Patent Grant
9736121
The present invention relates generally to secure transfer of files. More particularly, the present invention relates to the use of one or more file manifest tables to validate files in connection with their transfer across a one-way data link.
Protection of a computer or data network from undesired and unauthorized data disclosure, interception or alteration has been a perennial concern in the field of computer and network security. For example, firewall and anti-spyware software have been developed to address security concerns for computers and networks connected to the Internet and to protect them from possible cyber-attacks such as Trojan horse-type viruses or worms that may trigger undesired and unauthorized data disclosure by these computers and networks. However, for high security computer networks such as those used by government agencies and intelligence community and certain commercial applications, conventional network security devices such as firewalls may not provide sufficiently reliable protection from undesired data disclosure.
Alternative network security methods and devices based on unidirectional data transfer have been devised to address the network security concern. For example, U.S. Pat. No. 5,703,562 to Nilsen (“the '562 patent”), the content of which is hereby incorporated by reference in its entirety, provides an alternative way to address the network security concern. The '562 patent discloses a method of transferring data from an unsecured computer to a secured computer over a one-way optical data link comprising an optical transmitter on the sending side and an optical receiver on the receiving side. By providing such an inherently unidirectional data link to a computer/data network to be protected, one can eliminate any possibility of unintended data leakage out of the computer/data network over the same link.
Any data link that strictly enforces the unidirectionality of data flow is called one-way link or one-way data link. In other words, it is physically impossible to send information or data of any kind through a one-way data link in the reverse direction. One-way data link may be hardware-based, software-based, or based on some combination of hardware and software.
One-way data transfer systems based on such one-way data links provide network security to data networks by isolating the networks from potential security breaches (i.e., undesired and unauthorized data flow out of the secure network) while still allowing them to import data from the external source in a controlled fashion.
A configuration such as the one shown in
It is an object of the present invention to enhance the security and reliability of file transfer across a one-way data link by validating files either before or after they are transferred across the one-way data link before they reach the users in the destination network.
Other objects and advantages of the present invention will become apparent from the following description.
It has now been found that the above and related objects of the present invention are obtained in the form of a file manifest filter for validating files for one-way transfer.
More particularly, the present invention relates to a manifest transfer engine comprising a send side, a one-way data link and a receive side. The send side is configured to receive and store a file manifest table having a list of file characteristics from an administrator server, to receive a file from a user and compare an identifying characteristic of the received file with the list of file characteristics in the file manifest table, and, only if there is a match between the received file characteristic and an entry in the list, to allow transfer of the file on an output. The one-way data link has an input coupled to the output of the send side and an output, and is configured to enforce unidirectional data flow only from the input to the output. The receive side has an input coupled to the output of the one-way data link and is configured to receive files via the input.
Preferably, the identifying characteristic may be a file hash value and the file manifest table may support at least one hash code algorithm selected from the group consisting of MD5 128-bit checksum, SHA 160 bit checksum, SHA 224 bit checksum, SHA 256 bit checksum, SHA 384 bit checksum, and SHA 512 bit checksum. The file manifest table may be an ASCII text file. In a further embodiment, the file manifest table may be based on hash numbers provided by the user and/or hash numbers of software updates that are publicly available. In a further embodiment, the send side may be further configured to apply a filter to the file manifest table upon receiving it from the administrator server and prior to storing it. In a further embodiment, the manifest transfer engine may further comprise a USB interface configured to transfer the user file from a USB memory device coupled to the USB interface to the send side. In a further embodiment, the send side is further configured to delete or quarantine the user file if there is no match between the received file characteristic and the list of file characteristics in the file manifest table. Preferably, the file manifest table is not accessible by the user transferring the file.
The present invention is also directed to a system for one-way transfer of files, comprising an administrator server configured to create and output a file manifest table having a list of file characteristics and a manifest transfer engine comprising a send side, a receive side, and a one-way data link enforcing unidirectional data flow from the send side to the receive side. The send side is configured to receive and store a file from a file source client, to receive and store the file manifest table, to compare an identifying characteristic of the received file with the list of file characteristics in the file manifest table, and, only if there is a match between the received file characteristic and an entry in the list of file characteristics in the file manifest table, to transfer the file to the receive side via the one-way data link. The receive side is configured to forward received files to the file destination server.
Preferably, the administrator server and the file source client are located in a same network and the send side of the manifest transfer engine receives the file manifest table from the administrator server and the file from the file source client via different dedicated TCP ports to prevent commingling of the file and the file manifest table during the transfer. In a further embodiment, the administrator server and the file source client are located on different networks. In a further embodiment, the system further comprises a second one-way data link coupled between the administrative server and the send side of the manifest engine, with the administrator server connected to an insecure network and the send side of the manifest transfer engine receives the file manifest table from the administrator server via the second one-way data link. Preferably, the insecure network is a cloud network or the Internet. In a still further embodiment, the administrative server is further configured to create and output a second file manifest table having a second list of file characteristics and the system further comprises a second manifest transfer engine comprising a second send side, a second receive side, and a second one-way data link enforcing unidirectional data flow from the second send side to the second receive side. The second send side is configured to receive and store a file from a second file source client, to receive and store the second manifest filter table, to compare an identifying characteristic of the received file with the second list of file characteristics in the second file manifest table, and, only if there is a match between the received file characteristic and an entry in the second list of file characteristics in the second file manifest table, to transfer the file to the second receive side via the second one-way data link. The second receive side is configured to forward received files to the second file destination server.
The present invention is also directed to method of file manifest filtering for file transfer across a one-way data link, comprising the steps of maintaining a file manifest table containing a list of file characteristics, receiving a file from a user, computing an identifying characteristic for the received file, comparing the computed characteristic with the list of file characteristics in the file manifest table, and transferring the file across a one-way data link only if there is a match between the computed and an entry in the list of file characteristics in the file manifest table.
The present invention is also directed to a manifest transfer engine comprising a send side, a one-way data link and a receive side. The send side is configured to receive a file from a user and transfer the user file on an output. The one-way data link has an input coupled to the output of the send side and an output, and is configured to enforce unidirectional data flow from the input to the output. The receive side has an input coupled to the output of the one-way data link and is configured to receive and store a file manifest table having a list of file characteristics from an administrator server, to receive the user file on the input and to compare an identifying characteristic of the received user file with the list of file characteristics in the file manifest table, and, only if there is a match between the received file characteristic and an entry in the list, to allow release of the received user file.
The present invention is also directed to a system for one-way transfer of files, comprising an administrator server configured to create and output a file manifest table having a list of file characteristics, and a manifest transfer engine comprising a send side, a receive side, and a one-way data link enforcing unidirectional data flow from the send side to the receive side. The send side is configured to receive a file from a file source client and forward the received file to the receive side via the one-way data link. The receive side is configured to receive and store a file from the one-way data link, to receive and store the file manifest table, to compare an identifying characteristic of the received file with the list of file characteristics in the file manifest table, and, only if there is a match between the received file characteristic and an entry in the list of file characteristics in the file manifest table, to transfer the file to a file destination server.
The present invention is also directed to a method of file manifest filtering for file transfer across a one-way data link, comprising the steps of maintaining a file manifest table containing a list of file characteristics, receiving a file from a user, transferring the file across the one-way data link, computing an identifying characteristic for the transferred file, comparing the computed characteristic with the list of file characteristics in the file manifest table, and releasing the file to a recipient only if there is a match between the computed characteristic for the transferred file and an entry in list of file characteristics in the file manifest table.
These and other features of this invention are described in, or are apparent from, the following detailed description of various exemplary embodiments of this invention.
The above and related objects, features and advantages of the present invention will be more fully understood by reference to the following, detailed description of the preferred, albeit illustrative and exemplary, embodiments of the present invention when taken in conjunction with the accompanying figures, wherein:
As described in U.S. patent application Ser. No. 11/788,077, now U.S. Pat. No. 8,352,450, issued Jan. 8, 2013, the contents of which are incorporated herein by reference, files based on various conventional transport protocols may be transferred across a one-way data link under suitable arrangements. The following example illustrates transfer of files based on the Transmission Control Protocol (TCP) across a one-way data link.
Construction of the conventional TCP sockets requires bilateral communications since it requires an acknowledgement channel from the receive node to the send node. Accordingly, the conventional TCP/IP protocol cannot be implemented directly in a one-way data transfer system based on a one-way data link, since no bilateral “hand shaking” is allowed over the one-way link due to physical enforcement of unidirectionality of data flow. Instead, the one-way data transfer system 200 illustrated in
In
In certain situations, it would be advantageous to use a one-way data link with an independent link layer protocol for one-way transfer so that non-routable point to point communications with a true IP protocol break can be enforced. With these properties, data packets or files cannot be accidentally routed in the network and other protocols (such as printer protocols, etc.) will not route across the one-way data link. An exemplary configuration enforcing such non-routable point to point communications with a true IP protocol break can be implemented in the one-way file transfer system 200 of
For the security of the overall one-way file transfer system 200, the IP address-to-channel number mapping table (e.g., Hostports.txt file) residing in the send node 204 may be different from the channel number-to-IP addressing mapping table (e.g., Portmap.txt file) residing in the receive node 208, and furthermore, neither table may be re-constructed on the basis of the other table. Neither table alone reveals the overall IP routing configuration from the source platform 201 to the destination platform 212. In this way, the IP information of the destination platform 212 may remain undisclosed to the sender at the source platform 201 and the security of the overall system 200 can be maintained.
Under the conventional TCP/IP protocol, the acknowledgement mechanism requiring bilateral communications may provide means for error detection. However, the one-way data link 207 forecloses such means. Instead, the one-way data transfer system 200 may assure file integrity by applying, for example, a hash algorithm such as MD5 to each file being transferred over the one-way data link 207. The send node 204 calculates an MD5 hash number for the file and sends the resulting hash number along with the file to the receive node 208 over the one-way data link 207. When the receive node 208 receives the file, it may re-calculate a hash number for the received file and compare the result with the hash number calculated by the send node 204. By comparing these results, the receive node 208 may be able to determine as to whether any error has occurred during the file transfer across the one-way data link.
As shown in
The send side 301 of the manifest transfer engine 300 may comprise a file client configured to receive files 305 from the user and send them across the one-way data link 302 upon validation. Similarly, the receive side 303 of the manifest transfer engine 300 may comprise a file server configured to receive the files from the one-way data link 302 and forward them to the intended recipient (e.g., a file server in the destination network). In one or more embodiments, the send side 301 and the receive side 303 of the manifest transfer engine 300 may respectively comprise a TCP file client 202 and a TCP file server 213 shown in
In one or more embodiments, a user may transfer files to the send side 301 of the manifest transfer engine 300 from a USB memory stick. A special menu system (not shown) may allow the user to select a file from the USB file directory and copy and download (transfer) it to the send side 301 for processing and/or validation for one-way transfer. For security reason, files to be transferred from the USB memory stick to the manifest transfer engine 300 may be required to be located in a special subdirectory (e.g., “owlsenddata”) of the USB memory. Unlike the USB walk-net, only the administrator-approved files may be transferred between the security domains.
In one or more embodiments, only the designated system administrator can create, edit, and/or update the file manifest table 304 at, for example, one or more administrator servers. The file manifest table is not publicly accessible and preferably remains inaccessible by any unauthorized third parties. The file manifest table could even be made inaccessible by the user of the manifest transfer engine to transfer files, depending on the desired level of security for file transfer. In one or more embodiments, suitable IP filters may be defined in a configuration file for transferring the file manifest table so as to specifically designate the personal computers or servers that are allowed to send the file manifest table to the manifest transfer engine. Preferably, the transfer of the file manifest table 304 to the send side 301 of the manifest transfer engine 300 is under a strict control of the designated system administrator.
The file manifest table may be created in the form of an ASCII-only text file (“the manifest file”) containing hash numbers or other forms of identification corresponding to the files that are permitted to be transferred through one-way data link 302. For example, a manifest file may be assembled by the administrator based on the hash numbers provided by the user that correspond to the files that the user wishes to transfer across the network boundary via one-way data link 302. In another example, a manifest file may be assembled by the administrator based on the hash numbers of anti-virus and anti-malware updates and/or OS and software patches that are made publicly available from software companies.
The format of the manifest files need not be strict and may only require a list of valid hash numbers. Multiple hash code algorithms may be supported by the manifest files, including, for example, MD5 128-bit checksum (Unix: md5sum), SHA 160 bit checksum (Unix: sha1sum), SHA 224 bit checksum (Unix: sha224sum), SHA 256 bit checksum (Unix: sha256sum), SHA 384 bit checksum (Unix: sha384sum), and SHA 512 bit checksum (Unix: sha512sum). The documentation for these hash code algorithms is publicly available and once the hash program is properly installed, the manual for the hash program can be accessed by the following Unix command: “info [Unix name for the hash algorithm]” (e.g., “info md5sum”).
Some examples of creating a manifest file by using the md5sum utility are described below. It is noted that the angle brackets (“< . . . >”) indicate an input field and are not used during the execution. It is also noted that all the Unix utilities are executed in the same manner, producing the same resulting formatted output.
md5sum<filename> >manifest.txt
md5sum<filename> >>manifest.txt
md5sum $(find<path>-type f-print)>>manifest.txt
An exemplary process below illustrates the generation of a manifest file, “manifest.txt,” based on Example 3:
Listing the files in subdirectory “manifest-examples”:
Executing the md5sum utility on the files in the subdirectory:
md5sum $(find manifest-examples-type f-print)>>manifest.txt
The contents of the resulting manifest file “manifest.txt” are as follows:
In this example, the file names are included only for reference and convenience, and are not necessarily required.
In one or more embodiments, the send side 301 of the manifest transfer engine 300 is capable of accepting and storing multiple file manifest tables. In such embodiments, the administrator may send new, updated, or multiple file manifest tables to the send side 301, either periodically or at various suitable times, and the send side 301 can receive and store them without having to overwrite or delete the previously received and stored file manifest tables.
The manifest transfer engine 300 may perform the file manifest filtering as follows: The executable or non-executable file 305 received from the user by the send side 301 of the manifest transfer engine 300 is individually validated against the file manifest table 304 stored in the send side 301. In one or more embodiments, the send side 301 calculates a hash number for the received file 305 and compares it with the registered hash numbers listed on the file manifest table 304. If there is a match, the file 305 is validated and the send side 301 allows it to be transferred to the receive side 303 via one-way data link 302. On the other hand, if no match is found, the file 305 is denied transfer across one-way data link 302 and may be quarantined or deleted by the send side 301 or by the administrator. The incident of finding no match may be logged.
In one or more embodiments, a menu system associated with the manifest transfer engine may allow the system administrator to manage the file manifest tables stored in the manifest transfer engine. Management of the file manifest tables may include viewing, revising, updating and/or deleting of the file manifest tables. Preferably, users or unauthorized third parties are not allowed to access and edit the file manifest table or any individual registered hash numbers therein.
As described below, the exemplary embodiments described in
As shown in
In
An exemplary processing of the file manifest table 404 is described below:
(1) A file transfer server 408 (e.g., tcpfileserver-manifest), receives the file manifest table 404 on dedicated TCP port 406 (e.g., Port 9000), using the configuration file,
/Owl/owlTcpXfer/server/Hostports-file-manifest.txt
This configuration file is prepared for enforcing a registered username and manifest. The user may define IP filters in the configuration file to limit the personal computers or servers that can send the file manifest tables.
(2) The received file manifest table (e.g., in the form of manifest files) is downloaded to the following subdirectory for the send side 409 of the manifest transfer engine 400:
/Owllog/manifest/download
(3) owlPostProcess-manifest script monitors the subdirectory to which the file manifest table is downloaded, and applies an ASCII filter or some other suitable filter on the downloaded file manifest table to verify its integrity before moving it to:
/Owllog/manifest/filedata
If the downloaded file manifest table fails the filter, the incident is logged and the received file manifest table is deleted.
A file 403 that is transferred to the send side 409 of the manifest transfer engine 400 via TCP port 405 (e.g., Port 2500) (or alternatively, transferred using the menu driven USB interface) is validated against the registered file manifest table 404 now stored in /Owllog/manifest/filedata. For example, a hash number for the received file 403 is calculated and compared with the registered hash numbers in the file manifest table. If there is no match, the incident is logged and the received file 403 is deleted or quarantined.
If validated by the manifest transfer engine 400 based on the file manifest table 404, the file 403 is allowed to be transferred to the receive side 411 of the manifest transfer engine 400 across the network boundary via one-way data link 410. The file 403 may then be transferred to the file destination server 413 in the destination network via the corresponding client 412.
If validated by the manifest transfer engine 500 based on the file manifest table 504, the file 503 is allowed to be transferred to the receive side 511 of the manifest transfer engine 500 via one-way data link 510. The file 503 may then be transferred to the file destination server 513 in the destination network via the corresponding client 512.
If validated by the manifest transfer engine 700 based on the file manifest table 704, the file 703 is allowed to be transferred to the receive side 711 of the manifest transfer engine 700 via one-way data link 710. The file 703 may then be transferred to the file destination server 713 in the destination network via the corresponding client 712.
While this invention has been described in conjunction with exemplary embodiments outlined above and illustrated in the drawings, it is evident that many alternatives, modifications and variations will be apparent to those skilled in the art. Accordingly, the exemplary embodiments of the invention, as set forth above, are intended to be illustrative, not limiting, and the spirit and scope of the present invention is to be construed broadly and limited only by the appended claims, and not by the foregoing specification.
This application claims the benefit of the filing date of U.S. provisional application Ser. No. 61/672,175, filed on Jul. 16, 2012.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5638446 | Rubin | Jun 1997 | A |
| 5703562 | Nilsen | Dec 1997 | A |
| 5745679 | Mercer | Apr 1998 | A |
| 5995982 | Mercer | Nov 1999 | A |
| 5999740 | Rowley | Dec 1999 | A |
| 6085253 | Blackwell et al. | Jul 2000 | A |
| 6117187 | Staelin | Sep 2000 | A |
| 6151708 | Pedrizetti et al. | Nov 2000 | A |
| 6243079 | Liu | Jun 2001 | B1 |
| 6317831 | King | Nov 2001 | B1 |
| 6331906 | Sharma | Dec 2001 | B1 |
| 6381742 | Forbes et al. | Apr 2002 | B2 |
| 6421711 | Blumenau | Jul 2002 | B1 |
| 6430608 | Shaio | Aug 2002 | B1 |
| 6694434 | McGee et al. | Feb 2004 | B1 |
| 6789255 | Pedrizetti et al. | Sep 2004 | B1 |
| 6883168 | James et al. | Apr 2005 | B1 |
| 6944634 | Hertling et al. | Sep 2005 | B2 |
| 6970866 | Pravetz et al. | Nov 2005 | B1 |
| 7050718 | Rychlicki | May 2006 | B2 |
| 7082615 | Ellison | Jul 2006 | B1 |
| 7089248 | King et al. | Aug 2006 | B1 |
| 7092972 | Kashyap | Aug 2006 | B2 |
| 7113484 | Chapman | Sep 2006 | B1 |
| 7131004 | Lyle | Oct 2006 | B1 |
| 7263528 | Haff et al. | Aug 2007 | B2 |
| 7280956 | Cross et al. | Oct 2007 | B2 |
| 7310629 | Mendelson et al. | Dec 2007 | B1 |
| 7373345 | Carpentier et al. | May 2008 | B2 |
| 7386574 | Abe et al. | Jun 2008 | B2 |
| 7430171 | Black | Sep 2008 | B2 |
| 7472272 | Stamos et al. | Dec 2008 | B2 |
| 7483958 | Elabbady et al. | Jan 2009 | B1 |
| 7502754 | Campbell et al. | Mar 2009 | B2 |
| 7558797 | Li | Jul 2009 | B2 |
| 7610355 | Azuma et al. | Oct 2009 | B2 |
| 7668868 | King et al. | Feb 2010 | B1 |
| 7707424 | Axelsson | Apr 2010 | B2 |
| 7756826 | Bots et al. | Jul 2010 | B2 |
| 7765411 | Hennessey et al. | Jul 2010 | B2 |
| 7770222 | Hopen et al. | Aug 2010 | B2 |
| 7805468 | Takashi | Sep 2010 | B2 |
| 7814551 | Darweesh et al. | Oct 2010 | B2 |
| 7865575 | Leitheiser | Jan 2011 | B2 |
| 7874015 | Aaron | Jan 2011 | B2 |
| 7904710 | Rits et al. | Mar 2011 | B2 |
| 7930538 | Israel et al. | Apr 2011 | B1 |
| 7934091 | Stamos et al. | Apr 2011 | B2 |
| 7992209 | Menoher et al. | Aug 2011 | B1 |
| 8010680 | Crawford | Aug 2011 | B2 |
| 8024306 | Palliyil et al. | Sep 2011 | B2 |
| 8024462 | Zhu et al. | Sep 2011 | B1 |
| 8041946 | Bunn et al. | Oct 2011 | B2 |
| 8069349 | Israel et al. | Nov 2011 | B1 |
| 8075403 | O'Brien et al. | Dec 2011 | B2 |
| 8103870 | Clower et al. | Jan 2012 | B2 |
| 8121990 | Chapweske | Feb 2012 | B1 |
| 8161104 | Tomkow | Apr 2012 | B2 |
| 8176331 | Moreillon et al. | May 2012 | B2 |
| 8191165 | Aaron | May 2012 | B2 |
| 8196201 | Repasi et al. | Jun 2012 | B2 |
| 8234350 | Gu et al. | Jul 2012 | B1 |
| 8250235 | Harvey et al. | Aug 2012 | B2 |
| 8352450 | Mraz et al. | Jan 2013 | B1 |
| 8522249 | Beaule | Aug 2013 | B2 |
| 8543824 | Louch et al. | Sep 2013 | B2 |
| 8943540 | Traw et al. | Jan 2015 | B2 |
| 9237126 | McEvoy | Jan 2016 | B2 |
| 20020073245 | Hallford | Jun 2002 | A1 |
| 20020100036 | Moshir | Jul 2002 | A1 |
| 20020129102 | Landsman et al. | Sep 2002 | A1 |
| 20020154647 | Potash | Oct 2002 | A1 |
| 20030009365 | Tynan et al. | Jan 2003 | A1 |
| 20030163807 | Drake | Aug 2003 | A1 |
| 20030182359 | Vorchik | Sep 2003 | A1 |
| 20040064693 | Pabla et al. | Apr 2004 | A1 |
| 20040133548 | Fielding et al. | Jul 2004 | A1 |
| 20050033990 | Harvey | Feb 2005 | A1 |
| 20050198343 | Yoshimura | Sep 2005 | A1 |
| 20050246193 | Roever et al. | Nov 2005 | A1 |
| 20060047974 | Alpern et al. | Mar 2006 | A1 |
| 20060140226 | Ho | Jun 2006 | A1 |
| 20060155790 | Jung | Jul 2006 | A1 |
| 20070198468 | Berger | Aug 2007 | A1 |
| 20070226259 | Kacin | Sep 2007 | A1 |
| 20080172649 | Bisso | Jul 2008 | A1 |
| 20080195749 | Krig | Aug 2008 | A1 |
| 20090177636 | Cohn | Jul 2009 | A1 |
| 20090205026 | Haff | Aug 2009 | A1 |
| 20090271858 | Cooke et al. | Oct 2009 | A1 |
| 20110154473 | Anderson | Jun 2011 | A1 |
| 20120030768 | Mraz et al. | Feb 2012 | A1 |
| 20120069131 | Abelow | Mar 2012 | A1 |
| 20120140633 | Stanwood | Jun 2012 | A1 |
| 20120159468 | Joshi | Jun 2012 | A1 |
| 20120185692 | Hamlin | Jul 2012 | A1 |
| 20130117400 | An et al. | May 2013 | A1 |
| 20130219383 | Hilerio | Aug 2013 | A1 |
| 20150172348 | Lohmar | Jun 2015 | A1 |
| Number | Date | Country |
|---|---|---|
| 20457520 | Aug 2009 | EP |
| 2430548 | Nov 2010 | EP |
| WO2005085971 | Sep 2005 | WO |
| WO2010132647 | Nov 2010 | WO |
| WO2012012266 | Jan 2012 | WO |
| Entry |
|---|
| Aspera Inc., ‘Aspera Point-to-Point User Guide [Windows XP/2003/Vista/2008/7]’, Version 2.5.2, Copyright 2009 © Aspera Inc., entire document, http://download.asperasoft.com/download/docs/scp—p2p/2.5/aspera—p2p—win—25.pdf. |
| Owl Computing Technologies, ‘4-secure Information Security Solutions’, Owl Computing Technologies, Inc., Sep. 3, 2013, entire document, http://www.infosecurityeurope.com/—novadocuments/36297?v=635137991150430000. |
| UK Intellectual Property Office, Combined Search and Examination Report under Sections 17 & 18(3), Dec. 23, 2013 (includes Search Report under Section 17 dated Dec. 20, 2013). |
| UK Intellectual Property Office, Examination Report under Sectionl8(3), Jul. 17, 2014. |
| Number | Date | Country | |
|---|---|---|---|
| 20140020109 A1 | Jan 2014 | US |
| Number | Date | Country | |
|---|---|---|---|
| 61672175 | Jul 2012 | US |
