulnerabilities associated with the current version of the firmware executing on each of the second set of devices.
  • the security status information of the one or more devices includes the first set of devices executing the secure version of the firmware, the second set of devices executing the unsecure version of the firmware.
  • the master device further communicates the secure version of the firmware for each of the second set of devices executing the unsecure version of the firmware to the computing device.
  • the computing device includes a memory storing predetermined information of the one or more devices and a processor.
  • the processor is configured to: receive device information from the one or more devices associated with the computing device; check whether the received device information of the one or more devices, consist a signature corresponding to a current version of the firmware by comparing the received device information with predetermined information of the one or more devices stored in the computing device; identify the firmware version executing on each of the one or more devices by comparing the received device information with the predetermined information; communicate the firmware version executing on each of the one or more devices to the master device; and receive the security status information of the one or more devices from the master device.
  • the computing device further receives the secure version of the firmware for each of the second set of devices executing the unsecure version of the firmware from the master device.
  • the security status information includes the first set of devices executing a secure version of the firmware and a second set of devices executing an unsecure version of the firmware.
  • the device information includes a Platform Configuration Register, which consist the signature of current version of the firmware executing on the one or more devices.
  • the computing device is configured to provide a plant- wide visualization that represents the security status of the firmware executing on the one or more devices.
  • the security status represents the first set of devices executing the secure version of the firmware and the second set of devices executing the unsecure version of the firmware.
  • the plant-wide visualization specifies the secure version of the firmware for each of the second set of devices that are executing the unsecure version of the firmware.
  • the predetermined information includes a device name, a device identification number, a firmware name, a firmware type, a version of the firmware, a signature corresponding to each version of the firmware, the security status of the firmware and information about known vulnerabilities associated with each version of the firmware.
  • FIG. 1 illustrates a system for determining a security status of a firmware executing on one or more devices configured on the premises according to an embodiment herein;
  • FIG. 2 illustrates an interaction diagram showing an interaction between a computing device and a master device according to an embodiment herein;
  • FIG. 3 illustrates a table showing information stored in a computing device and a master device according to an embodiment herein;
  • FIG. 4 illustrates a plant-wide visualization showing security status information of one or more devices configured on the premises according to an embodiment herein; and [0031]
  • FIG. 5 is a flow diagram illustrating a method for determining a security status of a firmware executing on one or more devices according to an embodiment herein.
  • FIG. 1 illustrates a system for determining a security status of a firmware executing on one or more devices 102A-N configured on the premises according to an embodiment herein.
  • the system includes a computing device 106 and a master device 112.
  • the computing device 106 includes a memory 108 and a processor 110.
  • the computing device 106 receives device information from the one or more devices 102A-N that are associated with the computing device through a network 104.
  • the device information comprises a Platform Configuration Register (PCR), which consist a signature of a current version of the firmware executing on the one or more devices 102A-N.
  • the signature is a hash value that represents the current version of the firmware executing on the one or more devices 102A-N.
  • PCR Platform Configuration Register
  • the computing device 106 checks whether the received device information of the one or more devices 102A-N, consist the signature corresponding to a current version of the firmware by comparing the received device information with predetermined information of the one or more devices 102A-N stored in the memory 108. In an embodiment, the computing device 106 verifies that the device information received from the known device (i.e. legitimate device) only when the received device information consisting the signature corresponding to the current version of the firmware executing on the one or more devices 102A-N.
  • the computing device 106 identifies the firmware version currently executing on each of the one or more devices 102A-N by comparing the received device information with the predetermined information.
  • the computing device 106 stores the predetermined information corresponding to each valid firmware versions.
  • the predetermined information includes but not limited to a device name, a device identification number, a firmware name, a firmware type, a version of the firmware, the signature corresponding to each version of the firmware, the security status of the firmware and information about known vulnerabilities associated with each version of the firmware.
  • the computing device 106 communicates the firmware version executing on each of the one or more devices 102A-N to the master device 112.
  • the master device 112 is a server or a computing device.
  • the master device 112 includes a memory 114 that stores one or more firmware versions of the one or more devices 102A-N, details of upgrades present in the current version of the firmware executing on the one or more devices 102A-N, which comprises an information of features extensions and information about known vulnerabilities of all versions of the firmware and a processor 116.
  • the master device 112 receives the firmware version currently executing on each of the one or more devices 102A-N from the computing device 106 and compares the received firmware version executing on each of the one or more devices 102A-N with details stored in the memory 114 to (i) identify a first set of devices from the one or more devices 102A-N executing a secure version of the firmware and (ii) identify a second set of devices from the one or more devices 102A-N executing an unsecure version of the firmware. Once the devices (i.e.
  • the master device 112 determines a security status information for each of the one or more devices 102A-N based on the identified secure version of the firmware executing on the first set of devices and the unsecure version of the firmware executing on the second set of devices.
  • the security status information of the one or more devices 102A-N provides the security status of each device.
  • the security status information includes the first set of devices executing the secure version of the firmware and the second set of devices executing the unsecure version of the firmware.
  • the master device 112 determines and suggests a secure version of the firmware for the devices (i.e. the second set of devices) that are currently executing the unsecure version of the firmware upon determining that the second set of devices executing the unsecure version of the firmware.
  • the secure version for each of the second set of devices are determined based on features extension and known vulnerabilities associated with the current version of the firmware executing on each of the second set of devices.
  • the firmware version suggestion is decided based on the current version of the firmware running on the devices.
  • the master device 112 suggest version V3 as an updated version, since the security update in the version V3 is corresponding to a vulnerability that existed in the firmware from initial version itself (e.g. versions VI and V2).
  • the security update in version V3 is corresponding to a vulnerability that is introduced in version V2
  • a device 102A is currently executing version VI, then there is no need to provide/suggest a firmware update.
  • the master device 112 communicates (i) the security status information of the one or more devices 102A-N to the computing device 106 and (ii) the suggested secure version of the firmware for each of the second set of devices 404 executing the unsecure version of the firmware to the computing device 106.
  • the computing device 106 receives (i) the security status information of the one or more devices 102A-N and (ii) the suggested secure version of the firmware for each of the second set of devices executing the unsecure version of the firmware to the computing device 106.
  • the computing device 106 Upon reception of the security status information and the secure version of the firmware for each of the second set of devices from the master device 112, the computing device 106 generates a plant- wide visualization (e.g. a holistic view) that represents the security status of the firmware executing on the one or more devices 102A-N.
  • the security status may indicate the current version of the firmware executing on the one or more devices 102A-N is the secure version or the unsecure version.
  • the plant-wide visualization shows the first set of devices executing the secure version of the firmware and the second set of devices executing the unsecure version of the firmware.
  • the plant-wide visualization also shows the suggested secure version of the firmware for each of the second set of devices that are executing the unsecure version of the firmware.
  • the one or more devices 102A-N are field instruments that are deployed in the premises and connected through the common network 104.
  • the one or more devices 102A-N boots with a specific version of the firmware.
  • FIG. 2 illustrates an interaction diagram showing an interaction between the computing device 106 and the master device 112 according to an embodiment herein.
  • the computing device 106 receives the device information from the one or more devices 102A-N.
  • the computing device 106 checks whether the received device information of the one or more devices 102A-N, consist the signature corresponding to a current version of the firmware by comparing the received device information with predetermined information of the one or more devices 102A-N stored in the memory 108.
  • the computing device 106 identifies the firmware version executing on each of the one or more devices 102A-N by comparing the received device information with the predetermined information.
  • the computing device 106 communicates the identified firmware version executing on each of the one or more devices 102A-N to the master device 112.
  • the master device 112 compares the received firmware version with details stored in the memory 114 and identifies (i) the first set of devices from the one or more devices 102A-N executing the secure version of the firmware and (ii) the second set of devices from the one or more devices 102A-N executing the unsecure version of the firmware.
  • the master device 112 Upon determining the devices that are executing the secure version and the unsecure version of the firmware, the master device 112 determines the security status information for the one or more devices 102A-N based on the identified secure version of the firmware executing on the first set of devices and the unsecure version of the firmware executing on the second set of devices.
  • the master device 112 determines or suggests the secure version of the firmware for each of the second set of devices upon determining that the second set of devices are executing the unsecure version of the firmware.
  • the master device 112 communicates the security status information along with the suggested secure version of the firmware for the second set of devices, which are executing the unsecure version of the firmware.
  • the computing device 106 generates the plant- wide visualization that represents the security status of the firmware executing on the one or more devices 102A-N upon receiving the security status information and the suggested secure version of the firmware for the second set of devices from the master device 112.
  • the security status information includes the first set of devices executing the secure version of the firmware and the second set of devices executing the unsecure version of the firmware.
  • FIG. 3 illustrates a table showing information stored in the computing device 106 and the master device 112 according to an embodiment herein.
  • the computing device 106 stores a list of device information for valid firmware versions executing on the one or more devices 102A- N.
  • the computing device 106 stores the device information for each version of the firmware.
  • the master device 112 stores details about each of the valid firmware versions. The details include the one or more firmware versions of the one or more devices 102A-N, details of upgrades present in the current version of the firmware executing on the one or more devices 102A-N, which comprises an information of features extensions and information about known vulnerabilities of all versions of the firmware.
  • FIG. 4 illustrates the plant-wide visualization 400 showing the security status information of the one or more devices 102A-N configured on the premises according to an embodiment herein.
  • the plant-wide visualization 400 shows the security status information of the firmware executing on each of the one or more devices 102A-N.
  • the security status information includes the first set of devices 402 executing the secure version of the firmware and the second set of devices 404 executing the unsecure version of the firmware.
  • the plant wide visualization 400 shows the suggested secure version of the firmware for each of the second set of devices 404 that are executing the unsecure version of the firmware.
  • FIG. 5 is a flow diagram illustrating a method for determining the security status of a firmware executing on the one or more devices 102A-N according to an embodiment herein.
  • the master device 112 receives the firmware version executing on each of the one or more devices 102A-N from the computing device 106.
  • the master device 112 compares the received firmware version executing on each of the one or more devices 102A-N with details stored in the memory 114 and identifies (i) the first set of devices 402 from the one or more devices 102A-N executing the secure version of the firmware and (ii) the second set of devices 404 from the one or more devices 102A-N executing the unsecure version of the firmware.
  • the master device 112 determines the security status information for the one or more devices 102A-N based on the identified secure version of the firmware executing on the first set of devices 402 and the unsecure version of the firmware executing on the second set of devices 404.
  • the master device 112 further determines/suggests the secure version of the firmware for each of the second set of devices 404 upon determining that the second set of devices 404 are executing the unsecure version of the firmware.
  • the master device 112 communicates the security status information of the one or more devices 102A-N along with the suggested secure version of the firmware for each of the second set of devices 404 executing the unsecure version of the firmware to the computing device 106.
  • An advantage of the above-mentioned system and method of determining the security status of the firmware executing on one or more devices 102A-N provides an overview of where the security patches are needed for the one or more devices 102A-N in a plant.
  • the system and method verifies that the device is executing a firmware version without a known vulnerabilities.
  • the system and method further provides a visibility into which devices are missing the security patches and real time cyber security status. This helps to prioritize the patching process across the plant.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Stored Programmes (AREA)

Abstract

The present invention discloses a method for determining a security status of a firmware executing on one or more devices (102A-N) configured on the premises, the method comprising: receiving a firmware version executing on each of the one or more devices (102A-N) from a computing device (106); comparing the received firmware version executing on each of the one or more devices (102A-N) with details stored in a memory 114 to identify a first set of devices (402) executing a secure version of the firmware; identify a second set of devices (404) executing an unsecure version of the firmware; determining the security status information for the one or more devices (102A-N) based on the identified secure version executing on the first set of devices (402) and the unsecure version executing on the second set of devices (404); and communicating the security status information of the one or more devices (102A-N) to the computing device (106).

Description

TITLE: “SYSTEM AND METHOD FOR DETERMINING A SECURITY STATUS OF A FIRMWARE EXECUTING ON ONE OR MORE DEVICES”
TECHNICAL FIELD
[0001] The present disclosure generally relates to a security status determination of a firmware. Particularly, the present disclosure relates to a system and method for determining a security status of a firmware executing on one or more devices configured on premises.
BACKGROUND ART
[0002] Most of the electronic devices installed in a plant/network have a firmware installed on them for facilitating operations of the electronic devices. As the technology grows and to cope up with vulnerabilities in a network, the firmware in the electronic devices need to be updated. For instance, to cope with the advancement in the technology, one either has to switch to the newer devices that are packed with the latest technologies or has to update the device firmware to use those technologies without spending on a hardware. Similarly, in order to prevent the electronic devices from security vulnerabilities, the firmware of the electronic devices needs to be updated regularly with security patches, as and when needed. These updates are commonly propagated to the electronic devices over wired or wireless networks so that the user may revise their firmware with the latest upgrades provided by developers.
[0003] In a conventional plant environment, there can be several electronic devices that are connected on the network. The firmware on each of the electronic device needs to be updated for better performance and to protect the devices from security vulnerabilities. However, these electronic devices are constrained with an automatic feature update and if these electronic devices are left without security update, then they may be exposed to security vulnerabilities.
[0004] Conventionally, there are several technologies for monitoring and maintaining security firmware update on the devices. For example, Digi Remote Manager® (DRM) is a secure platform for monitoring and controlling distributed IoT devices. DRM is capable of performing mass firmware updates to all specified devices or device groups. However, in the DRM, the user has to manually specify the devices or the group of devices for which the firmware update is required. In addition, the user has to create a profile and a schedule for updating the security firmware.
[0005] Similarly, Manage Engine, a Firmware Vulnerability Management software, lists out all the vulnerabilities in the network and the number of devices affected by those vulnerabilities. A Network Configuration Manager in the Manage Engine identifies the potential vulnerabilities in the network devices and takes necessary action. However, the Network Configuration Manager works in accordance with NIST (National Institute of Standards and Technology) by fetching firmware vulnerability data and correlating it with the network devices, which are currently managed in an infrastructure.
[0006] However, the conventional techniques do not consider the security status of the firmware installed on the electronic device and therefore, there is need for determining the security status of the firmware that is currently executing on the electronic devices.
SUMMARY
[0007] It is an object of the present disclosure to mitigate, alleviate or eliminate one or more of the above-identified deficiencies and disadvantages in the prior art and solve at least the above- mentioned problem.
[0008] In view of the foregoing, an embodiment herein provides a first aspect, a method for determining a security status of a firmware executing on one or more devices configured on premises. The method includes the steps of: receiving a firmware version executing on each of the one or more devices from a computing device; comparing the received firmware version executing on each of the one or more devices with details stored in a memory to: identify a first set of devices from the one or more devices executing a secure version of the firmware; identify a second set of devices from the one or more devices executing an unsecure version of the firmware. Further, the method includes the steps of: determining the security status information for the one or more devices based on the identified secure version of the firmware executing on the first set of devices and the unsecure version of the firmware executing on the second set of devices; communicating the security status information of the one or more devices to the computing device. The security status information of the one or more devices comprises the first set of devices executing the secure version of the firmware and the second set of devices executing the unsecure version of the firmware. [0009] According to an embodiment, the method further includes the steps of: determining the secure version of the firmware for each of the second set of devices upon determining that the second set of devices executing the unsecure version of the firmware; and communicating the secure version of the firmware for each of the second set of devices executing the unsecure version of the firmware to the computing device. According to an another embodiment, the secure version for each of the second set of devices are determined based on features extension and known vulnerabilities associated with the current version of the firmware executing on each of the second set of devices.
[0010] According to yet another embodiment, the memory stores one or more firmware versions executing on the one or more devices, details of upgrades present in the current version of the firmware executing on the one or more devices, which comprises an information of features extensions and information about known vulnerabilities of all versions of the firmware.
[0011] According to yet another embodiment, the method performed by the computing device includes the steps of: receiving device information from the one or more devices associated with the computing device; checking whether the received device information of the one or more devices, consist a signature corresponding to a current version of the firmware by comparing the received device information with a predetermined information of the one or more devices stored in the computing device; identifying the firmware version executing on each of the one or more devices by comparing the received device information with the predetermined information; communicating the firmware version executing on each of the one or more devices; and receiving, the security status information of the one or more devices.
[0012] In one embodiment, the security status information comprises the first set of devices executing the secure version of the firmware and a second set of devices executing the unsecure version of the firmware. In another embodiment, the device information comprises a Platform Configuration Register, which consist the signature of current version of the firmware executing on the one or more devices.
[0013] According to yet another embodiment, the method further includes the step of: receiving the secure version of the firmware for each of the second set of devices executing the unsecure version of the firmware.
[0014] According to yet another embodiment, the method further includes the step of: providing a plant- wide visualization that represents the security status of the firmware executing on the one or more devices. In one embodiment, the security status represents the first set of devices executing the secure version of the firmware and the second set of devices executing the unsecure version of the firmware. In another embodiment, the plant-wide visualization specifies the secure version of the firmware for each of the second set of devices that are executing the unsecure version of the firmware.
[0015] According to yet another embodiment, the predetermined information comprises a device name, a device identification number, a firmware name, a firmware type, a version of the firmware, a signature corresponding to each version of the firmware, the security status of the firmware and information about known vulnerabilities associated with each version of the firmware.
[0016] According to a second aspect, a system for determining a security status of a firmware executing on one or more devices configured on the premises is provided. The system includes a master device and a computing device. The master device includes a memory and a processor. The processor is configured to receive a firmware version executing on each of the one or more devices from the computing device; compare the received firmware version executing on each of the one or more devices with details stored in a memory to: identify the first set of devices from the one or more devices executing a secure version of the firmware; identify the second set of devices from the one or more devices executing an unsecure version of the firmware. The processor is further configured to determine the security status information for the one or more devices based on the identified secure version of the firmware executing on the first set of devices and the unsecure version of the firmware executing on the second set of devices; determine the secure version of the firmware for each of the second set of devices upon determining that the second set of devices executing the unsecure version of the firmware; and communicate the security status information of the one or more devices to the computing device.
[0017] In one embodiment, the secure version for each of the second set of devices are determined based on features extension and known vulnerabilities associated with the current version of the firmware executing on each of the second set of devices. In another embodiment, the security status information of the one or more devices includes the first set of devices executing the secure version of the firmware, the second set of devices executing the unsecure version of the firmware. [0018] In yet another embodiment, the master device further communicates the secure version of the firmware for each of the second set of devices executing the unsecure version of the firmware to the computing device.
[0019] According to an embodiment, the computing device includes a memory storing predetermined information of the one or more devices and a processor. The processor is configured to: receive device information from the one or more devices associated with the computing device; check whether the received device information of the one or more devices, consist a signature corresponding to a current version of the firmware by comparing the received device information with predetermined information of the one or more devices stored in the computing device; identify the firmware version executing on each of the one or more devices by comparing the received device information with the predetermined information; communicate the firmware version executing on each of the one or more devices to the master device; and receive the security status information of the one or more devices from the master device. According to another embodiment, the computing device further receives the secure version of the firmware for each of the second set of devices executing the unsecure version of the firmware from the master device.
[0020] In one embodiment, the security status information includes the first set of devices executing a secure version of the firmware and a second set of devices executing an unsecure version of the firmware. In another embodiment, the device information includes a Platform Configuration Register, which consist the signature of current version of the firmware executing on the one or more devices.
[0021] According to yet another embodiment, the computing device is configured to provide a plant- wide visualization that represents the security status of the firmware executing on the one or more devices. In one embodiment, the security status represents the first set of devices executing the secure version of the firmware and the second set of devices executing the unsecure version of the firmware. In another embodiment, the plant-wide visualization specifies the secure version of the firmware for each of the second set of devices that are executing the unsecure version of the firmware.
[0022] According to yet another embodiment, the predetermined information includes a device name, a device identification number, a firmware name, a firmware type, a version of the firmware, a signature corresponding to each version of the firmware, the security status of the firmware and information about known vulnerabilities associated with each version of the firmware.
[0023] Effects and features of the second aspect are to a large extent analogous to those described above in connection with the first aspect. Embodiments mentioned in relation to the first aspect are largely compatible with the second aspect.
[0024] Hence, it is to be understood that the herein disclosed disclosure is not limited to the particular component parts of the device described or steps of the methods described since such device and method may vary. It is also to be understood that the terminology used herein is for purpose of describing particular embodiments only, and is not intended to be limiting. It should be noted that, as used in the specification and the appended claim, the articles "a", "an", "the", and "said" are intended to mean that there are one or more of the elements unless the context explicitly dictates otherwise. Thus, for example, reference to "a unit" or "the unit" may include several devices, and the like. Furthermore, the words "comprising", "including", "containing" and similar wordings does not exclude other elements or steps.
[0025] The present disclosure will become apparent from the detailed description given below. These and other aspects of the embodiments and other objects and advantages of the present invention herein will be better appreciated and understood when considered in conjunction with the following description and the accompanying drawings. The accompanying drawings are incorporated for illustration of preferred embodiments of the present invention and are not intended to limit the scope thereof. It should be understood, however, that the following descriptions, while indicating preferred embodiments and numerous specific details thereof, are given by way of illustration and not of limitation. Different configuration changes and modifications may be made within the scope of the embodiments herein without departing from the spirit thereof, and the embodiments herein include all such modifications.
BRIEF DESCRIPTIONS OF THE DRAWINGS [0026] The detailed description is set forth with reference to the accompanying figures. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The use of the same reference numbers in different figures indicates similar or identical items. [0027] FIG. 1 illustrates a system for determining a security status of a firmware executing on one or more devices configured on the premises according to an embodiment herein;
[0028] FIG. 2 illustrates an interaction diagram showing an interaction between a computing device and a master device according to an embodiment herein;
[0029] FIG. 3 illustrates a table showing information stored in a computing device and a master device according to an embodiment herein;
[0030] FIG. 4 illustrates a plant-wide visualization showing security status information of one or more devices configured on the premises according to an embodiment herein; and [0031] FIG. 5 is a flow diagram illustrating a method for determining a security status of a firmware executing on one or more devices according to an embodiment herein.
DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS
[0032] The embodiments herein and the various features and advantageous details thereof are explained more fully with reference to the non-limiting embodiments and detailed in the following description. Descriptions of well-known components and processing techniques are omitted so as to not unnecessarily obscure the embodiments herein. The examples used herein are intended merely to facilitate an understanding of ways in which the embodiments herein may be practiced and to further enable those of skill in the art to practice the embodiments herein. Accordingly, the examples should not be construed as limiting the scope of the embodiments herein.
[0033] As mentioned above, there is a need for a system and a method for determining a security status of a firmware executing on one or more devices connected through a common network. The embodiments herein achieve this by providing a system, that collects device information from one or more devices that are connected through a common network using a computing device and determining a security status of each of the one or more devices by communicating with a master device. Referring now to the drawings, and more particularly to FIGS. 1 through 5, where similar reference characters denote corresponding features consistently throughout the figures, there are shown preferred embodiments. [0034] FIG. 1 illustrates a system for determining a security status of a firmware executing on one or more devices 102A-N configured on the premises according to an embodiment herein. The system includes a computing device 106 and a master device 112. The computing device 106 includes a memory 108 and a processor 110. The computing device 106 receives device information from the one or more devices 102A-N that are associated with the computing device through a network 104. In one embodiment, the device information comprises a Platform Configuration Register (PCR), which consist a signature of a current version of the firmware executing on the one or more devices 102A-N. In another embodiment, the signature is a hash value that represents the current version of the firmware executing on the one or more devices 102A-N. The computing device 106 checks whether the received device information of the one or more devices 102A-N, consist the signature corresponding to a current version of the firmware by comparing the received device information with predetermined information of the one or more devices 102A-N stored in the memory 108. In an embodiment, the computing device 106 verifies that the device information received from the known device (i.e. legitimate device) only when the received device information consisting the signature corresponding to the current version of the firmware executing on the one or more devices 102A-N.
[0035] Further, the computing device 106 identifies the firmware version currently executing on each of the one or more devices 102A-N by comparing the received device information with the predetermined information. In an embodiment, the computing device 106 stores the predetermined information corresponding to each valid firmware versions. In another embodiment, the predetermined information includes but not limited to a device name, a device identification number, a firmware name, a firmware type, a version of the firmware, the signature corresponding to each version of the firmware, the security status of the firmware and information about known vulnerabilities associated with each version of the firmware. Once the firmware version currently executing on each of the one or more devices 102A-N are identified, the computing device 106 communicates the firmware version executing on each of the one or more devices 102A-N to the master device 112. In one embodiment, the master device 112 is a server or a computing device.
[0036] The master device 112 includes a memory 114 that stores one or more firmware versions of the one or more devices 102A-N, details of upgrades present in the current version of the firmware executing on the one or more devices 102A-N, which comprises an information of features extensions and information about known vulnerabilities of all versions of the firmware and a processor 116.
[0037] The master device 112 receives the firmware version currently executing on each of the one or more devices 102A-N from the computing device 106 and compares the received firmware version executing on each of the one or more devices 102A-N with details stored in the memory 114 to (i) identify a first set of devices from the one or more devices 102A-N executing a secure version of the firmware and (ii) identify a second set of devices from the one or more devices 102A-N executing an unsecure version of the firmware. Once the devices (i.e. the first set of devices and the second set of devices) running the secure version of the firmware and the unsecure version of the firmware is identified, the master device 112 determines a security status information for each of the one or more devices 102A-N based on the identified secure version of the firmware executing on the first set of devices and the unsecure version of the firmware executing on the second set of devices. The security status information of the one or more devices 102A-N provides the security status of each device. For example, the security status information includes the first set of devices executing the secure version of the firmware and the second set of devices executing the unsecure version of the firmware.
[0038] Further, the master device 112 determines and suggests a secure version of the firmware for the devices (i.e. the second set of devices) that are currently executing the unsecure version of the firmware upon determining that the second set of devices executing the unsecure version of the firmware. The secure version for each of the second set of devices are determined based on features extension and known vulnerabilities associated with the current version of the firmware executing on each of the second set of devices. In one embodiment, the firmware version suggestion is decided based on the current version of the firmware running on the devices. [0039] For example, if a device 102B currently executing the version VI, the master device 112 suggest version V3 as an updated version, since the security update in the version V3 is corresponding to a vulnerability that existed in the firmware from initial version itself (e.g. versions VI and V2). In another example, if the security update in version V3 is corresponding to a vulnerability that is introduced in version V2, and if a device 102A is currently executing version VI, then there is no need to provide/suggest a firmware update.
[0040] Further, the master device 112 communicates (i) the security status information of the one or more devices 102A-N to the computing device 106 and (ii) the suggested secure version of the firmware for each of the second set of devices 404 executing the unsecure version of the firmware to the computing device 106.
[0041] The computing device 106 receives (i) the security status information of the one or more devices 102A-N and (ii) the suggested secure version of the firmware for each of the second set of devices executing the unsecure version of the firmware to the computing device 106.
[0042] Upon reception of the security status information and the secure version of the firmware for each of the second set of devices from the master device 112, the computing device 106 generates a plant- wide visualization (e.g. a holistic view) that represents the security status of the firmware executing on the one or more devices 102A-N. The security status may indicate the current version of the firmware executing on the one or more devices 102A-N is the secure version or the unsecure version. For example, the plant-wide visualization shows the first set of devices executing the secure version of the firmware and the second set of devices executing the unsecure version of the firmware.
[0043] In one embodiment, the plant-wide visualization also shows the suggested secure version of the firmware for each of the second set of devices that are executing the unsecure version of the firmware.
[0044] In an embodiment, the one or more devices 102A-N are field instruments that are deployed in the premises and connected through the common network 104. The one or more devices 102A-N boots with a specific version of the firmware.
[0045] FIG. 2 illustrates an interaction diagram showing an interaction between the computing device 106 and the master device 112 according to an embodiment herein. At step 202, the computing device 106 receives the device information from the one or more devices 102A-N. At step 204, the computing device 106 checks whether the received device information of the one or more devices 102A-N, consist the signature corresponding to a current version of the firmware by comparing the received device information with predetermined information of the one or more devices 102A-N stored in the memory 108. At step 206, the computing device 106 identifies the firmware version executing on each of the one or more devices 102A-N by comparing the received device information with the predetermined information. At step 208, the computing device 106 communicates the identified firmware version executing on each of the one or more devices 102A-N to the master device 112. Once, the identified firmware version executing on each of the one or more devices 102A-N are received from the computing device 106, the master device 112 compares the received firmware version with details stored in the memory 114 and identifies (i) the first set of devices from the one or more devices 102A-N executing the secure version of the firmware and (ii) the second set of devices from the one or more devices 102A-N executing the unsecure version of the firmware. Upon determining the devices that are executing the secure version and the unsecure version of the firmware, the master device 112 determines the security status information for the one or more devices 102A-N based on the identified secure version of the firmware executing on the first set of devices and the unsecure version of the firmware executing on the second set of devices.
[0046] Further, the master device 112 determines or suggests the secure version of the firmware for each of the second set of devices upon determining that the second set of devices are executing the unsecure version of the firmware. At step 210, the master device 112 communicates the security status information along with the suggested secure version of the firmware for the second set of devices, which are executing the unsecure version of the firmware. At step 212, the computing device 106 generates the plant- wide visualization that represents the security status of the firmware executing on the one or more devices 102A-N upon receiving the security status information and the suggested secure version of the firmware for the second set of devices from the master device 112. The security status information includes the first set of devices executing the secure version of the firmware and the second set of devices executing the unsecure version of the firmware.
[0047] FIG. 3 illustrates a table showing information stored in the computing device 106 and the master device 112 according to an embodiment herein. The computing device 106 stores a list of device information for valid firmware versions executing on the one or more devices 102A- N. For example, the computing device 106 stores the device information for each version of the firmware. The master device 112 stores details about each of the valid firmware versions. The details include the one or more firmware versions of the one or more devices 102A-N, details of upgrades present in the current version of the firmware executing on the one or more devices 102A-N, which comprises an information of features extensions and information about known vulnerabilities of all versions of the firmware.
[0048] Further, the table shows that each of the one or more devices 102A-N stores the corresponding device information. The device information of each of the one or more devices 102A-N are collected during a boot process. [0049] FIG. 4 illustrates the plant-wide visualization 400 showing the security status information of the one or more devices 102A-N configured on the premises according to an embodiment herein. The plant-wide visualization 400 shows the security status information of the firmware executing on each of the one or more devices 102A-N. The security status information includes the first set of devices 402 executing the secure version of the firmware and the second set of devices 404 executing the unsecure version of the firmware. Further, the plant wide visualization 400 shows the suggested secure version of the firmware for each of the second set of devices 404 that are executing the unsecure version of the firmware.
[0050] FIG. 5 is a flow diagram illustrating a method for determining the security status of a firmware executing on the one or more devices 102A-N according to an embodiment herein. At step 502, the master device 112 receives the firmware version executing on each of the one or more devices 102A-N from the computing device 106. At step 504, the master device 112 compares the received firmware version executing on each of the one or more devices 102A-N with details stored in the memory 114 and identifies (i) the first set of devices 402 from the one or more devices 102A-N executing the secure version of the firmware and (ii) the second set of devices 404 from the one or more devices 102A-N executing the unsecure version of the firmware. At step 506, the master device 112 determines the security status information for the one or more devices 102A-N based on the identified secure version of the firmware executing on the first set of devices 402 and the unsecure version of the firmware executing on the second set of devices 404. At step 508, the master device 112 further determines/suggests the secure version of the firmware for each of the second set of devices 404 upon determining that the second set of devices 404 are executing the unsecure version of the firmware. At step 510, the master device 112 communicates the security status information of the one or more devices 102A-N along with the suggested secure version of the firmware for each of the second set of devices 404 executing the unsecure version of the firmware to the computing device 106.
[0051] An advantage of the above-mentioned system and method of determining the security status of the firmware executing on one or more devices 102A-N provides an overview of where the security patches are needed for the one or more devices 102A-N in a plant. The system and method verifies that the device is executing a firmware version without a known vulnerabilities. The system and method further provides a visibility into which devices are missing the security patches and real time cyber security status. This helps to prioritize the patching process across the plant.
[0052] The foregoing description of the specific embodiments will so fully reveal the general nature of the embodiments herein that a person skilled in the art can, by applying current knowledge, readily modify and/or adapt for various applications such specific embodiments without departing from the generic concept, and, therefore, such adaptations and modifications should and are intended to be comprehended within the meaning and range of equivalents of the disclosed embodiments. It is to be understood that the phraseology or terminology employed herein is for the purpose of description and not of limitation. Therefore, while the embodiments herein have been described in terms of preferred embodiments, those skilled in the art will recognize that the embodiments herein can be practiced with modification within the scope of the embodiments as described herein.

Claims

Claims:
1. A method for determining a security status of a firmware executing on one or more devices (102A-N) configured on the premises, the method comprising: receiving (502) a firmware version executing on each of the one or more devices (102A- N) from a computing device (106); comparing (504) the received firmware version executing on each of the one or more devices (102A-N) with details stored in a memory (114) to: identify a first set of devices (402) from the one or more devices (102A-N) executing a secure version of the firmware; identify a second set of devices (404) from the one or more devices (102A-N) executing an unsecure version of the firmware; determining (506) the security status information for the one or more devices (102A-N) based on the identified secure version of the firmware executing on the first set of devices (402) and the unsecure version of the firmware executing on the second set of devices (404); and communicating (510) the security status information of the one or more devices (102A- N) to the computing device (106), wherein the security status information of the one or more devices (102A-N) comprises the first set of devices (402) executing the secure version of the firmware and the second set of devices (404) executing the unsecure version of the firmware.
2. The method as claimed in claim 1, comprising: determining (508) the secure version of the firmware for each of the second set of devices (404) upon determining that the second set of devices (404) executing the unsecure version of the firmware; and communicating (510) the secure version of the firmware for each of the second set of devices (404) executing the unsecure version of the firmware to the computing device (106), wherein the secure version for each of the second set of devices (404) are determined based on features extension and known vulnerabilities associated with the current version of the firmware executing on each of the second set of devices (404).
3. The method as claimed in claim 1, wherein the memory (114) stores one or more firmware versions of the one or more devices (102A-N), details of upgrades present in the current version of the firmware executing on the one or more devices (102A-N), which comprises an information of features extensions and information about known vulnerabilities of all versions of the firmware.
4. The method as claimed in claim 1, wherein the steps performed by the computing device (106), comprise: receiving device information from the one or more devices (102A-N) associated with the computing device (106); checking whether the received device information of the one or more devices (102A-N), consist a signature corresponding to a current version of the firmware by comparing the received device information with predetermined information of the one or more devices (102A-N) stored in the computing device (106), wherein the device information comprises a Platform Configuration Register (PCR) which consist the signature of current version of the firmware executing on the one or more devices (102A-N); identifying the firmware version executing on each of the one or more devices (102A-N) by comparing the received device information with the predetermined information; communicating the firmware version executing on each of the one or more devices (102A-
N); and receiving, the security status information of the one or more devices (102A-N), wherein the security status information comprises: the first set of devices (402) executing a secure version of the firmware and a second set of devices (404) executing an unsecure version of the firmware.
5. The method as claimed in claim 4, comprising: receiving the secure version of the firmware for each of the second set of devices (404) executing the unsecure version of the firmware.
6. The method as claimed in claim 4, comprising: providing a plant-wide visualization (400) that represents the security status of the firmware executing on the one or more devices (102A-N), wherein the security status represents the first set of devices (402) executing the secure version of the firmware and the second set of devices (404) executing the unsecure version of the firmware, and wherein the plant-wide visualization (400) specifies the secure version of the firmware for each of the second set of devices (404) that are executing the unsecure version of the firmware.
7. The method as claimed in claim 4, wherein the predetermined information comprises a device name, a device identification number, a firmware name, a firmware type, a version of the firmware, a signature corresponding to each version of the firmware, the security status of the firmware and information about known vulnerabilities associated with each version of the firmware.
8. A system for determining a security status of a firmware executing on one or more devices (102A-N) configured on the premises, the system comprising: a master device (112), comprising: a memory (114); a processor (116) that is configured to: receive a firmware version executing on each of the one or more devices (102A- N) from a computing device (106); compare the received firmware version executing on each of the one or more devices (102A-N) with details stored in a memory (114) to: identify the first set of devices (402) from the one or more devices (102A- N) executing a secure version of the firmware; identify the second set of devices (404) from the one or more devices (102A-N) executing an unsecure version of the firmware; determine, the security status information for the one or more devices (102A-N) based on the identified secure version of the firmware executing on the first set of devices (402) and the unsecure version of the firmware executing on the second set of devices (404); the secure version of the firmware for each of the second set of devices (404) upon determining that the second set of devices (404) executing the unsecure version of the firmware, wherein the secure version for each of the second set of devices (404) are determined based on the features extension and known vulnerabilities associated with the current version of the firmware executing on each of the second set of devices (404); and communicate the security status information of the one or more devices (102A-N) to the computing device (106), wherein the security status information of the one or more devices (102A-N) comprises the first set of devices (402) executing the secure version of the firmware, the second set of devices (404) executing the unsecure version of the firmware, wherein the master device (112) further communicates the secure version of the firmware for each of the second set of devices (404) executing the unsecure version of the firmware to the computing device (106); and the computing device (106), comprising: a memory (108) stores predetermined information of the one or more devices (102A-N); a processor (110) that is configured to: receive device information from the one or more devices (102A-N) associated with the computing device (106); check whether the received device information of the one or more devices (102A- N), consist a signature corresponding to a current version of the firmware by comparing the received device information with predetermined information of the one or more devices (102A-N) stored in the computing device (106), wherein the device information comprises a Platform Configuration Register (PCR) which consist the signature of current version of the firmware executing on the one or more devices (102A-N); identify the firmware version executing on each of the one or more devices (102A- N) by comparing the received device information with the predetermined information; communicate the firmware version executing on each of the one or more devices (102A-N) to the master (112); and receive the security status information of the one or more devices (102A-N) from the master device (112), wherein the security status information comprises the first set of devices (402) executing a secure version of the firmware and a second set of devices (404) executing an unsecure version of the firmware, wherein the computing device (106) further receives the secure version of the firmware for each of the second set of devices (404) executing the unsecure version of the firmware from the master device.
9. The system as claimed in claim 8, wherein the computing device (106) is configured to: provide a plant- wide visualization (400) that represents the security status of the firmware executing on the one or more devices (102A-N), wherein the security status represents the first set of devices (402) executing the secure version of the firmware and the second set of devices (404) executing the unsecure version of the firmware, and wherein the plant-wide visualization (400) specifies the secure version of the firmware for each of the second set of devices (404) that are executing the unsecure version of the firmware.
10. The system as claimed in claim 8, wherein the predetermined information comprises a device name, a device identification number, a firmware name, a firmware type, a version of the firmware, a signature corresponding to each version of the firmware, the security status of the firmware and information about known vulnerabilities associated with each version of the firmware.
PCT/IB2021/053614 2020-05-14 2021-04-30 System and method for determining a security status of a firmware executing on one or more devices WO2021229351A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN202041020408 2020-05-14
IN202041020408 2020-05-14

Publications (1)

Publication Number Publication Date
WO2021229351A1 true WO2021229351A1 (en) 2021-11-18

Family

ID=75977779

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2021/053614 WO2021229351A1 (en) 2020-05-14 2021-04-30 System and method for determining a security status of a firmware executing on one or more devices

Country Status (1)

Country Link
WO (1) WO2021229351A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019119408A1 (en) * 2017-12-22 2019-06-27 Intel Corporation Manageability engine and automatic firmware validation
WO2020040731A1 (en) * 2018-08-20 2020-02-27 Hewlett-Packard Development Company, L.P. Vulnerability state report

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019119408A1 (en) * 2017-12-22 2019-06-27 Intel Corporation Manageability engine and automatic firmware validation
WO2020040731A1 (en) * 2018-08-20 2020-02-27 Hewlett-Packard Development Company, L.P. Vulnerability state report

Similar Documents

Publication Publication Date Title
US9436827B2 (en) Attesting a component of a system during a boot process
US8032880B2 (en) Multi-branch management for updating software
JP5058450B2 (en) Efficient patching
CN103530563B (en) For updating the system and method for authorized software
US9614867B2 (en) System and method for detection of malware on a user device using corrected antivirus records
US8443354B1 (en) Detecting new or modified portions of code
CN107943502B (en) Upgrading method based on fine-grained system state detection in Linux system
US20150363185A1 (en) Updating software based on utilized functions
WO2006049475A1 (en) Apparatus and system for preventing virus
US20130014260A1 (en) Apparatus, system, and method for preventing infection by malicious code
JP3874593B2 (en) Computer identification device
CN107368513B (en) Method and device for updating client database
CN104573497B (en) A kind for the treatment of method and apparatus of startup item
US20050120237A1 (en) Control of processes in a processing system
CN111506358A (en) Method and device for updating container configuration
CN114282225A (en) Vulnerability defense method and device and computer equipment
CN104333614B (en) The method, apparatus and system of terminal recognition
WO2021229351A1 (en) System and method for determining a security status of a firmware executing on one or more devices
CN113329107B (en) Method and device for coping with influence of operating system change on equipment fingerprint calculation
CN108647516A (en) A kind of defence loophole illegally puies forward power method and device
CN115455414A (en) Safety detection method and device
US8423989B2 (en) Software parameter management
US20220027074A1 (en) Deletion of firmware instructions
JP6884652B2 (en) White list management system and white list management method
CN106886711A (en) authority request response method and corresponding device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21726454

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21726454

Country of ref document: EP

Kind code of ref document: A1