WO2004010659A1 - Procede et systeme de filtrage de paquets en fonction d'adresses de sources et de destination - Google Patents

Procede et systeme de filtrage de paquets en fonction d'adresses de sources et de destination Download PDF

Info

Publication number
WO2004010659A1
WO2004010659A1 PCT/FI2003/000577 FI0300577W WO2004010659A1 WO 2004010659 A1 WO2004010659 A1 WO 2004010659A1 FI 0300577 W FI0300577 W FI 0300577W WO 2004010659 A1 WO2004010659 A1 WO 2004010659A1
Authority
WO
WIPO (PCT)
Prior art keywords
firewall
filtering
rules
telecommunication
terminal device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/FI2003/000577
Other languages
English (en)
Inventor
Toni Piponius
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
TYCHO TECHNOLOGIES Oy
Original Assignee
TYCHO TECHNOLOGIES Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by TYCHO TECHNOLOGIES Oy filed Critical TYCHO TECHNOLOGIES Oy
Priority to AU2003246751A priority Critical patent/AU2003246751A1/en
Publication of WO2004010659A1 publication Critical patent/WO2004010659A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W40/00Communication routing or communication path finding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support

Definitions

  • the invention relates to telecommunication technique.
  • the invention relates to a method and system for filtering telecommunication in a telecommunication network.
  • firewalls can be implemented either purely as a software application or as a hardware specifically designed for filtering.
  • a firewall is used to filter incoming traffic, but the filtering of outgoing traffic is also possible. This is advantageous e.g. in situa- tions in which one wishes to make sure that it is not possible to transfer information e.g. by means of back gate programs.
  • the firewall is arranged in the network to be protected in such a manner that all the traffic going from the network into the outside world goes through the same firewall. In .case there, are other possible routes to the network, they must be protected with corresponding firewalls because the level of protection of the network is determined based on the weakest link.
  • Telecommunication can be filtered based on various principles. Typically, the filtering regards, however, the filtering of certain protocols and addresses.
  • the firewall is configured such that it is possible to connect to the network only to certain server devices, and the rest of the network is invisible to the outside world.
  • the access may also be determined in such a manner that some de- vices can be connected only from determined addresses .
  • the actual filtering is based on rules.
  • the maintainer of the firewall system creates a number of rules which are gone through in a certain order. In the rules it is e.g. possible to describe to what addresses the traffic is allowed or from what addresses the traffic is automatically rejected.
  • the set of rules applies to the whole network, and making exceptions is possible by adding new rules.
  • the rules may consist of sub rules . . For example, each allowed address need not have to have its own rule, instead in the set of rules, one rule is created to which a set of sub rules or addresses are saved from which the incoming traffic is allowed.
  • the problem with the prior-art list of rules is their big size. In case there are thousands of devices included in the network to be protected, the list of rules may grow remarkably big. The firewall must, however, check the whole list for each incoming packet. If the packet is rejected, it is possible to stop going through the list as the rejecting rule is realized. Correspondingly, as concerns the allowed traffic, the list is gone through up to the accepting rule. This adds to the power requirements of the firewall and adds to the risk of error.
  • a conventional firewall is not suitable for filtering wireless terminal devices, since the firewall is arranged in between the company intranet and the public network.
  • the user When using a wireless terminal device the user first connects to the public network and proceeds via it to the protected network of the company behind • the firewall. In that case, the wire- less terminal device is left without the protection of the firewall, so that it must have a firewall application of its own.
  • firewalls of this kind are quite heavy applications, especially for wireless terminal devices.
  • a prior-art solution is to place another firewall' in the premises of the provider of the wireless data transfer service, but this makes it dif- ficult to answer to the individual needs of the client, especially in situations in which the clients wish to change the settings of their firewalls frequently.
  • Reference publication WO 02/23831 discloses a system in which there is a specific access node arranged in the wireless telecommunication network.
  • the access node is preferably placed in the GGSN component (Gateway GPRS Support Node) .
  • the filtering is started based on a separate filtering request.
  • the filtering request is transmitted to the access node each time serving.
  • the client's terminal device is left with- out protection.
  • the changes and the filtering request are made by means of a separate program arranged in the terminal device, so there must be capacity in the terminal device for running the program.
  • addresses to be dynamically allocated create a problem for a conventional firewall in the wireless environment.
  • the addresses to be dynamically allocated are allocated from a certain space.
  • the address may be any as such. In that case, the rules of the firewall must be changed in real time.
  • the objective of the invention is to eliminate the disadvantages referred to above, or at least significantly to alleviate them.
  • One specific objective of the invention is to disclose a new type of filtering method and system of telecommunication specifically for filtering the telecommunication of mo- bile devices.
  • the present invention relates to a new type of firewall solution that is particularly advantageous when using wireless terminal devices that move within the public network.
  • the addresses of the terminal devices can be allocated dynamically, and they need not be allocated from a protected network or from an oth- erwise restricted address space.
  • the system according to the invention includes at least two terminal devices, a firewall component and a telecommunication system.
  • the telecommunication system may be e.g. a conventional mobile com- munication network in which the data traffic is transmitted by means of packet switching.
  • the telecommunication may also be transmitted to another public network, such as the Internet.
  • the firewall is placed in the telecommunication system such that all the traffic goes through the firewall.
  • the firewall is arranged to retrieve the rules from a database which is common to all the firewall components of the telecommunication network. Since the terminal devices may be disposed in the same cell, the firewall component must be arranged such that also the internal traffic of the cell gets filtered.
  • the telecommunication goes through the component that is aware of the location of the terminal device.
  • the firewall component of the invention is advantageous to arrange in conjunction with the component that is aware of the location of the terminal device. In case the terminal devices are located in the same cell, the telecommunication can be filtered directly without directing the traffic to a separate firewall component.
  • the telecommunication is filtered step by step for each terminal device specifically.
  • the firewall component first checks the firewall settings of the terminal's own. In case the transmission of the packet in question is not allowed, the packet is immediately rejected. In case the packet is allowed, it is forwarded further.
  • the collection of rules of the recipient is loaded.
  • the rules of the recipient allow the reception of the telecommunication, the packets are transmitted to their destination.
  • the order of the filtering rules is not important from the point of view of the application, instead they may be arranged as desired.
  • the present invention improves the information security of terminal devices.
  • the invention is particularly advantageous because by means of the system according to the invention the client can customize his or her own firewall application without changing the terminal device or acquiring a separate firewall application in his or her terminal device.
  • the invention is advantageous because by means of it is possible to eliminate unnecessary telecommunication.
  • the sys- tem according to the invention is advantageous for controlling a big number of devices.
  • the filtering rules allocated for each terminal device specifically can be retrieved from the database by means of a unique identifier of the terminal device. If as the identifier, e.g. the IMSI number of the terminal device is used, then the terminal's telecommunication address, typically the IP address, need not be fixed but can be dynamically allocated from anywhere from the address space.
  • Fig. 1 shows one embodiment of the firewall system according to the invention
  • Fig. 2 shows the system as shown in Fig. 2 in more detail
  • Fig. 3 shows a functional block diagram of the system according to Fig. 1, and
  • Fig. 4 shows a firewall component according to the invention.
  • the system as shown in Fig. 1 comprises two telecommunication networks 12 and 13 independent of each other.
  • Connected to the telecommunication network 12 are terminal devices MTE and DTE1.
  • Connected to the telecommunication network 13 is a terminal device DTE2.
  • the present invention does not limit the number of terminal devices connected to the telecommunication networks, instead there may be several of them within the telecommunication network's own restrictions.
  • the networks are connected to each other by means of a firewall component FW, which filters the traffic between the networks.
  • the telecommunication in Fig. 1 is illustrated by means of two connections. Connection 11 represents the internal traffic of the telecommunication network 12, and connection 10 represents the traffic between the telecommunication networks.
  • the telecommunication connection 10 represents a typical connection from a mobile terminal device DTE1 to a server or to the second terminal device DTE2.
  • the mobile terminal device may be connected to the information network e.g. by means of a mobile station or a wireless local area network.
  • the terminal device DTE1 utilising the telecommunication connection 10 establishes a connection via the first telecommunication network 12. Since the traffic is di- rected to the second telecommunication network 13, it is directed through the firewall component FW.
  • the firewall component FW filters based on predetermined rules.
  • the filtered message is forwarded to the destination DTE2.
  • the telecommunication connection 11 represents a connection in which the mobile terminal devices communicate directly with each other.
  • Fig. 2 shows the system of Fig. 1 in more detail.
  • the first telecommunication network is a mobile communication network provided with the GPRS facility (General Packet Radio Service) that includes base stations BTS1 and BTS2 (Base Transceiver Station) .
  • GPRS facility General Packet Radio Service
  • the cell -specific components of the base station BTS1 include base station controller BSC1, serving GPRS support node SGSN1 and gateway GPRS support node GGSNl .
  • the corresponding components of the base station BTS2 are BSC2 , SGSN2 and GGSN2.
  • a GPRS core network 20 is arranged in between the service nodes and gateway nodes.
  • the firewall component of the telecommunication system is arranged for each cell specifically.
  • the firewall components FWl and FW2 are components of the first telecommunication system, and they are connected to the common database of rules DB.
  • the embodiment according to the invention uses advantageously the database of rules, but if necessary, the rules may also be downloaded from the terminal device as the terminal device connects to the network.
  • the firewall components are connected to the second telecommunication network 21, which may be e.g. the Internet.
  • the terminal device TE4 of Fig. 2 is located in the local area network separated from the internet by means of a firewall FW3.
  • the firewall FW3 is typically a conventional firewall solution, but if necessary, also it can be connected to the database of rules DB. In Fig. 2, substantial from the point of view of the invention is the placing of the firewall component.
  • the GPRS traffic is routed such that the trans- mitted and received packets always go through the gateway GGSN.
  • the gateway directly routes the traffic back to where it came from. Since the firewall component must be arranged in the telecommunication network such that all the packets go through the firewall, the firewall cannot be placed behind the gateway GGSN. If the firewall is placed behind the gateway, then all the packets must be routed also to the firewall.
  • the firewall components FWl and FW2 have been depicted as being located in front of the gateways GGSNl and GGSN2. In the most preferred implementation mode, the firewall component is arranged in conjunction with the gateway. In that case, all the packets go through the firewall component.
  • Fig. 3 illustrates the operation of one embodiment of the filtering system according to the invention.
  • the operation of the embodiment starts with the receiving of a packet, step 31.
  • the address has been received, it is checked whether the address belongs to a wireless terminal device, step 32.
  • the identifier corresponding to the address is retrieved, step 33.
  • the identifier of the address e.g. the IMSI code of the mobile station or some other corresponding unique identifier saved to the SIM card can be used.
  • the relationship between the address and the identifier can be saved to a cache memory for a prescribed time.
  • the information can be saved e.g. when the user logs into the network or out of the network.
  • the piece of identification information corresponding to the piece of address information can be retrieved from an external database or from a network component .
  • the external network component is a GGSN. It must be noted that when necessary, by means of the piece of identification information it is also possi- I2003/000577
  • the filtering rules of the transmitting terminal device are retrieved, step 34. Since the filtering rules are retrieved based on the user's identifier, the IP address of the terminal device need not be fixed. In case the terminal device has no separate address, default, rules can be used, or the traffic can be transmitted without filtering.
  • the firewall component interprets the filtering rules and checks whether the packet is in accordance with the rules, step 35. In case the packet is against the rules, it is rejected, step 36. If the packet is in accordance with the rules of the sender, the default rules of the service are retrieved, step 37.
  • the service provider can determine what services can be used in the network. Additional services can be activated with an additional charge, in which case the user's information has an effect on the service rules to be loaded.
  • the client can also order an unlimited service in which no service rules are loaded.
  • the packet is filtered based on the destination address. If the service rules are fulfilled, the destination address of the packet is retrieved, step 310.
  • the address has been received, it is checked whether the address belongs to a wireless terminal device, step 311. In case the terminal device is wireless, the identifier corresponding to the address is retrieved, step 312.
  • the filtering rules of the transmitting terminal device are T FI2003/000577
  • the firewall component interprets the filtering rules and checks whether the packet is in accordance with the rules, step 314. In case the packet is against the rules, it is rejected, step 315. In case the packet is allowed, it is transmitted to the recipient, step 316.
  • the firewall application according to the invention can also be configured in some other manner.
  • the telecommunication can be filtered in a firewall also in such a manner that the firewall application first retrieves all the rules and then interpreters them all in a row.
  • the filtering described above can be arranged to be assigned to the first firewall, but the task can also be divided be- tween the firewall of both the transmitting and receiving cell.
  • the firewall also functions in situations in which the clients are located in the networks of different operators and the operators do not have a common data- base of rules.
  • the traffic can be first filtered e.g. based on the unique rules of the sender and then based on the group-specific rules of the sender. In case both rules are fulfilled, one proceeds to the rules of the service provider.
  • the rules of the recipient can be divided into unique ones and group-specific ones.
  • each user has got his or her own rules, which are divided into incoming and outgoing traffic. The users can freely modify these rules.
  • the rules are indexed based on the user's address informa- tion or the address identifier. In this manner, the client's rules can be easily managed and quickly re- trieved.
  • the system according to the invention enables one to arrange unique rules for a big number of users .
  • Fig. 4 shows the firewall component FW according to the invention.
  • the firewall component FW receives incoming traffic IN.
  • the firewall is provided with means 40 for filtering the telecommunication based on the sender's filtering rules and means 41 for filtering the telecommunication based on the recipient's filter- ing rules.
  • the firewall FW is provided with means 42 for filtering the telecommunication based on the service provider's rules.
  • Each filtering rule is handled separately.
  • the number of filtering means can be added, if necessary. Additional rules of this kind can include e.g. group-specific rules.
  • the rules can be saved to the firewall FW, or they can be retrieved from a separate database server DB .
  • the firewall can further comprise means 43 for establishing a connection between the address of the public network of the user, e.g. a dynamic IP address, and the unique identifier of the terminal device, e.g. an IMSI code.
  • the invention is not limited merely to the examples of its embodiments referred to above, instead many variations are possible within the scope of the inventive idea defined in the claims.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

L'invention concerne le filtrage de télécommunication dans le réseau, dans lequel les dispositifs connectés au réseau possèdent des règles de filtrage spécifiques. Un composant coupe-feu (F) est prévu dans le réseau de communication, si bien que toute la télécommunication passe par ledit composant coupe-feu (FW). Ledit composant coupe-feu (FW) est connecté à un serveur de base de données (DB) dans lequel les règles de filtrage sont sauvegardées. Il est possible de connecter plusieurs composants coupe-feu (FW) à la même base de données. Le composant coupe-feu (FW) extrait de la base de données (DB)les règles de filtrage de l'expéditeur et du destinataire en fonction d'informations d'identification uniques. Par ailleurs, il est possible d'extraire, de la base de données, les règles de filtrage du fournisseur de service ou des règles de filtrage supplémentaires comme des règles spécifiques de groupes. Chaque règle est gérée séparément, et lorsque la télécommunication correspond à toutes les règles, sa transmission continue.
PCT/FI2003/000577 2002-07-24 2003-07-22 Procede et systeme de filtrage de paquets en fonction d'adresses de sources et de destination Ceased WO2004010659A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003246751A AU2003246751A1 (en) 2002-07-24 2003-07-22 Method and system for filtering packets based on source- and destination addresses

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FI20021407 2002-07-24
FI20021407A FI20021407A7 (fi) 2002-07-24 2002-07-24 Tietoliikenteen suodattaminen

Publications (1)

Publication Number Publication Date
WO2004010659A1 true WO2004010659A1 (fr) 2004-01-29

Family

ID=8564377

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2003/000577 Ceased WO2004010659A1 (fr) 2002-07-24 2003-07-22 Procede et systeme de filtrage de paquets en fonction d'adresses de sources et de destination

Country Status (3)

Country Link
AU (1) AU2003246751A1 (fr)
FI (1) FI20021407A7 (fr)
WO (1) WO2004010659A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2425912A (en) * 2005-05-04 2006-11-08 Psytechnics Ltd Packet filtering
US8079073B2 (en) 2006-05-05 2011-12-13 Microsoft Corporation Distributed firewall implementation and control
US8122492B2 (en) 2006-04-21 2012-02-21 Microsoft Corporation Integration of social network information and network firewalls
US8176157B2 (en) 2006-05-18 2012-05-08 Microsoft Corporation Exceptions grouping

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999005828A1 (fr) * 1997-07-25 1999-02-04 Telefonaktiebolaget Lm Ericsson (Publ) Qualite dynamique de reservation de service dans un reseau de communications mobile
US5951651A (en) * 1997-07-23 1999-09-14 Lucent Technologies Inc. Packet filter system using BITMAP vector of filter rules for routing packet through network
EP1119151A2 (fr) * 2000-01-18 2001-07-25 Lucent Technologies Inc. Procédé et appareil pour analyser un ou plusieurs garde-barrières

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5951651A (en) * 1997-07-23 1999-09-14 Lucent Technologies Inc. Packet filter system using BITMAP vector of filter rules for routing packet through network
WO1999005828A1 (fr) * 1997-07-25 1999-02-04 Telefonaktiebolaget Lm Ericsson (Publ) Qualite dynamique de reservation de service dans un reseau de communications mobile
EP1119151A2 (fr) * 2000-01-18 2001-07-25 Lucent Technologies Inc. Procédé et appareil pour analyser un ou plusieurs garde-barrières

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2425912A (en) * 2005-05-04 2006-11-08 Psytechnics Ltd Packet filtering
US8122492B2 (en) 2006-04-21 2012-02-21 Microsoft Corporation Integration of social network information and network firewalls
US8079073B2 (en) 2006-05-05 2011-12-13 Microsoft Corporation Distributed firewall implementation and control
US8176157B2 (en) 2006-05-18 2012-05-08 Microsoft Corporation Exceptions grouping

Also Published As

Publication number Publication date
FI20021407L (fi) 2004-01-25
AU2003246751A1 (en) 2004-02-09
FI20021407A7 (fi) 2004-01-25
FI20021407A0 (fi) 2002-07-24

Similar Documents

Publication Publication Date Title
JP4166942B2 (ja) 移動無線網用インターネットプロトコルトラフィックフィルタ
US6885870B2 (en) Transferring of a message
US6836477B1 (en) Methods and systems for routing messages in a communications network
JP4644681B2 (ja) 無線通信装置に宛てた不要なトラフィックを制御する装置および方法
EP1082648B1 (fr) Procede de transmission de messages multimedia et systeme de communication de messages multimedia
US7127489B2 (en) Messaging service
CN1663204B (zh) 网关装置和在该网关装置中的信号处理方法
EP2082329B1 (fr) Système et procédé de réacheminement des requêtes
CN101926153A (zh) 用于对网络资源进行池处理的方法和设备
WO2003040943A1 (fr) Gestion des regles de congestion au niveau cellulaire
MX2011001589A (es) Sistema de control de comunicacion, sistema de comunicacion y metodo de control de comunicacion.
EP1247378A1 (fr) Procedes et systemes permettant d'acheminer des messages dans un reseau de communication
CN1126329C (zh) 通过通信网发送代理程序的方法和系统
CN102265563A (zh) 识别通信网络中的业务流的方法和设备
WO2004010659A1 (fr) Procede et systeme de filtrage de paquets en fonction d'adresses de sources et de destination
CZ302539B6 (cs) Zpusob provádení kontrolních opatrení v paketove orientovaných telekomunikacních a datových sítích
WO2001024460A1 (fr) Routeur de reseau de donnees intelligent
US7082121B1 (en) System, device, and method for interworking between a broadband SS7 network and an internet protocol network to provide transport of connection oriented information
WO2005041475A1 (fr) Ensembles et procedes relatifs a la securite dans des reseaux assurant la communication de paquets de donnees
US20230319684A1 (en) Resource filter for integrated networks
EP1952604B1 (fr) PROCEDE, APPAREIL ET PROGRAMME INFORMATIQUE POUR CONTROLE D'ACCES& x9;¨
CA3130666C (fr) Traitement gtp-c distribue multicouche
JPH11355353A (ja) 呼番号とインタ―ネット発信アドレスで構成されるペアの使用方法
US20040141507A1 (en) Method and device for controlling paths for ip connection in a user-specific communication network
RU2005125203A (ru) Способ и сеть мобильной дистанционной радиосвязи для передачи пакетных данных

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP