Patent Grant
8015250
The present invention relates to a method and system for filtering electronic messages, and is particularly, but not exclusively, suitable for filtering emails having data therein identifying a link to a remote processing system, which, when activated, causes the recipient to retrieve data from the remote processing system.
Internet email (SMTP) is an inherently insecure medium, and it is well known as a convenient vehicle for advertising products and services in an unsolicited manner. A considerable amount of effort has been focused on developing methods for filtering such unsolicited emails, many of which are based on searching for and identifying patterns within various fields of an email. In an attempt to bypass these filters, new methods are constantly being developed, some of which rely on the recipient of an email performing additional actions beyond reading the incoming email.
In one such method, a Uniform Resource Locator (URL) is specified within the body of the email, which, at first sight appears to originate from a legitimate source, but which is in fact disguised; when the recipient clicks on the URL, a file is downloaded onto the recipient's machine and can cause unexpected behaviour. For example, such URLs may direct the recipient to visit a site which is similarly-named to a popular site but which is not operated by the organization owning the well known site, and which attempts to capture user identification and financial details. Alternatively a URL may be crafted to exploit vulnerability in the recipient's web browsing software or result in downloading of an executable process that runs autonomously on the recipient's machine without the knowledge of the recipient.
Several workers have developed methods directed towards identifying unsolicited emails on the basis of URLs contained therein. For example, International patent application having publication number WO2004/114614 describes comparing the attributes of URLs with attributes known to be characteristic of spam, and classifying emails accordingly, while U.S. Pat. No. 6,615,242 describes intercepting an email en route for a recipient, accessing the site corresponding to the URL, analyzing the data retrieved therefrom on the basis of various predetermined criteria, classifying the email accordingly, and transmitting or filtering the email on the basis of the classification. International patent application having publication number WO2004/097676 also describes accessing the site corresponding to the URL, but in this case, if the content is deemed to be acceptable, the URL is replaced with one associated with a trusted site. Thus the recipient of the email can only access the replaced URL, whereupon he is directed to a copy of the original content, which has been saved on the trusted site. In view of the sheer numbers of emails that contain such URLs, the approaches taken in U.S. Pat. No. 6,615,242 and WO2004/097676 incur a significant amount of processing effort; also in relation to U.S. Pat. No. 6,615,242, in view of the fact that the content of the site can change between the analysis being performed and the user accessing the site, there will be instances when the analysis is in any event a waste of processing effort.
It is an object of the present invention to provide an improved and more efficient method of detecting maliciously-crafted web links.
In accordance with a first aspect of the present invention, there is provided a method of modifying an electronic message during transmission through a communications network, said electronic message having a source address and a recipient address, the method comprising:
interrupting transmission of the electronic message;
identifying a link specified within the electronic message;
analyzing the electronic message on the basis of at least an attribute intrinsic to the received electronic message so as to classify the received message as either a first type of message or a second, different, type of message;
if the received message is classified as the first type of message, modifying the received electronic message so as to replace the link with an alternative network location, said alternative network location corresponding to a remote processing system different to that corresponding to the link; and
transmitting the modified electronic message.
In comparison to known methods, which either modify the links blindly or which perform analysis of the data to which the link is connected, embodiments of the invention selectively modify the link on the basis of various tests relating to attributes intrinsic to the email. This means that only those emails that present some sort of risk to the recipient are modified, and, because the criteria for performing the modification relate to attributes intrinsic to the emails instead of the content associated with the link, the delivery of emails is not significantly delayed by processes involved in retrieval and analysis of data from third party sites.
In preferred arrangements, the analysis is performed on the basis of attributes of the email such as sender, recipient, subject and content of the email etc., and can also be performed on the basis the content and format of the original link itself. In the event that analysis of the email indicates that the link, or the message containing the link, is suspicious the link is modified.
In illustrative embodiments of the invention the link can be of an external or an internal type, and which is contained within the body or subject field of an email. Links of the external type specify network locations, and are commonly described as web links (or URLs), while links of the internal type specify locations or objects etc. within the email. Embodiments of the invention are most suitable for cases where the link is of the external type and specifies a network location; in this aspect of the invention, embodiments provide a means for replacing an unknown URL with a URL that is secure. As a result, when a recipient of the email attempts to access data from within the email, the secure network location subsequently accesses the unknown network location contained within the original email. This means that it is the secure location, not the recipient, which receives data corresponding to the unknown URL and provides a means for screening data accessible from the original URL, and, dependent on the result of the screening, allows or otherwise the recipient access thereto.
This method is particularly useful for emails formatted in accordance with a mark-up language such as the Hyper Text Mark-up Language (HTML), in respect of which forgery and creation of “special” URLs is becoming increasingly prevalent.
In one arrangement the original URL is replaced by the modified URL, and modification can involve encoding the original URL and wrapping the original URL within a URL indicative of the secure network location; in a second arrangement the modification of the URL involves generating a key corresponding to the original URL and wrapping the key within a URL indicative of the secure network location. In this way, when a recipient clicks on the modified URL the recipient's machine is directed to the secure network location, whereupon, under control of a process running on the secure network location, the data that have been wrapped within the secure URL can be retrieved in order to identify whether or not the URL is malicious.
A second aspect of the invention relates to the processing steps that are performed in response to a request for data from the replacement network location, and provide a method of identifying an electronic message as an unsolicited electronic message on the basis of a network location specified therein, wherein data indicative of the electronic message are stored in association with the network location, the method comprising:
responsive to a request for access to the network location from a recipient of the electronic message, accessing data indicative of a classification of said electronic message;
retrieving data associated with said network location and analyzing said retrieved data so as to validate said classification of said electronic message as unsolicited or solicited.
It will therefore be appreciated that embodiments of the invention essentially provide a two-stage fine-tuned analysis of emails, comprising a first-pass analysis for use in deciding whether or not a given URL can be accessed directly, which can be based on attributes of the email other than the URL (but which can additionally take account of the URL), and a second-pass analysis that operates in response to the behaviour of the email recipient and performs the analysis based, specifically, on details of a URL that has been wrapped during the first-pass analysis.
Embodiments of the invention therefore have several distinct advantages over the methods described in the prior art: firstly the first-pass analysis is relatively unintensive, processing-wise, which means that there is a minimal delay to the transmission of emails; secondly emails are selectively modified in an informed manner, based on the first-pass analysis, which means that the recipient is not always directed to the secure processing system when clicking on a URL; and thirdly the second-pass analysis of the data stored at the original URL is only performed in respect of data currently available from the network location, rather than data that were current at the time of analyzing the email during transmission.
A data processing system is also described, which is configured to intercept electronic messages prior to delivery to the intended recipient and perform analysis and selective modification of the intercepted messages in the manner described above.
Further features and advantages of the invention will become apparent from the following description of preferred embodiments of the invention, given by way of example only, which is made with reference to the accompanying drawings.
As described above, embodiments of the invention are concerned with protecting email recipients from maliciously-crafted web links, which, most commonly, are embodied in the form of URLs.
Most conveniently, a system according to an embodiment of the invention is implemented within the normal email delivery path; referring to
In the delivery path according to a preferred arrangement, the DNS record corresponding to the recipient's address is preconfigured to comprise data identifying a URL processing system 103 (e.g. by modifying the associated mail exchange (MX) record), which means that all emails destined for recipient B are automatically directed to the URL processing system 103 instead of to the mail server corresponding to recipient B's email address. (A processing system that intercepts emails in the delivery path is commonly referred to as an email relay or a message transfer agent (MTA); accordingly, it will be appreciated that the URL processing system 103 is a type of message transfer agent.) As shown in
As will be described in more detail below, under certain conditions—e.g. when an email contains a URL satisfying various conditions—the URL processing system 103 selectively modifies the email before sending onto the email server S2. The modification involves adding data to the email that enables the recipient B to request information relating to the original URL that was included in the email sent by sender A, but that directs the request to a secure processing system rather than to the URL specified in the original email.
The processing performed by the URL processing system 103 in accordance with embodiments will now be described with reference to
In the case where the email is determined to contain a URL, the software component 207 can proceed to analyse the email (step 307), either on the basis of attributes of the email alone (such as subject, format of sender and recipient address, or text within the email, as will be described below), or on the basis of these attributes and the a review of the URL; methods are known in the art for performing at least some of such analysis of an email, and include those commonly referred to as “Spam detection methods”.
In relation to performing the analysis on the basis of the URL, as mentioned above, URLs can be used to link either to various parts within (or of) the email, or to a site that is externally accessible. The software component 207 is configured to identify the type of link (internal or external), and if the link is identified as being of the external type, the software component 207 can further review the URL on the basis of one or more of the following parameters, which are stored in storage 209:
In addition, the URL processing system 103 can maintain, or have access to, a URL blacklist that includes URLs that are known to be indicative of spam and/or relating to an email virus, and the software component 207 can be arranged to compare the or each URL within the email with those listed in the black-list; when the blacklisted URLs are stored as hash values, it is convenient for the software component 207 to generate a hash value of the or each URL within the email, enabling the comparison to be performed on the basis of the generated and stored hash values. Additionally or alternatively, the software component 207 could be arranged to compare the URL with a list of known URLs, and the URL categorized as either known or unknown.
In relation to parameters (or attributes) that are intrinsic to the email, these include the following:
In different arrangements, the email is scored on the basis of one, some, or all of the above parameters, and the individual scores combined in dependence on prespecified weightings. In addition to having access to a “black-list” of URLs, the software component 207 could have access to a “white-list” of URLs (each list being mutually exclusive), and if the URL is listed in the “white-list”, the scoring be modified accordingly. This could be a particularly useful test criterion for emails that, on the basis of the other analysis techniques, would otherwise appear borderline-suspicious. Once an overall score has been evaluated the software component 207 compares the score with a predetermined threshold (step 309); in the event that the score exceeds the threshold, the URL is modified (step 311) so as to generate a second URL; otherwise the email is passed to the application server 205 for routing to the recipient (305).
If generated, the second URL is subsequently inserted into the email (step 313) in the place of the URL included in the original email, and the modified email is transmitted (step 315) to the recipient via the application server 205.
The second URL is formulated such that when the recipient of the modified email clicks thereon, the recipient's browser navigates to a secure processing system, which, in a preferred embodiment, is web server 203 associated with the URL processing system 103 itself, but could alternatively be a processing system maintained by a third party (not shown), or a web server that is disassociated from the URL processing system 103.
The second URL is related to the URL contained within the original email in such a way that the secure processing system 203 subsequently accesses the URL contained within the original email; this means that it is the secure processing system 203, not the recipient's terminal T2, which receives data corresponding thereto. The URL processing system 103 thus effectively screens the data retrieved from the original URL, and, dependent on the result of the screening, allows or otherwise the recipient access thereto.
Various methods for generating the second URL will now be described with reference to
http://www.mailcontrol.com/url/380uq7VXkW5HBkKOrslr9ymSVKXf345c0!gB7OXm2XY7sdQ %2BN4adxeKXgEXj8tjmk77MC!bJHUEmZX5fvyO92owXx1Dx!F5R!yjIALwCVNO3nPqLWSlVTAAmx6Q8vhBLNvUVHhROwwzcZ6Ngd0pMT cG9hp1qNzSu!TRlV9Cd57pJswOqznWGJbAC9HWYEJellAw01LrKcOhIBrp5%2Bax8qY98MtP0ciStbD5BjV %2Bm46 hzvDtwtuil68JJfVqELKGSewY52w41WvgY cs6dH4RU!Z!zBwG9N61A9XAiUY!1JfAchUXJwv %2BQ
The software component could alternatively wrap the original URL in plain text form, which has the benefit of providing visibility of what the original URL intended. In yet another alternative the software component 207 could generate a key (e.g. the hash value computed for the original URL as part of step 307), store the original URL together with the generated key in a database DB1, and wrap the generated key within the URL that identifies the web server 203. As a yet further alternative the software component could be arranged to encode the original URL if it is less than a specified length, or to generate, store and wrap a key corresponding to the original URL if it exceeds the specified length.
When the email is received by the recipient, the recipient can elect to click on the second URL in the normal way; as will be appreciated from the foregoing, this causes the browser running on terminal T2 to attempt to retrieve data from the web server 203. Accordingly, the processing steps carried out by the web server 203 in response to the recipient clicking on the second URL will now be described with reference to
Preferably the second URL comprises data enabling the web server 203 to identify the format of the request (i.e. the format of the second URL): accordingly, in response to a request from the browser of terminal T2 (step 501), the web server 203 is arranged to identify the format of the request (step 503). In the case of the second URL comprising a key associated with the original URL, the web server 203 accesses the database DB1 so as to retrieve the original URL (step 505); in the case of the second URL comprising an encoded version of the original URL, the process P1 decodes the encoded data in accordance with an encoding scheme corresponding thereto (step 507).
Once the original URL has been retrieved and/or decoded, information is fetched from a site designated by the original URL (step 509). This fetched information can be advantageously cached (stored locally) so that the site designated by the URL need not be contacted each time a given URL is detected in a message. The web server 203 analyzes the fetched data (step 511) in accordance with evaluation criteria stored in storage 209. The evaluation criteria 209 causes the web server 203 to search for predetermined strings (e.g., “bet”, “floan”, “$$$”, etc.), each of the predetermined string having been previously rated as indicative of the fetched information being spam. For example, the string “car” can be assigned a score of 5, while the string “$$$” can be a score of 200, where a higher score indicates a higher likelihood that the string is from a spam website.
Step 511 can also involve the web server 203 identifying whether the URL is linked to an executable, which, when accessed, would result in a process (e.g. a keyboard logger) being run on the machine from which the URL is accessed. Accordingly the web server 203 reviews the format of the fetched data, and, if the site corresponding to the original email tries to download binary data, the web server 203 may quarantine the data for further analysis or alternatively analyse the binary data with an anti-virus tool and, depending on the results of this analysis, choose to quarantine the data. It is to be understood that the nature of this further analysis is not the subject of the present application; however, if the further analysis indicates that the binary data corresponds to a Trojan process such as a keyboard logger, the web server 203 sends a message indicative of same to the recipient and adds data indicative of the URL to a repository of “black-listed” URLs (step 513).
In addition the evaluation criteria 209 causes the web server 203 to review the content of the original URL to identify whether it is linked to another, different site, in which case the above-mentioned analysis is performed in relation to the linked site.
If the original URL appears to be authentic, the web server 203 informs the recipient accordingly (step 515) and automatically retrieves data corresponding to the authenticated website for display on the recipient's browser. Preferably the retrieved data are displayed within a frame corresponding to the web server 203, and the display frame includes means for the recipient to post comments relating to the retrieved data. Such a facility would be particularly useful in view of the fact that step 511 is essentially a rules-based process, and therefore only capable of detecting malicious links that conform to established detection patterns and methods; by providing recipients with a means to report a web site that the web server 203 has identified as be authentic, the repository for evaluation (209) can be updated.
In addition the web server 203 adds data indicative of the URL to the repository of “white-listed” URLs. The data in the black-listed and white-listed repositories can be reviewed by the software component 207 during the initial analysis of the original URL at step 307, as described above, as well as cascaded to other, third party, email analysis systems.
Whilst the above-embodiments describe modifying the original URL in the event that the original URL or the email message within which the original URL appears to be suspicious, it will be appreciated that the original URL could be modified irrespective of the apparent suspiciousness or otherwise of the email. Such arrangements would most conveniently be implemented by omitting steps 307 and 309, so that the URL software component 207 automatically modifies any URLs detected within an email as per step 311. An advantage of this arrangement is that the amount of processing in respect of any given intercepted email is reduced, resulting in a higher throughput of email transmission.
Implementation Details
Whilst in the above-described arrangements, the URL processing system 103 is described as comprising a particular number and configuration of software components, it will be appreciated that the invention could be embodied as a suite of software components, and written using a procedural or object-oriented programming language. More specifically, the above-described embodiments describe the second URL as corresponding to web server 203, which can be written and implemented in any programming language suitable for development of web-based applications, such as the Java™, Perl or PHP programming language. In one arrangement the URL software component 207 is written in the same programming language as that used for the web server 203, to facilitate conformance to the same format for creation, encryption and decryption of the second URL. However, it will be appreciated that the respective software components could be implemented in different programming languages, in which case the URL processing system 103 would include a library facilitating translation between the languages (for the purposes of encrypting and decrypting the second URL).
The above embodiments are to be understood as illustrative examples of the invention. It is to be understood that any feature described in relation to any one embodiment may be used alone, or in combination with other features described, and may also be used in combination with one or more features of any other of the embodiments, or any combination of any other of the embodiments. Furthermore, equivalents and modifications not described above may also be employed without departing from the scope of the invention, which is defined in the accompanying claims.
| Number | Date | Country | Kind |
|---|---|---|---|
| 0512744.4 | Jun 2005 | GB | national |
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/EP2006/063474 | 6/22/2006 | WO | 00 | 10/30/2006 |
| Publishing Document | Publishing Date | Country | Kind |
|---|---|---|---|
| WO2006/136605 | 12/28/2006 | WO | A |
| Number | Name | Date | Kind |
|---|---|---|---|
| 5333266 | Boaz et al. | Jul 1994 | A |
| 5414833 | Hershey et al. | May 1995 | A |
| 5581804 | Cameron et al. | Dec 1996 | A |
| 5590403 | Cameron et al. | Dec 1996 | A |
| 5596330 | Yokev et al. | Jan 1997 | A |
| 5619648 | Canale et al. | Apr 1997 | A |
| 5712979 | Graber et al. | Jan 1998 | A |
| 5720033 | Deo | Feb 1998 | A |
| 5724576 | Letourneau | Mar 1998 | A |
| 5742769 | Lee et al. | Apr 1998 | A |
| 5774668 | Choquier | Jun 1998 | A |
| 5801747 | Bedard | Sep 1998 | A |
| 5828835 | Isfeld et al. | Oct 1998 | A |
| 5832228 | Holden et al. | Nov 1998 | A |
| 5855020 | Kirsch | Dec 1998 | A |
| 5896502 | Shieh et al. | Apr 1999 | A |
| 5899991 | Karch | May 1999 | A |
| 5899995 | Millier et al. | May 1999 | A |
| 5911043 | Duffy et al. | Jun 1999 | A |
| 5919257 | Trostle | Jul 1999 | A |
| 5937404 | Csaszar et al. | Aug 1999 | A |
| 5963941 | Hirakawa | Oct 1999 | A |
| 5987611 | Freund | Nov 1999 | A |
| 5996011 | Humes | Nov 1999 | A |
| 6012832 | Saunders et al. | Jan 2000 | A |
| 6052730 | Felciano et al. | Apr 2000 | A |
| 6065056 | Bradshaw et al. | May 2000 | A |
| 6065059 | Shieh et al. | May 2000 | A |
| 6073135 | Broder et al. | Jun 2000 | A |
| 6092194 | Touboul | Jul 2000 | A |
| 6182118 | Finney et al. | Jan 2001 | B1 |
| 6185681 | Zizzi | Feb 2001 | B1 |
| 6233618 | Shannon | May 2001 | B1 |
| 6246977 | Messerly et al. | Jun 2001 | B1 |
| 6266664 | Russell-Falla et al. | Jul 2001 | B1 |
| 6295529 | Corston-Oliver et al. | Sep 2001 | B1 |
| 6295559 | Emens et al. | Sep 2001 | B1 |
| 6301658 | Koehler | Oct 2001 | B1 |
| 6338088 | Waters et al. | Jan 2002 | B1 |
| 6356864 | Foltz et al. | Mar 2002 | B1 |
| 6357010 | Viets et al. | Mar 2002 | B1 |
| 6389472 | Hughes et al. | May 2002 | B1 |
| 6418433 | Chakrabarti et al. | Jul 2002 | B1 |
| 6460141 | Olden | Oct 2002 | B1 |
| 6466940 | Mills | Oct 2002 | B1 |
| 6493744 | Emens et al. | Dec 2002 | B1 |
| 6493758 | McLain | Dec 2002 | B1 |
| 6539430 | Humes | Mar 2003 | B1 |
| 6571249 | Garrecht et al. | May 2003 | B1 |
| 6615242 | Riemers | Sep 2003 | B1 |
| 6675169 | Bennett et al. | Jan 2004 | B1 |
| 6742003 | Heckerman et al. | May 2004 | B2 |
| 6779021 | Bates et al. | Aug 2004 | B1 |
| 6785732 | Bates et al. | Aug 2004 | B1 |
| 6804780 | Touboul | Oct 2004 | B1 |
| 6832230 | Zilliacus et al. | Dec 2004 | B1 |
| 6978292 | Murakami et al. | Dec 2005 | B1 |
| 6988209 | Balasubramaniam et al. | Jan 2006 | B1 |
| 7006993 | Cheong et al. | Feb 2006 | B1 |
| 7051200 | Manferdelli et al. | May 2006 | B1 |
| 7058822 | Edery et al. | Jun 2006 | B2 |
| 7065483 | Decary et al. | Jun 2006 | B2 |
| 7080000 | Cambridge | Jul 2006 | B1 |
| 7089246 | O'Laughlen | Aug 2006 | B1 |
| 7100199 | Ginter et al. | Aug 2006 | B2 |
| 7136867 | Chatterjee et al. | Nov 2006 | B1 |
| 7185361 | Ashoff et al. | Feb 2007 | B1 |
| 7209893 | Nii | Apr 2007 | B2 |
| 7213069 | Anderson et al. | May 2007 | B2 |
| 7219299 | Fields et al. | May 2007 | B2 |
| 7260583 | Wiener et al. | Aug 2007 | B2 |
| 7313823 | Gao | Dec 2007 | B2 |
| 7376969 | Njemanze et al. | May 2008 | B1 |
| 7447215 | Lynch et al. | Nov 2008 | B2 |
| 7487540 | Shipp | Feb 2009 | B2 |
| 7536437 | Zmolek | May 2009 | B2 |
| 7568002 | Vacanti et al. | Jul 2009 | B1 |
| 7603687 | Pietraszak et al. | Oct 2009 | B2 |
| 7668920 | Lin et al. | Feb 2010 | B2 |
| 7725937 | Levy | May 2010 | B1 |
| 20010032205 | Kubaitis | Oct 2001 | A1 |
| 20010047474 | Takagi | Nov 2001 | A1 |
| 20020059221 | Whitehead et al. | May 2002 | A1 |
| 20020078045 | Dutta | Jun 2002 | A1 |
| 20020087882 | Schneier et al. | Jul 2002 | A1 |
| 20020091947 | Nakamura | Jul 2002 | A1 |
| 20020095592 | Daniell et al. | Jul 2002 | A1 |
| 20020099952 | Lambert et al. | Jul 2002 | A1 |
| 20020120705 | Schiavone et al. | Aug 2002 | A1 |
| 20020129140 | Peled et al. | Sep 2002 | A1 |
| 20020129277 | Caccavale | Sep 2002 | A1 |
| 20020174358 | Wolff et al. | Nov 2002 | A1 |
| 20020199095 | Bandini et al. | Dec 2002 | A1 |
| 20030018903 | Greca et al. | Jan 2003 | A1 |
| 20030028564 | Sanfilippo | Feb 2003 | A1 |
| 20030074567 | Charbonneau | Apr 2003 | A1 |
| 20030093694 | Medvinsky et al. | May 2003 | A1 |
| 20030110168 | Kester et al. | Jun 2003 | A1 |
| 20030135756 | Verma | Jul 2003 | A1 |
| 20030149692 | Mitchell | Aug 2003 | A1 |
| 20030182420 | Jones et al. | Sep 2003 | A1 |
| 20030185395 | Lee et al. | Oct 2003 | A1 |
| 20030185399 | Ishiguro | Oct 2003 | A1 |
| 20040003139 | Cottrille et al. | Jan 2004 | A1 |
| 20040003286 | Kaler et al. | Jan 2004 | A1 |
| 20040030913 | Liang et al. | Feb 2004 | A1 |
| 20040034794 | Mayer et al. | Feb 2004 | A1 |
| 20040054498 | Shipp | Mar 2004 | A1 |
| 20040054521 | Liu | Mar 2004 | A1 |
| 20040088570 | Roberts et al. | May 2004 | A1 |
| 20040117624 | Brandt et al. | Jun 2004 | A1 |
| 20040153305 | Enescu et al. | Aug 2004 | A1 |
| 20040153644 | McCorkendale | Aug 2004 | A1 |
| 20050015626 | Chasin | Jan 2005 | A1 |
| 20050022008 | Goodman et al. | Jan 2005 | A1 |
| 20050033967 | Morino et al. | Feb 2005 | A1 |
| 20050060140 | Maddox et al. | Mar 2005 | A1 |
| 20050066197 | Hirata et al. | Mar 2005 | A1 |
| 20050071748 | Shipp | Mar 2005 | A1 |
| 20050086520 | Dharmapurikar et al. | Apr 2005 | A1 |
| 20050091535 | Kavalam et al. | Apr 2005 | A1 |
| 20050108557 | Kayo et al. | May 2005 | A1 |
| 20050108639 | Fields et al. | May 2005 | A1 |
| 20050120229 | Lahti | Jun 2005 | A1 |
| 20050131868 | Lin et al. | Jun 2005 | A1 |
| 20050138353 | Spies | Jun 2005 | A1 |
| 20050210035 | Kester et al. | Sep 2005 | A1 |
| 20050223001 | Kester et al. | Oct 2005 | A1 |
| 20050251862 | Talvitie | Nov 2005 | A1 |
| 20050256955 | Bodwell et al. | Nov 2005 | A1 |
| 20050273858 | Zadok et al. | Dec 2005 | A1 |
| 20050283836 | Lalonde et al. | Dec 2005 | A1 |
| 20060004636 | Kester et al. | Jan 2006 | A1 |
| 20060020814 | Lieblich et al. | Jan 2006 | A1 |
| 20060026105 | Endoh | Feb 2006 | A1 |
| 20060026681 | Zakas | Feb 2006 | A1 |
| 20060031504 | Hegli et al. | Feb 2006 | A1 |
| 20060036874 | Cockerille et al. | Feb 2006 | A1 |
| 20060053488 | Sinclair et al. | Mar 2006 | A1 |
| 20060068755 | Shraim et al. | Mar 2006 | A1 |
| 20060080735 | Brinson et al. | Apr 2006 | A1 |
| 20060095459 | Adelman et al. | May 2006 | A1 |
| 20060095965 | Phillips et al. | May 2006 | A1 |
| 20060101514 | Milener et al. | May 2006 | A1 |
| 20060129644 | Owen et al. | Jun 2006 | A1 |
| 20060161986 | Singh et al. | Jul 2006 | A1 |
| 20060168006 | Shannon et al. | Jul 2006 | A1 |
| 20060191008 | Fernando et al. | Aug 2006 | A1 |
| 20060212723 | Sheymov | Sep 2006 | A1 |
| 20060253537 | Thomas | Nov 2006 | A1 |
| 20060259948 | Calow et al. | Nov 2006 | A1 |
| 20060265750 | Huddleston | Nov 2006 | A1 |
| 20060288076 | Cowings et al. | Dec 2006 | A1 |
| 20070005762 | Knox et al. | Jan 2007 | A1 |
| 20070011739 | Zamir et al. | Jan 2007 | A1 |
| 20070028302 | Brennan et al. | Feb 2007 | A1 |
| 20070130351 | Alperovitch et al. | Jun 2007 | A1 |
| 20070156833 | Nikolov et al. | Jul 2007 | A1 |
| 20070299915 | Shraim et al. | Dec 2007 | A1 |
| 20080267144 | Jano et al. | Oct 2008 | A1 |
| 20080295177 | Dettinger et al. | Nov 2008 | A1 |
| Number | Date | Country |
|---|---|---|
| 1 058 199 | May 2000 | EP |
| 1058199 | May 2000 | EP |
| 1 278 330 | Jan 2003 | EP |
| 1 280 040 | Jan 2003 | EP |
| 1 329 117 | Jul 2003 | EP |
| 1 457 885 | Sep 2004 | EP |
| 1 484 893 | Dec 2004 | EP |
| 1484893 | Dec 2004 | EP |
| 1 494 409 | Jan 2005 | EP |
| 1 510 945 | Mar 2005 | EP |
| 1 638 016 | Mar 2006 | EP |
| 1 643 701 | Apr 2006 | EP |
| 2418330 | Mar 2006 | GB |
| 10 243018 | Sep 1998 | JP |
| 2000-235540 | Aug 2000 | JP |
| WO 9605549 | Feb 1996 | WO |
| WO 96042041 | Dec 1996 | WO |
| WO 0124012 | Apr 2001 | WO |
| WO 0175651 | Oct 2001 | WO |
| WO0175651 | Oct 2001 | WO |
| WO 2004077710 | Sep 2004 | WO |
| WO2005004012 | Jan 2005 | WO |
| WO 2005010692 | Feb 2005 | WO |
| WO2005010692 | Feb 2005 | WO |
| WO 2005017708 | Feb 2005 | WO |
| WO 2005022319 | Mar 2005 | WO |
| WO2005074213 | Aug 2005 | WO |
| WO 2005074213 | Aug 2005 | WO |
| WO 2005119488 | Dec 2005 | WO |
| WO 2006027590 | Mar 2006 | WO |
| WO 2006062546 | Jun 2006 | WO |
| WO 2006136605 | Dec 2006 | WO |
| WO 2008008339 | Jan 2008 | WO |
| Number | Date | Country | |
|---|---|---|---|
| 20080256187 A1 | Oct 2008 | US |
