WO2005045642A3 - Secure, standards-based communications across a wide-area network - Google Patents

Secure, standards-based communications across a wide-area network Download PDF

Info

Publication number
WO2005045642A3
WO2005045642A3 PCT/US2004/036948 US2004036948W WO2005045642A3 WO 2005045642 A3 WO2005045642 A3 WO 2005045642A3 US 2004036948 W US2004036948 W US 2004036948W WO 2005045642 A3 WO2005045642 A3 WO 2005045642A3
Authority
WO
WIPO (PCT)
Prior art keywords
wide
standards
secure
area network
based communications
Prior art date
Application number
PCT/US2004/036948
Other languages
French (fr)
Other versions
WO2005045642A2 (en
Inventor
Nehru Bhandaru
Michael Carrafiello
Michael Cook
Webster Gaidos
Owais Hassan
Susan Hares
Albert Lew
David Morris
Martin Mueller
Michael Vakulenko
Original Assignee
Nexthop Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nexthop Technologies Inc filed Critical Nexthop Technologies Inc
Priority to CA002545272A priority Critical patent/CA2545272A1/en
Priority to JP2006539669A priority patent/JP2007532043A/en
Priority to EP04810412A priority patent/EP1692595A2/en
Publication of WO2005045642A2 publication Critical patent/WO2005045642A2/en
Publication of WO2005045642A3 publication Critical patent/WO2005045642A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/50Routing or path finding of packets in data switching networks using label swapping, e.g. multi-protocol label switch [MPLS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/162Implementing security features at a particular protocol layer at the data link layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/084Access security using delegated authorisation, e.g. open authorisation [OAuth] protocol
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/086Access security using security domains
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/088Access security using filters or firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/02Data link layer protocols

Abstract

A system and method are disclosed to extend security from enterprise networks to wide-area networks by allowing secure connectivity to the enterprise layer-2 network (211) across a wide-area layer-3 network, such as the Internet.
PCT/US2004/036948 2003-11-04 2004-11-04 Secure, standards-based communications across a wide-area network WO2005045642A2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CA002545272A CA2545272A1 (en) 2003-11-04 2004-11-04 Secure, standards-based communications across a wide-area network
JP2006539669A JP2007532043A (en) 2003-11-04 2004-11-04 Secure standard-based communication across wide area networks
EP04810412A EP1692595A2 (en) 2003-11-04 2004-11-04 Secure, standards-based communications across a wide-area network

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US51699703P 2003-11-04 2003-11-04
US60/516,997 2003-11-04

Publications (2)

Publication Number Publication Date
WO2005045642A2 WO2005045642A2 (en) 2005-05-19
WO2005045642A3 true WO2005045642A3 (en) 2007-04-19

Family

ID=34572905

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2004/036948 WO2005045642A2 (en) 2003-11-04 2004-11-04 Secure, standards-based communications across a wide-area network

Country Status (5)

Country Link
US (1) US20050223111A1 (en)
EP (1) EP1692595A2 (en)
JP (1) JP2007532043A (en)
CA (1) CA2545272A1 (en)
WO (1) WO2005045642A2 (en)

Families Citing this family (89)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7188364B2 (en) 2001-12-20 2007-03-06 Cranite Systems, Inc. Personal virtual bridged local area networks
US7120791B2 (en) * 2002-01-25 2006-10-10 Cranite Systems, Inc. Bridged cryptographic VLAN
US7986937B2 (en) * 2001-12-20 2011-07-26 Microsoft Corporation Public access point
FR2855697B1 (en) * 2003-05-26 2005-09-23 At & T Corp IPv4-BASED DATA CONVERSION SYSTEM IN IPv6-BASED DATA TO BE TRANSMITTED THROUGH IP-SWITCHED NETWORK
US10375023B2 (en) 2004-02-20 2019-08-06 Nokia Technologies Oy System, method and computer program product for accessing at least one virtual private network
US7639656B2 (en) * 2004-04-28 2009-12-29 Symbol Technologies, Inc. Protocol for communication between access ports and wireless switches
US9232338B1 (en) * 2004-09-09 2016-01-05 At&T Intellectual Property Ii, L.P. Server-paid internet access service
JP4074283B2 (en) * 2004-09-28 2008-04-09 株式会社東芝 COMMUNICATION DEVICE, COMMUNICATION SYSTEM, AND COMMUNICATION METHOD
US7734051B2 (en) * 2004-11-30 2010-06-08 Novell, Inc. Key distribution
US20070152076A1 (en) * 2004-12-13 2007-07-05 Chiang Kuo C Monitoring system with a wireless transmitting/receiving module
US20060184651A1 (en) * 2005-02-11 2006-08-17 Srikanthan Tirnumala Architecture for general purpose trusted virtual client and methods therefor
US7529925B2 (en) 2005-03-15 2009-05-05 Trapeze Networks, Inc. System and method for distributing keys in a wireless network
JPWO2006098279A1 (en) * 2005-03-16 2008-08-21 日本電気株式会社 Wireless network connection support device, connection support system, connection support method and program using the same
US8126145B1 (en) 2005-05-04 2012-02-28 Marvell International Ltd. Enhanced association for access points
US7746866B2 (en) * 2005-05-13 2010-06-29 Intel Corporation Ordered and duplicate-free delivery of wireless data frames
US7653011B2 (en) * 2005-05-31 2010-01-26 Cisco Technology, Inc. Spanning tree protocol for wireless networks
US7787361B2 (en) * 2005-07-29 2010-08-31 Cisco Technology, Inc. Hybrid distance vector protocol for wireless mesh networks
US7660318B2 (en) * 2005-09-20 2010-02-09 Cisco Technology, Inc. Internetworking support between a LAN and a wireless mesh network
JP4629573B2 (en) * 2005-09-20 2011-02-09 富士通フロンテック株式会社 Wireless system activation and its program
WO2007044986A2 (en) 2005-10-13 2007-04-19 Trapeze Networks, Inc. System and method for remote monitoring in a wireless network
US7573859B2 (en) 2005-10-13 2009-08-11 Trapeze Networks, Inc. System and method for remote monitoring in a wireless network
US8638762B2 (en) 2005-10-13 2014-01-28 Trapeze Networks, Inc. System and method for network integrity
US7551619B2 (en) 2005-10-13 2009-06-23 Trapeze Networks, Inc. Identity-based networking
US7724703B2 (en) 2005-10-13 2010-05-25 Belden, Inc. System and method for wireless network monitoring
US8250587B2 (en) 2005-10-27 2012-08-21 Trapeze Networks, Inc. Non-persistent and persistent information setting method and system for inter-process communication
US20070106778A1 (en) * 2005-10-27 2007-05-10 Zeldin Paul E Information and status and statistics messaging method and system for inter-process communication
US20070110024A1 (en) * 2005-11-14 2007-05-17 Cisco Technology, Inc. System and method for spanning tree cross routes
US20070230470A1 (en) * 2006-03-28 2007-10-04 Redeye Networks, Inc. Virtual collapsed backbone network architecture
US7558266B2 (en) 2006-05-03 2009-07-07 Trapeze Networks, Inc. System and method for restricting network access using forwarding databases
US8966018B2 (en) 2006-05-19 2015-02-24 Trapeze Networks, Inc. Automated network device configuration and network deployment
US8818322B2 (en) 2006-06-09 2014-08-26 Trapeze Networks, Inc. Untethered access point mesh system and method
US9258702B2 (en) 2006-06-09 2016-02-09 Trapeze Networks, Inc. AP-local dynamic switching
US7912982B2 (en) 2006-06-09 2011-03-22 Trapeze Networks, Inc. Wireless routing selection system and method
US9191799B2 (en) 2006-06-09 2015-11-17 Juniper Networks, Inc. Sharing data between wireless switches system and method
US7844298B2 (en) 2006-06-12 2010-11-30 Belden Inc. Tuned directional antennas
US8417868B2 (en) * 2006-06-30 2013-04-09 Intel Corporation Method, apparatus and system for offloading encryption on partitioned platforms
US7724704B2 (en) 2006-07-17 2010-05-25 Beiden Inc. Wireless VLAN system and method
US7793103B2 (en) * 2006-08-15 2010-09-07 Motorola, Inc. Ad-hoc network key management
US7734052B2 (en) 2006-09-07 2010-06-08 Motorola, Inc. Method and system for secure processing of authentication key material in an ad hoc wireless network
US8578159B2 (en) * 2006-09-07 2013-11-05 Motorola Solutions, Inc. Method and apparatus for establishing security association between nodes of an AD HOC wireless network
US7707415B2 (en) * 2006-09-07 2010-04-27 Motorola, Inc. Tunneling security association messages through a mesh network
US8340110B2 (en) 2006-09-15 2012-12-25 Trapeze Networks, Inc. Quality of service provisioning for wireless networks
EP2070345B1 (en) 2006-09-21 2019-11-13 T-Mobile USA, Inc. Wireless device registration, such as automatic registration of a wi-fi enabled device
US8046820B2 (en) * 2006-09-29 2011-10-25 Certes Networks, Inc. Transporting keys between security protocols
US8072952B2 (en) 2006-10-16 2011-12-06 Juniper Networks, Inc. Load balancing
US8332639B2 (en) * 2006-12-11 2012-12-11 Verizon Patent And Licensing Inc. Data encryption over a plurality of MPLS networks
US8161543B2 (en) * 2006-12-22 2012-04-17 Aruba Networks, Inc. VLAN tunneling
US7873061B2 (en) 2006-12-28 2011-01-18 Trapeze Networks, Inc. System and method for aggregation and queuing in a wireless network
WO2008083339A2 (en) 2006-12-28 2008-07-10 Trapeze Networks, Inc. Application-aware wireless network system and method
US8799648B1 (en) * 2007-08-15 2014-08-05 Meru Networks Wireless network controller certification authority
US8902904B2 (en) 2007-09-07 2014-12-02 Trapeze Networks, Inc. Network assignment based on priority
US8509128B2 (en) 2007-09-18 2013-08-13 Trapeze Networks, Inc. High level instruction convergence function
US8108911B2 (en) * 2007-11-01 2012-01-31 Comcast Cable Holdings, Llc Method and system for directing user between captive and open domains
US8238942B2 (en) 2007-11-21 2012-08-07 Trapeze Networks, Inc. Wireless station location detection
US20090168780A1 (en) * 2007-12-31 2009-07-02 Nortel Networks Limited MPLS P node replacement using a link state protocol controlled ethernet network
US8150357B2 (en) 2008-03-28 2012-04-03 Trapeze Networks, Inc. Smoothing filter for irregular update intervals
CN102047226B (en) * 2008-04-14 2014-08-20 意大利电信股份公司 Distributed service framework
US8400990B1 (en) * 2008-04-28 2013-03-19 Dennis Volpano Global service set identifiers
US8474023B2 (en) 2008-05-30 2013-06-25 Juniper Networks, Inc. Proactive credential caching
US8978105B2 (en) 2008-07-25 2015-03-10 Trapeze Networks, Inc. Affirming network relationships and resource access via related networks
US8238298B2 (en) 2008-08-29 2012-08-07 Trapeze Networks, Inc. Picking an optimal channel for an access point in a wireless network
US8271775B2 (en) * 2008-12-17 2012-09-18 Cisco Technology, Inc. Layer two encryption for data center interconnectivity
CN101562813B (en) * 2009-05-12 2012-01-11 中兴通讯股份有限公司 Method for implementing real-time data service, real-time data service system and mobile terminal
US8965380B2 (en) * 2009-08-11 2015-02-24 Cisco Technology, Inc. System and method for providing access in a network environment
US8914520B2 (en) * 2009-11-16 2014-12-16 Cisco Technology, Inc. System and method for providing enterprise integration in a network environment
US8400921B2 (en) * 2010-03-17 2013-03-19 Cisco Technology, Inc. System and method for providing rate control in a network environment
US20110258236A1 (en) * 2010-04-16 2011-10-20 Iyer Pradeep J Secure Hotspot Roaming
US8351354B2 (en) * 2010-09-30 2013-01-08 Intel Corporation Privacy control for wireless devices
US8402120B1 (en) * 2010-11-04 2013-03-19 Adtran, Inc. System and method for locating and configuring network device
CN102869012B (en) * 2011-07-05 2018-11-06 横河电机株式会社 Device of wireless local area network access point and system and associated method
US8990892B2 (en) * 2011-07-06 2015-03-24 Cisco Technology, Inc. Adapting extensible authentication protocol for layer 3 mesh networks
JP5891793B2 (en) * 2012-01-05 2016-03-23 村田機械株式会社 Relay server
US9504089B2 (en) * 2012-05-14 2016-11-22 Broadcom Corporation System and method for wireless station bridging
US9801052B2 (en) * 2012-06-13 2017-10-24 Samsung Electronics Co., Ltd. Method and system for securing control packets and data packets in a mobile broadband network environment
CN103200172B (en) * 2013-02-19 2018-06-26 中兴通讯股份有限公司 A kind of method and system of 802.1X accesses session keepalive
US9392458B2 (en) * 2013-03-15 2016-07-12 Qualcomm Incorporated Authentication for relay deployment
US10298416B2 (en) * 2013-09-05 2019-05-21 Pismo Labs Technology Limited Method and system for converting a broadcast packet to a unicast packet at an access point
US9413666B2 (en) 2013-10-02 2016-08-09 Cisco Technology, Inc. Reporting radio access network congestion information in a network sharing environment
JP6450257B2 (en) * 2015-05-19 2019-01-09 株式会社Nttドコモ Wireless communication system
US10412088B2 (en) * 2015-11-09 2019-09-10 Silvercar, Inc. Vehicle access systems and methods
US10142886B2 (en) 2016-09-30 2018-11-27 Cisco Technology, Inc. System and method to facilitate group reporting of user equipment congestion information in a network environment
CN106793013A (en) * 2017-01-22 2017-05-31 深圳国人通信股份有限公司 Wireless access system and its exchange method based on L2TP
WO2018182604A1 (en) * 2017-03-30 2018-10-04 Intel Corporation Wifi protected access 2 (wpa2) pass-through virtualization
US10785683B2 (en) * 2017-03-30 2020-09-22 Maxlinear, Inc. Native fragmentation in WiFi protected access 2 (WPA2) pass-through virtualization protocol
US11283694B2 (en) * 2017-07-20 2022-03-22 Movius Interactive Corportion System and method providing usage analytics for a mobile device
US20190037613A1 (en) * 2017-07-31 2019-01-31 Qualcomm Incorporated Public wireless internet service (wisp) with authentication supported by mobile network operator (mno)
US10826945B1 (en) * 2019-06-26 2020-11-03 Syniverse Technologies, Llc Apparatuses, methods and systems of network connectivity management for secure access
US11582196B2 (en) 2020-11-02 2023-02-14 Datto, Inc. System for managing and controlling mesh virtual private network and method associated therewith
US20220330024A1 (en) * 2021-04-09 2022-10-13 Saudi Arabian Oil Company Third party remote access point on enterprise network

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6366563B1 (en) * 1999-12-22 2002-04-02 Mci Worldcom, Inc. Method, computer program product, and apparatus for collecting service level agreement statistics in a communication network
US7113996B2 (en) * 2000-07-21 2006-09-26 Sandy Craig Kronenberg Method and system for secured transport and storage of data on a network

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6081524A (en) * 1997-07-03 2000-06-27 At&T Corp. Frame relay switched data service
US6463285B1 (en) * 2000-02-09 2002-10-08 Lucent Technologies Inc. Arrangement for data exchange in a wireless communication system
WO2001067674A2 (en) * 2000-03-03 2001-09-13 Qualcomm Incorporated Method and apparatus for participating in group communication services in an existing communication system
US6856624B2 (en) * 2001-02-21 2005-02-15 Alcatel Temporary unique private address
US6944168B2 (en) * 2001-05-04 2005-09-13 Slt Logic Llc System and method for providing transformation of multi-protocol packets in a data stream
US7126952B2 (en) * 2001-09-28 2006-10-24 Intel Corporation Multiprotocol decapsulation/encapsulation control structure and packet protocol conversion method
EP2334129A3 (en) * 2002-10-18 2012-07-11 Kineto Wireless, Inc. Method and apparatuses for paging a telecommunication device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6366563B1 (en) * 1999-12-22 2002-04-02 Mci Worldcom, Inc. Method, computer program product, and apparatus for collecting service level agreement statistics in a communication network
US7113996B2 (en) * 2000-07-21 2006-09-26 Sandy Craig Kronenberg Method and system for secured transport and storage of data on a network

Also Published As

Publication number Publication date
EP1692595A2 (en) 2006-08-23
CA2545272A1 (en) 2005-05-19
JP2007532043A (en) 2007-11-08
US20050223111A1 (en) 2005-10-06
WO2005045642A2 (en) 2005-05-19

Similar Documents

Publication Publication Date Title
WO2005045642A3 (en) Secure, standards-based communications across a wide-area network
GB2392798B (en) Communication system,communication server and communication method
AU2002349407A1 (en) Communication information sharing system, communication information sharing method, communication information sharing program
WO2005101845A3 (en) Methods and apparatuses for minimizing co-channel interference
WO2003085844A3 (en) Communications gateway with messaging communications interface
AU2003255044A1 (en) Network system, spanning tree structuring method, spanning tree structure node, and spanning tree structure program
AU2003283444A1 (en) Method, network nodes and system for selecting network nodes
WO2006014648A3 (en) Packet generation systems and methods
EP1596534A4 (en) Network system, spanning tree configuration method, configuration program, and spanning tree configuration node
AU2003295994A1 (en) System and method for providing secure communication between network nodes
WO2006135533A3 (en) Method and system for communicating using position information
EP1130875A3 (en) Communication network system, gateway, data communication method and program providing medium
FI20030633A0 (en) Communication method, system and network element
GB2423896B (en) Group intercom, delayed playback, and ad-hoc based communications system and method
AU2003232260A1 (en) System, communication network and method for transmitting information
AU2003224457A1 (en) Authentication communication system, authentication communication apparatus, and authentication communication method
CA2377292A1 (en) System and method for providing secure communications between wireless units using a common key
AU2003217683A1 (en) Multi-stream wireless router, gateway, communication system, and method therefor
AU2001282450A1 (en) System and method for business decision making implementation by decision operation trees
AU2002356440A1 (en) Router, network system, and network setup method
EP1320226A3 (en) Router, terminal apparatus, communication system and routing method
EP1638306A4 (en) The system and method implementing network telephon communication by applying the instant messenger
WO2005003917A3 (en) Method of and system for determining connections between parties using private links
WO2007067483A3 (en) Methods and apparatus for switching nodes to a new packet data connection point
GB2399479B (en) Communication system,communication method,and mobile node and gateway for use with the system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2545272

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 2006539669

Country of ref document: JP

DPEN Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed from 20040101)
WWE Wipo information: entry into national phase

Ref document number: 1512/KOLNP/2006

Country of ref document: IN

WWE Wipo information: entry into national phase

Ref document number: 2004810412

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 1020067011080

Country of ref document: KR

WWP Wipo information: published in national office

Ref document number: 2004810412

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 2004810412

Country of ref document: EP