Patent Grant
10432665
The contents of the following of applicant's US patent applications are hereby incorporated herein in their entireties.
The present invention relates to computer security, and in particular to preventing attackers from harvesting credentials from an enterprise network.
Reference is made to
Access to endpoint computers 110 and databases 120 in network 100 may optionally be governed by an access governor 150, such as a directory service, that authorizes users to access endpoint computers 110 and databases 120 based on “credentials”. Access governor 150 may be a name directory, such as ACTIVE DIRECTORY® developed by Microsoft Corporation of Redmond, Wash., for WINDOWS® environments. Background information about ACTIVE DIRECTORY® is available at Wikipedia. Other access governors for WINDOWS and non-WINDOWS environments, include inter alia Lightweight Directory Access Protocol (LDAP), Remote Authentication Dial-In User Service (RADIUS), and Apple Filing Protocol (AFP), formerly APPLETALK®, developed by Apple Inc. of Cupertino, Calif. Background information about LDAP, RADIUS and AFP is available at Wikipedia.
Access governor 150 may be one or more local machine access controllers. Access governor 150 may be one or more authorization servers, such as a database server or an application server.
In lieu of access governor 150, the endpoints and/or servers of network 100 determine their local access rights.
Credentials for accessing endpoint computers 110 and databases 120 include inter alia server account credentials such as <address> <username> <password> for an FTP server, an SQL server, or an SSH server. Credentials for accessing endpoint computers 110 and databases 120 also include user login credentials <username> <password>, or <username> <ticket>, where “ticket” is an authentication ticket, such as a ticket for the Kerberos authentication protocol or NTLM hash used by Microsoft Corp., or login credentials via certificates or via another implementation used today or in the future. Background information about the Kerberos protocol and the LM hash is available at Wikipedia.
Access governor 150 may maintain a directory of endpoint computers 110, databases 120 and their users. Access governor 150 authorizes users and computers, assigns and enforces security policies, and installs and updates software. When a user logs into an endpoint computer 110, access governor 150 checks the submitted password, and determines if the user is an administrator (admin), a normal user (user) or other user type.
Endpoint computers 110 may run a local or remote security service, which is an operating system process that verifies users logging in to computers and other single sign-on systems and other credential storage systems.
Network 100 may include a security information and event management (SIEM) server 160, which provides real-time analysis of security alerts generated by network hardware and applications. Background information about SIEM is available at Wikipedia.
Network 100 may include a domain name system (DNS) server 170, or such other name service system, for translating domain names to IP addresses. Background information about DNS is available at Wikipedia.
Network 100 may include a firewall 180 located within a demilitarized zone (DMZ), which is a gateway between organization network 100 and external internet 10. Firewall 180 controls incoming and outgoing traffic for network 100. Background information about firewalls and DMZ is available at Wikipedia.
One of the most prominent threats that organizations face is a targeted attack; i.e., an individual or group of individuals that attacks the organization for a specific purpose, such as leaking data from the organization, modifying data and systems, and sabotaging data and systems.
Targeted attacks are carried out in multiple stages, typically including inter alia reconnaissance, penetration, lateral movement and payload. Lateral movement involves establishing a foothold within the organization and expanding that foothold to additional systems within the organization.
In order to carry out the lateral movement stage, an attacker, whether a human being who is operating tools within the organization's network, or a tool with “learning” capabilities, learns information about the environment it is operating in, such as network topology, organization structure, and implemented security solutions, and then operates in accordance with that data. One method to defend against such attacks is to plant misleading information/decoys/bait with the aim that the attacker learns of their existence and consumes those bait resources, which are monitored so as to notify an administrator of malicious activity. In order to monitor usage of deceptive information, trap servers, referred to as “honeypots”, are deployed in the organization. Background information about honeypots is available at Wikipedia.
With the influx of Generation Y and the increasing demand for flexible working, the shift from company owned devices to employees bringing their own devices is having a massive impact on how IT departments react to mobile security.
Although “bring your own device” is an attractive business model, there are a number of security risks associated with it. With data security being the number one concern for CEOs, ensuring that an IT environment is secure is more paramount than ever.
Use of employee smartphones within an organization has many security drawbacks.
Smartphones, as computers, are preferred targets of attacks. These attacks exploit weaknesses inherent in smartphones that arise from the communication modes including inter alia Short Message Service (SMS), also referred to as “text messaging”, Multimedia Messaging Service (MMS), Wi-Fi, Bluetooth and GSM. In additional there are exploits that target software vulnerabilities in the smartphone browser or operating system.
Smartphones generally have access to both the World Wide Web and the inner organizational network via the organization's Wi-Fi network. Often smartphones contain sensitive organization information, including inter alia organization mail, project notes, pictures and videos.
Unlike desktop computers and servers, smartphones are not always monitored by the IT department, because they belong to the employees (bring your own device) and not to the organization.
Monitoring smartphones via Mobile Device Management (MDM) includes installing security tools such as antivirus tools on the smartphones, but these security tools are not always effective for detecting advanced persistent threats (APTs).
At present, a deception solution for smartphones does not exist, and there is no reliable detection tool for APTs. As such, there is a need for a security solution to protect organizations against attackers that breach mobile phones belonging to employees of the organization that operate in conjunction with the organization's network.
Embodiments of the present invention create, manage and deploy deceptions on mobile devices, leading a potential attacker to a trap server that alerts the organization's security administrators.
Embodiments of the present invention provide a new layer of defense for smartphones. One embodiment employs a mobile device manager (MDM) to deploy deceptions on mobile devices. An alternative embodiment avoids use of an MDM and instead uses dedicated applications on mobile devices to deploy deceptions on mobile devices. In both embodiments, when an attacker attempts to use deceptive data retrieved from a mobile device, a trap server reports an incident to a deception manager server, and forensics of the mobile device are collected to monitor the attacker.
There is thus provided in accordance with an embodiment of the present invention a system for managing attacker incidents on a mobile device, including a mobile device manager (MDM) receiving instructions to deploy deceptions on a mobile device used by an employee of an organization in conjunction with a network of the organization and, in response to the instructions, running a dedicated agent on the mobile device, wherein the dedicated agent is configured to register the mobile device and its current deceptions state, receive a list of deceptions to install in the mobile device, and install the deceptions in the received list in the mobile device, a trap server triggering an incident in response to an attacker attempting to use deceptive data that was installed in the mobile device by the dedicated agent, and sending a notification that an incident has occurred, and a deception management server sending instructions to the MDM to deploy deceptions on the mobile device, sending the list of deceptions to the MDM, registering the mobile device and its deceptions state, receiving the notification from the trap server that an incident has occurred, in response thereto instructing the MDM to run forensics on the mobile device, and receiving the forensics from the dedicated agent.
There is additionally provided in accordance with an embodiment of the present invention a method for managing attacker incidents on a mobile device, including instructing, by a deception management server, a mobile device manager (MDM) to deploy deceptions on a mobile device used by an employee of an organization in conjunction with a network of the organization, in response to the instructing running, by the MDM, a dedicated agent on the mobile device, registering, by the dedicated agent, the mobile device and its current deceptions state with the deception management server, receiving, by the dedicated agent from the deception management server, a list of deceptions to install in the mobile device, installing, by the dedicated agent, the deceptions in the received list in the mobile device, wherein the received deceptions include data leading to a trap server, attempting, by an attacker, to use deceptive data installed in the mobile phone, to connect to a service, in response to the attempting, triggering an incident in the trap server, notifying, by the trap server, the deception management server, that an incident has occurred, further instructing the MDM, by the deception management server, to run forensics on the mobile device, in response to the further instructing, running by the MDM, forensics on the mobile device, and transmitting forensic data, by a forensics collector in the dedicated agent, to the deception management server.
There is further provided in accordance with an embodiment of the present invention a method for managing attacker incidents on a mobile device, including downloading, by a mobile device, a dedicated application, running by the mobile device, the dedicated application with parameters provided by a deception management server, registering, by the dedicated application, the mobile device and its current deceptions state with the deception management server, receiving, by the dedicated application from the deception management server, a list of deceptions to install in the mobile device, installing, by the dedicated agent, the deceptions in the received list in the mobile device, attempting, by an attacker, to use deceptive data in the mobile phone, to connect to a service, in response to the attempting, triggering an incident in a trap server, notifying, by the trap server, the dedicate application, that an incident has occurred, running by the dedicated application, forensics on the mobile device, and transmitting forensic data, by a forensics collector in the dedicated application, to the deception management server.
The present invention will be more fully understood and appreciated from the following detailed description, taken in conjunction with the drawings in which:
For reference to the figures, the following index of elements and their numerals is provided. Similarly numbered elements represent elements of the same type, but they need not be identical elements.
Elements numbered in the 1000's are operations of flow charts.
The following definitions are employed throughout the specification.
DECEPTION MANAGEMENT SERVER—refers to a server that manages and controls the systems and data flows. The deception management server registers the mobile devices in the organization, and saves the deceptions state, also referred to as the “snapshot” of the mobile devices, and knows where to plan which deceptions. The deception management server sets parameters and configurations.
MOBILE DEVICE MANAGEMENT (MDM)—refers to a server that handles administration of mobile devices in the organization, including inter alia, smartphones, tablets, laptops and desktops. The MDM runs an Android/iOS agent on the mobile devices and collects forensic data from the mobile devices.
TRAP SERVER—refers to a server to which attempts by an attacker to use deceptive data from mobile phones, are directed. The trap server listens for connections from various protocols, including inter alia HTTP, HTTPS and SSH.
In accordance with embodiments of the present invention, systems and methods are provided for generating, managing and deploying deceptions in mobile devices. These deceptions lead an attacker to a trap server, where his activity is monitored and forensics are collected.
Reference is made to
Mobile devices 210, which are owned by employees of an organization, are used by the employees for carrying out work of the organization, and access an organizational network. As such, mobile devices 210 may hold sensitive information and credentials, which are desirable targets of an attacker. Mobile devices 210 include inter alia smartphones, tablet devices, laptops and desktop computers.
Deception management server 220, manages and controls system flows and data. Deception management server 220 saves the deception state, referred to as the “snapshot”, of each device in the organization, and knows where to plant which deceptions. Deception management server 220 is used to set configurations.
Deceptions are routed to trap server 230, which listens for connections from all common protocols, including inter alia HTTP, HTTPS and SSH. Trap server 230 may be publicly exposed to the Internet, depending on its configuration.
MDM device management server 260, which belongs to the organizational network, and which handles administration of mobile devices 210. MDM device manager server 260 runs Android/iOS agents and forensics on mobile devices 210. MDM device manager server is an optional but recommended component. At alternative embodiment is to install dedicated mobile applications on all mobile devices 210, where the mobile applications manage and deploy deceptions on mobile devices 210.
At operation 1010, deception management server 220 tells MDM device management server 260 to deploy deceptions on a mobile device 210, as indicated by the circled 1 in
There is a wide variety of types of mobile deceptions that are planted in mobile devices 210, including inter alia:
Applications—deceptive data planted in personal and organizational applications, in LINKEDIN®, in TWITTER®, in FACEBOOK®, in GMAIL®, in GOOGLE HANGOUTS®, and in Google Drive;
Browsers—deceptive URLs planted in local browsers;
E-mail—deceptive data planted in e-mail;
Files—files containing data leading to deceptive entities;
Network—deceptive network device leading to trap server;
SSH/Telnet—data leading to deceptive entities; and
Users—deceptive users and deceptive user credentials.
Reference is made to
At operation 1110 an attacker attempts to connect to a service via a protocol including inter alia HTTP, HTTPS and SSH, using deceptive credentials retrieved from a mobile device 210 as indicated by the circled 1 in
Reference is made to
At operation 1210, each mobile device loads a dedicated application from, inter alia from the Google Play Store or the Apple App Store, as indicated by the circled 1 in
In the foregoing specification, the invention has been described with reference to specific exemplary embodiments thereof. It will, however, be evident that various modifications and changes may be made to the specific exemplary embodiments without departing from the broader spirit and scope of the invention. Accordingly, the specification and drawings are to be regarded in an illustrative rather than a restrictive sense.
| Number | Name | Date | Kind |
|---|---|---|---|
| 6363489 | Comay et al. | Mar 2002 | B1 |
| 6618709 | Sneeringer | Sep 2003 | B1 |
| 7065657 | Moran | Jun 2006 | B1 |
| 7089589 | Chefalas et al. | Aug 2006 | B2 |
| 7093291 | Bailey | Aug 2006 | B2 |
| 7516227 | Cohen | Apr 2009 | B2 |
| 7574741 | Aviani et al. | Aug 2009 | B2 |
| 7636944 | Raikar | Dec 2009 | B2 |
| 7665134 | Hernacki et al. | Feb 2010 | B1 |
| 7694339 | Blake et al. | Apr 2010 | B2 |
| 7725937 | Levy | May 2010 | B1 |
| 7752664 | Satish et al. | Jul 2010 | B1 |
| 7945953 | Salinas et al. | May 2011 | B1 |
| 8015284 | Isenberg et al. | Sep 2011 | B1 |
| 8181249 | Chow et al. | May 2012 | B2 |
| 8181250 | Rafalovich et al. | May 2012 | B2 |
| 8250654 | Kennedy et al. | Aug 2012 | B1 |
| 8375447 | Amoroso et al. | Feb 2013 | B2 |
| 8474047 | Adelstein | Jun 2013 | B2 |
| 8499348 | Rubin | Jul 2013 | B1 |
| 8528091 | Bowen et al. | Sep 2013 | B2 |
| 8549642 | Lee | Oct 2013 | B2 |
| 8549643 | Shou | Oct 2013 | B1 |
| 8719938 | Chasko et al. | May 2014 | B2 |
| 8739281 | Wang et al. | May 2014 | B2 |
| 8739284 | Gardner | May 2014 | B1 |
| 8769684 | Stolfo et al. | Jul 2014 | B2 |
| 8819825 | Keromytis et al. | Aug 2014 | B2 |
| 8856928 | Rivner et al. | Oct 2014 | B1 |
| 8881288 | Levy et al. | Nov 2014 | B1 |
| 8925080 | Hebert | Dec 2014 | B2 |
| 9009829 | Stolfo et al. | Apr 2015 | B2 |
| 9015842 | Troyansky | Apr 2015 | B2 |
| 9043905 | Allen et al. | May 2015 | B1 |
| 9124622 | Falkowitz et al. | Sep 2015 | B1 |
| 9152808 | Ramalingam et al. | Oct 2015 | B1 |
| 9240976 | Murchison | Jan 2016 | B1 |
| 9325728 | Kennedy et al. | Apr 2016 | B1 |
| 9356942 | Joffe | May 2016 | B1 |
| 9386030 | Vashist et al. | Jul 2016 | B2 |
| 9495188 | Ettema et al. | Nov 2016 | B1 |
| 20020066034 | Schlossberg et al. | May 2002 | A1 |
| 20020194489 | Almogy et al. | Dec 2002 | A1 |
| 20030084349 | Friedrichs et al. | May 2003 | A1 |
| 20030110396 | Lewis et al. | Jun 2003 | A1 |
| 20030145224 | Bailey | Jul 2003 | A1 |
| 20040088581 | Brawn et al. | May 2004 | A1 |
| 20040128543 | Blake et al. | Jul 2004 | A1 |
| 20040148521 | Cohen et al. | Jul 2004 | A1 |
| 20040160903 | Gai et al. | Aug 2004 | A1 |
| 20040172557 | Nakae et al. | Sep 2004 | A1 |
| 20040255155 | Stading | Dec 2004 | A1 |
| 20050114711 | Hesselink et al. | May 2005 | A1 |
| 20050132206 | Palliyil et al. | Jun 2005 | A1 |
| 20050149480 | Deshpande | Jul 2005 | A1 |
| 20050235360 | Pearson | Oct 2005 | A1 |
| 20060010493 | Piesco et al. | Jan 2006 | A1 |
| 20060041761 | Neumann et al. | Feb 2006 | A1 |
| 20060069697 | Shraim et al. | Mar 2006 | A1 |
| 20060101516 | Sudaharan et al. | May 2006 | A1 |
| 20060161982 | Chari et al. | Jul 2006 | A1 |
| 20060224677 | Ishikawa et al. | Oct 2006 | A1 |
| 20060242701 | Black et al. | Oct 2006 | A1 |
| 20070028301 | Shull et al. | Feb 2007 | A1 |
| 20070039038 | Goodman et al. | Feb 2007 | A1 |
| 20070157315 | Moran | Jul 2007 | A1 |
| 20070192853 | Shraim et al. | Aug 2007 | A1 |
| 20070226796 | Gilbert et al. | Sep 2007 | A1 |
| 20070299777 | Shraim et al. | Dec 2007 | A1 |
| 20080016570 | Capalik | Jan 2008 | A1 |
| 20080086773 | Tuvell et al. | Apr 2008 | A1 |
| 20080155693 | Mikan et al. | Jun 2008 | A1 |
| 20090019547 | Palliyil et al. | Jan 2009 | A1 |
| 20090144827 | Peinado et al. | Jun 2009 | A1 |
| 20090222920 | Chow et al. | Sep 2009 | A1 |
| 20090241173 | Troyansky | Sep 2009 | A1 |
| 20090241191 | Keromytis et al. | Sep 2009 | A1 |
| 20090241196 | Troyansky et al. | Sep 2009 | A1 |
| 20090328216 | Rafalovich et al. | Dec 2009 | A1 |
| 20100058456 | Jajodia et al. | Mar 2010 | A1 |
| 20100071051 | Choyi et al. | Mar 2010 | A1 |
| 20100077483 | Stolfo et al. | Mar 2010 | A1 |
| 20100082513 | Liu | Apr 2010 | A1 |
| 20100251369 | Grant | Sep 2010 | A1 |
| 20100269175 | Stolfo et al. | Oct 2010 | A1 |
| 20110016527 | Yanovsky et al. | Jan 2011 | A1 |
| 20110154494 | Sundaram et al. | Jun 2011 | A1 |
| 20110167494 | Bowen et al. | Jul 2011 | A1 |
| 20110214182 | Adams et al. | Sep 2011 | A1 |
| 20110258705 | Vestergaard et al. | Oct 2011 | A1 |
| 20110302653 | Frantz et al. | Dec 2011 | A1 |
| 20110307705 | Fielder | Dec 2011 | A1 |
| 20120005756 | Hoefelmeyer et al. | Jan 2012 | A1 |
| 20120084866 | Stolfo | Apr 2012 | A1 |
| 20120167208 | Buford et al. | Jun 2012 | A1 |
| 20120210388 | Kolishchak | Aug 2012 | A1 |
| 20120246724 | Sheymov et al. | Sep 2012 | A1 |
| 20120311703 | Yanovsky et al. | Dec 2012 | A1 |
| 20130061055 | Schibuk | Mar 2013 | A1 |
| 20130086691 | Fielder | Apr 2013 | A1 |
| 20130212644 | Hughes et al. | Aug 2013 | A1 |
| 20130227697 | Zandani | Aug 2013 | A1 |
| 20130263226 | Sudia | Oct 2013 | A1 |
| 20140082730 | Vashist et al. | Mar 2014 | A1 |
| 20140101724 | Wick et al. | Apr 2014 | A1 |
| 20140115706 | Silva et al. | Apr 2014 | A1 |
| 20140201836 | Amsler | Jul 2014 | A1 |
| 20140208401 | Balakrishnan et al. | Jul 2014 | A1 |
| 20140237599 | Gertner et al. | Aug 2014 | A1 |
| 20140259095 | Bryant | Sep 2014 | A1 |
| 20140298469 | Marion et al. | Oct 2014 | A1 |
| 20140310770 | Mahaffey | Oct 2014 | A1 |
| 20140337978 | Keromytis et al. | Nov 2014 | A1 |
| 20140359708 | Schwartz | Dec 2014 | A1 |
| 20150007326 | Mooring et al. | Jan 2015 | A1 |
| 20150013006 | Shulman et al. | Jan 2015 | A1 |
| 20150047032 | Hannis et al. | Feb 2015 | A1 |
| 20150074750 | Pearcy et al. | Mar 2015 | A1 |
| 20150074811 | Capalik | Mar 2015 | A1 |
| 20150096048 | Zhang et al. | Apr 2015 | A1 |
| 20150128246 | Feghali et al. | May 2015 | A1 |
| 20150156211 | Chi Tin et al. | Jun 2015 | A1 |
| 20150264062 | Hagiwara et al. | Sep 2015 | A1 |
| 20150326587 | Vissamsetty et al. | Nov 2015 | A1 |
| 20150326598 | Vasseur et al. | Nov 2015 | A1 |
| 20160019395 | Ramalingam et al. | Jan 2016 | A1 |
| 20160080414 | Kolton et al. | Mar 2016 | A1 |
| 20160212167 | Dotan et al. | Jul 2016 | A1 |
| 20160261608 | Hu et al. | Sep 2016 | A1 |
| 20160300227 | Subhedar et al. | Oct 2016 | A1 |
| 20160308895 | Kotler et al. | Oct 2016 | A1 |
| 20160323316 | Kolton et al. | Nov 2016 | A1 |
| 20160373447 | Akiyama et al. | Dec 2016 | A1 |
| 20170032130 | Joseph Durairaj et al. | Feb 2017 | A1 |
| 20170134423 | Sysman | May 2017 | A1 |
| 20180309787 | Evron | Oct 2018 | A1 |
| Number | Date | Country |
|---|---|---|
| 2006131124 | Dec 2006 | WO |
| 2015001969 | Jan 2015 | WO |
| 2015047555 | Apr 2015 | WO |
| Entry |
|---|
| Wikipedia, Active Directory, https://en.wikipedia.org/wiki/Active_Directory, Jun. 24, 2015. |
| Wikpedia, Apple Filing Protocol, https://en.wikipedia.org/wiki/Apple_Filing_Protocol, Aug. 14, 2015. |
| Wikipedia, DMZ (computing), https://en.wikipedia.org/wiki/DMZ_(computing), Jun. 17, 2015. |
| Wikipedia, Domain Name System, https://en.wikipedia.org/wiki/Domain_Name_System, Jul. 14, 2015. |
| Wikipedia, Firewall (computing), https://en.wikipedia.org/wiki/Firewall_(computing), Jul. 14, 2015. |
| Wikipedia, Honeypot (computing), https://en.wikipedia.org/wiki/Honeypot_(computing), Jun. 21, 2015. |
| Wikipedia, Kerberos (protocol), https://en.wikipedia.org/wiki/Kerberos_(protocol), Jun. 30, 2015. |
| Wikipedia, Lightweight Directory Access Protocol, https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol, Aug. 15, 2015. |
| Wikipedia, LM hash, https://en.wikipedia.org/wiki/LM_hash, Jun. 8, 2015. |
| Wikipedia, RADIUS, https://en.wikipedia.org/wiki/RADIUS, Aug. 16, 2015. |
| Wikipedia, Rainbow table, https://en.wikipedia.org/wiki/Rainbow_table, Jul. 14, 2015. |
| Wikipedia, Secure Shell, https://en.wikipedia.org/wiki/Honeypot_(computing), Jul. 12, 2015. |
| Wikipedia, Security Information and Event Management, https://en.wikipedia.org/wiki/Security_information_and_event_management, Jun. 23, 2015. |
| Wikipedia, Tarpit (networking), https://en.wikipedia.org/wiki/Tarpit_(networking), Jul. 3, 2014. |
| Mishra et al., Intrusion detection in wireless ad hoc networks, IEEE Wireless Communications, Feb. 2004, pp. 48-60. |
| Zhang et al., Intrusion detection techniques for mobile wireless networks, Journal Wireless Networks vol. 9(5), Sep. 2003, pp. 545-556, Kluwer Academic Publishers, the Netherlands. |
| U.S. Appl. No. 15/004,904, Office Action, dated May 27, 2016, 16 pages. |
| U.S. Appl. No. 15/004,904, Notice of Allowance, dated Oct. 19, 2016, 13 pages. |
| U.S. Appl. No. 15/175,048, Notice of Allowance, dated Oct. 13, 2016, 17 pages. |
| U.S. Appl. No. 15/175,050, Office Action, dated Aug. 19, 2016, 34 pages. |
| U.S. Appl. No. 15/175,050, Office Action, dated Nov. 30, 2016, 31 pages. |
| U.S. Appl. No. 15/175,050, Notice of Allowance, dated Mar. 21, 2017, 13 pages. |
| U.S. Appl. No. 15/175,052, Office Action, dated Feb. 13, 2017, 19 pages. |
| U.S. Appl. No. 15/175,052, Office Action, dated Jun. 6, 2017, 19 pages. |
| U.S. Appl. No. 15/175,054, Notice of Allowance, dated Feb. 21, 2017, 13 pages. |
| U.S. Appl. No. 15/403,194, Office Action, dated Feb. 28, 2017, 13 pages. |
| U.S. Appl. No. 15/403,194, Notice of Allowance, dated Jun. 16, 2017, 9 pages. |
| U.S. Appl. No. 15/406,731, Notice of Allowance, dated Apr. 20, 2017. |
| PCT Application No. PCT/IL16/50103, International Search Report and Written Opinion, dated May 26, 2016, 9 pages. |
| PCT Application No. PCT/IL16/50579, International Search Report and Written Opinion, dated Sep. 30, 2016, 7 pages. |
| PCT Application No. PCT/IL16/50581, International Search Report and Written Opinion, dated Nov. 29, 2016, 10 pages. |
| PCT Application No. PCT/IL16/50582, International Search Report and Written Opinion, dated Nov. 16, 2016, 11 pages. |
| PCT Application No. PCT/IL16/50583, International Search Report and Written Opinion, dated Dec. 8, 2016, 10 pages. |
| U.S. Appl. No. 15/175,052, Notice of Allowance, dated Jan. 2, 2018, 9 pages. |
| U.S. Appl. No. 15/679,180, Notice of Allowance, dated Mar. 26, 2018, 14 pages. |
| U.S. Appl. No. 15/722,351, Office Action, dated Mar. 9, 2018, 17 pages. |
| U.S. Appl. No. 15/722,351, Notice of Allowance, dated Aug. 8, 2018, 8 pages. |
| U.S. Appl. No. 15/682,577, Notice of Allowance, dated Jun. 14, 2018, 15 pages. |
| U.S. Appl. No. 15/641,817, Office Action, dated Jul. 26, 2018, 29 pages. |
