[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2001006726A2 - Commutateur de reseau sur - Google Patents

Commutateur de reseau sur Download PDF

Info

Publication number
WO2001006726A2
WO2001006726A2 PCT/US2000/018988 US0018988W WO0106726A2 WO 2001006726 A2 WO2001006726 A2 WO 2001006726A2 US 0018988 W US0018988 W US 0018988W WO 0106726 A2 WO0106726 A2 WO 0106726A2
Authority
WO
WIPO (PCT)
Prior art keywords
packet
network
access rules
packets
ports
Prior art date
Application number
PCT/US2000/018988
Other languages
English (en)
Other versions
WO2001006726A3 (fr
Inventor
John Johnson
Ken Okin
William Raduchel
Original Assignee
Sun Microsystems, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sun Microsystems, Inc. filed Critical Sun Microsystems, Inc.
Priority to EP00947264A priority Critical patent/EP1219075A2/fr
Priority to KR1020027000163A priority patent/KR20020027471A/ko
Priority to JP2001511049A priority patent/JP2003505934A/ja
Priority to AU60904/00A priority patent/AU6090400A/en
Publication of WO2001006726A2 publication Critical patent/WO2001006726A2/fr
Publication of WO2001006726A3 publication Critical patent/WO2001006726A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/22Arrangements for preventing the taking of data from a data transmission channel without authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • H04L63/0218Distributed architectures, e.g. distributed firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/35Switches specially adapted for specific applications
    • H04L49/351Switches specially adapted for specific applications for local area network [LAN], e.g. Ethernet switches
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/25Routing or path finding in a switch fabric

Definitions

  • the present invention relates generally to computer networks and more specifically to means for filtering data packets transmitted through a LAN switch in a network in order to control access between individual computers and the remainder of the network
  • a firewall is generally considered a necessity for any company network which is connected to the internet
  • a firewall acts as a barrier between the network which serves the company or enterprise and external networks
  • the firewall serves as an inspection point through which all data must pass before it enters the internal network As the data reaches the firewall, it is inspected to determine
  • firewalls provide many security benefits, they have shortcomings as well
  • One such shortcoming is that, once an unauthorized access is made to the system, there is nothing that can be done by the firewall to contain the damage which may be caused by the access Firewalls are also unable to prevent accesses which simply circumvent the firewall For instance, if an enterprise network user is allowed to directly dial out of the network to an external system, data which passes through this connection will not be inspected and subjected to the firewall access rules Firewalls are also powerless to prevent network users from bringing virus-infected floppy disks from external sources and loading them onto the network If a virus infects one computer on the network, the virus can spread to the remainder of the network without having to pass the firewall Still further, a firewall cannot prevent the damage which can be caused by the intrusion of a hostile machine within the firewall SUMMARY OF THE INVENTION
  • the invention implements means within an enterprise computer network for controlling the flow of data packets within the network
  • Enterprise is used here to mean a network which serves a business or enterprise — it is intended to indicate a point of reference and is not designate to indicate a particular type of network
  • These means are implemented independently of a firewall, which controls the flow of packets only between the enterprise network and an external network such as the internet
  • LAN Local Area Network
  • the term "computer” as used in connection with networks herein refers to any device which may be connected to a network and which is configured to transmit and/or receive packets, e g , workstations, printers, file servers, modem servers, routers, etc
  • the term "LAN switch” refers to any type of interface device for devices on a network, such as switches, routers and hubs
  • the LAN switch has several physical ports and each of the computers is connected to one of the ports A packet filter is associated with each of the ports The packet filter defines the type of packets which are and are not allowed to pass through the port to and from the associated computer
  • the associated filter is used to determine (e g , by packet-matching) whether the packet should be transmitted to the computer for which it is destined or whether some other action should be taken This alternate action may consist of dropping the packet, rerouting the packet to another port, or simply notifying the system admimstrator of the packet
  • the ports can
  • the packet filters scan the packets in parallel with the normal processing (e g , addressing) of the packets
  • This normal processing typically consists of determining a destination address for the packet
  • the filters can perform packet matching (comparing certain fields in the packet with predetermined patterns) to determine whether the packets are authorized If it is determined that a packet is unauthorized, the filter sends a signal to the LAN switch so that the packet can be dropped or rerouted before it gets beyond the LAN switch
  • each packet filter is programmed by a software executive running on the LAN switch
  • the network administrator can download permissions for each of the respective packet filters The network administrator can thereby control access at each one of the ports in the same manner as with a firewall Because the packets are independently filtered at each port, however, the network administrator can configure the access rules differently for each computer The network administrator can thereby set up different classes of users or even isolate individual computers from the remainder of the network
  • FIG. 1 is a block diagram illustrating a computer network in one embodiment of the invention
  • Fig 2 is a flow diagram illustrating the paths which packets may traverse from a source computer to a destination computer
  • Fig 3a is a functional block diagram of one port of a packet-filtering LAN switch in one embodiment of the invention
  • Fig 3b is a functional block diagram of one port of a packet-filtering LAN switch in an alternate embodiment of the invention
  • Fig 3c is a functional block diagram of one port of a packet-filtering LAN switch in an alternate embodiment of the invention
  • Fig 3d is a block diagram of a CPU and a plurality of ports of a packet-filtering LAN switch in one embodiment of the invention
  • Fig 4 is a flow diagram illustrating the operation of a LAN switch in one embodiment of the invention
  • LAN switch as used herein means any device which forwards packets to computers in a network
  • the LAN switch has a number of ports to which the computers are connected
  • the LAN switch needs to examine the packet to determine whether it should be normally routed
  • the LAN switch therefore includes a filter at each port The filter is applied against the state of certain bits in the packet Particular states are allowed in packets destined for a particular computer or group of computers, while others are not If the bits are in an allowed state, the packet is routed in the normal manner to the destination computer If the bits are m a state which is not allowed, the packet is not routed in the normal manner For example, it may simply be dropped, or it may be rerouted to another computer As another example, the packet may be routed to the destined computer, but the system administrator may be notified of the packet
  • the LAN switch executes a software executive that controls the filters
  • the system administrator uses the software executive to configure the filter for each of the computers
  • the filters can be individually configured so that there are different access rules for the different computers
  • the system administrator can thereby set up groups of computers which have different levels of access to network resources, restrict particular actions to certain computers, or isolate individual computers in order to handle problems relating specifically to those computers
  • Fig 1 is a block diagram illustrating a computer network 10
  • Network 10 includes several computers 12- 14, each of which is coupled to LAN switch 11
  • the computers are coupled to the LAN switch through ports 15- 17
  • Network 10 also includes computers 22 and 23, which are coupled to LAN switch 11 via a second LAN switch 21 and associated ports 24-26
  • Network 10 is coupled to external networks through LAN switch 11, port 19 and firewall 21
  • the external network will be the internet
  • many different types of network devices are known to persons of skill in the art and any such devices can be coupled to the network in addition to, or m place of, computers 12-14 and 22-23
  • Computers 12-14 can communicate with each other and with computers on other networks using packet switching protocols (As noted above, "computer” includes various types of network devices ) Packet switching protocols require that information to be sent between two computers be divided into packets These packets are then transmitted between the computers This is in contrast to a circuit switching protocol, which establishes a dedicated connection between the computers over which information can be transmitted without first being packetized Networks using packet switching protocols may establish a virtual connection between the two computers instead of a physical connection The virtual connection does not require intermediate lines to be dedicated to transmission of the packets The packetization of the information therefore allows information to be sent across many intermediate networks without tying up their circuits and preventing communication between other computers
  • IP Internet Protocol
  • TCP/IP Transmission Control Protocol /Internet Protocol
  • the DP address contains four bytes separated by periods (e g , "012 123 234 001 " ) This address may specify a particular computer or it may specify a particular network, in which case the network will provide means to correctly route the packet to the correct device on that network
  • the TCP protocol exists at a slightly higher level than the IP protocol and provides means for ensuring that all of the bytes in message are received at the destination device
  • the TCP protocol sequences the bytes in a message and provides for retransmission of lost bytes
  • Fig 2 illustrates a series of interconnected computers (or networks) which form a path from a source computer 40 to a destination computer 41
  • the source and destination computers are each depicted as being connected to the other computers through another device 42, 43
  • devices 42 and 43 are firewalls These devices may be other devices, such as LAN switches or computers, in other embodiments
  • the dashed lines indicate the boundaries of a source network 44 and destination network 45
  • source computer 40 sends a packet to another computer, it is normally routed by a number of intermediate computers 51-55
  • These intermediate computers are typically routers (Although "router" may be used to refer to a specific type of packet-forwarding device, the term as used here means any device which serves to route or forward packets between computers )
  • routers examine the destination address of the packet and determine the next router to which the packet will be sent This process is repeated for each packet in a message The process is typically performed independently for each packet so that the packets corresponding to a single message may travel from the source computer
  • Firewalls may use various techniques to prevent unauthorized packets from gaining access to the network These techniques may include the use of packet filters, application gateways and circuit-level gateways Firewalls may be very effective in protecting the system against unwanted accesses, but this protection is not foolproof and unauthorized packets may be introduced into the network Once the packets have breached the firewall, the firewall is completely ineffective to prevent the packets from being freely transmitted within the network
  • the firewall is also incapable of preventing users within the network from circumventing the firewall by dialing out on a telephone line or using portable media (e g , floppy disks) to download unauthorized files onto the network
  • the invention is therefore implemented in this embodiment in one or more LAN switches through which all of the traffic internal to the network is routed After a
  • Fig 3a is a functional block diagram of one port of the packet-filtering LAN switch LAN switch 30 contains circuitry 31 for processing packets and determining their respective destinations on the network LAN switch 30 also includes filter circuitry 32 which examines the packets to determine whether they are authorized to be routed to their destinations Because of the distributed nature of the filtering (it is performed at each port of the LAN switch), filter circuitry 32 may implement access rules which are simpler than those implemented in a firewall In other words, because each filter controls access to a single computer, only the rules relevant to that computer need to be implemented These simplified access rules may, in many respects, be just as effective as those of the firewall because the rules implemented m a single filter can be tailored to the single computer associated with that filter The distributed nature of the filtering also allows the network to be easily scalable In other words, as computers are added to the network, corresponding filters are added to handle the filtering workload The distribution of the filtering among the ports of the LAN switch allows the high volume of traffic within the network to be filtered (The implementation of a centralized,
  • incoming packets which arrive at a port of the LAN switch are delivered to both address processing circuitry 31 and the filtering circuitry 32 (It is contemplated that other embodiments could provide for delivery of only a portion of the packet (e g , the packet header) to filtering circuitry 32 )
  • the system can be applied to either outgoing or incoming packets
  • the packets are filtered in parallel with the normal address processing As a result, the time required to perform the filtering is overlapped with the time required for normal address processing Consequently, the overhead relating to the filtering is reduced (It is contemplated that the filtering of the packets may be performed in series with the address processing as shown in Figs 3b and 3c, but this would result in higher overhead and therefore is not the preferred embodiment
  • Figs 3b and 3c illustrate that the serial filter circuitry may be located either before or after the address circuitry
  • Address processing circuitry 31 provides its output to switching circuitry 33
  • Switching circuitry 33 would, in the absence of the invention, use the destination address from address processing circuitry 31 to deliver the packet to its destination The delivery of the packet, however, is conditioned upon the output of filtering circuitry 32
  • Filtering circuitry 32 applies the appropriate access rules to the packet and provides a signal to switching circuitry 33 If the packet is authorized to be delivered to its destination, a corresponding signal is input to switching circuitry 33 and the packet is forwarded to the destination in the normal manner If the packet is not authorized, a different signal is produced by filtering circuitry 32 Upon receipt of this signal, switching circuitry 33 takes some alternate action This alternate action may be any appropriate action relating to the presence of the unauthorized packet, and may include dropping the packet, rerouting the packet to an alternate destination, notifying the system administrator, or similar actions The selected action for an unauthorized packet may depend on the particular destination of the packet, the type of packet, the application associated with the packet or other information
  • Fig 4 is a flow diagram illustrating the operation of the LAN switch This figure summarizes the operation of the LAN switch in one embodiment of the invention When the packet is received at a port of the LAN switch 60, it is simultaneously processed to determine its destination address 61 and
  • the filter is implemented using the Java programming language Java was chosen for this implementation because Java virtual machines exist for many platforms and Java applications can therefore be run on these many platforms
  • a Java-based filtering application thus has a degree of platform and/or vendor neutrality (It is contemplated, however, that the filtering application may use any suitable programming language )
  • a software executive is executed in filtering circuitry 32
  • the software executive is an application which provides a framework for implementation of the system administrator's rules
  • the system administrator determines which rules should be applied to packets ente ⁇ ng the LAN switch and configures Java applets which, in conjunction with the software executive, implement these rules (Applets are small Java applications )
  • the Java applets are downloaded by the system administrator from one of the computers on the network to the LAN switch
  • the applets are then called by the software executive when a packet must be filtered
  • Various embodiments of the invention may allow users to overcome problems found in networks which do not incorporate the invention For example, as set forth above, packets which are routed from a
  • the system administrator can configure the filter associated with the computer so that no incoming or outgoing packets are allowed to pass through the associated port of the LAN switch The system administrator thereby prevents the computer from sending out incorrect address information and also prevents packets from being passed to the computer and lost This method of isolating the offending computer also

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

La présente invention concerne un réseau sûr pourvu de dispositif de contrôle du flux de paquets à l'intérieur du réseau. Dans un des modes de réalisation, le réseau comprend un groupe de dispositifs de réseau couplés ensemble à l'aide d'un commutateur LAN. Chaque dispositif de réseau est physiquement relié à un port du LAN. Chaque port présente un filtre de paquet qui reçoit au moins une partie d'un paquet arrivant au port et détermine si ce paquet est autorisé à passer par le port en question et acheminé à une adresse de destination. Les filtres peuvent utiliser la technique de filtrage ou d'autres techniques pour déterminer si les paquets sont conformes aux règles d'accès applicables. Ces règles d'accès sont déterminées par un administrateur de système puis téléchargées au commutateur LAN en vue de leur mise en oeuvre par les filtres. Chaque filtre peut mettre en oeuvre un ensemble différent de règles d'accès, les filtres pouvant être utilisés par l'administrateur pour établir des niveaux d'accès pour des dispositifs de réseau sélectionnés, ou pour isoler des dispositifs particuliers.
PCT/US2000/018988 1999-07-15 2000-07-12 Commutateur de reseau sur WO2001006726A2 (fr)

Priority Applications (4)

Application Number Priority Date Filing Date Title
EP00947264A EP1219075A2 (fr) 1999-07-15 2000-07-12 Commutateur de reseau sur
KR1020027000163A KR20020027471A (ko) 1999-07-15 2000-07-12 보안 네트워크 스위치
JP2001511049A JP2003505934A (ja) 1999-07-15 2000-07-12 安全なネットワーク・スイッチ
AU60904/00A AU6090400A (en) 1999-07-15 2000-07-12 Secure network switch

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US35429499A 1999-07-15 1999-07-15
US09/354,294 1999-07-15

Publications (2)

Publication Number Publication Date
WO2001006726A2 true WO2001006726A2 (fr) 2001-01-25
WO2001006726A3 WO2001006726A3 (fr) 2002-04-25

Family

ID=23392666

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/018988 WO2001006726A2 (fr) 1999-07-15 2000-07-12 Commutateur de reseau sur

Country Status (5)

Country Link
EP (1) EP1219075A2 (fr)
JP (1) JP2003505934A (fr)
KR (1) KR20020027471A (fr)
AU (1) AU6090400A (fr)
WO (1) WO2001006726A2 (fr)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002084916A3 (fr) * 2001-04-11 2002-12-05 Firebridge Systems Pty Ltd Systeme de securite de reseau
GB2379124A (en) * 2001-06-07 2003-02-26 Nokia Corp Directing packets only to permitted area network devices
WO2003094464A1 (fr) * 2002-05-01 2003-11-13 Firebridge Systems Pty Ltd Pare-feu de type stateful inspection
EP1294156A3 (fr) * 2001-09-13 2004-01-02 Kabushiki Kaisha Toshiba Système et procédé de transfert de paquets dans un réseau avec surveillance des paquets malveillants
WO2004012418A1 (fr) * 2002-07-31 2004-02-05 Cisco Technology, Inc. Procede et dispositif permettant l'inspection des protocoles d'association d'adresses inter-couches
EP1528748A1 (fr) * 2003-10-27 2005-05-04 Marconi Intellectual Property (Ringfence) Inc. Système et procédé de gestion de réseaux informatiques.
AU2003227123B2 (en) * 2002-05-01 2007-01-25 Firebridge Systems Pty Ltd Firewall with stateful inspection
WO2007118071A3 (fr) * 2006-04-05 2008-02-07 Honeywell Int Inc Appareil et procédé assurant la sécurité d'un réseau

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI244297B (en) * 2002-06-12 2005-11-21 Thomson Licensing Sa Apparatus and method adapted to communicate via a network
JP3840211B2 (ja) * 2003-08-20 2006-11-01 株式会社東芝 通信制御装置、通信制御システム、通信制御方法および通信制御プログラム
JP6246036B2 (ja) * 2014-03-19 2017-12-13 三菱電機株式会社 中継装置
KR101922642B1 (ko) 2018-06-29 2019-02-20 주식회사 트루네트웍스 네트워크 이중 스위칭 장치
KR102234418B1 (ko) * 2019-11-08 2021-03-31 한화시스템 주식회사 네트워크 장치

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4899333A (en) * 1988-03-31 1990-02-06 American Telephone And Telegraph Company At&T Bell Laboratories Architecture of the control of a high performance packet switching distribution network
US5568613A (en) * 1992-09-03 1996-10-22 Ungermann-Bass, Inc. Dataframe bridge filter with communication node recordkeeping
US5559883A (en) * 1993-08-19 1996-09-24 Chipcom Corporation Method and apparatus for secure data packet bus communication
US5835726A (en) * 1993-12-15 1998-11-10 Check Point Software Technologies Ltd. System for securing the flow of and selectively modifying packets in a computer network
US5790554A (en) * 1995-10-04 1998-08-04 Bay Networks, Inc. Method and apparatus for processing data packets in a network

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002084916A3 (fr) * 2001-04-11 2002-12-05 Firebridge Systems Pty Ltd Systeme de securite de reseau
GB2379124A (en) * 2001-06-07 2003-02-26 Nokia Corp Directing packets only to permitted area network devices
GB2379124B (en) * 2001-06-07 2004-12-08 Nokia Corp Security in area networks
EP1294156A3 (fr) * 2001-09-13 2004-01-02 Kabushiki Kaisha Toshiba Système et procédé de transfert de paquets dans un réseau avec surveillance des paquets malveillants
AU2003227123B2 (en) * 2002-05-01 2007-01-25 Firebridge Systems Pty Ltd Firewall with stateful inspection
WO2003094464A1 (fr) * 2002-05-01 2003-11-13 Firebridge Systems Pty Ltd Pare-feu de type stateful inspection
US7512781B2 (en) 2002-05-01 2009-03-31 Firebridge Systems Pty Ltd. Firewall with stateful inspection
US7346057B2 (en) 2002-07-31 2008-03-18 Cisco Technology, Inc. Method and apparatus for inter-layer binding inspection to prevent spoofing
WO2004012418A1 (fr) * 2002-07-31 2004-02-05 Cisco Technology, Inc. Procede et dispositif permettant l'inspection des protocoles d'association d'adresses inter-couches
US7830898B2 (en) 2002-07-31 2010-11-09 Cisco Technology, Inc. Method and apparatus for inter-layer binding inspection
EP1528748A1 (fr) * 2003-10-27 2005-05-04 Marconi Intellectual Property (Ringfence) Inc. Système et procédé de gestion de réseaux informatiques.
US7613195B2 (en) 2003-10-27 2009-11-03 Telefonaktiebolaget L M Ericsson (Publ) Method and system for managing computer networks
WO2007118071A3 (fr) * 2006-04-05 2008-02-07 Honeywell Int Inc Appareil et procédé assurant la sécurité d'un réseau

Also Published As

Publication number Publication date
WO2001006726A3 (fr) 2002-04-25
JP2003505934A (ja) 2003-02-12
KR20020027471A (ko) 2002-04-13
AU6090400A (en) 2001-02-05
EP1219075A2 (fr) 2002-07-03

Similar Documents

Publication Publication Date Title
US7873038B2 (en) Packet processing
US6954775B1 (en) Parallel intrusion detection sensors with load balancing for high speed networks
US7146421B2 (en) Handling state information in a network element cluster
US9716690B2 (en) Integrated security switch
EP2595357B1 (fr) Procédé effectué par un dispositif de réseau et système pour gestion de paquets
US6578147B1 (en) Parallel intrusion detection sensors with load balancing for high speed networks
US8054833B2 (en) Packet mirroring
US7792990B2 (en) Remote client remediation
US9185129B2 (en) Method and apparatus for preventing DOS attacks on trunk interfaces
US8045550B2 (en) Packet tunneling
US20080189769A1 (en) Secure network switching infrastructure
US8130756B2 (en) Tunnel configuration associated with packet checking in a network
AU2002327757A1 (en) Method and apparatus for implementing a layer 3/layer 7 firewall in an L2 device
US20050207420A1 (en) Parallel intrusion detection sensors with load balancing for high speed networks
US8675652B2 (en) Packet processing with adjusted access control list
JP2006339933A (ja) ネットワークアクセス制御方法、およびシステム
EP1540921B1 (fr) Procede et dispositif permettant l'inspection des protocoles d'association d'adresses inter-couches
JP2014529259A (ja) ファイアウォールクラスターにおけるアプリケーション状態共有
EP1219075A2 (fr) Commutateur de reseau sur
JP2014526739A (ja) ファイアウォールクラスターにおける認証共有
EP2014018B1 (fr) Police de résolution configurable pour défauts de caractéristiques de commutation de données
US6915351B2 (en) Community separation control in a closed multi-community node
US20050086524A1 (en) Systems and methods for providing network security with zero network footprint
DePriest Network security considerations in TCP/IP-based manufacturing automation
US8561166B2 (en) Efficient implementation of security applications in a networked environment

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 1020027000163

Country of ref document: KR

WWE Wipo information: entry into national phase

Ref document number: 2000947264

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1020027000163

Country of ref document: KR

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWP Wipo information: published in national office

Ref document number: 2000947264

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 2000947264

Country of ref document: EP