Patent Grant
6901518
The present invention relates generally to data processing systems and, more particularly, to using downloaded code to provide secure communication between a client and a remote service in a distributed system.
Today's distributed systems can be made up of various components, including both hardware and software. Nodes in distributed systems typically communicate via a network such as the Internet. One means of communication between programs in a distributed system is downloading code from one program to another. For example, a client (e.g., a program running on a node in a distributed system) can access a service running on a remote node by downloading code from the remote service.
A “service” refers to a resource, data, or functionality that can be accessed by a user, program, device, or another service and that can be computational, storage related, communication related, or related to providing access to another user. Examples of services include devices, such as printers, displays, and disks; software, such as applications or utilities; information, such as databases and files; and users of the system.
In a distributed system implemented using the Java™ programming language, services appear programmatically as objects, with interfaces that define the operations available from the service. In the Java™ programming language, a “class” provides a template for the creation of “objects” (which represent items or instances manipulated by the system) having characteristics of that class. Thus, a class defines the type of an object. Methods associated with a class are generally invoked on the objects of the same class or subclass. The Java™ programming language is described in The Java™ Language Specification by James Gosling, Bill Joy, and Guy Steele, Addison-Wesley, 1996, which is incorporated herein by reference.
In a distributed system that depends on downloaded code, there is the danger that the downloaded code may be untrustworthy. For example, the code could carry a virus or disguise its true source, causing the user of the downloaded code to disclose confidential information to an unknown party. Therefore, it is desirable to enable users in a distributed system to confirm that downloaded code is trustworthy.
A system consistent with the present invention enables a user in a distributed system to determine whether downloaded code is trustworthy before using the downloaded code to communicate with others in the distributed system. For example, if a client downloads code from a service, the client can verify that both the service and the downloaded code are trustworthy before using the code to communicate with the service. “Trustworthy” code is code that the client knows will enforce the client's security constraints (e.g., mutual authentication, confidentiality, and integrity) when communicating with the service.
In accordance with one implementation of the present invention, code is downloaded from a server, and a set of constraints to implement secure communication with the server is determined. Secure code is then used to verify that the downloaded code will enforce the set of constraints when the downloaded code is used to communicate with the server.
In accordance with another implementation of the present invention, a first proxy containing code for communication purposes is downloaded, and a second proxy containing code for communication purposes is obtained from the first proxy. A trustworthiness verification routine is used to determine whether the second proxy is trustworthy, and when it has been determined that the second proxy is trustworthy, the second proxy is used to determine whether a server is trustworthy. When it has been determined that the server is trustworthy, a trustworthiness verification routine is requested from the server by using the second proxy and this verification routine is then used to identify the trustworthiness of the first proxy. When it has been determined that the second proxy is trustworthy, that the server is trustworthy, and that the first proxy is trustworthy, the first proxy is used to invoke a method on the server.
This invention is pointed out with particularity in the appended claims. The above and further advantages of this invention may be better understood by referring to the following description taken in conjunction with the accompanying drawings, in which:
A distributed system suitable for practicing methods and systems consistent with the present invention can be implemented using the Jini™ architecture. A Jini™ system is built around one or more lookup services that list the services available in the distributed system. When a service joins the network, it uses a process called discovery to locate the lookup service or services for the network. The service registers by passing a proxy object to each lookup service. The proxy object is a Java™ object implementing the interfaces of the corresponding service. When a client (e.g., a program) wishes to use a service, the client interacts with the lookup service and downloads the proxy to facilitate use of the service. The Jini™ architecture is described in more detail in Arnold, The Jini™ Specification, Addison-Wesley (1999).
A system consistent with the present invention enables a program in a distributed system to determine whether downloaded code is trustworthy before using the downloaded code to communicate with other programs or services in the distributed system. For example, if a client downloads code from a service, the client can verify that both the service and the downloaded code are trustworthy before using the code to communicate with the service. “Trustworthy” code is code the client knows will enforce the client's security constraints in communicating with the service.
These constraints can include, for example, integrity, anonymity, mutual authentication, delegation, and confidentiality. The “integrity” constraint ensures that messages will not be tampered with in transit, the “anonymity” constraint permits the identity of the client to stay unknown to the service, and “mutual authentication” refers to the client and service verifying their identities to one another. The “delegation” constraint allows the service to make calls to other computers using the client's identity, and the “confidentiality” constraint ensures that messages are private, e.g., by using encryption.
The constraints attached to a proxy are included in the serialized version of the proxy. As part of RMI system 122, an object, such as a proxy, is converted into a serialized version of itself before being passed. The serialized object contains enough information to enable the recipient to identify and verify the Java™ class from which the contents of the object were saved and to restore the contents to a new instance. Object serialization is explained in the Java™ Object Serialization Specification, available at http://web2.java.sun.com/products//jdk/1.3/docs/guide/serialization/spec/serialTO C.doc.html, which is incorporated herein by reference. When a client trusts the downloaded code to enforce the client's security constraints and trusts the service, the client can trust communicating through the proxy to the service and can trust the service to do what the client asks, and not something harmful.
Computers 104 and 106 may be similarly configured, with computer 104 including memory 124, secondary storage device 126, and CPU 128, and computer 106 including memory 130, secondary storage device 132, and CPU 134. Memory 124 of computer 104 includes a service 136, and memory 130 of computer 106 includes a lookup service 138 that defines the services available in one part of distributed system 100. Lookup service 138 contains one proxy object for each service within that part of distributed system 100. Each “proxy object” corresponds to a service in the distributed system and implements interfaces corresponding to methods available from a service.
For example, if service 136 were a database service, the corresponding proxy object 140 would implement database interfaces such as “find” or “sort.” for a proxy to the database service. In response, lookup service 138 returns proxy object 140 corresponding to database service 136 to the client. Lookup services are explained in greater detail in U.S. patent application Ser. No. 09/044,931, entitled “Dynamic Lookup Service in a Distributed System,” which is incorporated herein by reference.
In this way, the Jini™ architecture relies on downloaded code to provide services in a dynamic and flexible way. Once a client downloads a proxy object, the client invokes methods on the proxy to communicate with the remote service. However, the proxy may be implemented using code that the client does not trust. Before sharing any critical data with the service, the client needs to establish trust in the proxy, the service, or both.
With reference to
The VerifyProxyTrust Method
The exemplary method described above will now be explained using the Java™ RMI Security Subsystem, part of RMI system 122. The Security Subsystem defines classes and interfaces that ensure secure communication between remote objects. One class provided by the RMI Security Subsystem is the Security class, which includes the verifyProxyTrust method. The verifyProxyTrust method establishes trust in downloaded code and is defined as follows:
The verifyProxyTrust method in RMI system 122 is called by client 142 once the client downloads proxy 140, before the client makes any other use of the proxy. As described below, the method will establish trust in the proxy by confirming that the proxy will correctly implement the RemoteSecurity interface, part of the Security class.
When a remote service instantiates its proxy, the service can include the RemoteSecurity interface, which provides methods enabling a client to attach security constraints to the proxy or to query the service to determine the service's security constraints. The RemoteSecurity interface is defined as follows:
The setClientConstraints method allows a client to make a copy of the proxy with a new set of constraints selected by the client. The getClientConstraints method returns the current client constraints attached to the proxy. The getServerConstraints method returns the server's constraints for a particular remote method implemented by the proxy.
As explained above, the constraints can include, for example, integrity, anonymity, mutual authentication, delegation, and confidentiality. When the verifyProxyTrust method determines that the proxy will enforce the client's constraints by correctly implementing the RemoteSecurity interface, the proxy is “trusted.”
As shown in steps 402 to 410 of
The verifyProxyTrust method calls the Proxy.isProxyClass method, passing the class of the proxy as a parameter, to determine whether the proxy is an instance of a trusted generated Proxy class (step 402). As described above, the Proxy.isProxyClass method will return true if and only if the specified class was dynamically generated to be a trusted proxy class.
If the Proxy.isProxyClass method returns true, the proxy is an instance of a trusted class, and the verifyProxyTrust method tests the invocation handler of the proxy to determine if it is an instance of a trusted class (step 404). Each secure RMI stub has an invocation handler used to invoke methods on the proxy. The verifyProxyTrust method calls the local Proxy.getInvocationHandler method, passing the proxy as a parameter. The getInvocationHandler method returns the invocation handler of the proxy, and the verifyProxyTrust method then calls the local instanceof operator to determine whether the proxy's invocation handler is an instance of a local trusted class,
SecureInvocationHandler. The local trusted class SecureInvocationHandler is specified in the Security class in RMI 122. The corresponding local calls made by verifyProxyTrust are:
If the proxy is an instance of a trusted class and the invocation handler is secure, then each socket factory instance contained in the invocation handler is checked (step 406). A socket is an end-point to a communication path between two processes in a network. A socket factory is an object that implements a method to create a new socket. Socket factories are described in more detail at http://java.sun.com/products/jdk/1.3/docs/api/java/net/SocketImplFactory.html. The class of each socket factory instance in the proxy is compared to a local list of trusted socket factory classes.
To obtain the list of trusted socket factory classes, the verifyProxyTrust method uses a local configuration database to obtain TrustVerifier. TrusterVerifiers are provided as part of the Java™ RMI Security Subsystem in RMI system 122, and are defined as follows:
The local configuration database contains a list of TrustVerifier instances that implement methods for testing the security of a given proxy or class. The trustedClientSocketFactoryClass method will return true if the given class is a trusted socket factory class defined in RMI 122. For each socket factory instance in the proxy, the verifyProxyTrust method calls the trustedClientSocketFactoryClass method of each TrustVerifier instance, passing the socket factory class as a parameter. If at least one trustedClientSocketFactoryClass method returns true for each socket factory, the proxy is a secure RMI stub (step 408). If the proxy is not an instance of a trusted Proxy class, or if the invocation handler is not secure, or if the socket factories are not trusted, then the proxy is not a secure RMI stub (step 410).
Before continuing with the description of
If the proxy is activatable, i.e., the proxy contains an Activation ID, (step 412) then the verifyProxyTrust method takes additional steps to determine whether the proxy is a secure RMI activatable stub. The verifyProxyTrust method obtains an activator verifier by making a remote call, using the proxy's invocation handler, to the remote service's getActivatorVerifier method, passing the client constraints as parameters (step 414). The getActivatorVerifier method is provided in the RMI system of an activatable service to enable a client to verify a proxy's Activation ID. The call to getActivatorVerifier returns an activator verifier plus optional codebase and signer information. The activator verifier is an object received from the service containing code that implements the verifyActivatorTrust method, explained below. The codebase information is the location from which the code, i.e., the activator verifier, should have been downloaded, e.g. a uniform resource locator (URL). The signer information identifies the creator or creators of the code, i.e., the activator verifier.
Because the verifier could have been downloaded, the verifyProxyTrust method checks that the activator verifier can be trusted using the codebase and signer information (step 416). If the service returned codebase information, the verifyProxyTrust method calls a local RMIClassLoader.getClassAnnotation method, which returns the location where the activator verifier code was obtained. The verifyProxyTrust method compares that location to the codebase information from the service. If they are different, the activator verifier is not used because its code is not trusted. If one or more signers is specified by the service, the verifyProxyTrust method obtains the signers of the verifier by calling the local Class.getSigners method and compares them to the signers specified by the service. If they are different, the activator verifier is not used because its code is not trusted.
In this way, the verifyProxyTrust method uses local methods to confirm the activator verifier code, which may have been downloaded and therefore could be corrupted. If the service did not specify either codebase or signer information, the verifyProxyTrust method confirms that the activator verifier was not downloaded, i.e., that the activator verifier is local, and therefore trusted. To do this, the verifyProxyTrust method compares the classloader of the verifier's class to the context classloader of the current thread or an ancestor of the context classloader. If they are the same, then the activator verifier was not downloaded, and can be trusted.
Once the verityProxyTrust method ensures that the activator verifier can be trusted, as described above, it extracts the Activation ID from the stub and calls the verifyActivatorTrust method of the verifier, passing the Activation ID as a parameter (step 418). The verifyActivatorTrust method will return normally if the service trusts the activation ID passed to it (step 420). If any of these calls do not return normally, i.e., throws an exception, then the proxy is not a secure RMI activatable stub (step 422), otherwise trust is established (step 424).
Trusting a Proxy Other than a Secure RMI Stub
If the proxy is not a secure RMI stub, the client can still establish trust in the proxy. If the proxy's class has a method with the signature
In response, the remote service returns a proxy verifier plus optional codebase and signer information. The verifyProxyTrust method checks the proxy verifier code using the codebase and/or signer information in the same way as described above with respect to the activator verifier. Once the verifyProxyTrust method ensures that the proxy verifier can be trusted, it makes a local call to the verifyProxyTrust method of the verifier, passing the proxy as a parameter. If any of these calls do not return normally, i.e., throws an exception, then the proxy is not trusted.
If the proxy is not a secure RMI stub and does not have the getSecureProxy method, then an ordered list of TrustVerifier instances is obtained from the local configuration database, as described above. The verifyProxyTrust method calls the trustedProxy method of each TrustVerifier instance, with the proxy and client constraints as parameters. The trustedProxy method returns true if the given proxy is known to be trusted to correctly implement the RemoteSecurity interface, and false otherwise. If any method returns true, then trust is established. If none returns true, trust is not established.
Although systems and methods consistent with the present invention are described as operating in a Jini™ system using the Java™ programming language, one skilled in the art will appreciate that the present invention can be practiced in other systems and other programming environments. Additionally, although aspects of the present invention are described as being stored in memory, one skilled in the art will appreciate that these aspects can also be stored on or read from other types of computer-readable media, such as secondary storage devices, like hard disks, floppy disks, or CD-ROM; a carrier wave from the Internet; or other forms of RAM or ROM. Sun, Sun Microsystems, the Sun Logo, Java™, and Jini™ trademarks are trademarks or registered trademarks of Sun Microsystems Inc. in the United States and other countries.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
The present application is related to and claims the benefit of U.S. Provisional Patent Application No. 60/128,406, entitled “RMI Security,” filed Apr. 8, 1999, which is relied upon and is incorporated herein by reference.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4430699 | Segarra et al. | Feb 1984 | A |
| 4491946 | Kryskow, Jr. et al. | Jan 1985 | A |
| 4558413 | Schmidt et al. | Dec 1985 | A |
| 4567359 | Lockwood | Jan 1986 | A |
| 4713806 | Oberlander et al. | Dec 1987 | A |
| 4809160 | Mahon et al. | Feb 1989 | A |
| 4823122 | Mann et al. | Apr 1989 | A |
| 4939638 | Stephenson et al. | Jul 1990 | A |
| 4956773 | Saito et al. | Sep 1990 | A |
| 4992940 | Dworkin | Feb 1991 | A |
| 5088036 | Ellis et al. | Feb 1992 | A |
| 5101346 | Ohtsuki | Mar 1992 | A |
| 5109486 | Seymour | Apr 1992 | A |
| 5187787 | Skeen et al. | Feb 1993 | A |
| 5218699 | Brandle et al. | Jun 1993 | A |
| 5253165 | Leiseca et al. | Oct 1993 | A |
| 5257369 | Skeen et al. | Oct 1993 | A |
| 5293614 | Ferguson et al. | Mar 1994 | A |
| 5297283 | Kelly, Jr. et al. | Mar 1994 | A |
| 5303042 | Lewis et al. | Apr 1994 | A |
| 5307490 | Davidson et al. | Apr 1994 | A |
| 5311591 | Fischer | May 1994 | A |
| 5319542 | King, Jr. et al. | Jun 1994 | A |
| 5327559 | Priven et al. | Jul 1994 | A |
| 5339435 | Lubkin et al. | Aug 1994 | A |
| 5386568 | Wold et al. | Jan 1995 | A |
| 5390328 | Frey et al. | Feb 1995 | A |
| 5392280 | Zheng | Feb 1995 | A |
| 5423042 | Jalili et al. | Jun 1995 | A |
| 5440744 | Jacobson et al. | Aug 1995 | A |
| 5446901 | Owicki et al. | Aug 1995 | A |
| 5448740 | Kiri et al. | Sep 1995 | A |
| 5452459 | Drury et al. | Sep 1995 | A |
| 5455952 | Gjovaag | Oct 1995 | A |
| 5459837 | Caccavale | Oct 1995 | A |
| 5471629 | Risch | Nov 1995 | A |
| 5475792 | Stanford et al. | Dec 1995 | A |
| 5475817 | Waldo et al. | Dec 1995 | A |
| 5475840 | Nelson et al. | Dec 1995 | A |
| 5481721 | Serlet et al. | Jan 1996 | A |
| 5504921 | Dev et al. | Apr 1996 | A |
| 5506984 | Miller | Apr 1996 | A |
| 5511196 | Shackelford et al. | Apr 1996 | A |
| 5511197 | Hill et al. | Apr 1996 | A |
| 5524244 | Robinson et al. | Jun 1996 | A |
| 5544040 | Gerbaulet | Aug 1996 | A |
| 5548724 | Akizawa et al. | Aug 1996 | A |
| 5548726 | Pettus | Aug 1996 | A |
| 5553282 | Parrish et al. | Sep 1996 | A |
| 5555367 | Premerlani et al. | Sep 1996 | A |
| 5555427 | Aoe et al. | Sep 1996 | A |
| 5557798 | Skeen et al. | Sep 1996 | A |
| 5560003 | Nilsen et al. | Sep 1996 | A |
| 5561785 | Blandy et al. | Oct 1996 | A |
| 5577231 | Scalzi et al. | Nov 1996 | A |
| 5592375 | Salmon et al. | Jan 1997 | A |
| 5594921 | Pettus | Jan 1997 | A |
| 5603031 | White et al. | Feb 1997 | A |
| 5617537 | Yamada et al. | Apr 1997 | A |
| 5628005 | Hurvig | May 1997 | A |
| 5640564 | Hamilton et al. | Jun 1997 | A |
| 5644720 | Boll et al. | Jul 1997 | A |
| 5644768 | Periwal et al. | Jul 1997 | A |
| 5652888 | Burgess | Jul 1997 | A |
| 5655148 | Richman et al. | Aug 1997 | A |
| 5659751 | Heninger | Aug 1997 | A |
| 5664110 | Green et al. | Sep 1997 | A |
| 5664111 | Nahan et al. | Sep 1997 | A |
| 5664191 | Davidson et al. | Sep 1997 | A |
| 5666493 | Wojcik et al. | Sep 1997 | A |
| 5671225 | Hooper et al. | Sep 1997 | A |
| 5671279 | Elgamal | Sep 1997 | A |
| 5675796 | Hodges et al. | Oct 1997 | A |
| 5675797 | Chung et al. | Oct 1997 | A |
| 5680573 | Rubin et al. | Oct 1997 | A |
| 5680617 | Gough et al. | Oct 1997 | A |
| 5684955 | Meyer et al. | Nov 1997 | A |
| 5689709 | Corbett et al. | Nov 1997 | A |
| 5694551 | Doyle et al. | Dec 1997 | A |
| 5706435 | Barbara et al. | Jan 1998 | A |
| 5706502 | Foley et al. | Jan 1998 | A |
| 5710887 | Chelliah et al. | Jan 1998 | A |
| 5715314 | Payne et al. | Feb 1998 | A |
| 5721832 | Westrope et al. | Feb 1998 | A |
| 5724540 | Kametani | Mar 1998 | A |
| 5724588 | Hill et al. | Mar 1998 | A |
| 5727048 | Hiroshima et al. | Mar 1998 | A |
| 5727145 | Nessett et al. | Mar 1998 | A |
| 5729594 | Klingman | Mar 1998 | A |
| 5737607 | Hamilton et al. | Apr 1998 | A |
| 5742768 | Gennaro et al. | Apr 1998 | A |
| 5745678 | Herzberg et al. | Apr 1998 | A |
| 5745695 | Gilchrist et al. | Apr 1998 | A |
| 5745703 | Cejtin et al. | Apr 1998 | A |
| 5745755 | Covey | Apr 1998 | A |
| 5748897 | Katiyar | May 1998 | A |
| 5754849 | Dyer et al. | May 1998 | A |
| 5754977 | Gardner et al. | May 1998 | A |
| 5757925 | Faybishenko | May 1998 | A |
| 5758077 | Danahy et al. | May 1998 | A |
| 5758328 | Giovannoli | May 1998 | A |
| 5758344 | Prasad et al. | May 1998 | A |
| 5761507 | Govett | Jun 1998 | A |
| 5761656 | Ben-Shachar | Jun 1998 | A |
| 5764897 | Khalidi | Jun 1998 | A |
| 5764915 | Heimsoth et al. | Jun 1998 | A |
| 5768532 | Megerian | Jun 1998 | A |
| 5774551 | Wu et al. | Jun 1998 | A |
| 5774729 | Carney et al. | Jun 1998 | A |
| 5778179 | Kanai et al. | Jul 1998 | A |
| 5778187 | Monteiro et al. | Jul 1998 | A |
| 5778228 | Wei | Jul 1998 | A |
| 5778368 | Hogan et al. | Jul 1998 | A |
| 5784560 | Kingdon et al. | Jul 1998 | A |
| 5787425 | Bigus | Jul 1998 | A |
| 5787431 | Shaughnessy | Jul 1998 | A |
| 5790548 | Sistanizadeh et al. | Aug 1998 | A |
| 5790677 | Fox et al. | Aug 1998 | A |
| 5794207 | Walker et al. | Aug 1998 | A |
| 5799173 | Gossler et al. | Aug 1998 | A |
| 5802367 | Held et al. | Sep 1998 | A |
| 5805805 | Civanlar et al. | Sep 1998 | A |
| 5808911 | Tucker et al. | Sep 1998 | A |
| 5809144 | Sirbu et al. | Sep 1998 | A |
| 5809507 | Cavanaugh, III | Sep 1998 | A |
| 5812819 | Rodwin et al. | Sep 1998 | A |
| 5813013 | Shakib et al. | Sep 1998 | A |
| 5815149 | Mutschler, III et al. | Sep 1998 | A |
| 5815709 | Waldo et al. | Sep 1998 | A |
| 5815711 | Sakamoto et al. | Sep 1998 | A |
| 5818448 | Katiyar | Oct 1998 | A |
| 5829022 | Watanabe et al. | Oct 1998 | A |
| 5832219 | Pettus | Nov 1998 | A |
| 5832529 | Wollrath et al. | Nov 1998 | A |
| 5832593 | Wurst et al. | Nov 1998 | A |
| 5835737 | Sand et al. | Nov 1998 | A |
| 5842018 | Atkinson et al. | Nov 1998 | A |
| 5844553 | Hao et al. | Dec 1998 | A |
| 5845090 | Collins, III et al. | Dec 1998 | A |
| 5845129 | Wendorf et al. | Dec 1998 | A |
| 5850442 | Muftic | Dec 1998 | A |
| 5860004 | Fowlow et al. | Jan 1999 | A |
| 5860153 | Matena et al. | Jan 1999 | A |
| 5864862 | Kriens et al. | Jan 1999 | A |
| 5864866 | Henckel et al. | Jan 1999 | A |
| 5872928 | Lewis et al. | Feb 1999 | A |
| 5872973 | Mitchell et al. | Feb 1999 | A |
| 5875335 | Beard | Feb 1999 | A |
| 5878411 | Burroughs et al. | Mar 1999 | A |
| 5884024 | Lim et al. | Mar 1999 | A |
| 5884079 | Furusawa | Mar 1999 | A |
| 5887134 | Ebrahim | Mar 1999 | A |
| 5889951 | Lombardi | Mar 1999 | A |
| 5890158 | House et al. | Mar 1999 | A |
| 5892904 | Atkinson et al. | Apr 1999 | A |
| 5933497 | Beetcher et al. | Aug 1999 | A |
| 5933647 | Aronberg et al. | Aug 1999 | A |
| 5935249 | Stern et al. | Aug 1999 | A |
| 5940827 | Hapner et al. | Aug 1999 | A |
| 5944793 | Islam et al. | Aug 1999 | A |
| 5946485 | Weeren et al. | Aug 1999 | A |
| 5946694 | Copeland et al. | Aug 1999 | A |
| 5951652 | Ingrassia, Jr. et al. | Sep 1999 | A |
| 5956509 | Kevner | Sep 1999 | A |
| 5961582 | Gaines | Oct 1999 | A |
| 5963924 | Williams et al. | Oct 1999 | A |
| 5966531 | Skeen et al. | Oct 1999 | A |
| 5969967 | Aahlad et al. | Oct 1999 | A |
| 5974201 | Chang et al. | Oct 1999 | A |
| 5978484 | Apperson et al. | Nov 1999 | A |
| 5982773 | Nishimura et al. | Nov 1999 | A |
| 5987506 | Carter et al. | Nov 1999 | A |
| 5991808 | Broder et al. | Nov 1999 | A |
| 5996075 | Matena | Nov 1999 | A |
| 5999179 | Kekic et al. | Dec 1999 | A |
| 5999988 | Pelegri-Llopart et al. | Dec 1999 | A |
| 6003050 | Silver et al. | Dec 1999 | A |
| 6003763 | Gallagher et al. | Dec 1999 | A |
| 6009103 | Woundy | Dec 1999 | A |
| 6009413 | Webber et al. | Dec 1999 | A |
| 6009464 | Hamilton et al. | Dec 1999 | A |
| 6016496 | Roberson | Jan 2000 | A |
| 6016516 | Horikiri | Jan 2000 | A |
| 6023586 | Gaisford et al. | Feb 2000 | A |
| 6026414 | Anglin | Feb 2000 | A |
| 6031977 | Pettus | Feb 2000 | A |
| 6032151 | Arnold et al. | Feb 2000 | A |
| 6034925 | Wehmeyer | Mar 2000 | A |
| 6044381 | Boothby et al. | Mar 2000 | A |
| 6052761 | Hornung et al. | Apr 2000 | A |
| 6055562 | Devarakonda et al. | Apr 2000 | A |
| 6058381 | Nelson | May 2000 | A |
| 6058383 | Narasimhalu et al. | May 2000 | A |
| 6061699 | DiCecco et al. | May 2000 | A |
| 6061713 | Bharadhwaj | May 2000 | A |
| 6067575 | McManis et al. | May 2000 | A |
| 6078655 | Fahrer et al. | Jun 2000 | A |
| 6085255 | Vincent et al. | Jul 2000 | A |
| 6092194 | Touboul | Jul 2000 | A |
| 6093216 | Adl-Tabatabai et al. | Jul 2000 | A |
| 6104716 | Crichton et al. | Aug 2000 | A |
| 6108346 | Doucette et al. | Aug 2000 | A |
| 6134603 | Jones et al. | Oct 2000 | A |
| 6154844 | Touboul et al. | Nov 2000 | A |
| 6157960 | Kaminsky et al. | Dec 2000 | A |
| 6182083 | Scheifler et al. | Jan 2001 | B1 |
| 6185602 | Bayrakeri | Feb 2001 | B1 |
| 6185611 | Waldo et al. | Feb 2001 | B1 |
| 6189046 | Moore et al. | Feb 2001 | B1 |
| 6192044 | Mack | Feb 2001 | B1 |
| 6199068 | Carpenter | Mar 2001 | B1 |
| 6199116 | May et al. | Mar 2001 | B1 |
| 6212578 | Racicot et al. | Apr 2001 | B1 |
| 6216158 | Luo et al. | Apr 2001 | B1 |
| 6219675 | Pal et al. | Apr 2001 | B1 |
| 6226746 | Scheifler | May 2001 | B1 |
| 6243716 | Waldo et al. | Jun 2001 | B1 |
| 6243814 | Matena | Jun 2001 | B1 |
| 6247091 | Lovett | Jun 2001 | B1 |
| 6253256 | Wollrath et al. | Jun 2001 | B1 |
| 6263350 | Wollrath et al. | Jul 2001 | B1 |
| 6263379 | Atkinson et al. | Jul 2001 | B1 |
| 6272559 | Jones et al. | Aug 2001 | B1 |
| 6282295 | Young et al. | Aug 2001 | B1 |
| 6282568 | Sondur et al. | Aug 2001 | B1 |
| 6282581 | Moore et al. | Aug 2001 | B1 |
| 6292934 | Davidson et al. | Sep 2001 | B1 |
| 6339783 | Horikiri | Jan 2002 | B1 |
| 6343308 | Marchesseault | Jan 2002 | B1 |
| 6385643 | Jacobs et al. | May 2002 | B1 |
| 6408342 | Moore et al. | Jun 2002 | B1 |
| 6578074 | Bahlmann | Jun 2003 | B1 |
| 6654793 | Wollrath et al. | Nov 2003 | B1 |
| 6792466 | Saulpaugh et al. | Sep 2004 | B1 |
| 20020059212 | Takagi | May 2002 | A1 |
| Number | Date | Country |
|---|---|---|
| 0 300 516 | Jan 1989 | EP |
| 0 351 536 | Jan 1990 | EP |
| 0 384 339 | Aug 1990 | EP |
| 0 472 874 | Mar 1992 | EP |
| 0 474 340 | Mar 1992 | EP |
| 497 022 | Aug 1992 | EP |
| 0 555 997 | Aug 1993 | EP |
| 0 565 849 | Oct 1993 | EP |
| 0 569 195 | Nov 1993 | EP |
| 0 625 750 | Nov 1994 | EP |
| 0 635 792 | Jan 1995 | EP |
| 0 651 328 | May 1995 | EP |
| 0 660 231 | Jun 1995 | EP |
| 0 697 655 | Feb 1996 | EP |
| 0 718 761 | Jun 1996 | EP |
| 0 767 432 | Apr 1997 | EP |
| 0 778 520 | Jun 1997 | EP |
| 0 794 493 | Sep 1997 | EP |
| 0 803 810 | Oct 1997 | EP |
| 0 803 811 | Oct 1997 | EP |
| 0 805 393 | Nov 1997 | EP |
| 0 810 524 | Dec 1997 | EP |
| 0 817 020 | Jan 1998 | EP |
| 0 817 022 | Jan 1998 | EP |
| 0 817 025 | Jan 1998 | EP |
| 0 836 140 | Apr 1998 | EP |
| 2 253 079 | Aug 1992 | GB |
| 2 262 825 | Jun 1993 | GB |
| 2 305 087 | Mar 1997 | GB |
| 11-45187 | Feb 1999 | JP |
| WO 9207335 | Apr 1992 | WO |
| WO 9209948 | Jun 1992 | WO |
| WO9325962 | Dec 1993 | WO |
| WO 9403855 | Feb 1994 | WO |
| WO 9603692 | Feb 1996 | WO |
| WO 9610787 | Apr 1996 | WO |
| WO 9618947 | Jun 1996 | WO |
| WO 9624099 | Aug 1996 | WO |
| WO 9802814 | Jan 1998 | WO |
| WO 9804971 | Feb 1998 | WO |
| WO 9821683 | May 1998 | WO |
| WO 9917194 | Apr 1999 | WO |
| WO 0113228 | Feb 2001 | WO |
| WO 0186394 | Nov 2001 | WO |
| WO 0190903 | Nov 2001 | WO |
| Number | Date | Country | |
|---|---|---|---|
| 60128406 | Apr 1999 | US |
