WO2014109630A1 - A system and method for an application execution - Google Patents

A system and method for an application execution Download PDF

Info

Publication number
WO2014109630A1
WO2014109630A1 PCT/MY2014/000002 MY2014000002W WO2014109630A1 WO 2014109630 A1 WO2014109630 A1 WO 2014109630A1 MY 2014000002 W MY2014000002 W MY 2014000002W WO 2014109630 A1 WO2014109630 A1 WO 2014109630A1
Authority
WO
WIPO (PCT)
Prior art keywords
management module
manager
monitoring
executing means
running
Prior art date
Application number
PCT/MY2014/000002
Other languages
French (fr)
Inventor
Chew Kai GAI
Norazah ABD AZIZ
Original Assignee
Mimos Berhad
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Berhad filed Critical Mimos Berhad
Publication of WO2014109630A1 publication Critical patent/WO2014109630A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • G06F9/4843Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
    • G06F9/485Task life-cycle, e.g. stopping, restarting, resuming execution

Definitions

  • This invention is related to a system and method for an application execution, and more particularly for a system and method that executes applications without manual intervention.
  • a high-privileged software application is a type of application that requires privilege or permission from a user in order to execute or run the software application.
  • the user In order for the user to run the software application, the user is usually provided with a User Access Control (UAC) prompt or a Credential Login Prompt (CLP) so that the user provides a manual permission to run the software application.
  • UAC User Access Control
  • CLP Credential Login Prompt
  • malware may possibly intercept and disable security software applications in the operating system, especially when the high- privileged software application is a security software application.
  • Prior art EP 1 426 846 B1 discloses a computer system that automatically signs or logs a user to access secured features within a software application without prompting manual intervention.
  • the prior art requires the user to continue using the software application without exiting from it, or else the user will be prompted to enter a credential to enable the signed-in session.
  • the prior art also requires the fulfilment of security criteria in order to sign the user in automatically.
  • Prior art US 7,350,204 B2 discloses a system and method that automatically, transparently and securely controls software execution.
  • the system and method disclosed herein require fulfilment of security levels in order to allow the execution of a software application. If the security levels are not fulfilled, the access to the software application will be restricted and probably denied.
  • the present invention relates to a system for an application execution comprising a management module with at least an executing means for executing applications, at least a session manager for saving and restoring applications, at least a shell manager for interpreting and executing commands, and at least a launching means for launching applications, characterized in that the management module further comprises a monitoring means for monitoring the executing means, the session manager and the shell manager, so as to obtain an access token from the executing means and to assign the access token to the launching means, for launching the application without manual intervention.
  • Also disclosed in the present invention is a method for an application execution, in accordance with the system as disclosed in the present invention, comprises starting up the management module, loading the monitoring means and a driver of the application in the management module, monitoring the executing means with the monitoring means to determine whether the executing means is running in the management module, monitoring the session manager with the monitoring means to determine whether the session manager is running in the management module, monitoring the shell manager with the monitoring means to determine whether the shell manager is running in the management module, obtaining the access token from the executing means, assigning the access token to the launching means, and launching the application using the launching means through the driver.
  • UAC User Access Control
  • CLP Credential Login Prompt
  • Figure 1 illustrates the operational flow diagram of the method for an application execution, as described in the present invention. DETAILED DESCRIPTION OF THE PRESENT INVENTION
  • the system comprises a management module with at least an executing means for running applications in the management module, at least a session manager for saving and restoring applications, at least a shell manager for interpreting and executing commands, and at least a launching means for launching applications, characterized in that the management module further comprises a monitoring means for monitoring the executing means, the session manager and the shell manager, so as to obtain an access token from the executing means and to assign the access token to the launching means, for launching the application without manual intervention.
  • the present invention introduces a monitoring means into the management module to monitor the executing means, the session manager and the shell manager in the management module, obtaining an access token from the executing means, and assigning the access token to the launching means for launching the application, without manual intervention.
  • the management module is preferably but not limited to an operating system
  • the executing means in the management module is preferably but not limited to a system program.
  • the monitoring means is preferably but not limited to a service program.
  • the present invention begins with the start-up of the management module, where the management module then loads the monitoring means and a driver in the management module. The monitoring means then monitors the executing means and determines whether the executing means is running in the management module.
  • the session manager is then loaded by the executing means when the executing means is determined to be running in the management module. If the executing means is not running in the management module, the step of monitoring is repeated until the executing means runs in the management module. It should be appreciated that the running of the executing means, the session manager and the shell manager herein refer to the existence of the executing means, the session manager and the shell manager in the memory of the management module.
  • the monitoring means monitors the session manager and determines whether the session manager is running in the management module. If the session manager is determined to be running in the management module, the shell manager is loaded by the management module. However, if the session manager is not running in the management module, the step of monitoring the session manager is repeated until the session manager runs in the management module. Subsequently, the monitoring means monitors the shell manager and determines whether the shell manager is running in the management module. If the shell manager is running in the management module, the monitoring means gains access token from the executing means and assigns the access token to the launching means. Nevertheless, if the shell manager is not running in the management module, the step of monitoring the shell manager is repeated until the shell manager runs in the management module.
  • the launching means launches the application.
  • the present invention also discloses a method for an application execution (100) in accordance with the system as disclosed above, which is illustrated in the operational flow diagram in figure 1 .
  • the present invention starts up the management module (step 101 ), where the management module loads the monitoring module and the driver of the application in the management module (step 102).
  • the monitoring means monitors the executing means (step 103) to determine whether the executing means is running in the management module. If the executing means is not running in the management module, the step of monitoring the executing means (step 103) is repeated until the executing means runs in the management module.
  • the monitoring means monitors the session manager (step 104) to determine whether the session manager is running in the management module. If the session manager is not running in the management module, the monitoring means repeats the step of monitoring the session manager (step 104) until the session manager runs in the management module before proceeding to the subsequent stage.
  • the monitoring means monitors the shell manager (step 105) to determine whether the shell manager is running in the management module. If the shell manager is running in the management module, the monitoring means then obtains the access token from the executing means (step 106) and assigns the access token to the launching means (step 107). However, in the case that the shell manager is not running in the management module, the monitoring means repeats the step of monitoring the shell manager (step 105) until the shell manager runs in the management module before obtaining the access token from the executing means (step 106) and assigning the access token to the launching means (step 107). Upon receiving the access token, the launching means executes the application (step 108) by delegating the access token to the application.
  • the execution time of the application would be shorten since the monitoring means is only required to determine the existence of the executing means, session manager and shell manager in the management module. The shorten time would ensure that the application is executed under a secured condition.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Stored Programmes (AREA)

Abstract

The present invention discloses a system for an application execution. The said system comprising a management module with at least an executing means for executing applications in the management module, at least a session manager for saving and restoring applications, at least a shell manager for interpreting and executing commands, and at least a launching means for launching applications, characterized in that the management module further comprises a monitoring means for monitoring the executing means, the session manager and the shell manager, so as to obtain an access token from the executing means and to assign the access token to the launching means, for launching the application without manual intervention.

Description

A SYSTEM AND METHOD FOR AN APPLICATION EXECUTION
TECHNICAL FIELD OF THE INVENTION
This invention is related to a system and method for an application execution, and more particularly for a system and method that executes applications without manual intervention.
BACKGROUND OF THE INVENTION
Generally, a high-privileged software application is a type of application that requires privilege or permission from a user in order to execute or run the software application. In order for the user to run the software application, the user is usually provided with a User Access Control (UAC) prompt or a Credential Login Prompt (CLP) so that the user provides a manual permission to run the software application.
Software applications that are running in the operating system also toggle UAC and CLP prompts. If a user needs to run the software application in the operating system, the user will have to provide, during each usage of the software application, manual permission in order to run the software application. This cannot be considered practical if the user needs to run the software application frequently.
Moreover, some of the high-privileged software application requires the Administrator's permission to run the application. Upon toggling of the UAC and CLP dialogs, the user will have to input the Administrator's login name and password in order to run the application. This would not be practical if there is a huge number of workstation where the Administrator has to serve a huge number of users. Also, users are presented with UAC and CLP dialogs when they attempt to install new software applications, to access high-privileged software applications, or make changes to the operating system. For skilled addressees, prompting of the dialogs requesting manual interventions creates unproductive inconveniences, since they are familiar with the type of actions required therein and whether the actions are safe to perform. On the other hand, prompting of the dialogs requesting manual interventions is rather confusing for first time users, since they do not know what actions are safe to perform and they do not know what effects the action would be.
It should also be noted that the process to automatically load software without UAC or CLP prompts via the use of task scheduler, is believed that during this time period, malware may possibly intercept and disable security software applications in the operating system, especially when the high- privileged software application is a security software application.
Prior art EP 1 426 846 B1 discloses a computer system that automatically signs or logs a user to access secured features within a software application without prompting manual intervention. However, the prior art requires the user to continue using the software application without exiting from it, or else the user will be prompted to enter a credential to enable the signed-in session. The prior art also requires the fulfilment of security criteria in order to sign the user in automatically.
Prior art US 7,350,204 B2 discloses a system and method that automatically, transparently and securely controls software execution. The system and method disclosed herein require fulfilment of security levels in order to allow the execution of a software application. If the security levels are not fulfilled, the access to the software application will be restricted and probably denied.
These prior arts require the fulfilment of security criteria in order to execute the software applications. Without the fulfilment of the of security levels, the software applications will not be executed and more particularly, the automated signed-in session would be terminated. It should be noted that it is difficult for the user to sign-in or log in to the software application if credentials or manual permissions are always required to be inputted and security levels are always required to be fulfilled. Therefore, it is an aim of this present invention to address the aforesaid technical disadvantages by introducing a system and method for an application execution, where software applications are executed without the need of prompting UAC or CLP to the users. The present invention also utilizes a shorter execution time and ensures the secure loading of the executed application. More particularly, the present invention provides a secured and user-friendly system and method to execute high-privileged software applications in the operating system without manual intervention. SUMMARY OF THE PRESENT INVENTION
The present invention relates to a system for an application execution comprising a management module with at least an executing means for executing applications, at least a session manager for saving and restoring applications, at least a shell manager for interpreting and executing commands, and at least a launching means for launching applications, characterized in that the management module further comprises a monitoring means for monitoring the executing means, the session manager and the shell manager, so as to obtain an access token from the executing means and to assign the access token to the launching means, for launching the application without manual intervention.
Also disclosed in the present invention is a method for an application execution, in accordance with the system as disclosed in the present invention, comprises starting up the management module, loading the monitoring means and a driver of the application in the management module, monitoring the executing means with the monitoring means to determine whether the executing means is running in the management module, monitoring the session manager with the monitoring means to determine whether the session manager is running in the management module, monitoring the shell manager with the monitoring means to determine whether the shell manager is running in the management module, obtaining the access token from the executing means, assigning the access token to the launching means, and launching the application using the launching means through the driver.
It is an object of the present invention to provide a system and method for an application execution that is capable of executing applications without manual intervention from users.
It is another object of the present invention to provide a system and method for an application execution that is capable of executing applications without prompting the users with User Access Control (UAC) or Credential Login Prompt (CLP).
It is further an object of the present invention to provide a system and method for an application execution that utilizes a shorter execution time period.
It is still further an object of the present invention to provide a system and method for an application execution that ensures the continuation of the executed application.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 illustrates the operational flow diagram of the method for an application execution, as described in the present invention. DETAILED DESCRIPTION OF THE PRESENT INVENTION
The above mentioned and other features and objects of this invention will become more apparent and better understood by reference to the following detailed description. It should be understood that the detailed description made known below is not intended to be exhaustive or limit the invention to the precise form disclosed as the invention may assume various alternative forms. On the contrary, the detailed description covers all the relevant modifications and alterations made to the present invention, unless the claims expressly state otherwise. The present invention disclosed herein is a system for an application execution. The system comprises a management module with at least an executing means for running applications in the management module, at least a session manager for saving and restoring applications, at least a shell manager for interpreting and executing commands, and at least a launching means for launching applications, characterized in that the management module further comprises a monitoring means for monitoring the executing means, the session manager and the shell manager, so as to obtain an access token from the executing means and to assign the access token to the launching means, for launching the application without manual intervention.
Unlike the prior arts, the present invention introduces a monitoring means into the management module to monitor the executing means, the session manager and the shell manager in the management module, obtaining an access token from the executing means, and assigning the access token to the launching means for launching the application, without manual intervention. It should be appreciated that the management module is preferably but not limited to an operating system, and that the executing means in the management module is preferably but not limited to a system program. Further, the monitoring means is preferably but not limited to a service program. The present invention begins with the start-up of the management module, where the management module then loads the monitoring means and a driver in the management module. The monitoring means then monitors the executing means and determines whether the executing means is running in the management module. The session manager is then loaded by the executing means when the executing means is determined to be running in the management module. If the executing means is not running in the management module, the step of monitoring is repeated until the executing means runs in the management module. It should be appreciated that the running of the executing means, the session manager and the shell manager herein refer to the existence of the executing means, the session manager and the shell manager in the memory of the management module.
Thereafter, the monitoring means monitors the session manager and determines whether the session manager is running in the management module. If the session manager is determined to be running in the management module, the shell manager is loaded by the management module. However, if the session manager is not running in the management module, the step of monitoring the session manager is repeated until the session manager runs in the management module. Subsequently, the monitoring means monitors the shell manager and determines whether the shell manager is running in the management module. If the shell manager is running in the management module, the monitoring means gains access token from the executing means and assigns the access token to the launching means. Nevertheless, if the shell manager is not running in the management module, the step of monitoring the shell manager is repeated until the shell manager runs in the management module. Upon receiving the access token, the launching means launches the application. The present invention also discloses a method for an application execution (100) in accordance with the system as disclosed above, which is illustrated in the operational flow diagram in figure 1 . Firstly, the present invention starts up the management module (step 101 ), where the management module loads the monitoring module and the driver of the application in the management module (step 102). Thereafter, the monitoring means monitors the executing means (step 103) to determine whether the executing means is running in the management module. If the executing means is not running in the management module, the step of monitoring the executing means (step 103) is repeated until the executing means runs in the management module.
Next, the monitoring means monitors the session manager (step 104) to determine whether the session manager is running in the management module. If the session manager is not running in the management module, the monitoring means repeats the step of monitoring the session manager (step 104) until the session manager runs in the management module before proceeding to the subsequent stage.
In the following step, the monitoring means monitors the shell manager (step 105) to determine whether the shell manager is running in the management module. If the shell manager is running in the management module, the monitoring means then obtains the access token from the executing means (step 106) and assigns the access token to the launching means (step 107). However, in the case that the shell manager is not running in the management module, the monitoring means repeats the step of monitoring the shell manager (step 105) until the shell manager runs in the management module before obtaining the access token from the executing means (step 106) and assigning the access token to the launching means (step 107). Upon receiving the access token, the launching means executes the application (step 108) by delegating the access token to the application.
With the use of the present invention, no manual intervention is required in order to execute applications from the users since the monitoring means obtains and assigns the permission to execute the applications based on whether the executing means, session manager and shell manager are running in the management module. By using the present invention, the execution time of the application would be shorten since the monitoring means is only required to determine the existence of the executing means, session manager and shell manager in the management module. The shorten time would ensure that the application is executed under a secured condition.

Claims

CLAIM
1 . A system for an application execution comprising:
a management module with at least an executing means for executing applications in the management module, at least a session manager for saving and restoring applications, at least a shell manager for interpreting and executing commands, and at least a launching means for launching applications,
characterized in that the management module further comprises a monitoring means for monitoring the executing means, the session manager and the shell manager, so as to obtain an access token from the executing means and to assign the access token to the launching means, for launching the application without manual intervention.
2. The system according to claim 1 , wherein the monitoring means monitors the executing means, the session manager and the shell manager to determine whether the executing means, the session manager and the shell manager are running in the management module, prior to the obtainment of the access token from the executing means.
3. The system according to claim 2, wherein the monitoring means obtains the access token from the executing means and assigns the access token to the launching means in the event that the executing means, the session manager and the shell manager are determined to be running in the management module.
4. The system according to claim 2, wherein the monitoring means continues to monitor the executing means when the executing means is not running in the management module.
5. The system according to claim 2, wherein the monitoring means continues to monitor the session manager when the session manager is not running in the management module.
6. The system according to claim 2, wherein the monitoring means continues to monitor the shell manager when the shell manager is not running in the management module.
7. A method (100) for an application execution, in accordance with the system as claimed in claim 1 , comprises:
starting up the management module (step 101 );
loading the monitoring means and a driver of the application in the management module (step 102);
monitoring the executing means with the monitoring means to determine whether the executing means is running in the management module (step 103);
monitoring the session manager with the monitoring means to determine whether the session manager is running in the management module (step 104);
monitoring the shell manager with the monitoring means to determine whether the shell manager is running in the management module (step 105); obtaining the access token from the executing means (step 106); assigning the access token to the launching means (step 107); and launching the application using the launching means through the driver (step 108).
8. The method according to claim 7, wherein the access token is obtained when the executing means, session manager and shell manager are determined to be running in the management module.
9. The method according to claim 7, wherein the step of monitoring either the executing means (step 103), the session manager (step 104), the shell manager (step 105) or in any combination, is repeated when the executing means is not running in the management module.
PCT/MY2014/000002 2013-01-14 2014-01-07 A system and method for an application execution WO2014109630A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI2013700079 2013-01-14
MYPI2013700079A MY186747A (en) 2013-01-14 2013-01-14 A system and method for an application execution

Publications (1)

Publication Number Publication Date
WO2014109630A1 true WO2014109630A1 (en) 2014-07-17

Family

ID=50483188

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2014/000002 WO2014109630A1 (en) 2013-01-14 2014-01-07 A system and method for an application execution

Country Status (2)

Country Link
MY (1) MY186747A (en)
WO (1) WO2014109630A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7350204B2 (en) 2000-07-24 2008-03-25 Microsoft Corporation Policies for secure software execution
US20100031348A1 (en) * 2008-08-04 2010-02-04 Moka5, Inc. Locked-down computing environment
US20100325485A1 (en) * 2009-06-22 2010-12-23 Sandeep Kamath Systems and methods for stateful session failover between multi-core appliances
WO2011044710A1 (en) * 2009-10-12 2011-04-21 Safenet, Inc. Software license embedded in shell code
US20110251992A1 (en) * 2004-12-02 2011-10-13 Desktopsites Inc. System and method for launching a resource in a network
EP1426846B1 (en) 2002-12-04 2011-12-21 Microsoft Corporation Signing-in to software applications having secured features

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7350204B2 (en) 2000-07-24 2008-03-25 Microsoft Corporation Policies for secure software execution
EP1426846B1 (en) 2002-12-04 2011-12-21 Microsoft Corporation Signing-in to software applications having secured features
US20110251992A1 (en) * 2004-12-02 2011-10-13 Desktopsites Inc. System and method for launching a resource in a network
US20100031348A1 (en) * 2008-08-04 2010-02-04 Moka5, Inc. Locked-down computing environment
US20100325485A1 (en) * 2009-06-22 2010-12-23 Sandeep Kamath Systems and methods for stateful session failover between multi-core appliances
WO2011044710A1 (en) * 2009-10-12 2011-04-21 Safenet, Inc. Software license embedded in shell code

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
DEJAN KOVACHEV ET AL: "Beyond the client-server architectures: A survey of mobile cloud techniques", COMMUNICATIONS IN CHINA WORKSHOPS (ICCC), 2012 1ST IEEE INTERNATIONAL CONFERENCE ON, IEEE, 15 August 2012 (2012-08-15), pages 20 - 25, XP032245588, ISBN: 978-1-4673-2996-5, DOI: 10.1109/ICCCW.2012.6316468 *
OSMAN UGUS ET AL: "A Smartphone Security Architecture for App Verification and Process Authentication", COMPUTER COMMUNICATIONS AND NETWORKS (ICCCN), 2012 21ST INTERNATIONAL CONFERENCE ON, IEEE, 30 July 2012 (2012-07-30), pages 1 - 9, XP032229661, ISBN: 978-1-4673-1543-2, DOI: 10.1109/ICCCN.2012.6289217 *
PATRICIA ARIAS CABARCOS ET AL: "SuSSo: Seamless and ubiquitous single sign-on for cloud service continuity across devices", IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, IEEE SERVICE CENTER, NEW YORK, NY, US, vol. 58, no. 4, 1 November 2012 (2012-11-01), pages 1425 - 1433, XP011488763, ISSN: 0098-3063, DOI: 10.1109/TCE.2012.6415016 *

Also Published As

Publication number Publication date
MY186747A (en) 2021-08-17

Similar Documents

Publication Publication Date Title
US10929540B2 (en) Trusted updates
US10482286B2 (en) Unified system for authentication and authorization
US9996703B2 (en) Computer device and method for controlling access to a resource via a security system
US8856953B2 (en) Access policy for package update processes
US9547765B2 (en) Validating a type of a peripheral device
US9251349B2 (en) Virtual machine migration
US8850549B2 (en) Methods and systems for controlling access to resources and privileges per process
JP4541263B2 (en) Remote security enabling system and method
US10348734B2 (en) Security bypass environment for circumventing a security application in a computing environment
US20090319806A1 (en) Extensible pre-boot authentication
CN104573507A (en) Secure container and design method thereof
US11797664B2 (en) Computer device and method for controlling process components
CN109918187B (en) Task scheduling method, device, equipment and storage medium
US20160306963A1 (en) Computer device and method for controlling untrusted access to a peripheral device
KR101478801B1 (en) System and method for providing cloud computing service using virtual machine
EP3314499B1 (en) Temporary process deprivileging
JP2006107505A5 (en)
US8135849B2 (en) Server for authenticating clients using file system permissions
WO2014109630A1 (en) A system and method for an application execution
US20130290396A1 (en) Method for access to an operating system, removable memory medium and use of a removable memory medium
EP2839404A1 (en) Method and computer device for handling com objects
US20220277092A1 (en) Managing Privilege Delegation on a Server Device
KR100857864B1 (en) Method for controlling access of PnP device based secure policy under multi-access condition
JP2009521030A (en) Using component targets when defining roles in distributed and centralized systems

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14717083

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14717083

Country of ref document: EP

Kind code of ref document: A1