Patent Grant
7389427
(1) Field of the Invention
The invention relates to data security. More specifically, the invention relates to securing output data in an isolated execution environment.
(2) Background
Data security is increasingly important in this data-driven society. To that end, multilevel platforms have been developed to support both a normal execution mode and an isolated execution mode. A section of memory is allocated for use only in the isolated execution mode. Encryption and authentication are used any time isolated data is moved into a non-isolated section of the memory. In this manner, data used and maintained in isolated execution mode is not security compromised. However, when an isolated data is output to an output device, such as a display, it may be possible for insecure software to access the displayed data from the display when displayed in isolated execution mode or after the system returns to normal mode. This avenue of attack may compromise the security of isolated data.
The invention is illustrated by way of example and not by way of limitation in the figures of the accompanying drawings in which like references indicate similar elements. It should be noted that references to “an” or “one” embodiment in this disclosure are not necessarily to the same embodiment, and such references mean at least one.
The present invention relates to a platform and method for maintaining the remote security of output data. A processor executing in isolated execution “IsoX” mode may have output such as display data. That data may be conveyed through a graphic card to a display. The graphic card may be enabled to operate in an IsoX mode and access a specially partitioned portion of memory to retrieve output data when the platform is in IsoX mode. The graphics card may be allowed to direct memory access (DMA), the data for each screen refresh, or it may store it in a secure bit plane on the graphics card for output. By “secure” bit plane, it is meant that only the graphics card (or possibly very special isolated components, such as the operating system nub described below) may access the bit plane. This IsoX graphics card is required to restrict access by all non-secure components of the system.
In the following description, certain terminology is used to discuss features of various embodiments of the invention. For example, a “platform” includes components that perform different functions on stored information. Examples of a platform include, but are not limited or restricted to a computer (e.g., desktop, a laptop, a hand-held, a server, a workstation, etc.), desktop office equipment (e.g., printer, scanner, a facsimile machine, etc.), a wireless telephone handset, a television set-top box, and the like. Examples of a “component” include hardware (e.g., an integrated circuit, etc.) and/or one or more software modules. A “software module” is code that, when executed, performs a certain function. This code may include an operating system, an application, an applet or even a nub being a series of code instructions, possibly a subset of code from an applet. A “link” is broadly defined as one or more information-carrying mediums (e.g., electrical wire, optical fiber, cable, bus, or air in combination with wireless signaling technology) to establish a communication pathway. This pathway is deemed “protected” when it is virtually impossible to modify information routed over the pathway without detection.
In addition, the term “information” is defined as one or more bits of data, address, and/or control and a “segment” is one or more bytes of information. A “message” is a grouping of information, possibly packetized information. “Keying material” includes any information needed for a specific cryptographic algorithm such as a Digital Signature Algorithm. A “one-way function” is a function, mathematical or otherwise, that converts information from a variable-<length to a fixed-length (referred to as a “hash value” or “digest”). The term “one-way” indicates that there does not readily exist an inverse function to recover any discernible portion of the original information from the fixed-length hash value. Examples of a hash function include MD5 provided by RSA Data Security of Redwood City, Calif., or Secure Hash Algorithm (SHA-1) as specified in a 1995 publication Secure Hash Standard FIPS 180-1 entitled “Federal Information Processing Standards Publication” (Apr. 17, 1995).
I. Architecture Overview
In one embodiment, a platform utilizing the present invention may be configured with an isolated execution (IsoX™) architecture. The IsoX™ architecture includes logical and physical definitions of hardware and software components that interact directly or indirectly with an operating system of the platform. Herein, the operating system and a processor of the platform may have several levels of hierarchy, referred to as rings, which correspond to various operational modes. A “ring” is a logical division of hardware and software components that are designed to perform dedicated tasks within the platform. The division is typically based on the degree or level of privilege, namely the ability to make changes to the platform. For example, a ring-0 is the innermost ring, being at the highest level of the hierarchy. Ring-0 encompasses the most critical, privileged components. Ring-3 is the outermost ring, being at the lowest level of the hierarchy. Ring-3 typically encompasses user level applications, which are normally given the lowest level of privilege. Ring-1 and ring-2 represent the intermediate rings with decreasing levels of privilege.
Ring-010 includes two portions: a normal execution Ring-011 and an isolated execution Ring-015. The normal execution Ring-011 includes software modules that are critical for the operating system, usually referred to as the “kernel”. These software modules include a primary operating system 12 (e.g., kernel), software drivers 13, and hardware drivers 14. The isolated execution Ring-015 includes an operating system (OS) nub 16 and a processor nub 18 as described below. The OS nub 16 and the processor nub 18 are instances of an OS executive (OSE) and processor executive (PE), respectively. The OSE and the PE are part of executive entities that operate in a protected environment associated with the isolated area 70 and the IsoX mode. The processor nub loader 52 is a bootstrap loader code that is responsible for loading the processor nub 18 from the processor or chipset into an isolated area as will be explained later.
Similarly, ring-120, ring-230, and ring-340 include normal execution ring-121, ring-231, ring-341, and isolated execution ring-125, ring-235, and ring-345, respectively. In particular, normal execution ring-3 includes N applications 421-42N and isolated execution ring-3 includes Mapplets 461-46M (where “N” and “M” are positive whole numbers).
One concept of the IsoX™ architecture is the creation of an isolated region in the system memory, which is protected by components of the platform (e.g., the processor and chipset). This isolated region, referred to herein as an “isolated area,” may also be in cache memory that is protected by a translation look aside (TLB) access check. Access to this isolated area is permitted only from a front side bus (FSB) of the processor, using special bus cycles (referred to as “isolated read and write cycles”) issued by the processor executing in IsoX mode. In one embodiment, a second isolated area, referred to herein as the isolated output area, is partitioned within main memory. In one embodiment, the isolated output area is only readable by an output device in an isolated execution mode and writeable by the OS nub 16 via the output driver 17.
Typically shared links may be used within the platform for isolated output operations. Examples of these shared links include a Peripheral Component Interconnect (PCI) bus, an accelerated graphics port (AGP) bus, an Industry Standard Architecture (ISA) bus, a Universal Serial Bus (USB) bus and the like.
The IsoX mode is initialized using a privileged instruction in the processor, combined with the processor nub loader 52. The processor nub loader 52 verifies and loads a ring-0 nub software module (e.g., processor nub 18) into the isolated area. For security purposes, the processor nub loader 52 is non-modifiable, tamper-resistant and non-substitutable. In one embodiment, the processor nub loader 52 is implemented in read only memory (ROM).
One task of the processor nub 18 is to verify and load the ring-0 OS nub 16 into the isolated area. The OS nub 16 provides links to services in the primary operating system 12 (e.g., the unprotected segments of the operating system), provides page management within the isolated area, and has the responsibility for loading ring-3 application modules 45, including applets 461 to 46M, into protected pages allocated in the isolated area. The OS nub 16 may also support paging of data between the isolated area and ordinary (e.g., non-isolated) memory. If so, then the OS nub 16 is also responsible for the integrity and confidentiality of the isolated area pages before evicting the page to the ordinary memory, and for checking the page contents upon restoration of the page. The OS nub 16 may also contain an output driver 17 to fill the isolated output area 90 with secure output data. In one embodiment, the output driver 17 writes a display bit map into the isolated output area for any data to be displayed when the platform is in isolated execution mode.
Referring now to
The accessible physical memory 60 includes an isolated area 70, an isolated output area 90 and a non-isolated area 80. The isolated area 70 includes applet pages 72 and nub pages 74. The non-isolated area 80 includes application pages 82 and operating system pages 84. The isolated area 70 is accessible only to components of the operating system and processor operating in the IsoX mode. The non-isolated area 80 is accessible to all elements of the ring-0 operating system and processor. In one embodiment, the isolated output area 90 may only be accessed by the OS nub 16 and secure output devices. In some embodiments, access to the isolated output area 90 may be write-only for the OS nub 16 and read-only for the output device.
The normal execution ring-011 including the primary OS 12, the software drivers 13, and the hardware drivers 14, can access both the OS pages 84 and the application pages 82. The normal execution ring-3, including applications 42, to 42N, can access only to the application pages 82. Neither the normal execution ring-011 nor normal execution ring-341 can access the isolated area 70 or the isolated output area 90.
The isolated execution ring-015, including the OS nub 16 and the processor nub 18, can access the isolated area 70, including both the applet pages 72 and the nub pages 74, and the non-isolated area 80, including the application pages 82 and the OS pages 84. The isolated execution ring-345, including applets 461 to 46M, can access only to the application pages 82 and the applet pages 72. The applets 461 to 46M reside in the isolated area 70.
Referring to
In general, the processor 110 represents a central processing unit of any type of architecture, such as complex instruction set computers (CISC), reduced instruction set computers (RISC), very long instruction word (VLIW), or hybrid architecture. In one embodiment, the processor 110 includes multiple logical processors. A “logical processor,” sometimes referred to as a thread, is a functional unit within a physical processor having an architectural state and physical resources allocated according to a specific partitioning functionality. Thus, a multi-threaded processor includes multiple logical processors. The processor 110 is compatible with the Intel Architecture (IA) processor, such as a PENTIUM® series, the IA-32™ and IA-64™. It will be appreciated by those skilled in the art that the basic description and operation of the processor 110 applies to either a single processor platform or a multi-processor platform.
The processor 110 may operate in a normal execution mode or an IsoX mode. In particular, an isolated execution circuit 115 provides a mechanism to allow the processor 110 to operate in an IsoX mode. The isolated execution circuit 115 provides hardware and software support for the IsoX mode. This support includes configuration for isolated execution, definition of the isolated area, definition (e.g., decoding and execution) of isolated instructions, generation of isolated access bus cycles, and generation of isolated mode interrupts.
As shown in
The chipset 120 includes a memory control hub (MCH) 130 and an input/output control hub (ICH) 150 described below. The MCH 130 and the ICH 150 may be integrated into the same chip or placed in separate chips operating together.
With respect to the chipset 120, a MCH 130 provides control and configuration of memory and input/output devices such as the system memory 140 and the ICH 150. The MCH 130 provides interface circuits to recognize and service isolated memory read and write cycles and/or isolated output read and write cycles. In addition, the MCH 130 has memory range registers (e.g., base and length registers) to represent the isolated area and isolated output area in the system memory 140. The isolated output area and isolated area need not be contiguous. Similarly, the MCH 130 aborts any access to the isolated output area when the isolated output link mode is not asserted. Once configured, the MCH 130 aborts any access to the isolated area when the isolated access link mode is not asserted.
The system memory 140 stores code and data. The system memory 140 is typically implemented with dynamic random access memory (DRAM) or static random access memory (SRAM). The system memory 140 includes the accessible physical memory 60 (shown in
As shown in
The processor nub loader 52, as shown in
As shown in
In another embodiment, both the protected memory 152 and unprotected memory (e.g., a memory array in the non-isolated area 80 of the system memory 140 of
Referring still to
The mass storage device 170 stores archive information such as code (e.g., processor nub 18), programs, files, data, applications (e.g., applications 421-42N), applets (e.g., applets 461 to 46M) and operating systems. The mass storage device 170 may include a compact disk (CD) ROM 172, a hard drive 176, or any other magnetic or optic storage devices. The mass storage device 170 also provides a mechanism to read platform-readable media. When implemented in software, the elements of the present invention are stored in a processor readable medium. The “processor readable medium” may include any medium that can store or transfer information. Examples of the processor readable medium include an electronic circuit, a semiconductor memory device, a read only memory (ROM), a flash memory, an erasable programmable ROM (EPROM), a 2 fiber optic medium, a radio frequency (RF) link, and any platform readable media such as a floppy diskette, a CD-ROM, an optical disk, a hard disk, etc.
When the CPU 210 is operating in isolated execution mode the output driver 217 sends isolated output request cycles to the MCH 230 for access to the isolated output area 290. Isolated output cycles are identified as such by the MCH 230 based on the status of the system and whether an isolated attribute is attached to the request. If the request is identified by the MCH 230, as containing the appropriate isolated attribute, write access to the isolated output area 290 may be granted. In that context, the output driver 217 will then drive output data, for example, a bit map, into the isolated output area 290. In some embodiments of the invention, the OS nub 216 is permitted write-only access to the isolated output area.
In some embodiments, a graphics card 275 is coupled by a secure AGP bus 254 to MCH 230. The OS nub should be able to write to the graphics card to permit the OS nub to provide the base address and size of the isolated output area. In one embodiment, the graphics card is provided with an isolated direct memory access (DMA) controller 250, which sends isolated DMA requests through AGP 252 to the MCH for read access to the isolated output area 290. The MCH authenticates the request before granting access to the isolated output area. The isolated DMA controller 250 may then DMA, for example the bit map contained in the isolated output area 290 directly to an output end point such as display 202.
In some embodiments of the invention, the graphics card 275 includes one or more isolated bit planes 254 and one or more normal bit planes 256. In such embodiment, where the graphics card 275 is permitted to store isolated output data in the isolated bit planes 254, the graphics card must guarantee security of those isolated bit planes from software attack and/or access by non-Iso software. Such protection may be because the graphics card denies all external access to the isolated bit planes 254. In another embodiment, only the OS nub 216 is permitted to access the isolated bit planes 254 from outside the graphics card 275. In such embodiments it is contemplated that the isolated DMA controller 250 may DMA the output data to the isolated bit planes. Subsequent refreshes of the display may be conducted from the isolated bit planes 254. It is also within the scope and contemplation of the invention that the isolated bit planes may be loaded other than by DMA controller 250.
One form of possible attack is for rogue software to establish an environment on the display that mimics the secure environment to appear as the proper target for the secure output or input data from a user. In one embodiment, hardware on the graphics card ensures that the user sees and the output goes to the secure window. In some embodiments of the invention, upon entering isolated execution mode, the graphics card will occlude existing windows on the display 202 by overlaying an occlusion window 204. An isolated execution focus window 206 may then be tiled over occlusion window 204. In this manner, reliability of delivery of the isolated output data to the focus window is enhanced. Additionally, the isolated focus window may be itself occluded, e.g., grayed out when the graphics card leaves the isolated execution mode. In any case, the graphics card 275 is responsible for preventing software access to isolated data on the display.
It should be noted that while the above description is conducted in the context of a display, or graphical output, the invention may readily be extended to other forms of output, such as for example, audio output. Thus, such extension is within the scope and contemplation of the invention.
In the foregoing specification, the invention has been described with reference to specific embodiments thereof. It will, however, be evident that various modifications and changes can be made thereto without departing from the broader spirit and scope of the invention as set forth in the appended claims. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense.
| Number | Name | Date | Kind |
|---|---|---|---|
| 3996449 | Attanasio et al. | Dec 1976 | A |
| 4037214 | Birney et al. | Jul 1977 | A |
| 4162536 | Morley | Jul 1979 | A |
| 4247905 | Yoshida et al. | Jan 1981 | A |
| 4276594 | Morley | Jun 1981 | A |
| 4278837 | Best | Jul 1981 | A |
| 4307447 | Provanzano et al. | Dec 1981 | A |
| 4319323 | Ermolovich et al. | Mar 1982 | A |
| 4347565 | Kaneda et al. | Aug 1982 | A |
| 4366537 | Heller et al. | Dec 1982 | A |
| 4430709 | Schleupen et al. | Feb 1984 | A |
| 4521852 | Guttag | Jun 1985 | A |
| 4571672 | Hatada et al. | Feb 1986 | A |
| 4759064 | Chaum | Jul 1988 | A |
| 4795893 | Ugon | Jan 1989 | A |
| 4802084 | Ikegaya et al. | Jan 1989 | A |
| 4825052 | Chemin et al. | Apr 1989 | A |
| 4907270 | Hazard | Mar 1990 | A |
| 4907272 | Hazard | Mar 1990 | A |
| 4910774 | Barakat | Mar 1990 | A |
| 4975836 | Hirosawa et al. | Dec 1990 | A |
| 5007082 | Cummins | Apr 1991 | A |
| 5022077 | Bealkowski et al. | Jun 1991 | A |
| 5075842 | Lai | Dec 1991 | A |
| 5079737 | Hackbarth | Jan 1992 | A |
| 5187802 | Inoue et al. | Feb 1993 | A |
| 5230069 | Brelsford et al. | Jul 1993 | A |
| 5255379 | Melo | Oct 1993 | A |
| 5293424 | Holtey et al. | Mar 1994 | A |
| 5295251 | Wakui et al. | Mar 1994 | A |
| 5317705 | Gannon et al. | May 1994 | A |
| 5319760 | Mason et al. | Jun 1994 | A |
| 5361375 | Ogi | Nov 1994 | A |
| 5386552 | Garney | Jan 1995 | A |
| 5421006 | Jablon et al. | May 1995 | A |
| 5434999 | Goire et al. | Jul 1995 | A |
| 5437033 | Inoue et al. | Jul 1995 | A |
| 5442645 | Ugon et al. | Aug 1995 | A |
| 5455909 | Blomgren et al. | Oct 1995 | A |
| 5459867 | Adams et al. | Oct 1995 | A |
| 5459869 | Spilo | Oct 1995 | A |
| 5469557 | Salt et al. | Nov 1995 | A |
| 5473692 | Davis | Dec 1995 | A |
| 5479509 | Ugon | Dec 1995 | A |
| 5504922 | Seki et al. | Apr 1996 | A |
| 5506975 | Onodera | Apr 1996 | A |
| 5511217 | Nakajima et al. | Apr 1996 | A |
| 5522075 | Robinson et al. | May 1996 | A |
| 5528231 | Patarin | Jun 1996 | A |
| 5533126 | Hazard et al. | Jul 1996 | A |
| 5555385 | Osisek | Sep 1996 | A |
| 5555414 | Hough et al. | Sep 1996 | A |
| 5564040 | Kubala | Oct 1996 | A |
| 5566323 | Ugon | Oct 1996 | A |
| 5568552 | Davis | Oct 1996 | A |
| 5574936 | Ryba et al. | Nov 1996 | A |
| 5582717 | Di Santo | Dec 1996 | A |
| 5604805 | Brands | Feb 1997 | A |
| 5606617 | Brands | Feb 1997 | A |
| 5615263 | Takahashi | Mar 1997 | A |
| 5628022 | Ueno et al. | May 1997 | A |
| 5633929 | Kaliski, Jr. | May 1997 | A |
| 5657445 | Pearce | Aug 1997 | A |
| 5717903 | Bonola | Feb 1998 | A |
| 5720609 | Pfefferle | Feb 1998 | A |
| 5721222 | Bernstein et al. | Feb 1998 | A |
| 5729760 | Poisner | Mar 1998 | A |
| 5737604 | Miller et al. | Apr 1998 | A |
| 5737760 | Grimmer, Jr. et al. | Apr 1998 | A |
| 5752046 | Oprescu et al. | May 1998 | A |
| 5757919 | Herbert et al. | May 1998 | A |
| 5764969 | Kahle | Jun 1998 | A |
| 5796835 | Saada | Aug 1998 | A |
| 5796845 | Serikawa et al. | Aug 1998 | A |
| 5805712 | Davis | Sep 1998 | A |
| 5825875 | Ugon | Oct 1998 | A |
| 5835594 | Albrecht et al. | Nov 1998 | A |
| 5844986 | Davis | Dec 1998 | A |
| 5852717 | Bhide et al. | Dec 1998 | A |
| 5854913 | Goetz et al. | Dec 1998 | A |
| 5867577 | Patarin | Feb 1999 | A |
| 5872994 | Akiyama et al. | Feb 1999 | A |
| 5890189 | Nozue et al. | Mar 1999 | A |
| 5900606 | Rigal | May 1999 | A |
| 5901225 | Ireton et al. | May 1999 | A |
| 5903752 | Dingwall et al. | May 1999 | A |
| 5935247 | Pai et al. | Aug 1999 | A |
| 5937063 | Davis | Aug 1999 | A |
| 5953502 | Helbig, Sr. | Sep 1999 | A |
| 5956408 | Arnold | Sep 1999 | A |
| 5970147 | Davis et al. | Oct 1999 | A |
| 5978475 | Schneier et al. | Nov 1999 | A |
| 5978481 | Ganesan et al. | Nov 1999 | A |
| 5987557 | Ebrahim | Nov 1999 | A |
| 6014745 | Ashe | Jan 2000 | A |
| 6044478 | Green | Mar 2000 | A |
| 6055637 | Hudson et al. | Apr 2000 | A |
| 6058478 | Davis | May 2000 | A |
| 6061794 | Angelo | May 2000 | A |
| 6075938 | Bugnion et al. | Jun 2000 | A |
| 6085296 | Karkhanis et al. | Jul 2000 | A |
| 6088262 | Nasu | Jul 2000 | A |
| 6092095 | Maytal | Jul 2000 | A |
| 6093213 | Favor et al. | Jul 2000 | A |
| 6101584 | Satou et al. | Aug 2000 | A |
| 6115816 | Davis | Sep 2000 | A |
| 6125430 | Noel et al. | Sep 2000 | A |
| 6131166 | Wong-Insley | Oct 2000 | A |
| 6148379 | Schimmel | Nov 2000 | A |
| 6158546 | Hanson et al. | Dec 2000 | A |
| 6173417 | Merrill | Jan 2001 | B1 |
| 6175924 | Arnold | Jan 2001 | B1 |
| 6175925 | Nardone et al. | Jan 2001 | B1 |
| 6178509 | Nardone | Jan 2001 | B1 |
| 6182089 | Ganapathy et al. | Jan 2001 | B1 |
| 6188257 | Buer | Feb 2001 | B1 |
| 6192455 | Bogin et al. | Feb 2001 | B1 |
| 6205550 | Nardone et al. | Mar 2001 | B1 |
| 6212635 | Reardon | Apr 2001 | B1 |
| 6222923 | Schwenk | Apr 2001 | B1 |
| 6249872 | Wildgrube et al. | Jun 2001 | B1 |
| 6252650 | Nakaumra | Jun 2001 | B1 |
| 6269392 | Cotichini et al. | Jul 2001 | B1 |
| 6272533 | Browne et al. | Aug 2001 | B1 |
| 6272637 | Little et al. | Aug 2001 | B1 |
| 6275933 | Fine et al. | Aug 2001 | B1 |
| 6282650 | Davis | Aug 2001 | B1 |
| 6282651 | Ashe | Aug 2001 | B1 |
| 6282657 | Kaplan et al. | Aug 2001 | B1 |
| 6292874 | Barnett | Sep 2001 | B1 |
| 6301646 | Hostetter | Oct 2001 | B1 |
| 6308270 | Guthery et al. | Oct 2001 | B1 |
| 6314409 | Schneck et al. | Nov 2001 | B2 |
| 6321314 | Van Dyke | Nov 2001 | B1 |
| 6330670 | England et al. | Dec 2001 | B1 |
| 6339815 | Feng | Jan 2002 | B1 |
| 6339816 | Bausch | Jan 2002 | B1 |
| 6357004 | Davis | Mar 2002 | B1 |
| 6363485 | Adams | Mar 2002 | B1 |
| 6374286 | Gee et al. | Apr 2002 | B1 |
| 6374317 | Ajanovic et al. | Apr 2002 | B1 |
| 6378068 | Foster | Apr 2002 | B1 |
| 6378072 | Collins et al. | Apr 2002 | B1 |
| 6389537 | Davis et al. | May 2002 | B1 |
| 6397242 | Devine et al. | May 2002 | B1 |
| 6412035 | Webber | Jun 2002 | B1 |
| 6421702 | Gulick | Jul 2002 | B1 |
| 6435416 | Slassi | Aug 2002 | B1 |
| 6445797 | McGough et al. | Sep 2002 | B1 |
| 6463535 | Drews et al. | Oct 2002 | B1 |
| 6463537 | Tello | Oct 2002 | B1 |
| 6476806 | Cunniff et al. | Nov 2002 | B1 |
| 6499123 | McFarland et al. | Dec 2002 | B1 |
| 6505279 | Phillips et al. | Jan 2003 | B1 |
| 6507904 | Ellison et al. | Jan 2003 | B1 |
| 6535988 | Poisner | Mar 2003 | B1 |
| 6557104 | Vu et al. | Apr 2003 | B2 |
| 6633963 | Ellison et al. | Oct 2003 | B1 |
| 6633981 | Davis | Oct 2003 | B1 |
| 6775779 | England et al. | Aug 2004 | B1 |
| 20010021969 | Burger et al. | Sep 2001 | A1 |
| 20010027511 | Wakabayashi et al. | Oct 2001 | A1 |
| 20010027527 | Khidekel et al. | Oct 2001 | A1 |
| 20010037450 | Metlitski et al. | Nov 2001 | A1 |
| 20020147916 | Strongin et al. | Oct 2002 | A1 |
| 20020166061 | Falik et al. | Nov 2002 | A1 |
| 20020169717 | Challener | Nov 2002 | A1 |
| 20030018892 | Tello | Jan 2003 | A1 |
| 20030074548 | Cromer et al. | Apr 2003 | A1 |
| 20030126453 | Glew et al. | Jul 2003 | A1 |
| 20030159056 | Cromer et al. | Aug 2003 | A1 |
| 20030188179 | Challener et al. | Oct 2003 | A1 |
| Number | Date | Country |
|---|---|---|
| 4217444 | Dec 1992 | DE |
| 0473913 | Mar 1992 | EP |
| 0600112 | Jun 1994 | EP |
| 0930567 | Jul 1999 | EP |
| 0961193 | Dec 1999 | EP |
| 0965902 | Dec 1999 | EP |
| 1030237 | Aug 2000 | EP |
| 1085396 | Mar 2001 | EP |
| 1146715 | Oct 2001 | EP |
| 1271277 | Jan 2003 | EP |
| 2000076139 | Mar 2000 | JP |
| WO-9524696 | Sep 1995 | WO |
| WO-9729567 | Aug 1997 | WO |
| WO-9834365 | Aug 1998 | WO |
| WO-9844402 | Oct 1998 | WO |
| WO-9905600 | Feb 1999 | WO |
| WO-9957863 | Nov 1999 | WO |
| WO-9965579 | Dec 1999 | WO |
| WO-0021238 | Apr 2000 | WO |
| WO-0062232 | Oct 2000 | WO |
| WO-0127723 | Apr 2001 | WO |
| WO-0127821 | Apr 2001 | WO |
| WO-0163994 | Aug 2001 | WO |
| WO-0175565 | Oct 2001 | WO |
| WO-0175595 | Oct 2001 | WO |
| WO-9909482 | Jan 2002 | WO |
| WO-0217555 | Feb 2002 | WO |
| WO-0175564 | Oct 2002 | WO |
| WO-02086684 | Oct 2002 | WO |
