Patent Grant
11265165
The present disclosure relates to proofs of knowledge for authenticating with relying party servers.
User accounts are ubiquitous on the web. Often times, before using a new application or service on the Internet, a user has to create (or provision) an account. Advances in technology have made it easy for users to create accounts online, but how do the service providers know that the account they have just created is for the right person and not for a misappropriated identity? This is known as the initial provisioning problem and may include the verification that users who sign up for new accounts are indeed the people whom they are representing themselves to be. Also, having these multiple accounts often requires the use of multiple different passwords that may require differing lengths and complexities. Remembering and managing these passwords or other proofs of knowledge can be cumbersome and possibly lead to reduced security.
While all service providers would like to make sure that they are delivering content and services to the users who are indeed the people who they represent themselves to be, there are varying degrees of importance to the initial provisioning problem. For example, it may not be significant if a misappropriated identity is used to create a new account for an email newsletter. But it is another matter altogether if the misappropriated identity is used to create a new account for online banking, online health information, or other services involving sensitive information.
There are many current systems in place to address the initial provisioning problem. Some systems are simple, such as email verification. Email verification involves sending a link to the email address associated with the account to make sure that the owner of the email address intended for the account to be created. Other systems are more complex and involve physical identity verification. Some examples of this include the Trusted Traveler Program for business travelers or the Common Access Card (CAC) for Department of Defense employees. In those cases, the user must visit a designated center and have their credentials verified by an approved representative before the user account is created.
Systems like email verification are convenient but are not reliable in that they do not truly verify identity. Physical identification systems are highly reliable but can be very inconvenient. As such, there needs to be a system that is convenient and reliable. As such, there is a need for improvements for initial provisioning.
Systems and methods for initial provisioning through shared Proofs of Knowledge (PoKs) and crowdsourced identification are provided. In some embodiments, a method of sharing a PoK between a first Relying Party (RP) server and a second RP server includes receiving, by the first RP server, a request from a client device by a user for sharing the PoK. The method also includes causing, by the first RP server, the PoK to be provided to the client device and receiving, by the second RP server, a request from the client device to use the shared PoK for authentication of the user. In this way, the user may be provided additional convenience by allowing the reuse of the shared PoK. Also, depending on the number of RP servers that accept the shared PoK, the user may also be provided a degree of crowdsourced identification.
In some embodiments, causing the PoK to be provided to the client device includes sending a request to share the PoK to a Password Service (PS) server and, in response to the request to share the PoK, sending the PoK to the client device.
In some embodiments, the method also includes, prior to causing the PoK to be provided to the client device, verifying that sharing the PoK is permitted and causing the PoK to be provided to the client device in response to verifying that sharing the PoK is permitted.
In some embodiments, the method also includes storing, by the client device, the PoK in a harddrive, a browser, a secure module, and/or a virtual machine instance.
In some embodiments, the method also includes, prior to receiving the request from the client device for sharing the PoK, authenticating that the user is permitted to access the first RP server. In some embodiments, the method also includes, prior to receiving the request from the client device to use the shared PoK for authentication of the user, authenticating that the user is permitted to access the second RP server.
In some embodiments, authenticating that the user is permitted to access the second RP server includes determining that the user is creating a user account at the second RP server. In some embodiments, sending the request to share the PoK to the PS server also includes sending certificate attributes for the first RP server. In some embodiments, the shared PoK includes a certificate including the certificate attributes for the first RP server signed by the first RP server. In some embodiments, the shared PoK includes a certificate including the certificate attributes for the first RP server signed by the PS server. In some embodiments, the certificate does not include the identity of the first RP server.
In some embodiments, the method also includes verifying that the shared PoK is acceptable for authentication and, in response to verifying that the shared PoK is acceptable for authentication, logging the user in to the second RP server. In some embodiments, the method also includes determining that a cognition test is needed to use the shared PoK for authentication, causing the user to complete the cognition test, and in response to successful completion of the cognition test, accepting the shared PoK for authentication.
In some embodiments, determining that the cognition test is needed to use the shared PoK for authentication includes determining that a previously accepted shared PoK has changed. In some embodiments, determining that the cognition test is needed to use the shared PoK for authentication includes determining that the cognition test is needed based on one or more requirements by the second RP server. In some embodiments, causing the user to complete the cognition test includes requesting a login token from a CS server corresponding to the user, redirecting the user to the CS server including the login token, and receiving an authentication token from the client device. In some embodiments, the CS server is chosen by the user.
In some embodiments, a system includes a client device, a first RP server, and a second RP server. The first RP server is configured to receive a request from the client device by a user for sharing a PoK and cause the PoK to be provided to the client device. The second RP server is configured to receive a request from the client device to use the shared PoK for authentication of the user.
In some embodiments, a method of operating a PS server for sharing a PoK between a first RP server and a second RP server includes receiving a request to share the PoK for the first RP server, generating a shared PoK, and providing the shared PoK to a requester.
In some embodiments, a method of operating a client device for sharing a PoK between a first RP server and a second RP server includes sending to the first RP server a request from a user for sharing the PoK, receiving a shared PoK, and sending to the second RP server a request to use the shared PoK for authentication of the user.
Those skilled in the art will appreciate the scope of the present disclosure and realize additional aspects thereof after reading the following detailed description of the preferred embodiments in association with the accompanying drawing figures.
The accompanying drawing figures incorporated in and forming a part of this specification illustrate several aspects of the disclosure, and together with the description serve to explain the principles of the disclosure.
The embodiments set forth below represent the necessary information to enable those skilled in the art to practice the embodiments and illustrate the best mode of practicing the embodiments. Upon reading the following description in light of the accompanying drawing figures, those skilled in the art will understand the concepts of the disclosure and will recognize applications of these concepts not particularly addressed herein. It should be understood that these concepts and applications fall within the scope of the disclosure and the accompanying claims.
As discussed above, there is a need for improvements for initial provisioning. Systems and methods for initial provisioning through shared Proofs of Knowledge (PoKs) and crowdsourced identification are provided. In some embodiments, a method of sharing a PoK between a first Relying Party (RP) server and a second RP server includes receiving, by the first RP server, a request from a client device by a user for sharing the PoK. The method also includes causing, by the first RP server, the PoK to be provided to the client device and receiving, by the second RP server, a request from the client device to use the shared PoK for authentication of the user. In this way, the user may be provided additional convenience by allowing the reuse of the shared PoK. Also, depending on the number of RP servers that accept the shared PoK, the user may also be provided a degree of crowdsourced identification. PoKs may be text or picture based passwords or may involve the answers to cognitive tests that are established to verify identity and/or mental capacity.
Some terms that are used herein are defined as follows. The term “Requesting Party” shall be abbreviated as RQP in the singular and RQPs in the plural. The term “Relying Party” shall be abbreviated as RP in the singular and RPs in the plural. Both the RQP and RP refer to websites, online service providers, and/or applications that offer services to users. The RQP/RP knows the identities of the users of the site, but, if the RQP/RP uses a password service, then it does not know the passwords of users of the site (i.e., the user's PoK).
The term “Password Service” shall be abbreviated as PS and shall refer to a website that offers password PoKs as a service to RQPs/RPs. There may be a timeout associated with the PS, i.e., if the user does not respond with the proper password before the timeout expires, then access is denied and the user has to try again.
The term “Cognition Service” shall be abbreviated as CS and shall refer to a website that offers cognitive PoKs as services to RQPs/RPs. The CS allows each user to set up one or more tests for that specific user to employ at a later time to provide a proof of a cognitive state (a cognitive PoK). For example, a user might set up a test that shows a picture of 40 people that represent the entire extended family of the user and asks the user to pick out 3 specific relatives from the photo within a specific timeframe. Not all cognitive tests will contain a time limitation, but such a limitation generally enhances the value of the test. If the user is not able to complete a test that the user established for himself/herself before a timeout expires, then it could be indicative of a state of cognitive impairment (e.g., inebriation, etc.). Differentiating these cognitive states is the primary purpose of the cognitive PoK.
A system which is capable of publishing arbitrary cognitive testing was previously disclosed in U.S. Provisional Patent Application No. 62/006,472 entitled “Advanced Proofs of Knowledge for the Web,” the disclosure of which is hereby incorporated herein by reference in its entirety. A similar system was also described in the non-confidential pre-publication version of an academic paper submitted to the IEEE entitled “Completely Refactoring User Authentication,” the disclosure of which is hereby incorporated herein by reference in its entirety.
Also shown in
Also shown in
Various entities described herein may be implemented as a computing device 10 or as a mobile device 60 depending on implementation.
And still in other embodiments, the PS server 98 and CS server 96 may also be combined into one single server or distributed across multiple servers having the overall combined functionality of PS server 98 and CS server 96.
The devices of system 92 may take on the form of any of the devices of
A platform that may serve as a basis for some embodiments is described in International Patent Publication Number WO/2014/165431 entitled “Method and System Providing a Picture Password Proof of Knowledge,” the disclosure of which is hereby incorporated herein by reference in its entirety. Also, a generalized PoK service that includes not only a PoK to establish user identity which is separate from the knowledge of the identity, but also advanced capability testing was previously described in U.S. Pat. No. 8,813,183 entitled “Method and System for Processor or Web Logon,” the disclosure of which is hereby incorporated herein by reference in its entirety.
According to some embodiments, a solution to the problem of the initial provisioning of a new service (a new RQP/RP 100) is to allow users to share a PoK credential from one of the existing services of the user in provisioning a new service. Identity may be verified using password PoKs, cognitive PoKs, or both. For example, a user may want to use the same PoK credential from their Yahoo account with Google, even if the public/private key pairs are different.
The ability to share the same PoK across RQPs/RPs 100 may make the user's life easier. In some embodiments, at the click of a button, the PoK is shared.
It should be emphasized that in some embodiments what is shared is a true PoK credential, not a token. Also, in some embodiments, the RQP/RP 100 does not have to know the PoK itself; a PoK credential is sufficient. This further enhances security. The user's identity is more secure when the RQP/RP 100 does not know the PoK associated with the user.
For example, there are alternative systems that manage identity online by essentially keeping the public/private key pair for each RQP/RP 100 used by the user. In those systems, with a sufficient PoK, you can create a new key pair for a new RQP/RP 100, but that key pair is not shared between RQPs/RPs 100.
In some embodiments described herein, sharing a PoK between RQPs/RPs 100 can be implemented for either symmetric key cryptography (shared secret) or asymmetric key cryptography (public/private keys).
As an example implementation, a use-case employing symmetric key cryptography is provided:
(1) A user logs into an account with RP server 100-1. RP server 100-1 might be an online stock brokerage firm, for example. The user is logging into the user's own brokerage account. The brokerage firm is assumed to know the user and that this is not a misappropriated account.
(2) The user wants to share the PoK used with RP server 100-1.
(3) RP server 100-1 enables the user to share credentials without knowing the identity of the entity with whom the user is sharing the credentials. For example, the user may want to share the credential with a second RP server 100-2, maybe a bank, for example, but the user may not want RP server 100-2 to know that the user has an account with RP server 100-1. The user just wants to use the RP server 100-1 PoK credential.
(4) At this point, RP server 100-1 sends the PoK credential to the user's machine to be stored, either on the user's harddrive, in the browser, in a hardware security module, in an instance of a virtual machine, or the like.
(5) The user logs off of the account with RP server 100-1.
(6) The user logs onto the second RP server 100-2.
(7) The user directs RP server 100-2 to use the shared PoK credential.
(8) RP server 100-2 gets the PoK credential and now permits the user to use the RP server 100-2 site.
(9) The PoK credential may remain on the user's harddrive or other location, depending upon how it is stored. If it is cryptographically protected, then it can remain because nobody will be able to understand what the credential says.
In the symmetric key case, the issue is permissions on the shared secret. Pretty Good Privacy (PGP) could be used, but it publishes the public key, and there is only one key pair. Therefore, asymmetric key cryptography (public/private keys) would be preferred to minimize the attack surface (the likelihood of a successful attack).
As an example implementation, a use-case employing asymmetric key cryptography is provided:
(1) In this scenario, there are 3 participants. RP server 100-1 (say the brokerage firm, for example), RP server 100-2 (say the bank, for example), and the PS server 98. RP server 100-1 and RP server 100-2 are both online and can utilize asymmetric key cryptography. Further, RP server 100-1 and RP server 100-2 have no visibility or knowledge of each other. It is also assumed that there exists a certificate that confirms that RP server 100-1 knows the user. A blind certificate may be used, and it may take on two forms: (a) the attributes of the certificate belong to RP server 100-1, but the PS server 98 signs it; and (b) the certificate does not include the identity of RP server 100-1, but the certificate is signed by RP server 100-1.
(2) RP server 100-2 could set up rules indicating the minimum entropy level for accepting PoK credentials. In other words, RP server 100-1 could specify the degrees of separation for which it will accept PoK credentials. For example, RP server 100-1 may indicate that it will accept PoKs with at most 1 degree of separation from the primary source for the credential.
In this case, the RP server 100-2 will accept either a blind certificate from step 1 because: (a) the attributes of the certificate are from the primary source of the PoK credential and they are signed by the PS server 98 (i.e. one degree of separation) or (b) the certificate is signed by the primary source of the PoK credential.
The system essentially allows the user to use the user's login from RP server 100-1 with RP server 100-2. For the system to work, RP server 100-1 has to let the user share their PoK credential, the user has to transfer the PoK credential, and RP server 100-2 has to accept the PS server 98 attestation that the PS server 98 knows that the user is the person the user claims to be.
In some embodiments, this arrangement ensures that RP server 100-1 and RP server 100-2 do not know each other.
The RP server 100-1 stores the PS_UID with the user account (step 310) and requests a login token from the PS server 98 using the PS_UID (step 312). The PS server 98 provides a random login token to the RP server 100-1 (step 314) which then redirects the user to the PS site with the login token in the query string (step 316). When the login token has been verified, the user is prompted to create a new password/PoK for the RP server 100-1 (step 318). In some embodiments, the user's PoK is sent to the PS server 98 via Asynchronous JavaScript and XML (AJAX) or some other form that does not permit a redirect (step 320). The PS server 98 stores the PoK in the record associated with the PS_UID (step 322). In some embodiments, the PS server 98 stores a hash of the user's PoK. In this respect, the PS server 98 does not know what the user's PoK is, but can compare it to a subsequent PoK to determine a match for authentication.
The type of PoK established might depend on the security requirements of the system and the capabilities of the system. Some examples of PoKs would be plaintext passwords, picture passwords, video passwords, etc. In some embodiments, there are no usernames, but only a fixed number of potential passwords or PoKs. In these embodiments, provisioning may consist of identifying one of the password slots that has not been used and provisioning that for the user.
The RP server 100-1 requests a login token from the PS server 98 using the PS_UID (step 406). The PS server 98 provides a random login token to the RP server 100-1 (step 408) which redirects the user to the PS server 98 site with the login token included in the query string (step 410). If the login token is verified, associated data is loaded and the interface is displayed (step 412). In some embodiments, the user's PoK is sent to the PS server 98 via AJAX or some other form that does not permit a redirect (step 414).
If the login is verified, the PS server 98 generates an authentication token and the user is redirected back to the RP server 100-1 with the authentication token in the query string (step 416). The RP server 100-1 requests an ID token using the authentication token (step 418). The PS server 98 provides the ID token to the RP server 100-1 (step 420) and the user is verified and logged into the RP server 100-1 (step 422).
In some embodiments, the user's login is never sent through the RP server 100-1. It is verified by the PS server 98 and an authentication token is passed to the RP server 100-1 in order to verify authentication.
In some embodiments, the shared PoK may not be retained by the browser device 94 after this process. However, if the shared PoK is retained, the user may be able to direct multiple RP servers 100 to use the shared PoK. Then, in some embodiments, the PS Server 98 can keep track of how many RP servers 100 have accepted the PoK credential. This becomes a crowd-sourced part of the system that provides a type of crowd-sourced identification of the user. In some embodiments, in addition to, or in lieu of, the minimum degree of separation for accepting PoK credentials, RP servers 100 may set additional thresholds for the number of RP servers 100 who have accepted the PoK credential. For example, an RP server 100 may specify that it only accepts PoK credentials within 1 degree of separation from the primary source or it will accept PoK credentials regardless of degree of separation as long as at least ten other RP servers 100 have accepted the PoK (endorsements of the PoK credential). In some embodiments, the RP servers 100 could be classified and the RP server 100 could specify the number and class of endorsements. For example, the RP server 100 may accept the PoK credential regardless of degree of separation as long as at least ten RP servers 100 requiring strong security and at least three RP servers 100 requiring medium security have accepted the PoK credential.
Now that the second RP server 100-2 has been directed by the user to use the shared PoK, the second RP server 100-2 may determine how to proceed.
As illustrated in
In other embodiments, the second RP server 100-2 may have rules indicating that it will accept certificates with one degree of separation from the source, and so when the PS server 98 signs the certificate with the attributes of the RP server 100-1, then the second RP server 100-2 will accept it. In other embodiments, as discussed above, the second RP server 100-2 may have rules indicating that it will accept certificates only if ten other RP servers 100 have accepted the certificate. In this case, the second RP server 100-2 can request the stored acceptance data (either locally on the client or at the PS server 98) and act accordingly.
The second RP server 100-2 may also have other requirements before accepting the shared PoK. These requirements might be dependent on the identity of the user, the specific RP servers 100 involved, etc.
In some embodiments, the CS server 96 hosts tests that a user invents for himself/herself as a mechanism for verifying the user's identity. Since in some embodiments PoK credentials may be stored on the user's harddrive for the purposes of sharing across RP servers 100, it is essential that the PoK credential only undergo a permissioned change.
In some embodiments, for example, the user may be required to successfully pass one or more cognitive tests before the user is able to change the user's PoK credential on the RP server 100-1 and re-export the PoK credential to the user's local machine.
In other embodiments, RP servers 100 that rely on the shared PoK credential may require the cognition tests. For example, the second RP server 100-2 may detect that a PoK credential that had previously been accepted has changed. Because of its own security requirements, RP server 100-2 may refuse to accept the new PoK credential pending successful execution of one or more cognitive tests by the user at the CS server 96. Once those tests have been successfully traversed, then RP server 100-2 would accept the PoK credential again.
Because the RP server 100-2 may not have a relationship with the CS server 96, a mechanism is described for dynamic verification in
In some embodiments, the user may have to login to the CS server 96 directly (step 716). In other embodiments, the user may be able to login to the CS server 96 using the PS server 98. The login_token serves to help the CS server 96 remember which RP server 100 has requested the verification. The user then executes the tests in whatever manner is required (step 718). Upon successful completion of the tests, the CS server 96 generates an auth_token and sends it to the browser device 94 along with a redirect back to the second RP server 100-2 (step 720). The second RP server 100-2 then requests an id_token using the auth_token (step 722). The CS server 96 generates the id_token using the cs_token (step 724) and returns it to the second RP server 100-2 (step 726). In this way, the second RP server 100-2 has secured verification from the CS server 96 regarding the user and then accepts the shared PoK (step 728) and logs the user into the second RP server 100-2 (step 730).
Those skilled in the art will recognize improvements and modifications to the preferred embodiments of the present disclosure. All such improvements and modifications are considered within the scope of the concepts disclosed herein and the claims that follow.
This application is a 35 U.S.C. § 371 national phase filing of International Application No. PCT/US16/33793, filed May 23, 2016, which claims the benefit of provisional patent application Ser. No. 62/165,251, filed May 22, 2015, the disclosures of which are hereby incorporated herein by reference in theft entireties.
| Filing Document | Filing Date | Country | Kind |
|---|---|---|---|
| PCT/US2016/033793 | 5/23/2016 | WO | 00 |
| Publishing Document | Publishing Date | Country | Kind |
|---|---|---|---|
| WO2016/191376 | 12/1/2016 | WO | A |
| Number | Name | Date | Kind |
|---|---|---|---|
| 5559961 | Blonder | Sep 1996 | A |
| 5931948 | Morisawa et al. | Aug 1999 | A |
| 6011848 | Kanda | Jan 2000 | A |
| 6209104 | Jalili | Mar 2001 | B1 |
| 6249868 | Sherman et al. | Jun 2001 | B1 |
| 6411283 | Murphy | Jun 2002 | B1 |
| 6658328 | Alrabady et al. | Dec 2003 | B1 |
| 6934838 | Boyce | Aug 2005 | B1 |
| 6934860 | Goldstein | Aug 2005 | B1 |
| 6957344 | Goldshlag | Oct 2005 | B1 |
| 6983065 | Akgul et al. | Jan 2006 | B1 |
| 7243239 | Kirovski et al. | Jul 2007 | B2 |
| 7370351 | Ramachandran et al. | May 2008 | B1 |
| 7490237 | Morais | Feb 2009 | B1 |
| 7734930 | Kirovski et al. | Jun 2010 | B2 |
| 8015563 | Araujo, Jr. et al. | Sep 2011 | B2 |
| 8024775 | Xu et al. | Sep 2011 | B2 |
| 8086507 | Alder | Dec 2011 | B1 |
| 8132017 | Lewis | Mar 2012 | B1 |
| 8155622 | Moshenberg et al. | Apr 2012 | B1 |
| 8191126 | Raghavan | May 2012 | B2 |
| 8244799 | Salusky | Aug 2012 | B1 |
| 8353016 | Pravetz et al. | Jan 2013 | B1 |
| 8392975 | Raghunath | Mar 2013 | B1 |
| 8627421 | Bowers et al. | Jan 2014 | B1 |
| 8667560 | Albisu | Mar 2014 | B2 |
| 8682802 | Kannanari | Mar 2014 | B1 |
| 8813183 | Thibadeau et al. | Aug 2014 | B2 |
| 8813247 | Alten | Aug 2014 | B1 |
| 8832804 | Casey et al. | Sep 2014 | B1 |
| 8881251 | Hilger | Nov 2014 | B1 |
| 8918851 | Iannamico | Dec 2014 | B1 |
| 8966268 | Marien | Feb 2015 | B2 |
| 9282098 | Hitchcock | Mar 2016 | B1 |
| 9300659 | Thibadeau, Sr. et al. | Mar 2016 | B2 |
| 9323435 | Thibadeau, Sr. et al. | Apr 2016 | B2 |
| 9490981 | Thibadeau, Sr. et al. | Nov 2016 | B2 |
| 9497186 | Thibadeau, Sr. et al. | Nov 2016 | B2 |
| 9582106 | Thibadeau, Sr. et al. | Feb 2017 | B2 |
| 9600643 | Strode | Mar 2017 | B2 |
| 10423775 | Kane-Parry | Sep 2019 | B1 |
| 20020029341 | Juels et al. | Mar 2002 | A1 |
| 20020080123 | Kennedy et al. | Jun 2002 | A1 |
| 20020184225 | Ghukasyan | Dec 2002 | A1 |
| 20020196274 | Comfort et al. | Dec 2002 | A1 |
| 20030147536 | Andivahis et al. | Aug 2003 | A1 |
| 20040010721 | Kirovski et al. | Jan 2004 | A1 |
| 20040030934 | Mizoguchi et al. | Feb 2004 | A1 |
| 20040034801 | Jaeger | Feb 2004 | A1 |
| 20040049697 | Edwards, Jr. et al. | Mar 2004 | A1 |
| 20040073795 | Jablon | Apr 2004 | A1 |
| 20040073809 | Wing Keong | Apr 2004 | A1 |
| 20040095384 | Avni et al. | May 2004 | A1 |
| 20040223619 | Jablon | Nov 2004 | A1 |
| 20040230843 | Jansen | Nov 2004 | A1 |
| 20050119979 | Murashita et al. | Jun 2005 | A1 |
| 20060198517 | Cameron | Sep 2006 | A1 |
| 20060206717 | Holt et al. | Sep 2006 | A1 |
| 20060244735 | Wilson | Nov 2006 | A1 |
| 20070005962 | Baker | Jan 2007 | A1 |
| 20070022299 | Yoshimura | Jan 2007 | A1 |
| 20070067618 | Sandhu | Mar 2007 | A1 |
| 20070067631 | Westhoff | Mar 2007 | A1 |
| 20070071243 | Nanda | Mar 2007 | A1 |
| 20070097096 | Rosenberg | May 2007 | A1 |
| 20070150842 | Chaudhri et al. | Jun 2007 | A1 |
| 20070229216 | Yasuda | Oct 2007 | A1 |
| 20070234041 | Lakshmeshwar | Oct 2007 | A1 |
| 20070258594 | Sandhu | Nov 2007 | A1 |
| 20080000969 | Salomonsen | Jan 2008 | A1 |
| 20080010678 | Burdette et al. | Jan 2008 | A1 |
| 20080022129 | Durham et al. | Jan 2008 | A1 |
| 20080133917 | Jeong | Jun 2008 | A1 |
| 20080163055 | Ganz et al. | Jul 2008 | A1 |
| 20080201578 | Drake | Aug 2008 | A1 |
| 20080263361 | Dutta et al. | Oct 2008 | A1 |
| 20090089869 | Varghese | Apr 2009 | A1 |
| 20090106134 | Royyuru | Apr 2009 | A1 |
| 20090158424 | Yang | Jun 2009 | A1 |
| 20090160800 | Liu et al. | Jun 2009 | A1 |
| 20090199002 | Erickson | Aug 2009 | A1 |
| 20090202153 | Cortopassi et al. | Aug 2009 | A1 |
| 20090210368 | Deo | Aug 2009 | A1 |
| 20090210716 | Chen | Aug 2009 | A1 |
| 20090313693 | Rogers | Dec 2009 | A1 |
| 20100023756 | Ben-Itzhak | Jan 2010 | A1 |
| 20100043062 | Alexander et al. | Feb 2010 | A1 |
| 20100146128 | Kulkarni et al. | Jun 2010 | A1 |
| 20100169958 | Werner et al. | Jul 2010 | A1 |
| 20100207721 | Nakajima et al. | Aug 2010 | A1 |
| 20100223326 | Noldus et al. | Sep 2010 | A1 |
| 20100223456 | Schneider | Sep 2010 | A1 |
| 20100275196 | Peterson | Oct 2010 | A1 |
| 20100329464 | Kerschbaum | Dec 2010 | A1 |
| 20110013031 | Miyasako | Jan 2011 | A1 |
| 20110055585 | Lee | Mar 2011 | A1 |
| 20110072263 | Bishop | Mar 2011 | A1 |
| 20110078775 | Yan | Mar 2011 | A1 |
| 20110081640 | Tseng et al. | Apr 2011 | A1 |
| 20110099203 | Fastring | Apr 2011 | A1 |
| 20110162067 | Shuart et al. | Jun 2011 | A1 |
| 20110191592 | Goertzen | Aug 2011 | A1 |
| 20110197259 | Thibadeau et al. | Aug 2011 | A1 |
| 20110202982 | Alexander et al. | Aug 2011 | A1 |
| 20110213959 | Bodi | Sep 2011 | A1 |
| 20110246779 | Teranishi | Oct 2011 | A1 |
| 20120005483 | Patvarczki et al. | Jan 2012 | A1 |
| 20120011564 | Osborn et al. | Jan 2012 | A1 |
| 20120054833 | Albisu | Mar 2012 | A1 |
| 20120060028 | Furukawa | Mar 2012 | A1 |
| 20120084869 | Bilaney et al. | Apr 2012 | A1 |
| 20120089494 | Danezis | Apr 2012 | A1 |
| 20120093310 | Jin | Apr 2012 | A1 |
| 20120096071 | Murphey | Apr 2012 | A1 |
| 20120096077 | Weerts | Apr 2012 | A1 |
| 20120167199 | Riddiford | Jun 2012 | A1 |
| 20120175412 | Grabiner et al. | Jul 2012 | A1 |
| 20120210126 | Johnson | Aug 2012 | A1 |
| 20120260329 | Suffling | Oct 2012 | A1 |
| 20120284787 | Clemot | Nov 2012 | A1 |
| 20120304284 | Johnson et al. | Nov 2012 | A1 |
| 20120324226 | Bichsel | Dec 2012 | A1 |
| 20130019090 | Wicker | Jan 2013 | A1 |
| 20130031623 | Sanders | Jan 2013 | A1 |
| 20130042303 | Chow et al. | Feb 2013 | A1 |
| 20130043914 | Gelman | Feb 2013 | A1 |
| 20130047236 | Singh | Feb 2013 | A1 |
| 20130091171 | Lee | Apr 2013 | A1 |
| 20130097697 | Zhu et al. | Apr 2013 | A1 |
| 20130104197 | Nandakumar | Apr 2013 | A1 |
| 20130111581 | Griffin et al. | May 2013 | A1 |
| 20130125114 | Frascadore | May 2013 | A1 |
| 20130125221 | Agrawal | May 2013 | A1 |
| 20130179954 | Bidare | Jul 2013 | A1 |
| 20130198818 | Hitchcock | Aug 2013 | A1 |
| 20130201106 | Naccache | Aug 2013 | A1 |
| 20130227139 | Suffling | Aug 2013 | A1 |
| 20130268775 | Hawkins | Oct 2013 | A1 |
| 20130340057 | Kitlyar | Dec 2013 | A1 |
| 20140006512 | Huang et al. | Jan 2014 | A1 |
| 20140023279 | Fahn et al. | Jan 2014 | A1 |
| 20140028554 | De Los Reyes et al. | Jan 2014 | A1 |
| 20140164267 | Bianchini | Jun 2014 | A1 |
| 20140181956 | Ahn et al. | Jun 2014 | A1 |
| 20140201831 | Yi et al. | Jul 2014 | A1 |
| 20140233740 | Niamut et al. | Aug 2014 | A1 |
| 20140282961 | Dorfman et al. | Sep 2014 | A1 |
| 20140320420 | Ida et al. | Oct 2014 | A1 |
| 20140331057 | Thibadeau et al. | Nov 2014 | A1 |
| 20140359653 | Thorpe et al. | Dec 2014 | A1 |
| 20140365528 | Simard | Dec 2014 | A1 |
| 20140373132 | Basmov et al. | Dec 2014 | A1 |
| 20140380431 | Alonso Cebrian | Dec 2014 | A1 |
| 20150033306 | Dickenson et al. | Jan 2015 | A1 |
| 20150128219 | Guday | May 2015 | A1 |
| 20150135305 | Cabrera | May 2015 | A1 |
| 20150138584 | Tsongas et al. | May 2015 | A1 |
| 20150180902 | Biswas et al. | Jun 2015 | A1 |
| 20150301724 | Thibadeau, Sr. et al. | Oct 2015 | A1 |
| 20150304303 | Thibadeau, Sr. et al. | Oct 2015 | A1 |
| 20150310188 | Ford et al. | Oct 2015 | A1 |
| 20150324609 | Grubel | Nov 2015 | A1 |
| 20150349957 | Thibadeau, Sr. et al. | Dec 2015 | A1 |
| 20150350106 | Whalley | Dec 2015 | A1 |
| 20150350204 | Wang | Dec 2015 | A1 |
| 20150350210 | Thibadeau, Sr. et al. | Dec 2015 | A1 |
| 20150381614 | Hildreth | Dec 2015 | A1 |
| 20160044021 | Thibadeau, Sr. et al. | Feb 2016 | A1 |
| 20160050198 | Thibadeau, Sr. | Feb 2016 | A1 |
| 20160078370 | McEwen | Mar 2016 | A1 |
| 20160112389 | Bortolamiol | Apr 2016 | A1 |
| 20160112870 | Pathuri | Apr 2016 | A1 |
| 20160191507 | Bao | Jun 2016 | A1 |
| 20160195995 | Thibadeau, Sr. et al. | Jul 2016 | A1 |
| 20160232336 | Pitschel | Aug 2016 | A1 |
| 20160344872 | Mathison | Nov 2016 | A1 |
| 20170223533 | Wolman et al. | Aug 2017 | A1 |
| 20180048635 | Thibadeau, Sr. et al. | Feb 2018 | A1 |
| Number | Date | Country |
|---|---|---|
| 1601153 | Nov 2005 | EP |
| 2085908 | Aug 2009 | EP |
| 2775416 | Sep 2014 | EP |
| 2504746 | Feb 2014 | GB |
| 2013113592 | Oct 2014 | RU |
| 03048909 | Jun 2003 | WO |
| 2005071518 | Aug 2005 | WO |
| 2009039223 | Mar 2009 | WO |
| 2011014878 | Feb 2011 | WO |
| 2011100017 | Aug 2011 | WO |
| 2013003535 | Jan 2013 | WO |
| 2014165431 | Oct 2014 | WO |
| Entry |
|---|
| Author Unknown, “Human Verification,” retrieved on Apr. 22, 2015 from graphicdesign.stackexchange.com, 1 page. |
| Author Unknown, “OpenID Authentication 2.0—Final,” Openid.net, Dec. 5, 2007, retrieved on Jan. 1, 2013 from http://openid.net/specs/openid-authentication-2_0.html#http_encoding, 34 pages. |
| Author Unknown, “Security Assertion Markup Language (SAML) V2.0 Technical Overview,” OASIS, Mar. 25, 2008, retrieved on Apr. 14, 2010 from http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0-cd-02.pdf, 51 pages. |
| Beideman, Calvin et al., “Set Families with Low Pairwise Intersection,” Apr. 17, 2014, retrieved Jan. 15, 2015 from http://www.cs.cmu.edu/˜jblocki/, 12 pages. |
| Blocki, Jeremiah et al., “Adaptive Regret Minimization in Bounded-Memory Games,” Decision and Game Theory for Security: Proceedings of the 4th International Conference on Decision and Game Theory for Security (GameSec), Nov. 11-12, 2013, Fort Worth, TX, Springer International Publishing, pp. 65-84, retrieved Jan. 15, 2015 from http://www.cs.cmu.edu/˜jblocki/, 19 pages. |
| Blocki, Jeremiah et al., “Adaptive Regret Minimization in Bounded-Memory Games,” Presentation Slides, retrieved Jan. 15, 2015 from http://www.cs.cmu.edu/˜jblocki/, 61 pages. |
| Blocki, Jeremiah et al., “Audit Games,” Proceedings of the 23rd International Joint Conference on Artificial Intelligence, Aug. 3-9, 2013, Beijing, China, AAAI Press, pp. 41-47. |
| Blocki, Jeremiah et al., “Audit Games with Multiple Defender Resources,” retrieved Jan. 15, 2015 from http://www.cs.cmu.edu/˜jblocki/, 11 pages. |
| Blocki, Jeremiah et al., “Audit Mechanisms for Provable Risk Management and Accountable Data Governance,” Decision and Game Theory for Security: Proceedings of the 3rd International Conference on Decision and Game Theory for Security (GameSec), Budapest, Hungary, Nov. 5-6, 2012, Springer Berlin Heidelberg, pp. 38-59, retrieved Jan. 15, 2015 from http://www.cs.cmu.edu/˜jblocki/, 27 pages. |
| Blocki, Jeremiah et al., “Audit Mechanisms for Privacy Protection in Healthcare Environments,” Proceedings of the 2nd USENIX Conference on Health Security and Privacy (HealthSec'11), Aug. 8-12, 2011, San Francisco, CA, USENIX Association, p. 10, retrieved Jan. 15, 2015 from http://www.cs.cmu.edu/˜jblocki/, 2 pages. |
| Blocki, Jeremiah et al., “Differentially Private Data Analysis of Social Networks via Restricted Sensitivity,” Proceedings of the 4th Conference on Innovations in Theoretical Computer Science (ITCS '13), Jan. 10-12, 2013, Berkely, CA, ACM, pp. 87-96, retrieved Jan. 15, 2015 from http://arxiv.org/abs/1208.4586v2, 19 pages. |
| Blocki, Jeremiah et al., “Differentially Private Data Analysis of Social Networks via Restricted Sensitivity,” Presentation Slides, Fall 2012, retrieved Jan. 15, 2015 from http://www.cs.cmu.edu/˜jblocki/, 94 pages. |
| Blocki, Jeremiah, “Senior Research Thesis: Direct Zero-Knowledge Proofs,” May 1, 2009, retrieved Jan. 15, 2015 from http://www.cs.cmu.edu/˜jblocki/, 16 pages. |
| Blocki, Jeremiah et al., “GOTCHA Password Hackers!” Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security (AlSec '13), Nov. 4-8, 2013, Berlin, Germany, ACM, 12 pages. |
| Blocki, Jeremiah et al., “GOTCHA Password Hackers!” Presentation Slides, retrieved Jan. 15, 2015 from http://www.cs.cmu.edu/˜jblocki/, 38 pages. |
| Blocki, Jeremiah et al., “Human Computable Passwords,” Oct. 2, 2014, retrieved Jan. 15, 2015 from http://www.cs.cmu.edu/˜jblocki/, 43 pages. |
| Blocki, Jeremiah et al., “Human Computable Passwords,” Presentation Slides, Fall 2014, retrieved Jan. 15, 2015 from http://www.cs.cmu.edu/˜jblocki/, 111 pages. |
| Blocki, Jeremiah et al., “The Johnson-Lindenstrauss Transform Itself Preserves Differential Privacy,” Proceedings of the 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science (FOCS), Oct. 20-23, 2012, New Brunswick, NJ, IEEE Computer Society, pp. 410-419, retrieved Jan. 15, 2015 from http://www.cs.cmu.edu/˜jblocki/, 27 pages. |
| Blocki, Jeremiah et al., “Naturally Rehearsing Passwords,” Advances in Cryptology—ASIACRYPT 2013: Proceedings of the 19th International Conference on the Theory and Application of Cryptology and Information Security, Part II, Bengalaru, India, Dec. 1-5, 2013 Springer Berlin Heidelberg, pp. 361-380, retrieved Jan. 15, 2015 from http://www.cs.cmu.edu/˜jblocki/, 34 pages. |
| Blocki, Jeremiah et al., “Optimizing Password Composition Policies,” Proceedings of the 14th ACM Conference on Electronic Commerce, Jun. 16-20, 2013, Philadelphia, PA, ACM, pp. 105-122, retrieved Jan. 15, 2015 from http://www.cs.cmu.edu/˜jblocki/, 27 pages. |
| Blocki, Jeremiah, “Usable and Secure Password Management,” Presentation Slides, Spring 2012, retrieved Jan. 15, 2015 from http://www.cs.cmu.edu/˜jblocki/, 75 pages. |
| Blocki, Jeremiah et al., “Regret Minimizing Audits: A Learning-theoretic Basis for Privacy Protection,” 2011 IEEE 24th Computer Security Foundations Symposium (CSF), Jun. 27-29, 2011, Cernay-la-Ville, France, IEEE, pp. 312-327, retrieved Jan. 15, 2015 from http://www.cs.cmu.edu/˜jblocki/, 16 pages. |
| Blocki, Jeremiah et al., “Resolving the Complexity of Some Data Privacy Problems,” Automata, Languages and Programming: Proceedings of the 37th International Colloquium Conference on Automata, Languages and Programming (ICALP 2010), Jul. 6-10, 2010, Bordeaux, France, Springer Berlin Heidelberg, pp. 393-404, retrieved Jan. 15, 2015 from http://www.cs.cmu.edu/˜jblocki/, 18 pages. |
| Blocki, Jeremiah et al., “Resolving the Complexity of Some Data Privacy Problems,” Presentation Slides, 2010, retrieved Jan. 15, 2015 from http://www.cs.cmu.edu/˜jblocki/, 36 pages. |
| Blocki, Jeremiah et al., “Spaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords,” Oct. 6, 2014, retrieved Jan. 15, 2015 from http://www.cs.cmu.edu/˜jblocki/, 16 pages. |
| Blocki, Jeremiah, “Usable Human Authentication: A Quantitative Treatment,” Doctoral Thesis, Jun. 30, 2014, retrieved Jan. 15, 2015 from http://www.cs.cmu.edu/˜jblocki/, 262 pages. |
| Dunphy, Paul et al., “Do Background Images Improve “Draw a Secret” Graphical Passwords?” Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS '07), Oct. 29-Nov. 2, 2007, Alexandria, Virginia, ACM, pp. 36-47. |
| Hughes, Neil, “Future iPhones, iPads could recognize, adjust for individual users,” AppleInsider, Aug. 19, 2010, 4 pages, http://appleinsider.com/articles/10/08/19/future_iphones_ipads_could_recognize_adjust_for_individual_users. |
| Jansen, Wayne et al., “Picture Password: A Visual Login Technique for Mobile Devices,” National Institute of Standards and Technology, NISTIR 7030, Jul. 2003, 20 pages. |
| Pace, Zach, “Signing in with a picture password,” http://blogs.msdn.com/b/b8/archive/2011/12/16/signing-in-with-a-picture-password.aspx, Dec. 16, 2011, 9 pages. |
| Scavo, T. et al., “Shibboleth Architecture,” Jun. 8, 2005, retrieved on Jun. 20, 2014 from http:/open-systems.ufl.edu/files/draft-mace-shibboleth-tech-overview-latest.pdf, 31 pages. |
| Thibadeau, Robert et al., “Proofs of Knowledge on the Web: A New Framework for Password Identification and Capacity to Make Decisions,” 2014-NIST-NSTIC-01 Abbreviated Proposal, Bright Plaza, Inc., Philadelphia, Mar. 2, 2014, 5 pages. |
| Zhao, Ziming et al., “On the Security of Picture Gesture Authentication,” 22nd USENIX Security Symposium, Aug. 14-16, 2013, Washington, D.C., pp. 383-398. |
| International Search Report for PCT/US10/58825, dated Feb. 2, 2011, 2 pages. |
| Written Opinion of the International Searching Authority for PCT/US10/58825, dated Feb. 2, 2011, 4 pages. |
| International Preliminary Report on Patentability for PCT/US10/58825, dated May 23, 2012, 3 pages. |
| International Search Report and Written Opinion for PCT/US2014/032342, dated Jul. 4, 2014, 14 pages. |
| Written Opinion of the International Searching Authority for PCT/US2014/032342, dated Mar. 17, 2015, 6 pages. |
| International Preliminary Report on Patentability for PCT/US2014/032342, dated Jun. 24, 2015, 23 pages. |
| Extended European Search Report for European Patent Application No. 10845949.6, dated Oct. 9, 2014, 7 pages. |
| Non-Final Office Action for U.S. Appl. No. 12/884,478, dated Dec. 12, 2012, 15 pages. |
| Final Office Action for U.S. Appl. No. 12/884,478, dated May 20, 2013, 19 pages. |
| Advisory Action for U.S. Appl. No. 12/884,478, dated Sep. 9, 2013, 3 pages. |
| Notice of Allowance and Examiner-Initiated Interview Summary for U.S. Appl. No. 12/884,478, dated Apr. 4, 2014, 10 pages. |
| Non-Final Office Action for U.S. Appl. No. 14/330,986, dated Dec. 16, 2014, 18 pages. |
| Final Office Action for U.S. Appl. No. 14/330,986, dated Apr. 27, 2015, 20 pages. |
| Advisory Action and Examiner Initiated Interview for U.S. Appl. No. 14/330,986, dated Jul. 14, 2015, 3 pages. |
| Invitation to Pay Additional Fees and Partial International Search Report for PCT/US2015/027040, dated Jul. 24, 2015, 7 pages. |
| Decision on Appeal for U.S. Appl. No. 14/330,986, dated Mar. 27, 2018, 10 pages. |
| Final Office Action for U.S. Appl. No. 14/728,759, dated Mar. 15, 2018, 19 pages. |
| Examination Report for European Patent Application No. 15721438.8, dated Jul. 17, 2018, 7 pages. |
| Supplemental Notice of Allowability for U.S. Appl. No. 15/295,718, dated Nov. 15, 2017, 12 pages. |
| Supplemental Notice of Allowability for U.S. Appl. No. 15/295,718, dated Dec. 8, 2017, 12 pages. |
| Examination Report for European Patent Application No. 15729691.4, dated Sep. 13, 2018, 5 pages. |
| Non-Final Office Action for U.S. Appl. No. 14/693,121, dated Aug. 6, 2015, 16 pages. |
| Non-Final Office Action for U.S. Appl. No. 14/728,902, dated Aug. 26, 2015, 15 pages. |
| Invitation to Pay Additional Fees and Partial International Search Report for PCT/US2015/033823, dated Aug. 14, 2015, 7 pages. |
| International Search Report and Written Opinion for PCT/US2015/033830, dated Aug. 24, 2015, 11 pages. |
| Non-Final Office Action for U.S. Appl. No. 14/330,986, dated Sep. 15, 2015, 16 pages. |
| Non-Final Office Action for U.S. Appl. No. 14/728,759, dated Sep. 10, 2015, 15 pages. |
| International Search Report and Written Opinion for PCT/US2015/033811, dated Sep. 21, 2015, 10 pages. |
| International Search Report and Written Opinion for PCT/US2015/044694, dated Oct. 2, 2015, 10 pages. |
| Author Unknown, “Cognitive test,” Wikipedia.com, last modified Oct. 28, 2014, retrieved on Nov. 11, 2015, 3 pages, https://en.wikipedia.org/w/index.php?title=Cognitive_test&oldid=631463869. |
| Author Unknown, “James McKeen Cattell,” Wikipedia.com, last modified Sep. 9, 2015, retrieved on Nov. 11, 2015, 5 pages, https://en.wikipedia.org/wiki/James_McKeen_Cattell. |
| International Search Report and Written Opinion for PCT/US2015/027040, dated Nov. 20, 2015, 21 pages. |
| International Search Report and Written Opinion for PCT/US2015/033823, dated Dec. 2, 2015, 18 pages. |
| Final Office Action for U.S. Appl. No. 14/330,986, dated Feb. 4, 2016, 18 pages. |
| Advisory Action for U.S. Appl. No. 14/330,986, dated May 2, 2016, 3 pages. |
| Notice of Allowance for U.S. Appl. No. 14/693,121, dated Jan. 22, 2016, 7 pages. |
| Final Office Action for U.S. Appl. No. 14/728,902, dated Jan. 29, 2016, 6 pages. |
| Notice of Allowance for U.S. Appl. No. 14/728,902, dated Mar. 11, 2016, 7 pages. |
| Non-Final Office Action for U.S. Appl. No. 14/728,904, dated Jan. 25, 2016, 15 pages. |
| Final Office Action for U.S. Appl. No. 14/728,759, dated Feb. 1, 2016, 17 pages. |
| Non-Final Office Action for U.S. Appl. No. 14/823,739, dated Nov. 30, 2015, 17 pages. |
| Final Office Action for U.S. Appl. No. 14/823,739, dated Apr. 28, 2016, 10 pages. |
| Menezes, A. et al., “Identification and Entity Authentication,” Handbook of Applied Cryptography, CRC Press, 1997, pp. 385-424. |
| International Preliminary Report on Patentability for PCT/US2015/027040, dated Nov. 3, 2016, 15 pages. |
| International Preliminary Report on Patentability for PCT/US2015/033823, dated Nov. 3, 2016, 12 pages. |
| International Search Report and Written Opinion for PCT/US2016/020670, dated May 12, 2016, 11 pages. |
| International Search Report and Written Opinion for PCT/US2016/033793, dated Jul. 22, 2016, 11 pages. |
| Examination Report for European Patent Application No. 10845949.6, dated Jun. 13, 2016, 6 pages. |
| Examiner's Answer to the Appeal Brief for U.S. Appl. No. 14/330,986, dated Dec. 7, 2016, 21 pages. |
| Non-Final Office Action for U.S. Appl. No. 15/069,635, dated Jun. 16, 2016, 6 pages. |
| Notice of Allowance for U.S. Appl. No. 15/069,635, dated Oct. 18, 2016, 7 pages. |
| Notice of Allowance for U.S. Appl. No. 14/728,904, dated Jul. 1, 2016, 12pages. |
| Corrected Notice of Allowability for U.S. Appl. No. 14/728,904, dated Aug. 10, 2016, 9 pages. |
| Corrected Notice of Allowability for U.S. Appl. No. 14/728,904, dated Oct. 13, 2016, 9 pages. |
| Non-Final Office Action for U.S. Appl. No. 14/728,759, dated Jul. 26, 2016, 16 pages. |
| Notice of Allowance for U.S. Appl. No. 14/823,739, dated Jul. 12, 2016, 8 pages. |
| International Preliminary Report on Patentability for PCT/US2015/033830, dated Dec. 15, 2016, 8 pages. |
| International Preliminary Report on Patentability for PCT/US2015/033811, dated Dec. 15, 2016, 7 pages. |
| International Preliminary Report on Patentability for PCT/US2015/044694, dated Feb. 23, 2017, 8 pages. |
| Final Office Action for U.S. Appl. No. 14/728,759, dated Feb. 15, 2017, 18 pages. |
| Second Written Opinion for PCT/US2016/033793, dated Apr. 4, 2017, 5 pages. |
| International Preliminary Report on Patentability for PCT/US2016/033793, dated Jun. 27, 2017, 6 pages. |
| Non-Final Office Action for U.S. Appl. No. 14/782,257, dated Mar. 9, 2017, 6 pages. |
| Non-Final Office Action for U.S. Appl. No. 15/409,045, dated Apr. 19, 2017, 8 pages. |
| Non-Final Office Action for U.S. Appl. No. 15/295,718, dated Mar. 9, 2017, 14 pages. |
| Notice of Allowance and Examiner-Initiated Interview Summary for U.S. Appl. No. 15/295,718, dated Aug. 14, 2017, 16 pages. |
| Non-Final Office Action for U.S. Appl. No. 14/728,759, dated Aug. 3, 2017, 19 pages. |
| Non-Final Office Action for U.S. Appl. No. 15/295,701, dated Apr. 28, 2017, 6 pages. |
| International Preliminary Report on Patentability for PCT/US2016/020670, dated Sep. 14, 2017, 7 pages. |
| Notice of Allowance for U.S. Appl. No. 15/409,045, dated Nov. 1, 2017, 7 pages. |
| Notice of Allowance for U.S. Appl. No. 15/295,701, dated Sep. 25, 2017, 7 pages. |
| Non-Final Office Action for U.S. Appl. No. 15/554,782, dated Sep. 18, 2019, 16 pages. |
| Examination Report for European Patent Application No. 16710889.3, dated Aug. 19, 2019, 4 pages. |
| Notice of Allowance and Examiner-Initiated Interview Summary for U.S. Appl. No. 16/036,525, dated Jan. 13, 2020, 18 pages. |
| Final Office Action for U.S. Appl. No. 15/554,782, dated May 29, 2020, 17 pages. |
| Number | Date | Country | |
|---|---|---|---|
| 20180123793 A1 | May 2018 | US |
| Number | Date | Country | |
|---|---|---|---|
| 62165251 | May 2015 | US |
