[go: up one dir, main page]

WO2001001223A1 - Two-layer encryption of databases - Google Patents

Two-layer encryption of databases Download PDF

Info

Publication number
WO2001001223A1
WO2001001223A1 PCT/US2000/017417 US0017417W WO0101223A1 WO 2001001223 A1 WO2001001223 A1 WO 2001001223A1 US 0017417 W US0017417 W US 0017417W WO 0101223 A1 WO0101223 A1 WO 0101223A1
Authority
WO
WIPO (PCT)
Prior art keywords
server
database
key
dcb
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2000/017417
Other languages
French (fr)
Inventor
Nicholas Spicer
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Centura Software Corp
Original Assignee
Centura Software Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Centura Software Corp filed Critical Centura Software Corp
Priority to AU58887/00A priority Critical patent/AU5888700A/en
Publication of WO2001001223A1 publication Critical patent/WO2001001223A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Definitions

  • the present invention relates to the field of database security. More specifically, one embodiment of the invention provides for database encryption for large databases.
  • the data stored in a database will need to be secured against access for reading and/or modification. Where access cannot be physically prevented, encryption of the data is useful to secure against access. For example, when a database is stored on an unsecured data storage device, the database might be encrypted using one of many well-known encryption schemes and a password kept secret by the owner of the data.
  • a server interfaces the database to clients and the server decrypts portions of the database as needed to respond to queries from the clients.
  • the database is stored on a data storage device that is relatively insecure, the database is encrypted such that an attacker cannot easily understand or modify data in the database without detection, but the owner (or other person or computing device) having the password to the database can access the data in the database by supplying the password to the server.
  • the password is referred to as a "server key" or similar term.
  • the database might be specific to a server, in that clients can only access the database through a particular server.
  • the server key is specific to the particular server.
  • One reason for this is that if the key were not specific to the particular server, an attacker would be able to copy an encrypted database, connect it to another server and open the copy without the knowledge of the owner of the database.
  • a copy of a database might be stored apart from the original copy for use as backup. If the original server and database fail, another server could be brought on line using the backup copy.
  • the backup copy would need to be unencrypted and reencrypted.
  • large databases of information multi-gigabyte databases are common
  • the time to unencrypt the database and reencrypt the database is considerable.
  • the owner changes a server key the users might expect long delays as the database is unencrypted and reencrypted.
  • One embodiment of the present invention provides a mechanism to secure a database from access by unauthorized users while still allowing for a quick change of the server key used to encrypt and decrypt the database, by encrypting the bulk of the data records with a data records key, storing the data records key in a database control block and encrypting the database control block with the server key.
  • asymmetric encryption is used, where the encryption key is different from the decryption key.
  • FIG. 1 is a block diagram of a database system according to one embodiment of the present invention.
  • Fig. 2 is a flowchart of a process for determining a method of encryption used to encrypt data.
  • FIG. 1 is a block diagram of a database system 10 according to one embodiment of the present invention.
  • a database 12 is stored on a data storage device 14.
  • storage device 14 is assumed to be insecure in that an attacker could get access to data stored thereon.
  • DBMS database management system
  • the users of database 12 use user I/O 18 to access the data in database 12 through DBMS server 16.
  • user I/O 18 operates as a client, according to standard client-server architectures, and DBMS server 16 operates as the server.
  • the client might send an SQL (Structured Query Language) statement to the server and the server would respond with the appropriate response, assuming that any security requirements are met.
  • SQL Structured Query Language
  • One such security requirement is a server security password that needs to be supplied before a server can open an encrypted database.
  • the server security password typically when the server is started, the server derives a server key from the server security password.
  • the server security key is specific to a server.
  • Another security requirement is a database password, which is specific to a database in this implementation.
  • server password is specific to a server
  • the server key of database 12 needs to change. For example, as shown in Fig. 1, if database 12 is secured by the server key of server 16 but is then moved, using file manager 20 or other mechanism, to an alternate storage device 22, another server 26 (with its own related user I/O 28) could not access the data in database 12 unless it used the same server key as server 16.
  • database 12 might be moved. For example, a backup copy might be needed or a remote copy of database 12 might be needed. However, for whatever reason, whenever database 12 is moved or copied, the server key for database 12 changes.
  • the server key instead of encrypting all of the data in database 12 using the server key, which would create considerable delays as the entire database is unencrypted and reencrypted, the server key only encrypts a database control block (DCB) 40, typically around 1024 bytes, while a database specific key (the data records key) is used to encrypt the data records 42 of the database. Since the data records key is not specific to a server, it does not change when the database is moved from server to server.
  • DCB database control block
  • a server Under one security model, it is assumed that if a server is provided with a server password, it can access data in a database. This is made possible in the system shown in Fig. 1 by encrypting the data records key within the DCB so that any server under which the DCB was encrypted can access that DCB and recover the data records key for further access to the data records.
  • the server password is 'unique' to the server and allows the server to access the databases for itself. A clean way to implement this is to have the same shared key for all databases being accessed by the server. That way, the user doesn't need to know if one or multiple databases are being used. The user only needs to know that one server is being accessed and that the server password for that server can be provided by the user to access encrypted data through that server.
  • the data records key which is derived from a database password provided by the user of the database.
  • the data records key may be unique to the database.
  • the data records key it is carried within the database's DCB, so it independent from the server that created the database.
  • the DCB is encrypted using a server specific key (the server key), which is common to all encrypted databases created by the server. Normally this key, derived from the "secure server password", is unique to the server. This reliance of the encrypted database on the server that created and uses it minimizes the effort required to access the database by the authorized server, and prevents unauthorized access to the database by an alternate server. However, in the case of backups, access by an alternate server is desirable.
  • the original server makes a simple copy of the database, leaving the encryption in place to protect the security of the data in the database. If the backup can be restored on the same server that created it, that happens without any processing since the sever security key required to decrypt the DCB is still known and in use by that same server (or at least, by the server administrator who provides the server with the server passwords required to access the server's databases.
  • the DCB can be encrypted with either the original server key or the new server key, i.e., the reencryption with the new key can occur during export or during import.
  • the DCB can be reencrypted at both ends, using an intermediate "export" key that is different from both the original key and the final key.
  • server 16 includes logic to quickly determine if the server password is correct.
  • the DCB can include a method of data records decryption and a "magic string" (i.e., a known pattern not likely to randomly occur in encrypted data or erroneously decrypted data), along with the database key.
  • the server has a reasonable assurance that the DCB was decrypted correctly (usually because the correct server password was supplied).
  • the DCB might contain an indication of what level of security is being used for the data records.
  • the server could perform an iterative decryption of the DCB, such as that shown in Fig. 2, to decrypt the DCB without knowing which level of security was used.
  • the server first reads the DCB as if it was not encrypted and examines the DCB to see if it contains the magic string. If the magic string is present, the database is not an encrypted database and the server uses the data as it reads it from the database. However, if the magic string is not present, that indicates an encrypted database. For access to an encrypted database, the server needs a server key. If it does not have the server key, it returns an error indicating that a key is required.
  • the presence and content of the magic string is hidden for security reasons, the DCB containing the magic string is encrypted using the server password, at a satisfactory encryption level, possibly higher than the main body of the database.
  • the database body may be converted from an encrypted to an unencrypted state at the direction of the server administrator, however the magic string is retained and hidden within an encrypted DCB page.
  • the magic string is not present in the DCB, and the DCB need not be encrypted, making the entire database compatible with non-encrypting versions of the DBMS. Note that the absence of any data in the space reserved for the magic string indicates that the database has never been encrypted, as opposed to a database that was encrypted but is not currently encrypted.
  • the server decrypts the DCB using the provided server key according to a 128-bit triple DES decryption process. If the magic string is visible in the result, that is the correct decryption method and it is used for additional transactions involving that DCB (and that database, if they use the same methods). If the magic string is not visible, the server then tries to decrypt with the server key and a 56-bit DES method. Again, if the magic string is visible, that method is used. However, if the magic string is not visible, the server tries one final method, the cryptogram method. If the magic string is not visible after decrypting the DCB using the server key and the cryptogram method, the server assumes it was provided with an invalid server key and returns an error to that effect.
  • the server knows in advance that the DCB and the data records are encrypted using the same level of security, the method of encryption need not be stored in the DCB. Instead, the server will note what decryption method worked on the DCB and use that method on the data records.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

A mechanism provides a method and apparatus to secure a database from access by unauthorized users while still allowing for a quick change of the server key used to encrypt and decrypt the database, by encrypting the bulk of the data records with a data records key, storing the data records key in a database control block and encrypting the database control block with the server key.

Description

TWO-LAYER ENCRYPTION OF DATABASES
CROSS-REFERENCE TO RELATED APPLICATIONS U.S. Patent Application No. 09/340,067, filed on June 25, 1999, the same day as the present application and entitled "Securing Databases Using Mutual Consent Access" is incorporated by reference herein for all purposes.
BACKGROUND OF THE INVENTION The present invention relates to the field of database security. More specifically, one embodiment of the invention provides for database encryption for large databases.
Often, the data stored in a database will need to be secured against access for reading and/or modification. Where access cannot be physically prevented, encryption of the data is useful to secure against access. For example, when a database is stored on an unsecured data storage device, the database might be encrypted using one of many well-known encryption schemes and a password kept secret by the owner of the data.
In a typical database application, a server interfaces the database to clients and the server decrypts portions of the database as needed to respond to queries from the clients. Typically, such operations are done in real-time and the database is stored on a data storage device that is relatively insecure, the database is encrypted such that an attacker cannot easily understand or modify data in the database without detection, but the owner (or other person or computing device) having the password to the database can access the data in the database by supplying the password to the server. In some systems, the password is referred to as a "server key" or similar term.
In a client-server system, the database might be specific to a server, in that clients can only access the database through a particular server. In some cases, for security reasons or otherwise, the server key is specific to the particular server. One reason for this is that if the key were not specific to the particular server, an attacker would be able to copy an encrypted database, connect it to another server and open the copy without the knowledge of the owner of the database. Of course, there are many legitimate reasons for transporting a database from one server to another. For example, a copy of a database might be stored apart from the original copy for use as backup. If the original server and database fail, another server could be brought on line using the backup copy. However, if the database were encrypted using a server specific key, the backup copy would need to be unencrypted and reencrypted. With large databases of information (multi-gigabyte databases are common), the time to unencrypt the database and reencrypt the database is considerable. Furthermore, if the owner changes a server key, the users might expect long delays as the database is unencrypted and reencrypted.
SUMMARY OF THE INVENTION
One embodiment of the present invention provides a mechanism to secure a database from access by unauthorized users while still allowing for a quick change of the server key used to encrypt and decrypt the database, by encrypting the bulk of the data records with a data records key, storing the data records key in a database control block and encrypting the database control block with the server key.
In one variation, asymmetric encryption is used, where the encryption key is different from the decryption key.
BRIEF DESCRIPTION OF THE DRAWINGS Fig. 1 is a block diagram of a database system according to one embodiment of the present invention.
Fig. 2 is a flowchart of a process for determining a method of encryption used to encrypt data.
DESCRIPTION OF THE PREFERRED EMBODIMENTS Fig. 1 is a block diagram of a database system 10 according to one embodiment of the present invention. As shown there, a database 12 is stored on a data storage device 14. In this example, storage device 14 is assumed to be insecure in that an attacker could get access to data stored thereon. Such access would bypass a database management system (DBMS) server 16, which serves as the primary interface between database 12 and legitimate users of database 12. The users of database 12 use user I/O 18 to access the data in database 12 through DBMS server 16. In a typical operation, user I/O 18 operates as a client, according to standard client-server architectures, and DBMS server 16 operates as the server. Thus, the client might send an SQL (Structured Query Language) statement to the server and the server would respond with the appropriate response, assuming that any security requirements are met.
One such security requirement is a server security password that needs to be supplied before a server can open an encrypted database. When a server is supplied with the server security password, typically when the server is started, the server derives a server key from the server security password. The server security key is specific to a server. Another security requirement is a database password, which is specific to a database in this implementation.
If the server password is specific to a server, when database 12 is moved such that it is to be accessed by a different server, the server key of database 12 needs to change. For example, as shown in Fig. 1, if database 12 is secured by the server key of server 16 but is then moved, using file manager 20 or other mechanism, to an alternate storage device 22, another server 26 (with its own related user I/O 28) could not access the data in database 12 unless it used the same server key as server 16.
There are many reasons why database 12 might be moved. For example, a backup copy might be needed or a remote copy of database 12 might be needed. However, for whatever reason, whenever database 12 is moved or copied, the server key for database 12 changes.
Instead of encrypting all of the data in database 12 using the server key, which would create considerable delays as the entire database is unencrypted and reencrypted, the server key only encrypts a database control block (DCB) 40, typically around 1024 bytes, while a database specific key (the data records key) is used to encrypt the data records 42 of the database. Since the data records key is not specific to a server, it does not change when the database is moved from server to server.
Under one security model, it is assumed that if a server is provided with a server password, it can access data in a database. This is made possible in the system shown in Fig. 1 by encrypting the data records key within the DCB so that any server under which the DCB was encrypted can access that DCB and recover the data records key for further access to the data records. The server password is 'unique' to the server and allows the server to access the databases for itself. A clean way to implement this is to have the same shared key for all databases being accessed by the server. That way, the user doesn't need to know if one or multiple databases are being used. The user only needs to know that one server is being accessed and that the server password for that server can be provided by the user to access encrypted data through that server. Thus, all database pages, except the first page (the DCB), are encrypted using a single key, the data records key, which is derived from a database password provided by the user of the database. The data records key may be unique to the database. The data records key it is carried within the database's DCB, so it independent from the server that created the database. Of course, the DCB is encrypted using a server specific key (the server key), which is common to all encrypted databases created by the server. Normally this key, derived from the "secure server password", is unique to the server. This reliance of the encrypted database on the server that created and uses it minimizes the effort required to access the database by the authorized server, and prevents unauthorized access to the database by an alternate server. However, in the case of backups, access by an alternate server is desirable.
To backup an encrypted database, the original server makes a simple copy of the database, leaving the encryption in place to protect the security of the data in the database. If the backup can be restored on the same server that created it, that happens without any processing since the sever security key required to decrypt the DCB is still known and in use by that same server (or at least, by the server administrator who provides the server with the server passwords required to access the server's databases.
However, when a backup is moved to an alternative server, the change needs to be accounted for in the DCB. Since the alternative server will typically use a different server security key to access its encrypted databases, a mechanism is required to allow the free but controlled movement of such databases from one server to another. In transit, the DCB can be encrypted with either the original server key or the new server key, i.e., the reencryption with the new key can occur during export or during import. In some implementations, the DCB can be reencrypted at both ends, using an intermediate "export" key that is different from both the original key and the final key. In a variation of the basic system, server 16 includes logic to quickly determine if the server password is correct. When decryption is applied to text messages, it is usually immediately apparent that the decrypting password was not correct, because the message would appear garbled. Noticing garbled data when the data is in binary form is somewhat more difficult, especially when the server does not know the expected format for data in the data records. A server does not need to know the format of a data record in the typical application. A client requests a data record and the server provides the requested data record. In order to prevent a server from returning data records that are not properly decrypted, the DCB can include a method of data records decryption and a "magic string" (i.e., a known pattern not likely to randomly occur in encrypted data or erroneously decrypted data), along with the database key. That way, if the magic string appears in the apparently decrypted DCB, the server has a reasonable assurance that the DCB was decrypted correctly (usually because the correct server password was supplied). For multiple levels of security, the DCB might contain an indication of what level of security is being used for the data records. As for the level of security used on the DCB itself, the server could perform an iterative decryption of the DCB, such as that shown in Fig. 2, to decrypt the DCB without knowing which level of security was used. In that example, there are three levels of security that can be selected from for encryption: (1) 128-bit triple DES, (2) 56-bit DES and (3) cryptogram.
The server first reads the DCB as if it was not encrypted and examines the DCB to see if it contains the magic string. If the magic string is present, the database is not an encrypted database and the server uses the data as it reads it from the database. However, if the magic string is not present, that indicates an encrypted database. For access to an encrypted database, the server needs a server key. If it does not have the server key, it returns an error indicating that a key is required.
Preferably, the presence and content of the magic string is hidden for security reasons, the DCB containing the magic string is encrypted using the server password, at a satisfactory encryption level, possibly higher than the main body of the database. In one variation of this security system, the database body may be converted from an encrypted to an unencrypted state at the direction of the server administrator, however the magic string is retained and hidden within an encrypted DCB page. For a database that has never been encrypted the magic string is not present in the DCB, and the DCB need not be encrypted, making the entire database compatible with non-encrypting versions of the DBMS. Note that the absence of any data in the space reserved for the magic string indicates that the database has never been encrypted, as opposed to a database that was encrypted but is not currently encrypted. Assuming the server has a server key (at this point it is not known if that key is the correct key), the server decrypts the DCB using the provided server key according to a 128-bit triple DES decryption process. If the magic string is visible in the result, that is the correct decryption method and it is used for additional transactions involving that DCB (and that database, if they use the same methods). If the magic string is not visible, the server then tries to decrypt with the server key and a 56-bit DES method. Again, if the magic string is visible, that method is used. However, if the magic string is not visible, the server tries one final method, the cryptogram method. If the magic string is not visible after decrypting the DCB using the server key and the cryptogram method, the server assumes it was provided with an invalid server key and returns an error to that effect.
If the server knows in advance that the DCB and the data records are encrypted using the same level of security, the method of encryption need not be stored in the DCB. Instead, the server will note what decryption method worked on the DCB and use that method on the data records.
The above description is illustrative and not restrictive. Many variations of the invention will become apparent to those of skill in the art upon review of this disclosure. The scope of the invention should, therefore, be determined not with reference to the above description, but instead should be determined with reference to the appended claims along with their full scope of equivalents.

Claims

WHAT IS CLAIMED IS: L A method of encrypting a database comprising the steps of: encrypting data records of the database using a data records key; recording the data records key in a data control block of the database; and encrypting the data control block with a second key.
PCT/US2000/017417 1999-06-25 2000-06-23 Two-layer encryption of databases Ceased WO2001001223A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU58887/00A AU5888700A (en) 1999-06-25 2000-06-23 Two-layer encryption of databases

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US34461199A 1999-06-25 1999-06-25
US09/344,611 1999-06-25

Publications (1)

Publication Number Publication Date
WO2001001223A1 true WO2001001223A1 (en) 2001-01-04

Family

ID=23351235

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/017417 Ceased WO2001001223A1 (en) 1999-06-25 2000-06-23 Two-layer encryption of databases

Country Status (2)

Country Link
AU (1) AU5888700A (en)
WO (1) WO2001001223A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100370460C (en) * 2005-07-21 2008-02-20 曾致中 Database cryptogram search method
US7539305B2 (en) 2004-03-05 2009-05-26 International Business Machines Corporation Schryption method and device

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5764762A (en) * 1995-06-08 1998-06-09 Wave System Corp. Encrypted data package record for use in remote transaction metered data system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5764762A (en) * 1995-06-08 1998-06-09 Wave System Corp. Encrypted data package record for use in remote transaction metered data system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7539305B2 (en) 2004-03-05 2009-05-26 International Business Machines Corporation Schryption method and device
CN100370460C (en) * 2005-07-21 2008-02-20 曾致中 Database cryptogram search method

Also Published As

Publication number Publication date
AU5888700A (en) 2001-01-31

Similar Documents

Publication Publication Date Title
US7792300B1 (en) Method and apparatus for re-encrypting data in a transaction-based secure storage system
US6574733B1 (en) Centralized secure backup system and method
US7111005B1 (en) Method and apparatus for automatic database encryption
US6754827B1 (en) Secure File Archive through encryption key management
Fu Group sharing and random access in cryptographic storage file systems
US5991406A (en) System and method for data recovery
Blaze A cryptographic file system for UNIX
US7010689B1 (en) Secure data storage and retrieval in a client-server environment
JP4593774B2 (en) Encrypted file system and method
CN1329909C (en) Secure single drive copy method and apparatus
JP4680596B2 (en) Method and system for securely escrowing private keys within public key infrastructure
US7313694B2 (en) Secure file access control via directory encryption
US6134660A (en) Method for revoking computer backup files using cryptographic techniques
US6292899B1 (en) Volatile key apparatus for safeguarding confidential data stored in a computer system memory
US20030208686A1 (en) Method of data protection
JP2003044343A (en) Data security method for distributed file system
AU2002213436A1 (en) Method and apparatus for automatic database encryption
US7751570B2 (en) Method and apparatus for managing cryptographic keys
JP4663992B2 (en) Terminal device and data protection system including the same
WO2002005475A2 (en) Generation and use of digital signatures
KR20050101163A (en) Terminal device and data protection system using the same
US8200964B2 (en) Method and apparatus for accessing an encrypted file system using non-local keys
KR100750697B1 (en) Digital document security system with shared storage having user access function, and document processing method using the system
KR20010045157A (en) Method for managing information needed to recovery crytographic key
WO2001001223A1 (en) Two-layer encryption of databases

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP