Methods for secured SCEP enrollment for client devices and devices thereof

Information

  • Patent Grant
  • 10797888
  • Patent Number
    10,797,888
  • Date Filed
    Friday, January 20, 2017
    7 years ago
  • Date Issued
    Tuesday, October 6, 2020
    4 years ago
Abstract
Methods, non-transitory computer readable media, and mobile application manager apparatus that assists secured SCEP enrollment of client devices includes receiving a certificate signing request and an encrypted device key from an enrolled mobile device. The received certificate signing request is forwarded to a simple certificate enrollment protocol server upon determining a validity of the received encrypted device key. A signed device certificate is received from the simple certificate enrollment protocol server as a response to the forwarded certificate signing request. The secured simple certificate enrollment protocol enrollment is completed forwarding the signed device certificate to the enrolled mobile device.
Description
FIELD

This technology generally relates to methods and devices for network traffic management and, more particularly, to methods for secured SCEP enrollment for client devices and devices thereof.


BACKGROUND

The Simple Certificate Enrollment Protocol (SCEP) allows network administrators to easily enroll network computing devices for certificates. SCEP allows for two different authorization mechanisms prior to obtaining the certificates. The first authorization mechanism is manual, where the requester is required to wait after submission for the Certification Authority (CA) administrator or certificate officer to approve the request. The second authorization method is pre-shared secret, where the SCEP server creates a challenge password that must be somehow delivered to the requester included with a submission back to the server.


However, one critical issue in the second authorization method is that it may be possible for a user or computing device to take their legitimately acquired SCEP challenge password and use it to obtain a certificate that represents a different user or computing device with a higher level of access or even to obtain a different type of certificate than what was intended. Additionally, when the challenge passwords are reused, certificates can be easily obtained even without registration of the computing device.


SUMMARY

A method for secured SCEP enrollment of client devices comprising one or more network traffic apparatuses, client devices, or server devices includes receiving a certificate signing request and an encrypted device key from an enrolled mobile device. The received certificate signing request is forwarded to a simple certificate enrollment protocol server upon determining a validity of the received encrypted device key. A signed device certificate is received from the simple certificate enrollment protocol server as a response to the forwarded certificate signing request. The secured simple certificate enrollment protocol enrollment is completed forwarding the signed device certificate to the enrolled mobile device.


A non-transitory computer readable medium having stored thereon instructions for secured SCEP enrollment of client devices comprising machine executable code which when executed by at least one processor, causes the processor to perform steps including receiving a certificate signing request and an encrypted device key from an enrolled mobile device. The received certificate signing request is forwarded to a simple certificate enrollment protocol server upon determining a validity of the received encrypted device key. A signed device certificate is received from the simple certificate enrollment protocol server as a response to the forwarded certificate signing request. The secured simple certificate enrollment protocol enrollment is completed forwarding the signed device certificate to the enrolled mobile device.


A mobile application manager apparatus including one or more processors coupled to a memory and configured to be capable of executing programmed instructions comprising and stored in the memory to receiving a certificate signing request and an encrypted device key from an enrolled mobile device. The received certificate signing request is forwarded to a simple certificate enrollment protocol server upon determining a validity of the received encrypted device key. A signed device certificate is received from the simple certificate enrollment protocol server as a response to the forwarded certificate signing request. The secured simple certificate enrollment protocol enrollment is completed forwarding the signed device certificate to the enrolled mobile device.


This technology provides a number of advantages including providing methods, non-transitory computer readable media and apparatuses that effectively assist with providing secure SCEP enrollment of client devices. The disclosed technology provides secure SCEP enrollment by: first, ensuring that only the enrolled devices can retrieve the certificates by including an obfuscated/encrypted device key as part of the SCEP uniform resource indicator (URI) sent to the client device; second, ensuring that device key is used only once by maintaining a list of keys used to authorize SCEP requests; and lastly, preventing an unauthorized user from retrieving the SCEP certificate for the device by determining whether the device key in the device certificate received from the requesting device is identical to the device key in the list of authorized device keys.





BRIEF DESCRIPTION OF THE DRAWINGS


FIG. 1 is an example of a block diagram of an environment including a mobile application manager apparatus for secured SCEP enrollment for client devices;



FIG. 2 is an example of a block diagram of the mobile application manager apparatus;



FIG. 3 is an exemplary flowchart of a method for secured SCEP enrollment for client devices; and



FIG. 4 is an exemplary sequence flow diagram of a method for secured SCEP enrollment for client devices.





DETAILED DESCRIPTION

An example of a network environment 10 which incorporates a network traffic management system for secured SCEP enrollment for client devices with the mobile application manager apparatus 14 is illustrated in FIGS. 1 and 2. The exemplary environment 10 includes a plurality of mobile computing devices 12(1)-12(n), a simple certificate enrollment protocol (SCEP) server 13, a mobile application manager apparatus 14, and a plurality of web application servers 16(1)-16(n) which are coupled together by communication networks 30, although the environment can include other types and numbers of systems, devices, components, and/or elements and in other topologies and deployments. While not shown, the exemplary environment 10 may include additional network components, such as routers, switches and other devices, which are well known to those of ordinary skill in the art and thus will not be described here. This technology provides a number of advantages including providing secured SCEP enrollment for client devices.


Referring more specifically to FIGS. 1 and 2, the mobile application manager apparatus 14 of the network traffic management system is coupled to the plurality of mobile computing devices 12(1)-12(n) through the communication network 30, although the plurality of mobile computing devices 12(1)-12(n) and mobile application manager apparatus 14 may be coupled together via other topologies. Additionally, the mobile application manager apparatus 14 is coupled to the plurality of web application servers 16(1)-16(n) through the communication network 30, although the web application servers 16(1)-16(n) and the mobile application manager apparatus 14 may be coupled together via other topologies. Further, the mobile application manager apparatus 14 is coupled to the SCEP server 13 through the communication network 30, although the SCEP server 13 and mobile application manager apparatus 14 may be coupled together via other topologies


The mobile application manager apparatus 14 assists with secured SCEP enrollment for client devices as illustrated and described by way of the examples herein, although the mobile application manager apparatus 14 may perform other types and/or numbers of functions. As illustrated in FIG. 2, the mobile application manager apparatus 14 includes processor or central processing unit (CPU) 18, memory 20, optional configurable hardware logic 21, and a communication system 24 which are coupled together by a bus device 26 although the mobile application manager apparatus 14 may comprise other types and numbers of elements in other configurations. In this example, the bus 26 is a PCI Express bus in this example, although other bus types and links may be used.


The processors 18 within the mobile application manager apparatus 14 may execute one or more computer-executable instructions stored in memory 20 for the methods illustrated and described with reference to the examples herein, although the processor can execute other types and numbers of instructions and perform other types and numbers of operations. The processor 18 may comprise one or more central processing units (“CPUs”) or general purpose processors with one or more processing cores, such as AMD® processor(s), although other types of processor(s) could be used (e.g., Intel®).


The memory 20 within the mobile application manager apparatus 14 may comprise one or more tangible storage media, such as RAM, ROM, flash memory, CD-ROM, floppy disk, hard disk drive(s), solid state memory, DVD, or any other memory storage types or devices, including combinations thereof, which are known to those of ordinary skill in the art. The memory 20 may store one or more non-transitory computer-readable instructions of this technology as illustrated and described with reference to the examples herein that may be executed by the processor 18. The exemplary flowchart shown in FIG. 3 is representative of example steps or actions of this technology that may be embodied or expressed as one or more non-transitory computer or machine readable instructions stored in the memory 20 that may be executed by the processor 18 and/or may be implemented by configured logic in the optional configurable logic 21.


Accordingly, the memory 20 of the mobile application manager apparatus 14 can store one or more applications that can include computer executable instructions that, when executed by the mobile application manager apparatus 14, causes the mobile application manager apparatus 14 to perform actions, such as to transmit, receive, or otherwise process messages, for example, and to perform other actions described and illustrated below with reference to FIGS. 3-4. The application(s) can be implemented as module or components of another application. Further, the application(s) can be implemented as operating system extensions, module, plugins, or the like. The application(s) can be implemented as module or components of another application. Further, the application(s) can be implemented as operating system extensions, module, plugins, or the like. Even further, the application(s) may be operative in a cloud-based computing environment. The application(s) can be executed within virtual machine(s) or virtual server(s) that may be managed in a cloud-based computing environment. Also, the application(s), including the mobile application manager apparatus 14 itself, may be located in virtual server(s) running in a cloud-based computing environment rather than being tied to one or more specific physical network computing devices. Also, the application(s) may be running in one or more virtual machines (VMs) executing on the mobile application manager apparatus 14. Additionally, in at least one of the various embodiments, virtual machine(s) running on the SCEP server may be managed or supervised by a hypervisor.


The optional configurable hardware logic device 21 in the mobile application manager apparatus 14 may comprise specialized hardware configured to implement one or more steps of this technology as illustrated and described with reference to the examples herein. By way of example only, the optional configurable logic hardware device 21 may comprise one or more of field programmable gate arrays (“FPGAs”), field programmable logic devices (“FPLDs”), application specific integrated circuits (ASICs”) and/or programmable logic units (“PLUs”).


The communication system 24 in the mobile application manager apparatus 14 is used to operatively couple and communicate between the mobile application manager apparatus 14, the plurality of mobile computing devices 12(1)-12(n), the SCEP server 13, and the plurality of web application servers 16(1)-16(n) which are all coupled together by communication network 30 such as one or more local area networks (LAN) and/or the wide area network (WAN), although other types and numbers of communication networks or systems with other types and numbers of connections and configurations to other devices and elements may be used. By way of example only, the communication network such as local area networks (LAN) and the wide area network (WAN) can use TCP/IP over Ethernet and industry-standard protocols, including NFS, CIFS, SOAP, XML, LDAP, and SNMP, although other types and numbers of communication networks, can be used. In this example, the bus 26 is a PCI Express bus in this example, although other bus types and links may be used.


Each of the plurality of mobile computing devices 12(1)-12(n) of the network traffic management system 10, include a central processing unit (CPU) or processor, a memory, input/display device interface, configurable logic device and an input/output system or I/O system, which are coupled together by a bus or other link. The plurality of mobile computing devices 12(1)-12(n), in this example, may run interface applications, such as Web browsers, that may provide an interface to make requests for and send and/or receive data to and/or from the web application servers 16(1)-16(n) via the mobile application manager apparatus 14. Additionally, the plurality of mobile computing devices 12(1)-12(n) can include any type of computing device that can receive, render, and facilitate user interaction, such as client computers, network computer, mobile computers, virtual machines (including cloud-based computer), or the like. Each of the plurality of mobile computing devices 12(1)-12(n) utilizes the mobile application manager apparatus 14 to conduct one or more operations with the web application servers 16(1)-16(n), such as to obtain data and/or access the applications from one of the web application servers 16(1)-16(n), by way of example only, although other numbers and/or types of systems could be utilizing these resources and other types and numbers of functions utilizing other types of protocols could be performed.


The SCEP server 13 of the network traffic management system include a central processing unit (CPU) or processor, a memory, and a communication system, which are coupled together by a bus or other link, although other numbers and/or types of network devices could be used. Generally, the SCEP server 13 assists with obtaining device certificates, via the communication network 30 according to the HTTP-based application RFC protocol or the CIFS or NFS protocol in this example, but the principles discussed herein are not limited to this example and can include other application protocols. A series of applications may run on the SCEP server 13 that allows the transmission of data requested by the mobile application manager apparatus 14. It is to be understood that the SCEP server 13 may be hardware or software or may represent a system with multiple external resource servers, which may include internal or external networks. In this example the SCEP server 13 may be any version of Microsoft® IIS servers or Apache® servers, although other types of servers may be used.


Each of the plurality of web application servers 16(1)-16(n) of the network traffic management system include a central processing unit (CPU) or processor, a memory, and a communication system, which are coupled together by a bus or other link, although other numbers and/or types of network devices could be used. Generally, the plurality of web application servers 16(1)-16(n) process requests for providing access to one or more enterprise web applications received from the plurality of mobile computing devices 12(1)-12(n), mobile application manager apparatus 14, via the communication network 30 according to the HTTP-based application RFC protocol or the CIFS or NFS protocol in this example, but the principles discussed herein are not limited to this example and can include other application protocols. A series of applications may run on the plurality web application servers 16(1)-16(n) that allows the transmission of applications requested by the plurality of mobile computing devices 12(1)-12(n), or the mobile application manager apparatus 14. The plurality of web application servers 16(1)-16(n) may provide data or receive data in response to requests directed toward the respective applications on the plurality web application servers 16(1)-16(n) from the plurality of mobile computing devices 12(1)-12(n) or the mobile application manager apparatus 14. It is to be understood that the plurality of web application servers 16(1)-16(n) may be hardware or software or may represent a system with multiple external resource servers, which may include internal or external networks. In this example the plurality of web application servers 16(1)-16(n) may be any version of Microsoft IIS servers or Apache® servers, although other types of servers may be used.


Although the plurality of web application servers 16(1)-16(n) are illustrated as single servers, one or more actions of the SCEP server 13 and each of the plurality of web application servers 16(1)-16(n) may be distributed across one or more distinct network computing devices. Moreover, the plurality of web application servers 16(1)-16(n) are not limited to a particular configuration. Thus, the plurality of plurality web application servers 16(1)-16(n) may contain a plurality of network computing devices that operate using a master/slave approach, whereby one of the network computing devices of the plurality of web application servers 16(1)-16(n) operate to manage and/or otherwise coordinate operations of the other network computing devices. The plurality of web application servers 16(1)-16(n) may operate as a plurality of network computing devices within cluster architecture, a peer-to peer architecture, virtual machines, or within a cloud architecture.


Thus, the technology disclosed herein is not to be construed as being limited to a single environment and other configurations and architectures are also envisaged. For example, the one or more of the plurality of web application servers 16(1)-16(n) depicted in FIG. 1 can operate within mobile application manager apparatus 14 rather than as a stand-alone server communicating with mobile application manager apparatus 14 via the communication network(s) 30. In this example the plurality of web application servers 16(1)-16(n) operate within the memory 20 of the mobile application manager apparatus 14.


While the mobile application manager apparatus 14 is illustrated in this example as including a single device, the mobile application manager apparatus 14 in other examples can include a plurality of devices or blades each with one or more processors each processor with one or more processing cores that implement one or more steps of this technology. In these examples, one or more of the devices can have a dedicated communication interface or memory. Alternatively, one or more of the devices can utilize the memory, communication interface, or other hardware or software components of one or more other communicably coupled of the devices. Additionally, one or more of the devices that together comprise mobile application manager apparatus 14 in other examples can be standalone devices or integrated with one or more other devices or applications, such as one of the SCEP server 13, plurality of web application servers 16(1)-16(n) or, the mobile application manager apparatus 14, or applications coupled to the communication network(s), for example. Moreover, one or more of the devices of the mobile application manager apparatus 14 in these examples can be in a same or a different communication network 30 including one or more public, private, or cloud networks, for example.


Although an exemplary network traffic management system 10 with the plurality of mobile computing devices 12(1)-12(n), the SCEP server 13, the mobile application manager apparatus 14, and the plurality of web application servers 16(1)-16(n), communication networks 30 are described and illustrated herein, other types and numbers of systems, devices, blades, components, and elements in other topologies can be used. It is to be understood that the systems of the examples described herein are for exemplary purposes, as many variations of the specific hardware and software used to implement the examples are possible, as will be appreciated by those skilled in the relevant art(s).


Further, each of the systems of the examples may be conveniently implemented using one or more general purpose computer systems, microprocessors, digital signal processors, and micro-controllers, programmed according to the teachings of the examples, as described and illustrated herein, and as will be appreciated by those of ordinary skill in the art.


One or more of the components depicted in the network traffic management system, such as the mobile application manager apparatus 14, the plurality of mobile computing devices 12(1)-12(n), the SCEP server 13 or the plurality of web application servers 16(1)-16(n), for example, may be configured to operate as virtual instances on the same physical machine. In other words, one or more of mobile application manager apparatus 14, the SCEP server 13, the plurality of mobile computing devices 12(1)-12(n), or the plurality of web application servers 16(1)-16(n) illustrated in FIG. 1 may operate on the same physical device rather than as separate devices communicating through a network as depicted in FIG. 1. There may be more or fewer plurality of mobile computing devices 12(1)-12(n), SCEP server 13, mobile application manager apparatus 14, or the plurality of web application servers 16(1)-16(n) than depicted in FIG. 1. The plurality of mobile computing devices 12(1)-12(n), the SCEP server 13, or the plurality of web application servers 16(1)-16(n) could be implemented as applications on mobile application manager apparatus 14.


In addition, two or more computing systems or devices can be substituted for any one of the systems or devices in any example. Accordingly, principles and advantages of distributed processing, such as redundancy and replication also can be implemented, as desired, to increase the robustness and performance of the devices and systems of the examples. The examples may also be implemented on computer system(s) that extend across any suitable network using any suitable interface mechanisms and traffic technologies, including by way of example only teletraffic in any suitable form (e.g., voice and modem), wireless traffic media, wireless traffic networks, cellular traffic networks, G3 traffic networks, Public Switched Telephone Network (PSTNs), Packet Data Networks (PDNs), the Internet, intranets, and combinations thereof.


The examples may also be embodied as a non-transitory computer readable medium having instructions stored thereon for one or more aspects of the technology as described and illustrated by way of the examples herein, which when executed by a processor (or configurable hardware), cause the processor to carry out the steps necessary to implement the methods of the examples, as described and illustrated herein.


An example of a method for secured SCEP enrollment for client devices will now be described with reference to FIGS. 1-4. First in step 305, the mobile application manager apparatus 14 receives a request to enroll from one of the plurality of mobile devices 12(1)-12(n), although the mobile application manager apparatus 14 can receive other types and/or numbers of requests from the plurality of mobile computing devices 12(1)-12(n). By way of example only, the mobile application manager apparatus 14 may receive the user credentials of the user of the requesting one of the plurality of mobile computing devices 12(1)-12(n) as the enrollment information, although the mobile application manager apparatus 14 can receive other types and/or amounts of information from the requesting one of the plurality of mobile computing devices 12(1)-12(n). In another example, the mobile application manager apparatus 14 can receive other information, such as geographic location information, role of the user of the requesting one of the plurality of mobile computing devices, IP address, type of the requesting device, current operating system on the mobile computing device, and/or installed mobile applications and security policies from the requesting one of the plurality of mobile computing devices 12(1)-12(n).


Next in step 310, the mobile application manager apparatus 14 performs an authentication check based on the received data to determine whether to enroll the requesting one of the plurality of mobile computing devices 12(1)-12(n), although the mobile application manager apparatus 14 can perform the authentication check in other manners and/or using other types and/or amounts of information. In this example, the mobile application manager apparatus 14 compares the received information associated with the requesting one of the plurality of mobile computing devices 12(1)-12(n) against the existing access control checks to determine when to enroll the requesting one of the plurality of mobile computing devices 12(1)-12(n), although the mobile application manager apparatus 14 can perform the authentication checks using other techniques. Accordingly, when the mobile application manager apparatus 14 determines that the requesting one of the plurality of mobile devices 12(1)-12(n) should not be enrolled, then the No branch is taken to next step 315.


In step 315, the mobile application manager apparatus 14 rejects the received request for enrollment and the exemplary method ends at step 375.


However if back in step 310, when the mobile application manager apparatus 14 determines that the requesting one of the plurality of mobile devices 12(1)-12(n) should be enrolled, then the Yes branch is taken to next step 320. In step 320, the mobile application manager apparatus 14 stores the received enrollment information within the memory 20, although the mobile application manager apparatus 14 can store the registration information at other memory locations. Further, the mobile application manager apparatus 14 may store the information associated with the requesting one of the plurality of mobile computing devices 12(1)-12(n), such as the one or more installed mobile applications and security policies by way of example, in a state table that includes a list of all enrolled devices, although the mobile application manager apparatus 14 can store the information at other memory locations.


Next in step 325, the mobile application manager apparatus 14 completes the enrollment of the requesting one of the plurality of mobile devices 12(1)-12(n) by sending the requesting one of the plurality of mobile devices 12(1)-12(n) a configuration file with a pre-shared secret and a SCEP uniform resource locator (URL) that includes a unique encrypted device key, although the mobile application manager apparatus 14 can include other types or amounts of information back to the requesting one of the plurality of mobile devices 12(1)-12(n) after successful enrollment. In this example, the mobile application manager apparatus 14 also stores the encrypted device key and the data associated with the requesting one of the plurality of mobile devices 12(1)-12(n) in order to use the enrollment information, and the encrypted device key to authenticate the requesting one of the plurality of mobile devices 12(1)-12(n) during subsequent requests. By way of example, the mobile application manager apparatus 14 can encrypt the unique device key that is obtained from the requesting one of the plurality of mobile devices 12(1)-12(n) during the enrollment step using a private key, although the mobile application manager apparatus 14 can encrypt the unique device key using other techniques.


Additionally in this example, the requesting one of the plurality of mobile devices 12(1)-12(n) sends a get certificate authority (CA) request to SCEP server 13 and receives a response with a public key back from the SCEP server 13, although the requesting one of the plurality of mobile devices 12(1)-12(n) can use other techniques to obtain the public key from the SCEP server 13. Further in this example, the requesting one of the plurality of mobile devices 12(1)-12(n) uses the public key received from the SCEP server 13 to encrypt a certificate signing request (CSR). As it would be appreciated by a person having ordinary skill in the art, the certificate signing request relates to a request to sign a device certificate and this request is required to be encrypted as the CSR includes confidential information associated with the enrolled one of the plurality of mobile devices. Additionally, the enrolled one of the plurality of mobile devices 12(1)-12(n) also generates a public-private key pair using the received public key from the SCEP server 13.


In the next step 330, the mobile application manager apparatus 14 receives an encrypted certificate signing request from the enrolled one of the plurality of mobile devices 12(1)-12(n) using the SCEP URL. In this example, the encrypted certificate signing request includes the actual request to sign the certificate, the pre-shared secret that was shared in step 325, and the public key that was generated by the enrolled one of the plurality of mobile devices 12(1)-12(n), although the encrypted CSR can include other types or amounts of information. Additionally as illustrated above, SCEP URL also includes the encrypted device key that is sent along with the encrypted certificate signing request.


Next in step 335, the mobile application manager apparatus 14 decrypts the encrypted device key that was received in the SCEP URL along with the encrypted certificate signing request using a private key, although the mobile application manager apparatus 14 can decrypt the encrypted device key using other techniques.


In step 340, the mobile application manager apparatus 14 determines when the decrypted device key is valid by comparing the decrypted device key against the data associated with the enrolled one of the plurality of mobile devices 12(1)-12(n) in a table stored in the memory 20, although the mobile application manager apparatus 14 can use other techniques to determine whether the decrypted device key is valid. Accordingly, when the decrypted device key exactly matches with the data stored in the table associated with the enrolled one of the plurality of mobile devices 12(1)-12(n), then it is determined that the decrypted device key is valid and also the enrolled one of the plurality of mobile devices 12(1)-12(n) being an authenticated device. By using this technique, the technology disclosed is able to prevent malicious devices from using the encrypted device key to obtain a device certificate from the SCEP server.


When the mobile application manager apparatus 14 determines in step 340 that the device key is not valid, then the No branch is taken to step 315 where the received request is rejected and the exemplary method ends at step 375. Additionally, the mobile application manager apparatus 14 can send a notification to a network administrator indicating that the device key is invalid so that unauthorized device certificate need not be issued to the enrolled one of the plurality of mobile devices 12(1)-12(n). Alternatively, the mobile application manager apparatus 14 can determine that the device key is valid when the encrypted device key is being used for the first time from the enrolled one of the plurality of mobile devices 12(1)-12(n). If the mobile application manager apparatus 14 had received the same encrypted device key for the second time, then it would determine that the encrypted device key is being compromised and so the encrypted device key would be determined as invalid.


However if back in step 340, when the mobile application manager apparatus 14 determines that the decrypted device key is valid, then the Yes branch is taken to step 345. In step 345, the mobile application manager apparatus 14 forwards the received encrypted certificate signing request to the SCEP server 13. In this example, the mobile application manager apparatus 14 updates the table indicating a request for a certificate was received with the encrypted certificate signing request along with the encrypted device key for the requesting one of the plurality of mobile devices 12(1)-12(n).


In step 350, the mobile application manager apparatus 14 receives the signed device certificate back from the SCEP server 13. In this example, the SCEP server 13 first decrypts the encrypted certificate signing request with the private key corresponding to the public key that was initially shared with the enrolled one of the plurality of mobile devices 12(1)-12(n), and then checks if the pre-shared secret that is present in the decrypted certificate signing request exactly matches with the pre-shared secret that is stored in the SCEP server 13, although the SCEP server can perform other types or amounts of functions prior to signing and sending the device certificate back to the mobile application manager apparatus 14.


In step 355, the mobile application manager apparatus 14 forwards the received signed device certificate back to the enrolled one of the plurality of mobile devices 12(1)-12(n). Additionally in this step, the mobile application manager apparatus 14 stores the information associated with the signed device certificate along with the information corresponding to the enrolled one of the plurality of mobile devices 12(1)-12(n) in the table, although the mobile application manager apparatus 14 can store the data at other memory locations. Using this stored information, the mobile application manager apparatus 14 can determine and prevent a malicious device from using signed device certificate that was originally created and sent to the enrolled one of the plurality of mobile devices 12(1)-12(n).


Next in step 360, the mobile application manager apparatus 14 receives a request to access the web application on the plurality of web application servers 16(1)-16(n) along with the signed device certificate from the enrolled one of the plurality of mobile devices 12(1)-12(n), although the enrolled one of the plurality of mobile devices 12(1)-12(n) can use the signed device certificate to authenticate itself with the mobile application manager apparatus 14. Additionally, the mobile application manager apparatus 14 obtains the device key along with the device certificate from the enrolled one of the plurality of mobile devices 12(1)-12(n).


In step 365, the mobile application manager apparatus 14 determines when the received device certificate is valid by comparing the details of the received device certificate against the data that is stored in the table include the list of authorized device keys, although the mobile application manager apparatus 14 can use other techniques to determine the validity of the device certificate. Accordingly, when the mobile application manager apparatus 14 determines that the device certificate is invalid, then the No branch is taken to step 315 where the received request is rejected indicating that it is from a malicious device and the exemplary method ends in step 375.


However if back in step 365, when the mobile application manager apparatus 14 determines that the device certificate is valid, then the Yes branch is taken to step 370. In step 370, the mobile application manager apparatus 14 successfully authenticates the requesting one of the plurality of mobile devices 12(1)-12(n) or provides the access to the requested web application executing on one of the plurality of web application servers 16(1)-16(n) and the exemplary method ends at step 375.


As illustrated and described by way of the examples here, the claimed technology effectively assist with providing secure SCEP enrollment of client devices. Additionally, the claimed technology provides secure SCEP enrollment by: first, ensuring that only the enrolled devices can retrieve the certificates by including an obfuscated/encrypted device key as part of the SCEP uniform resource indicator (URI) sent to the client device; second, ensuring that device key is used only once by maintaining a list of keys used to authorize SCEP requests; and lastly, preventing an unauthorized user from retrieving the SCEP certificate for the device by determining whether the device key in the device certificate received from the requesting device is identical to the device key in the list of authorized device keys.


Having thus described the basic concept of the technology, it will be rather apparent to those skilled in the art that the foregoing detailed disclosure is intended to be presented by way of example only, and is not limiting. Various alterations, improvements, and modifications will occur and are intended to those skilled in the art, though not expressly stated herein. These alterations, improvements, and modifications are intended to be suggested hereby, and are within the spirit and scope of the technology. Additionally, the recited order of processing elements or sequences, or the use of numbers, letters, or other designations therefore, is not intended to limit the claimed processes to any order except as may be specified in the claims. Accordingly, the technology is limited only by the following claims and equivalents thereto.

Claims
  • 1. A method for secured SCEP enrollment for client devices implemented by a network traffic management system comprising one or more network traffic apparatuses, client devices, or server devices, the method comprising: receiving an encrypted certificate signing request and an encrypted device key from an enrolled mobile device, the encrypted certificate signing request and the encrypted device key being encrypted separately with different cryptographic keys;decrypting the received encrypted device key to generate a decrypted device key without decrypting the encrypted certificate signing request;forwarding the received encrypted certificate signing request to a simple certificate enrollment protocol server upon determining the decrypted device key is present in stored data and is being used only once;receiving a signed device certificate from the simple certificate enrollment protocol server as a response to the forwarded encrypted certificate signing request; andcompleting a secured simple certificate enrollment protocol enrollment by forwarding the signed device certificate to the enrolled mobile device.
  • 2. The method as set forth in claim 1, further comprising sending a simple certificate enrollment protocol uniform resource locator including the encrypted device key to the enrolled mobile device in response to a request for enrollment.
  • 3. The method as set forth in claim 1, further comprising: receiving a request to access a web application or authenticate the enrolled mobile device with the forwarded signed device certificate from the enrolled mobile device;determining the received signed device certificate to be valid when the device key in the received signed device certificate is present in a list comprising authorized device keys; andproviding access to the requested web application or authenticate the enrolled mobile device when the received signed device certificate is determined to be valid.
  • 4. The method as set forth in claim 1, further comprising: rejecting a subsequent secured simple certificate enrollment protocol enrollment in response to determining encrypted device key is used for a second time.
  • 5. The method as set forth in claim 1, further comprising: updating the stored data to indicate the encrypted device key has been used in response to forwarding the received encrypted certificate signing request.
  • 6. The method as set forth in claim 1, wherein the encrypted certificate signing request and the encrypted device key are sent from the enrolled mobile device using a single request.
  • 7. The method as set forth in claim 6, wherein the encrypted certificate signing request and the encrypted device key are incorporated in a uniform resource locator of the single request.
  • 8. A non-transitory computer readable medium having stored thereon instructions for secured SCEP enrollment for client devices comprising executable code which when executed by one or more processors, causes the processors to: receive an encrypted certificate signing request and an encrypted device key from an enrolled mobile device, the encrypted certificate signing request and the encrypted device key being encrypted separately with different cryptographic keys;decrypt the received encrypted device key to generate a decrypted device key without decrypting the encrypted certificate signing request;forward the received encrypted certificate signing request to a simple certificate enrollment protocol server upon determining the decrypted device key is present in stored data and is being used only once;receive a signed device certificate from the simple certificate enrollment protocol server as a response to the forwarded encrypted certificate signing request; andcomplete a secured simple certificate enrollment protocol enrollment by forwarding the signed device certificate to the enrolled mobile device.
  • 9. The computer readable medium as set forth in claim 8 further comprising send a simple certificate enrollment protocol uniform resource locator including the encrypted device key to the enrolled mobile device in response to a request for enrollment.
  • 10. The computer readable medium as set forth in claim 8, further comprises: receive a request to access a web application or authenticate the enrolled mobile device with the forwarded signed device certificate from the enrolled mobile device;determine the received signed device certificate to be valid when the device key in the received signed device certificate is present in a list comprising authorized device keys; andprovide access to the requested web application or authenticate the enrolled mobile device when the received signed device certificate is determined to be valid.
  • 11. The computer readable medium as set forth in claim 8, further comprising: reject a subsequent secured simple certificate enrollment protocol enrollment in response to determining the encrypted device key is used for a second time.
  • 12. The computer readable medium as set forth in claim 8, wherein the instructions further comprise executable code which when executed by one or more processors, causes the processors to: update the stored data to indicate the encrypted device key has been used in response to forwarding the received encrypted certificate signing request.
  • 13. A mobile application manager apparatus, comprising memory comprising programmed instructions stored in the memory and one or more processors configured to be capable of executing the programmed instructions stored in the memory to: receive an encrypted certificate signing request and an encrypted device key from an enrolled mobile device, the encrypted certificate signing request and the encrypted device key being encrypted separately with different cryptographic keys;decrypt the received encrypted device key to generate a decrypted device key without decrypting the encrypted certificate signing request;forward the received encrypted certificate signing request to a simple certificate enrollment protocol server upon determining the decrypted device key is present in stored data and is being used only once;receive a signed device certificate from the simple certificate enrollment protocol server as a response to the forwarded encrypted certificate signing request; andcomplete a secured simple certificate enrollment protocol enrollment by forwarding the signed device certificate to the enrolled mobile device.
  • 14. The apparatus as set forth in claim 13, wherein the one or more processors are further configured to be capable of executing the programmed instructions stored in the memory to send a simple certificate enrollment protocol uniform resource locator including the encrypted device key to the enrolled mobile device in response to a request for enrollment.
  • 15. The apparatus as set forth in claim 13, wherein the one or more processors are further configured to be capable of executing the programmed instructions stored in the memory to: receive a request to access a web application or authenticate the enrolled mobile device with the forwarded signed device certificate from the enrolled mobile device;determine the received signed device certificate to be valid when the device key in the received signed device certificate is present in a list comprising authorized device keys; andprovide access to the requested web application or authenticate the enrolled mobile device when the received signed device certificate is determined to be valid.
  • 16. The apparatus as set forth in claim 13, wherein the one or more processors are further configured to be capable of executing the programmed instructions stored in the memory to: reject a subsequent secured simple certificate enrollment protocol enrollment in response to determining the encrypted device key is used for a second time.
  • 17. The apparatus as set forth in claim 13, wherein the one or more processors are further configured to be capable of executing the programmed instructions stored in the memory to: update the stored data to indicate the encrypted device key has been used in response to forwarding the received encrypted certificate signing request.
  • 18. A network traffic management system, comprising one or more traffic management apparatuses, client devices, or server devices, the network traffic management system comprising memory comprising programmed instructions stored thereon and one or more processors configured to be capable of executing the stored programmed instructions to: receive an encrypted certificate signing request and an encrypted device key from an enrolled mobile device, the encrypted certificate signing request and the encrypted device key being encrypted separately with different cryptographic keys;decrypt the received encrypted device key to generate a decrypted device key without decrypting the encrypted certificate signing request;forward the received encrypted certificate signing request to a simple certificate enrollment protocol server upon determining the decrypted device key is present in stored data and is being used only once;receive a signed device certificate from the simple certificate enrollment protocol server as a response to the forwarded encrypted certificate signing request; andcomplete a secured simple certificate enrollment protocol enrollment by forwarding the signed device certificate to the enrolled mobile device.
  • 19. The network traffic management system of claim 18, wherein the one or more processors are further configured to be capable of executing the programmed instructions stored in the memory to send a simple certificate enrollment protocol uniform resource locator including the encrypted device key to the enrolled mobile device in response to a request for enrollment.
  • 20. The network traffic management system of claim 18, wherein the one or more processors are further configured to be capable of executing the programmed instructions stored in the memory to: receive a request to access a web application or authenticate the enrolled mobile device with the forwarded signed device certificate from the enrolled mobile device;determine the received signed device certificate to be valid when the device key in the received signed device certificate is present in a list comprising authorized device keys; andprovide access to the requested web application or authenticate the enrolled mobile device when the received signed device certificate is determined to be valid.
  • 21. The network traffic management system of claim 18, wherein the one or more processors are further configured to be capable of executing the programmed instructions stored in the memory to: reject a subsequent secured simple certificate enrollment protocol enrollment in response to determining the encrypted device key is used for a second time.
  • 22. The network traffic management system of claim 18, wherein the one or more processors are further configured to be capable of executing the programmed instructions stored in the memory to: update the stored data to indicate the encrypted device key has been used in response to forwarding the received encrypted certificate signing request.
Parent Case Info

This application claims the benefit of U.S. Provisional Patent Application Ser. No. 62/281,166, filed Jan. 20, 2016 which is hereby incorporated by reference in its entirety.

US Referenced Citations (954)
Number Name Date Kind
3950735 Patel Apr 1976 A
4644532 George et al. Feb 1987 A
4897781 Chang et al. Jan 1990 A
4965772 Daniel et al. Oct 1990 A
4993030 Krakauer et al. Feb 1991 A
5023826 Patel Jun 1991 A
5053953 Patel Oct 1991 A
5167024 Smith et al. Nov 1992 A
5218695 Noveck et al. Jun 1993 A
5282201 Frank et al. Jan 1994 A
5299312 Rocco, Jr. Mar 1994 A
5303368 Kotaki Apr 1994 A
5327529 Fults et al. Jul 1994 A
5367635 Bauer et al. Nov 1994 A
5371852 Attanasio et al. Dec 1994 A
5406502 Haramaty et al. Apr 1995 A
5473362 Fitzgerald et al. Dec 1995 A
5475857 Dally Dec 1995 A
5511177 Kagimasa et al. Apr 1996 A
5517617 Sathaye et al. May 1996 A
5519694 Brewer et al. May 1996 A
5519778 Leighton et al. May 1996 A
5521591 Arora et al. May 1996 A
5528701 Aref Jun 1996 A
5537585 Blickenstaff et al. Jul 1996 A
5548724 Akizawa et al. Aug 1996 A
5550965 Gabbe et al. Aug 1996 A
5581764 Fitzgerald et al. Dec 1996 A
5583995 Gardner et al. Dec 1996 A
5586260 Hu Dec 1996 A
5590320 Maxey Dec 1996 A
5596742 Agarwal et al. Jan 1997 A
5606665 Yang et al. Feb 1997 A
5611049 Pitts Mar 1997 A
5623490 Richter et al. Apr 1997 A
5649194 Miller et al. Jul 1997 A
5649200 Leblang et al. Jul 1997 A
5659619 Sudia Aug 1997 A
5663018 Cummings et al. Sep 1997 A
5668943 Attanasio et al. Sep 1997 A
5692180 Lee Nov 1997 A
5721779 Funk Feb 1998 A
5724512 Winterbottom Mar 1998 A
5752023 Choucri et al. May 1998 A
5761484 Agarwal et al. Jun 1998 A
5768423 Aref et al. Jun 1998 A
5774660 Brendel et al. Jun 1998 A
5790554 Pitcher et al. Aug 1998 A
5802052 Venkataraman Sep 1998 A
5806061 Chaudhuri et al. Sep 1998 A
5812550 Sohn et al. Sep 1998 A
5822430 Doud Oct 1998 A
5825772 Dobbins et al. Oct 1998 A
5832283 Chou et al. Nov 1998 A
5832496 Anand et al. Nov 1998 A
5832522 Blickenstaff et al. Nov 1998 A
5838970 Thomas Nov 1998 A
5862325 Reed et al. Jan 1999 A
5875296 Shi et al. Feb 1999 A
5884303 Brown Mar 1999 A
5892914 Pitts Apr 1999 A
5892932 Kim Apr 1999 A
5893086 Schmuck et al. Apr 1999 A
5897638 Lasser et al. Apr 1999 A
5905990 Inglett May 1999 A
5917998 Cabrera et al. Jun 1999 A
5919247 Van Hoff et al. Jul 1999 A
5920873 Van Huben et al. Jul 1999 A
5936939 Des Jardins et al. Aug 1999 A
5937406 Balabine et al. Aug 1999 A
5941988 Bhagwat et al. Aug 1999 A
5946690 Pitts Aug 1999 A
5949885 Leighton Sep 1999 A
5951694 Choquier et al. Sep 1999 A
5958053 Denker Sep 1999 A
5959990 Frantz et al. Sep 1999 A
5974460 Maddalozzo, Jr. et al. Oct 1999 A
5983281 Ogle et al. Nov 1999 A
5988847 McLaughlin et al. Nov 1999 A
5991302 Beri et al. Nov 1999 A
5995491 Richter et al. Nov 1999 A
5999664 Mahoney et al. Dec 1999 A
6006260 Barrick, Jr. et al. Dec 1999 A
6006264 Colby et al. Dec 1999 A
6012083 Savitzky et al. Jan 2000 A
6026452 Pitts Feb 2000 A
6028857 Poor Feb 2000 A
6029168 Frey Feb 2000 A
6029175 Chow et al. Feb 2000 A
6038233 Hamamoto et al. Mar 2000 A
6041365 Kleinerman Mar 2000 A
6044367 Wolff Mar 2000 A
6047129 Frye Apr 2000 A
6051169 Brown et al. Apr 2000 A
6067558 Wendt et al. May 2000 A
6072942 Stockwell et al. Jun 2000 A
6078929 Rao Jun 2000 A
6078956 Bryant et al. Jun 2000 A
6085234 Pitts et al. Jul 2000 A
6088694 Burns et al. Jul 2000 A
6092196 Reiche Jul 2000 A
6104706 Richter et al. Aug 2000 A
6108703 Leighton et al. Aug 2000 A
6111876 Frantz et al. Aug 2000 A
6118784 Tsuchiya et al. Sep 2000 A
6119234 Aziz et al. Sep 2000 A
6128279 O'Neil et al. Oct 2000 A
6128627 Mattis et al. Oct 2000 A
6128657 Okanoya et al. Oct 2000 A
6128717 Harrison et al. Oct 2000 A
6154777 Ebrahim Nov 2000 A
6160874 Dickerman et al. Dec 2000 A
6161145 Bainbridge et al. Dec 2000 A
6161185 Guthrie et al. Dec 2000 A
6170022 Linville et al. Jan 2001 B1
6178423 Douceur et al. Jan 2001 B1
6181336 Chiu et al. Jan 2001 B1
6182139 Brendel Jan 2001 B1
6192051 Lipman et al. Feb 2001 B1
6202156 Kalajan Mar 2001 B1
6223206 Dan et al. Apr 2001 B1
6233612 Fruchtman et al. May 2001 B1
6233648 Tomita May 2001 B1
6237008 Beal et al. May 2001 B1
6246684 Chapman et al. Jun 2001 B1
6253226 Chidambaran et al. Jun 2001 B1
6253230 Couland et al. Jun 2001 B1
6256031 Meijer et al. Jul 2001 B1
6259405 Stewart et al. Jul 2001 B1
6260070 Shah Jul 2001 B1
6263368 Martin Jul 2001 B1
6282610 Bergsten Aug 2001 B1
6289012 Harrington et al. Sep 2001 B1
6289345 Yasue Sep 2001 B1
6292832 Shah et al. Sep 2001 B1
6298380 Coile et al. Oct 2001 B1
6304913 Rune Oct 2001 B1
6308162 Ouimet et al. Oct 2001 B1
6324581 Xu et al. Nov 2001 B1
6327622 Jindal et al. Dec 2001 B1
6330574 Murashita Dec 2001 B1
6338082 Schneider Jan 2002 B1
6339785 Feigenbaum Jan 2002 B1
6343324 Hubis et al. Jan 2002 B1
6347339 Morris et al. Feb 2002 B1
6349343 Foody et al. Feb 2002 B1
6353848 Morris Mar 2002 B1
6360270 Cherkasova et al. Mar 2002 B1
6363056 Beigi et al. Mar 2002 B1
6367009 Davis et al. Apr 2002 B1
6370527 Singhal Apr 2002 B1
6374263 Bunger et al. Apr 2002 B1
6374300 Masters Apr 2002 B2
6389433 Bolosky et al. May 2002 B1
6389462 Cohen et al. May 2002 B1
6393581 Friedman et al. May 2002 B1
6396833 Zhang et al. May 2002 B1
6397246 Wolfe May 2002 B1
6412004 Chen et al. Jun 2002 B1
6430562 Kardos et al. Aug 2002 B1
6434081 Johnson et al. Aug 2002 B1
6438595 Blumenau et al. Aug 2002 B1
6446108 Rosenberg et al. Sep 2002 B1
6466580 Leung Oct 2002 B1
6469983 Narayana et al. Oct 2002 B2
6477544 Bolosky et al. Nov 2002 B1
6480476 Willars Nov 2002 B1
6484261 Wiegel Nov 2002 B1
6487561 Ofek et al. Nov 2002 B1
6490624 Sampson et al. Dec 2002 B1
6493804 Soltis et al. Dec 2002 B1
6510135 Almulhem et al. Jan 2003 B1
6510458 Berstis et al. Jan 2003 B1
6513061 Ebata et al. Jan 2003 B1
6514085 Slattery et al. Feb 2003 B2
6516350 Lumelsky et al. Feb 2003 B1
6516351 Borr Feb 2003 B2
6519643 Foulkes et al. Feb 2003 B1
6542936 Mayle et al. Apr 2003 B1
6549916 Sedlar Apr 2003 B1
6553352 Delurgio et al. Apr 2003 B2
6556997 Levy Apr 2003 B1
6556998 Mukherjee et al. Apr 2003 B1
6560230 Li et al. May 2003 B1
6578069 Hopmann et al. Jun 2003 B1
6580717 Higuchi et al. Jun 2003 B1
6601084 Bhaskaran et al. Jul 2003 B1
6601101 Lee et al. Jul 2003 B1
6606663 Liao et al. Aug 2003 B1
6612490 Herrendoerfer et al. Sep 2003 B1
6615267 Whalen et al. Sep 2003 B1
6636503 Shiran et al. Oct 2003 B1
6636894 Short et al. Oct 2003 B1
6650640 Muller et al. Nov 2003 B1
6650641 Albert et al. Nov 2003 B1
6654346 Mahalingaiah et al. Nov 2003 B1
6654701 Hatley Nov 2003 B2
6661802 Homberg et al. Dec 2003 B1
6683873 Kwok et al. Jan 2004 B1
6690669 Tsuchiya et al. Feb 2004 B1
6691165 Bruck et al. Feb 2004 B1
6694517 James et al. Feb 2004 B1
6701415 Hendren, III Mar 2004 B1
6708187 Shanumgam et al. Mar 2004 B1
6718380 Mohaban et al. Apr 2004 B1
6721794 Taylor et al. Apr 2004 B2
6728704 Mao et al. Apr 2004 B2
6738357 Richter et al. May 2004 B1
6738790 Klein et al. May 2004 B1
6742035 Zayas et al. May 2004 B1
6742045 Albert et al. May 2004 B1
6744776 Kalkunte et al. Jun 2004 B1
6748420 Quatrano et al. Jun 2004 B1
6751663 Farrell et al. Jun 2004 B1
6754215 Arikawa et al. Jun 2004 B1
6754228 Ludwig Jun 2004 B1
6754699 Swildens et al. Jun 2004 B2
6757706 Dong et al. Jun 2004 B1
6760337 Snyder, II et al. Jul 2004 B1
6760775 Anerousis et al. Jul 2004 B1
6772219 Shobatake Aug 2004 B1
6775672 Mahalingam et al. Aug 2004 B2
6775673 Mahalingam et al. Aug 2004 B2
6775679 Gupta Aug 2004 B2
6779039 Bommareddy et al. Aug 2004 B1
6781986 Sabaa et al. Aug 2004 B1
6782450 Arnott et al. Aug 2004 B2
6795860 Shah Sep 2004 B1
6798777 Ferguson et al. Sep 2004 B1
6801960 Ericson et al. Oct 2004 B1
6804542 Haartsen Oct 2004 B1
6816901 Sitaraman et al. Nov 2004 B1
6816977 Brakmo et al. Nov 2004 B2
6826613 Wang et al. Nov 2004 B1
6829238 Tokuyo et al. Dec 2004 B2
6839761 Kadyk et al. Jan 2005 B2
6839850 Campbell et al. Jan 2005 B1
6847959 Arrouye et al. Jan 2005 B1
6847970 Keller et al. Jan 2005 B2
6850997 Rooney et al. Feb 2005 B1
6865593 Reshef et al. Mar 2005 B1
6868082 Allen, Jr. et al. Mar 2005 B1
6868447 Slaughter et al. Mar 2005 B1
6871221 Styles Mar 2005 B1
6871245 Bradley Mar 2005 B2
6876629 Beshai et al. Apr 2005 B2
6876654 Hegde Apr 2005 B1
6880017 Marce et al. Apr 2005 B1
6883137 Girardot et al. Apr 2005 B1
6888836 Cherkasova May 2005 B1
6889249 Miloushev et al. May 2005 B2
6907037 Tsuchiya et al. Jun 2005 B2
6912219 Tsuchiya et al. Jun 2005 B2
6914881 Mansfield et al. Jul 2005 B1
6920136 Tsuchiya et al. Jul 2005 B2
6920137 Tsuchiya et al. Jul 2005 B2
6920138 Tsuchiya et al. Jul 2005 B2
6922688 Frey, Jr. Jul 2005 B1
6928077 Tsuchiya et al. Aug 2005 B2
6928082 Liu et al. Aug 2005 B2
6934706 Mancuso et al. Aug 2005 B1
6938039 Bober et al. Aug 2005 B1
6938059 Tamer et al. Aug 2005 B2
6947985 Hegli et al. Sep 2005 B2
6950434 Viswanath et al. Sep 2005 B1
6954780 Susai et al. Oct 2005 B2
6957272 Tallegas et al. Oct 2005 B2
6959373 Testardi Oct 2005 B2
6959394 Brickell et al. Oct 2005 B1
6961815 Kistler et al. Nov 2005 B2
6970924 Chu et al. Nov 2005 B1
6973455 Vahalia et al. Dec 2005 B1
6973490 Robertson et al. Dec 2005 B1
6973549 Testardi Dec 2005 B1
6975592 Seddigh et al. Dec 2005 B1
6985936 Agarwalla et al. Jan 2006 B2
6985956 Luke et al. Jan 2006 B2
6986015 Testardi Jan 2006 B2
6986040 Kramer et al. Jan 2006 B1
6987763 Rochberger et al. Jan 2006 B2
6990074 Wan et al. Jan 2006 B2
6990114 Erimli et al. Jan 2006 B1
6990547 Ulrich et al. Jan 2006 B2
6990667 Ulrich et al. Jan 2006 B2
6996841 Kadyk et al. Feb 2006 B2
7003533 Noguchi et al. Feb 2006 B2
7003564 Greuel et al. Feb 2006 B2
7006981 Rose et al. Feb 2006 B2
7007092 Peiffer Feb 2006 B2
7010553 Chen et al. Mar 2006 B2
7013379 Testardi Mar 2006 B1
7020644 Jameson Mar 2006 B2
7020699 Zhang et al. Mar 2006 B2
7023974 Brannam et al. Apr 2006 B1
7024427 Bobbitt et al. Apr 2006 B2
7028182 Kilicommons Apr 2006 B1
7039061 Connor et al. May 2006 B2
7051112 Dawson May 2006 B2
7054998 Arnott et al. May 2006 B2
7058633 Gnagy et al. Jun 2006 B1
7065482 Shorey et al. Jun 2006 B2
7072338 Tsuchiya et al. Jul 2006 B2
7072339 Tsuchiya et al. Jul 2006 B2
7072917 Wong et al. Jul 2006 B2
7075924 Richter et al. Jul 2006 B2
7076689 Atkinson Jul 2006 B2
7080314 Garofalakis et al. Jul 2006 B1
7088726 Hamamoto et al. Aug 2006 B1
7089286 Malik Aug 2006 B1
7089491 Feinberg et al. Aug 2006 B2
7111115 Peters et al. Sep 2006 B2
7113962 Kee et al. Sep 2006 B1
7113993 Cappiello et al. Sep 2006 B1
7113996 Kronenberg Sep 2006 B2
7120128 Banks et al. Oct 2006 B2
7120746 Campbell et al. Oct 2006 B2
7127556 Blumenau et al. Oct 2006 B2
7133863 Teng et al. Nov 2006 B2
7133944 Song et al. Nov 2006 B2
7133967 Fujie et al. Nov 2006 B2
7139792 Mishra et al. Nov 2006 B1
7143146 Nakatani et al. Nov 2006 B2
7146524 Patel et al. Dec 2006 B2
7152184 Maeda et al. Dec 2006 B2
7155466 Rodriguez et al. Dec 2006 B2
7158526 Higuchi et al. Jan 2007 B2
7162529 Morishige et al. Jan 2007 B2
7165095 Sim Jan 2007 B2
7167821 Hardwick et al. Jan 2007 B2
7171496 Tanaka et al. Jan 2007 B2
7173929 Testardi Feb 2007 B1
7185359 Schmidt et al. Feb 2007 B2
7191163 Herrera et al. Mar 2007 B2
7193998 Tsuchiya et al. Mar 2007 B2
7194579 Robinson et al. Mar 2007 B2
7209759 Billing et al. Apr 2007 B1
7228359 Monteiro Jun 2007 B1
7228422 Morioka et al. Jun 2007 B2
7234074 Cohn et al. Jun 2007 B2
7236491 Tsao et al. Jun 2007 B2
7240100 Wein et al. Jul 2007 B1
7248591 Hamamoto et al. Jul 2007 B2
7251247 Hamamoto et al. Jul 2007 B2
7280536 Testardi Oct 2007 B2
7280971 Wimberly et al. Oct 2007 B1
7283540 Hamamoto et al. Oct 2007 B2
7284150 Ma et al. Oct 2007 B2
7287082 O'Toole, Jr. Oct 2007 B1
7292541 C S Nov 2007 B1
7293097 Borr Nov 2007 B2
7293099 Kalajan Nov 2007 B1
7293133 Colgrove et al. Nov 2007 B1
7295827 Liu et al. Nov 2007 B2
7296263 Jacob Nov 2007 B1
7299491 Shelest et al. Nov 2007 B2
7305480 Oishi et al. Dec 2007 B2
7308475 Pruitt et al. Dec 2007 B1
7308703 Wright et al. Dec 2007 B2
7308709 Brezak et al. Dec 2007 B1
7310339 Powers et al. Dec 2007 B1
7315543 Takeuchi et al. Jan 2008 B2
7319696 Inoue et al. Jan 2008 B2
7321926 Zhang et al. Jan 2008 B1
7324533 DeLiberato et al. Jan 2008 B1
7328009 Takeda et al. Feb 2008 B2
7328281 Takeda et al. Feb 2008 B2
7333999 Njemanze Feb 2008 B1
7343398 Lownsbrough Mar 2008 B1
7343413 Gilde et al. Mar 2008 B2
7346664 Wong et al. Mar 2008 B2
7349391 Ben-Dor et al. Mar 2008 B2
7383288 Miloushev et al. Jun 2008 B2
7383570 Pinkas et al. Jun 2008 B2
7385989 Higuchi et al. Jun 2008 B2
7394804 Miyata et al. Jul 2008 B2
7398552 Pardee et al. Jul 2008 B2
7400645 Tsuchiya et al. Jul 2008 B2
7400646 Tsuchiya et al. Jul 2008 B2
7401220 Bolosky et al. Jul 2008 B2
7403520 Tsuchiya et al. Jul 2008 B2
7406484 Srinivasan et al. Jul 2008 B1
7409440 Jacob Aug 2008 B1
7415488 Muth et al. Aug 2008 B1
7415608 Bolosky et al. Aug 2008 B2
7433962 Janssen et al. Oct 2008 B2
7437478 Yokota et al. Oct 2008 B2
7440982 Lu et al. Oct 2008 B2
7441429 Nucci et al. Oct 2008 B1
7454480 Labio et al. Nov 2008 B2
7457982 Rajan Nov 2008 B2
7467158 Marinescu Dec 2008 B2
7475241 Patel et al. Jan 2009 B2
7477796 Sasaki et al. Jan 2009 B2
7490162 Masters Feb 2009 B1
7500243 Huetsch et al. Mar 2009 B2
7500269 Huotari et al. Mar 2009 B2
7505795 Lim et al. Mar 2009 B1
7509322 Miloushev et al. Mar 2009 B2
7512673 Miloushev et al. Mar 2009 B2
7516492 Nisbet et al. Apr 2009 B1
7519813 Cox et al. Apr 2009 B1
7522581 Acharya et al. Apr 2009 B2
7526541 Roese et al. Apr 2009 B2
7558197 Sindhu et al. Jul 2009 B1
7562110 Miloushev et al. Jul 2009 B2
7571168 Bahar et al. Aug 2009 B2
7574433 Engel Aug 2009 B2
7577141 Kamata et al. Aug 2009 B2
7577723 Matsuda et al. Aug 2009 B2
7580971 Gollapudi et al. Aug 2009 B1
7587471 Yasuda et al. Sep 2009 B2
7590732 Rune Sep 2009 B2
7590747 Coates et al. Sep 2009 B2
7599941 Bahar et al. Oct 2009 B2
7610307 Havewala et al. Oct 2009 B2
7610390 Yared et al. Oct 2009 B2
7620733 Tzakikario et al. Nov 2009 B1
7624109 Testardi Nov 2009 B2
7624424 Morita et al. Nov 2009 B2
7639883 Gill Dec 2009 B2
7644109 Manley et al. Jan 2010 B2
7644137 Bozak et al. Jan 2010 B2
7653077 Hamamoto et al. Jan 2010 B2
7653699 Colgrove et al. Jan 2010 B1
7668166 Rekhter et al. Feb 2010 B1
7689596 Tsunoda Mar 2010 B2
7689710 Tang et al. Mar 2010 B2
7694082 Golding et al. Apr 2010 B2
7701952 Higuchi et al. Apr 2010 B2
7711771 Kirnos May 2010 B2
7724657 Rao et al. May 2010 B2
7725093 Sengupta et al. May 2010 B2
7734603 McManis Jun 2010 B1
7743035 Chen et al. Jun 2010 B2
7746863 Tsuchiya et al. Jun 2010 B2
7752294 Meyer et al. Jul 2010 B2
7761597 Takeda et al. Jul 2010 B2
7769711 Srinivasan et al. Aug 2010 B2
7778187 Chaturvedi et al. Aug 2010 B2
7788335 Miloushev et al. Aug 2010 B2
7788408 Takeda et al. Aug 2010 B2
7801978 Susai et al. Sep 2010 B1
7808913 Ansari et al. Oct 2010 B2
7822939 Veprinsky et al. Oct 2010 B1
7831639 Panchbudhe et al. Nov 2010 B1
7831662 Clark et al. Nov 2010 B2
7849112 Mane et al. Dec 2010 B2
7870154 Shitomi et al. Jan 2011 B2
7877511 Berger et al. Jan 2011 B1
7885970 Lacapra Feb 2011 B2
7908245 Nakano et al. Mar 2011 B2
7908314 Yamaguchi et al. Mar 2011 B2
7913053 Newland Mar 2011 B1
7921211 Larson et al. Apr 2011 B2
7925908 Kim Apr 2011 B2
7930365 Dixit et al. Apr 2011 B2
7933946 Livshits et al. Apr 2011 B2
7941517 Migault et al. May 2011 B2
7941563 Takeda et al. May 2011 B2
7945908 Waldspurger et al. May 2011 B1
7953701 Okitsu et al. May 2011 B2
7957405 Higuchi et al. Jun 2011 B2
7958347 Ferguson Jun 2011 B1
7965724 Hamamoto et al. Jun 2011 B2
7984141 Gupta et al. Jul 2011 B2
8005953 Miloushev et al. Aug 2011 B2
8031716 Tsuchiya et al. Oct 2011 B2
8069225 McCann et al. Nov 2011 B2
8103781 Wu et al. Jan 2012 B1
8107471 Nakamura et al. Jan 2012 B2
8130650 Allen, Jr. et al. Mar 2012 B2
8131863 Takeda et al. Mar 2012 B2
8189567 Kavanagh et al. May 2012 B2
8199757 Pani et al. Jun 2012 B2
8205246 Shatzkamer et al. Jun 2012 B2
8239954 Wobber et al. Aug 2012 B2
8266427 Thubert et al. Sep 2012 B2
8274895 Rahman et al. Sep 2012 B2
8281383 Levy-Abegnoli et al. Oct 2012 B2
8289968 Zhuang Oct 2012 B1
8321908 Gai et al. Nov 2012 B2
8351333 Rao et al. Jan 2013 B2
8379640 Ichihashi et al. Feb 2013 B2
8380854 Szabo Feb 2013 B2
8417817 Jacobs Apr 2013 B1
8437345 Takeda et al. May 2013 B2
8447871 Szabo May 2013 B1
8447970 Klein et al. May 2013 B2
8464265 Worley Jun 2013 B2
8468267 Yigang Jun 2013 B2
8477804 Yoshimoto et al. Jul 2013 B2
8488465 Solis et al. Jul 2013 B2
8494485 Broch Jul 2013 B1
8539224 Henderson et al. Sep 2013 B2
8566474 Kanode et al. Oct 2013 B2
8578050 Craig et al. Nov 2013 B2
8582599 Hamamoto et al. Nov 2013 B2
8594108 Tsuchiya et al. Nov 2013 B2
8601161 Takeda et al. Dec 2013 B2
8606921 Vasquez et al. Dec 2013 B2
8615022 Harrison et al. Dec 2013 B2
8646067 Agarwal et al. Feb 2014 B2
8665868 Kay Mar 2014 B2
8665969 Kay Mar 2014 B2
8701179 Penno et al. Apr 2014 B1
8725836 Lowery et al. May 2014 B2
8726336 Narayanaswamy et al. May 2014 B2
8726338 Narayanaswamy et al. May 2014 B2
8737304 Karuturi et al. May 2014 B2
8788665 Glide et al. Jul 2014 B2
8804504 Chen Aug 2014 B1
8819109 Krishnamurthy et al. Aug 2014 B1
8819419 Carlson et al. Aug 2014 B2
8819768 Koeten et al. Aug 2014 B1
8830874 Cho et al. Sep 2014 B2
8873753 Parker Oct 2014 B2
8875274 Montemurro et al. Oct 2014 B2
8886981 Baumann et al. Nov 2014 B1
8908545 Chen et al. Dec 2014 B1
8954080 Janakiriman et al. Feb 2015 B2
9037166 de Wit et al. May 2015 B2
9077554 Szabo Jul 2015 B1
9083760 Hughes et al. Jul 2015 B1
9088525 Takeda et al. Jul 2015 B2
9106699 Thornewell et al. Aug 2015 B2
9641344 Kim May 2017 B1
20010007560 Masuda et al. Jul 2001 A1
20010009554 Katseff et al. Jul 2001 A1
20010014891 Hoffert et al. Aug 2001 A1
20010023442 Masters Sep 2001 A1
20010047293 Waller et al. Nov 2001 A1
20010051955 Wong Dec 2001 A1
20020010783 Primak et al. Jan 2002 A1
20020012352 Hansson et al. Jan 2002 A1
20020032777 Kawata et al. Mar 2002 A1
20020035537 Waller et al. Mar 2002 A1
20020038360 Andrews et al. Mar 2002 A1
20020049842 Huetsch et al. Apr 2002 A1
20020059263 Shima et al. May 2002 A1
20020059428 Susai et al. May 2002 A1
20020065810 Bradley May 2002 A1
20020065848 Walker et al. May 2002 A1
20020073105 Noguchi et al. Jun 2002 A1
20020083067 Tamayo et al. Jun 2002 A1
20020083118 Sim Jun 2002 A1
20020087571 Stapel et al. Jul 2002 A1
20020087744 Kitchin Jul 2002 A1
20020087887 Busam et al. Jul 2002 A1
20020099829 Richards et al. Jul 2002 A1
20020103823 Jackson et al. Aug 2002 A1
20020103916 Chen et al. Aug 2002 A1
20020112061 Shih et al. Aug 2002 A1
20020133330 Loisey et al. Sep 2002 A1
20020133491 Sim et al. Sep 2002 A1
20020138615 Schmeling Sep 2002 A1
20020143819 Han et al. Oct 2002 A1
20020143909 Botz et al. Oct 2002 A1
20020147630 Rose et al. Oct 2002 A1
20020150253 Brezak et al. Oct 2002 A1
20020156905 Weissman Oct 2002 A1
20020160161 Misuda Oct 2002 A1
20020161911 Pinckney, III et al. Oct 2002 A1
20020161913 Gonzalez et al. Oct 2002 A1
20020162118 Levy et al. Oct 2002 A1
20020174216 Shorey et al. Nov 2002 A1
20020188667 Kirnos Dec 2002 A1
20020194112 dePinto et al. Dec 2002 A1
20020194342 Lu et al. Dec 2002 A1
20020198956 Dunshea et al. Dec 2002 A1
20020198993 Cudd et al. Dec 2002 A1
20030005172 Chessell Jan 2003 A1
20030009429 Jameson Jan 2003 A1
20030009528 Sharif et al. Jan 2003 A1
20030012382 Ferchichi et al. Jan 2003 A1
20030018450 Carley Jan 2003 A1
20030018585 Butler et al. Jan 2003 A1
20030028514 Lord et al. Feb 2003 A1
20030033308 Patel et al. Feb 2003 A1
20030033535 Fisher et al. Feb 2003 A1
20030037070 Marston Feb 2003 A1
20030046291 Fascenda Mar 2003 A1
20030055723 English Mar 2003 A1
20030061240 McCann et al. Mar 2003 A1
20030065951 Igeta et al. Apr 2003 A1
20030065956 Belapurkar et al. Apr 2003 A1
20030067923 Ju et al. Apr 2003 A1
20030069918 Lu et al. Apr 2003 A1
20030069974 Lu et al. Apr 2003 A1
20030070069 Belapurkar et al. Apr 2003 A1
20030074301 Solomon Apr 2003 A1
20030074434 Jason et al. Apr 2003 A1
20030086415 Bernhard et al. May 2003 A1
20030105846 Zhao et al. Jun 2003 A1
20030105983 Brakimo et al. Jun 2003 A1
20030108052 Inoue et al. Jun 2003 A1
20030115218 Bobbitt et al. Jun 2003 A1
20030115439 Mahalingam et al. Jun 2003 A1
20030128708 Inoue et al. Jul 2003 A1
20030130945 Force et al. Jul 2003 A1
20030139934 Mandera Jul 2003 A1
20030140140 Lahtinen Jul 2003 A1
20030145062 Sharma et al. Jul 2003 A1
20030145233 Poletto et al. Jul 2003 A1
20030149781 Yared et al. Aug 2003 A1
20030156586 Lee et al. Aug 2003 A1
20030159072 Bellinger et al. Aug 2003 A1
20030163576 Janssen et al. Aug 2003 A1
20030171978 Jenkins et al. Sep 2003 A1
20030177364 Walsh et al. Sep 2003 A1
20030177388 Botz et al. Sep 2003 A1
20030179755 Fraser Sep 2003 A1
20030191812 Agarwalla et al. Oct 2003 A1
20030195813 Pallister et al. Oct 2003 A1
20030204635 Ko et al. Oct 2003 A1
20030212954 Patrudu Nov 2003 A1
20030220835 Barnes, Jr. Nov 2003 A1
20030221000 Cherkasova et al. Nov 2003 A1
20030225485 Fritz et al. Dec 2003 A1
20030229665 Ryman Dec 2003 A1
20030236995 Fretwell, Jr. Dec 2003 A1
20040003266 Moshir et al. Jan 2004 A1
20040003287 Zissimopoulos et al. Jan 2004 A1
20040006575 Visharam et al. Jan 2004 A1
20040006591 Matsui et al. Jan 2004 A1
20040010654 Yasuda et al. Jan 2004 A1
20040015783 Lennon et al. Jan 2004 A1
20040017825 Stanwood et al. Jan 2004 A1
20040025013 Parker et al. Feb 2004 A1
20040028043 Maveli et al. Feb 2004 A1
20040028063 Roy et al. Feb 2004 A1
20040030627 Sedukhin Feb 2004 A1
20040030740 Stelting Feb 2004 A1
20040030857 Krakirian et al. Feb 2004 A1
20040043758 Sorvari et al. Mar 2004 A1
20040054777 Ackaouy et al. Mar 2004 A1
20040059789 Shum Mar 2004 A1
20040064544 Barsness et al. Apr 2004 A1
20040064554 Kuno et al. Apr 2004 A1
20040072569 Omae et al. Apr 2004 A1
20040093474 Lin et al. May 2004 A1
20040098383 Tabellion et al. May 2004 A1
20040103283 Hornak May 2004 A1
20040111523 Hall et al. Jun 2004 A1
20040111621 Himberger et al. Jun 2004 A1
20040117493 Bazot et al. Jun 2004 A1
20040122926 Moore et al. Jun 2004 A1
20040123277 Schrader et al. Jun 2004 A1
20040133605 Chang et al. Jul 2004 A1
20040133606 Miloushev et al. Jul 2004 A1
20040138858 Carley Jul 2004 A1
20040139355 Axel et al. Jul 2004 A1
20040148380 Meyer et al. Jul 2004 A1
20040141185 Akama Aug 2004 A1
20040151186 Akama Aug 2004 A1
20040153479 Mikesell et al. Aug 2004 A1
20040167967 Bastian et al. Aug 2004 A1
20040181605 Nakatani et al. Sep 2004 A1
20040192312 Li et al. Sep 2004 A1
20040199547 Winter et al. Oct 2004 A1
20040213156 Smallwood et al. Oct 2004 A1
20040215665 Edgar et al. Oct 2004 A1
20040236798 Srinivasan et al. Nov 2004 A1
20040236826 Harville et al. Nov 2004 A1
20040264472 Oliver et al. Dec 2004 A1
20040264481 Darling et al. Dec 2004 A1
20040267920 Hydrie et al. Dec 2004 A1
20040267948 Oliver et al. Dec 2004 A1
20040268358 Darling et al. Dec 2004 A1
20050004887 Igakura et al. Jan 2005 A1
20050021615 Arnott et al. Jan 2005 A1
20050021703 Cherry et al. Jan 2005 A1
20050021736 Carusi et al. Jan 2005 A1
20050027841 Rolfe Feb 2005 A1
20050027869 Johnson Feb 2005 A1
20050028010 Wallman Feb 2005 A1
20050044158 Malik Feb 2005 A1
20050044213 Kobayashi et al. Feb 2005 A1
20050050107 Mane et al. Mar 2005 A1
20050052440 Kim et al. Mar 2005 A1
20050055435 Gbadegesin et al. Mar 2005 A1
20050078604 Yim Apr 2005 A1
20050091214 Probert et al. Apr 2005 A1
20050108575 Yung May 2005 A1
20050114291 Becker-Szendy et al. May 2005 A1
20050114701 Atkins et al. May 2005 A1
20050117589 Douady et al. Jun 2005 A1
20050122977 Lieberman Jun 2005 A1
20050125195 Brendel Jun 2005 A1
20050154837 Keohane et al. Jul 2005 A1
20050165656 Frederick et al. Jul 2005 A1
20050175013 Le Pennec et al. Aug 2005 A1
20050187866 Lee Aug 2005 A1
20050187934 Motsinger et al. Aug 2005 A1
20050188220 Nilsson et al. Aug 2005 A1
20050188423 Motsinger et al. Aug 2005 A1
20050189501 Sato et al. Sep 2005 A1
20050198234 Leib et al. Sep 2005 A1
20050198310 Kim et al. Sep 2005 A1
20050213587 Cho et al. Sep 2005 A1
20050234928 Shkvarchuk et al. Oct 2005 A1
20050240664 Chen et al. Oct 2005 A1
20050246393 Coates et al. Nov 2005 A1
20050256806 Tien et al. Nov 2005 A1
20050262238 Reeves et al. Nov 2005 A1
20050277430 Meisi Dec 2005 A1
20050289109 Arrouye et al. Dec 2005 A1
20050289111 Tribble et al. Dec 2005 A1
20060010502 Mimatsu et al. Jan 2006 A1
20060031374 Lu et al. Feb 2006 A1
20060031520 Bedekar et al. Feb 2006 A1
20060045096 Farmer et al. Mar 2006 A1
20060047785 Wang et al. Mar 2006 A1
20060059267 Cugi et al. Mar 2006 A1
20060075475 Boulos et al. Apr 2006 A1
20060077902 Kannan et al. Apr 2006 A1
20060080353 Miloushev et al. Apr 2006 A1
20060095573 Carle May 2006 A1
20060106882 Douceur et al. May 2006 A1
20060112151 Manley et al. May 2006 A1
20060112176 Liu et al. May 2006 A1
20060112272 Morioka et al. May 2006 A1
20060112367 Harris May 2006 A1
20060123062 Bobbitt et al. Jun 2006 A1
20060129684 Datta Jun 2006 A1
20060135198 Lee Jun 2006 A1
20060140193 Kakani et al. Jun 2006 A1
20060153201 Hepper et al. Jul 2006 A1
20060156416 Huotari et al. Jul 2006 A1
20060161577 Kulkarni et al. Jul 2006 A1
20060167838 Lacapra Jul 2006 A1
20060171365 Borella Aug 2006 A1
20060179261 Rajan Aug 2006 A1
20060184589 Lees et al. Aug 2006 A1
20060190496 Tsunoda Aug 2006 A1
20060200470 Lacapra et al. Sep 2006 A1
20060209853 Hidaka et al. Sep 2006 A1
20060212746 Amegadzie et al. Sep 2006 A1
20060224687 Popkin et al. Oct 2006 A1
20060230148 Forecast et al. Oct 2006 A1
20060230265 Krishna Oct 2006 A1
20060233106 Achlioptas et al. Oct 2006 A1
20060242179 Chen et al. Oct 2006 A1
20060242300 Yumoto et al. Oct 2006 A1
20060259320 LaSalle et al. Nov 2006 A1
20060259949 Schaefer et al. Nov 2006 A1
20060268692 Wright et al. Nov 2006 A1
20060271598 Wong et al. Nov 2006 A1
20060277225 Mark et al. Dec 2006 A1
20060282442 Lennon et al. Dec 2006 A1
20060282461 Marinescu Dec 2006 A1
20060282471 Mark et al. Dec 2006 A1
20060288413 Kubota Dec 2006 A1
20070005807 Wong Jan 2007 A1
20070006293 Balakrishnan et al. Jan 2007 A1
20070016613 Foresti et al. Jan 2007 A1
20070016662 Desai et al. Jan 2007 A1
20070024919 Wong et al. Feb 2007 A1
20070027929 Whelan Feb 2007 A1
20070027935 Haselton et al. Feb 2007 A1
20070028068 Golding et al. Feb 2007 A1
20070058670 Konduru et al. Mar 2007 A1
20070064661 Sood et al. Mar 2007 A1
20070083646 Miller et al. Apr 2007 A1
20070088702 Fridella et al. Apr 2007 A1
20070088822 Coile et al. Apr 2007 A1
20070106796 Kudo et al. May 2007 A1
20070107048 Halls et al. May 2007 A1
20070118879 Yeun May 2007 A1
20070124502 Li May 2007 A1
20070124806 Shulman et al. May 2007 A1
20070130255 Wolovitz et al. Jun 2007 A1
20070136308 Tsirigotis et al. Jun 2007 A1
20070136312 Shulman et al. Jun 2007 A1
20070162891 Burner et al. Jul 2007 A1
20070168320 Borthakur et al. Jul 2007 A1
20070174491 Still et al. Jul 2007 A1
20070208748 Li Sep 2007 A1
20070209075 Coffman Sep 2007 A1
20070214503 Shulman et al. Sep 2007 A1
20070220598 Salowey et al. Sep 2007 A1
20070226331 Srinivasan et al. Sep 2007 A1
20070233809 Brownell et al. Oct 2007 A1
20070233826 Tindal et al. Oct 2007 A1
20070297410 Yoon et al. Dec 2007 A1
20070297551 Choi Dec 2007 A1
20080004022 Johannesson et al. Jan 2008 A1
20080010372 Khedouri et al. Jan 2008 A1
20080022059 Zimmerer et al. Jan 2008 A1
20080025297 Kashyap Jan 2008 A1
20080034136 Ulenas Feb 2008 A1
20080046432 Anderson et al. Feb 2008 A1
20080070575 Claussen et al. Mar 2008 A1
20080072303 Syed Mar 2008 A1
20080104443 Akutsu et al. May 2008 A1
20080120370 Chan et al. May 2008 A1
20080133518 Kapoor et al. Jun 2008 A1
20080134311 Medvinsky et al. Jun 2008 A1
20080137659 Levy-Abegnoli et al. Jun 2008 A1
20080148340 Powell et al. Jun 2008 A1
20080159145 Muthukrishnan et al. Jul 2008 A1
20080178278 Grinstein et al. Jul 2008 A1
20080201599 Ferraiolo et al. Aug 2008 A1
20080205415 Morales Aug 2008 A1
20080205613 Lopez Aug 2008 A1
20080208933 Lyon Aug 2008 A1
20080209073 Tang Aug 2008 A1
20080222223 Srinivasan et al. Sep 2008 A1
20080222646 Sigal et al. Sep 2008 A1
20080225710 Raja et al. Sep 2008 A1
20080229415 Kapoor et al. Sep 2008 A1
20080243769 Arbour et al. Oct 2008 A1
20080253395 Pandya Oct 2008 A1
20080256224 Kaji et al. Oct 2008 A1
20080270578 Zhang et al. Oct 2008 A1
20080271132 Jokela et al. Oct 2008 A1
20080275843 Lal Nov 2008 A1
20080282047 Arakawa et al. Nov 2008 A1
20080288661 Galles Nov 2008 A1
20080301760 Lim Dec 2008 A1
20080304457 Thubert et al. Dec 2008 A1
20080320093 Thorne Dec 2008 A1
20090007162 Sheehan Jan 2009 A1
20090028337 Balabine et al. Jan 2009 A1
20090037975 Ishikawa et al. Feb 2009 A1
20090041230 Williams Feb 2009 A1
20090049230 Pandya Feb 2009 A1
20090055607 Schack et al. Feb 2009 A1
20090070617 Arimilli et al. Mar 2009 A1
20090077097 Lacapra et al. Mar 2009 A1
20090077619 Boyce Mar 2009 A1
20090089344 Brown et al. Apr 2009 A1
20090094252 Wong et al. Apr 2009 A1
20090094610 Sukirya Apr 2009 A1
20090100518 Overcash Apr 2009 A1
20090103524 Mantripragada Apr 2009 A1
20090106255 Lacapra et al. Apr 2009 A1
20090106263 Khalid et al. Apr 2009 A1
20090119504 van Os et al. May 2009 A1
20090125496 Wexler et al. May 2009 A1
20090125532 Wexler et al. May 2009 A1
20090125625 Shim et al. May 2009 A1
20090125955 DeLorme May 2009 A1
20090132616 Winter et al. May 2009 A1
20090138749 Moll et al. May 2009 A1
20090141891 Boyen et al. Jun 2009 A1
20090187649 Migault et al. Jul 2009 A1
20090193115 Sugita Jul 2009 A1
20090196282 Fellman et al. Aug 2009 A1
20090204649 Wong et al. Aug 2009 A1
20090204650 Wong et al. Aug 2009 A1
20090204705 Marinov et al. Aug 2009 A1
20090210431 Marinkovic et al. Aug 2009 A1
20090228956 He et al. Sep 2009 A1
20090254592 Marinov et al. Oct 2009 A1
20090265396 Ram et al. Oct 2009 A1
20090271865 Jiang Oct 2009 A1
20090287935 Aull et al. Nov 2009 A1
20090296624 Ryu et al. Dec 2009 A1
20090300161 Pruitt et al. Dec 2009 A1
20090300407 Kamath et al. Dec 2009 A1
20100011434 Kay Jan 2010 A1
20100017846 Huang et al. Jan 2010 A1
20100023582 Pedersen et al. Jan 2010 A1
20100034381 Trace et al. Feb 2010 A1
20100036959 Trace et al. Feb 2010 A1
20100061380 Barach et al. Mar 2010 A1
20100064001 Daily Mar 2010 A1
20100071048 Novak et al. Mar 2010 A1
20100077462 Joffe et al. Mar 2010 A1
20100115236 Bataineh et al. May 2010 A1
20100122091 Huang et al. May 2010 A1
20100142382 Jungck et al. Jun 2010 A1
20100150154 Viger et al. Jun 2010 A1
20100161774 Huang et al. Jun 2010 A1
20100165877 Shukla et al. Jul 2010 A1
20100179984 Sebastian Jul 2010 A1
20100211547 Kamei et al. Aug 2010 A1
20100217890 Nice et al. Aug 2010 A1
20100228813 Suzuki et al. Sep 2010 A1
20100242092 Harris et al. Sep 2010 A1
20100251330 Kroeselberg et al. Sep 2010 A1
20100274885 Yoo et al. Oct 2010 A1
20100322250 Shetty et al. Dec 2010 A1
20100325264 Crowder et al. Dec 2010 A1
20100325277 Muthiah et al. Dec 2010 A1
20110038377 Haddad Feb 2011 A1
20110040889 Garrett et al. Feb 2011 A1
20110047620 Mahaffey et al. Feb 2011 A1
20110055921 Narayanaswamy et al. Mar 2011 A1
20110066718 Susai et al. Mar 2011 A1
20110066736 Mitchell et al. Mar 2011 A1
20110087696 Lacapra Apr 2011 A1
20110153822 Rajan et al. Jun 2011 A1
20110154132 Aybay Jun 2011 A1
20110154443 Thakur et al. Jun 2011 A1
20110173295 Bakke et al. Jul 2011 A1
20110184733 Yu et al. Jul 2011 A1
20110208714 Soukal et al. Aug 2011 A1
20110211553 Haddad Sep 2011 A1
20110246800 Accpadi et al. Oct 2011 A1
20110273984 Hsu et al. Nov 2011 A1
20110282997 Prince et al. Nov 2011 A1
20110283018 Levine et al. Nov 2011 A1
20110292857 Sarikaya et al. Dec 2011 A1
20110295924 Morris Dec 2011 A1
20110307629 Haddad Dec 2011 A1
20110321122 Mwangi et al. Dec 2011 A1
20120005372 Sarikaya et al. Jan 2012 A1
20120016994 Nakamura et al. Jan 2012 A1
20120039341 Latif et al. Feb 2012 A1
20120041965 Vasquez et al. Feb 2012 A1
20120047571 Duncan et al. Feb 2012 A1
20120054497 Korhonen Mar 2012 A1
20120059934 Rafiq et al. Mar 2012 A1
20120063314 Pignataro et al. Mar 2012 A1
20120066489 Ozaki et al. Mar 2012 A1
20120071131 Zisapel et al. Mar 2012 A1
20120101952 Raleigh et al. Apr 2012 A1
20120110210 Huang et al. May 2012 A1
20120117379 Thornewell et al. May 2012 A1
20120173873 Bell Jul 2012 A1
20120174217 Ormazabal Jul 2012 A1
20120191847 Nas et al. Jul 2012 A1
20120215704 Simpson et al. Aug 2012 A1
20120259998 Kaufman Oct 2012 A1
20120284296 Arifuddin et al. Nov 2012 A1
20120311153 Morgan Dec 2012 A1
20120317266 Abbott Dec 2012 A1
20130007870 Devarajan et al. Jan 2013 A1
20130029726 Berionne et al. Jan 2013 A1
20130091002 Christie et al. Apr 2013 A1
20130100815 Kakadia et al. Apr 2013 A1
20130103805 Lyon Apr 2013 A1
20130104230 Tang et al. Apr 2013 A1
20130110939 Yang et al. May 2013 A1
20130120168 Kumar et al. May 2013 A1
20130151725 Baginski et al. Jun 2013 A1
20130166715 Yuan et al. Jun 2013 A1
20130198322 Oran et al. Aug 2013 A1
20130201999 Savolainen et al. Aug 2013 A1
20130205035 Chen Aug 2013 A1
20130205040 Naor et al. Aug 2013 A1
20130263259 Huston, III et al. Oct 2013 A1
20130335010 Wu et al. Dec 2013 A1
20130336122 Barush et al. Dec 2013 A1
20130340079 Gottlieb Dec 2013 A1
20140025823 Szabo et al. Jan 2014 A1
20140040478 Hsu et al. Feb 2014 A1
20140095661 Knowles et al. Apr 2014 A1
20140269484 Dankberg et al. Sep 2014 A1
20140317404 Carlson et al. Oct 2014 A1
20150089215 Hattori Mar 2015 A1
20160112406 Bugrov Apr 2016 A1
20170041151 Kommireddy Feb 2017 A1
Foreign Referenced Citations (43)
Number Date Country
2003300350 Jul 2004 AU
2080530 Apr 1994 CA
2512312 Jul 2004 CA
0 605 088 Jul 1994 EP
0 738 970 Oct 1996 EP
0744850 Nov 1996 EP
1 081 918 Mar 2001 EP
2 244 418 Oct 2010 EP
2 448 071 Oct 2008 GB
63010250 Jan 1988 JP
06-205006 Jul 1994 JP
06-332782 Dec 1994 JP
8021924 Mar 1996 JP
08-328760 Dec 1996 JP
08-339355 Dec 1996 JP
9016510 Jan 1997 JP
11282741 Oct 1999 JP
2000183935 Jun 2000 JP
2005-010913 Jan 2005 JP
2008-257738 Oct 2008 JP
2009-124113 Jun 2009 JP
2011-188071 Sep 2011 JP
2011-238263 Nov 2011 JP
566291 Dec 2008 NZ
WO 9114326 Sep 1991 WO
WO 9505712 Feb 1995 WO
WO 9709805 Mar 1997 WO
WO 9745800 Dec 1997 WO
WO 9905829 Feb 1999 WO
WO 9906913 Feb 1999 WO
WO 9910858 Mar 1999 WO
WO 9939373 Aug 1999 WO
WO 9964967 Dec 1999 WO
WO 0004422 Jan 2000 WO
WO 0004458 Jan 2000 WO
WO 0058870 Oct 2000 WO
WO 0239696 May 2002 WO
WO 02056181 Jul 2002 WO
WO 2004061605 Jul 2004 WO
WO 2006091040 Aug 2006 WO
WO 2009052668 Oct 2007 WO
WO 2008130983 Oct 2008 WO
WO 2008147973 Dec 2008 WO
Non-Patent Literature Citations (192)
Entry
Big-IP® Access Policy Manager®: Implementations, Version 12.0, F5 Networks, Inc., 2015, pp. 1-108.
Who is Xelerance,<http://www.xelerance.com>, slides 1-6 (2007).
“A Process for Selective Routing of Servlet Content to Transcoding Modules,” Research Disclosure 422124, Jun. 1999, pp. 889-890, IBM Corporation.
“A Storage Architecture Guide,” Second Edition, 2001, Auspex Systems, Inc., www.auspex.com, last accessed on Dec. 30, 2002.
“BIG-IP® Global Traffic Manager,” <http://www.f5.com/products/big-ip/product-modules/global-traffic-manager.html>, last accessed Jul. 6, 2010, 2 pages.
“BIG-IP® Global Traffic Manager™ and BIG-IP Link Controller™ : Implementations,” Manual 0304-00, Dec. 3, 2009, pp. 1-161, version 10.1, F5 Networks, Inc.
“BIG-IP® Systems: Getting Started Guide,” Manual 0300-00, Feb. 4, 2010, pp. 1-102, version 10.1, F5 Networks, Inc.
“CSA Persistent File System Technology,” A White Paper, Jan. 1, 1999, p. 1-3, http://www.cosoa.com/white_papers/pfs.php, Colorado Software Architecture, Inc.
“Detail Requirement Report: RQ-GTM-0000024,” <http://fpweb/fptopic.asp?REQ=RQ-GTM-0000024>, F5 Networks, Inc., 1999, printed Mar. 31, 2010, 2 pages.
“Detail Requirement Report: RQ-GTM-0000028,” <http://fpweb/fptopic.asp?REQ=RQ-GTM-0000028>, F5 Networks, Inc., 1999, printed Mar. 31, 2010, 2 pages.
“Diameter MBLB Support Phase 2: Generic Message Based Load Balancing (GMBLB)”, last accessed Mar. 29, 2010, pp. 1-10, (http://peterpan.f5net.com/twiki/bin/view/TMOS/TMOSDiameterMBLB).
“Distributed File System: A Logical View of Physical Storage: White Paper,” 1999, Microsoft Corp., www.microsoft.com, <http://www.eu.microsoft.com/TechNet/prodtechnol/windows2000serv/maintain/DFSnt95>, pp. 1-26, last accessed on Dec. 20, 2002.
“DNS DDOS Protection Functional Spec,” BigipDNSDDOSProtectionFS<TMO<TWiki, last accessed Mar. 31, 2010, 2 pages.
“DNS Security (DNSSEC) Solutions,” <http://www.f5.com/solutions/security/dnssec>, F5 Networks, Inc., printed Aug. 23, 2010, pp. 1-4.
“DNSSEC Functional Spec,” TMOSDnsSECFS<TMOS<TWiki, last accessed on Mar. 31, 2010, pp. 1-10.
“DNSX; DNSX Secure Signer; DNSSEC Management Solution,” <http://www.xelerance.com/dnssec>.pp. 1-9, Aug. 2009.
“F5 and Infoblox Provide Customers with Complete DNS Security Solution,” <http://www.f5.com/news-press-events/press/2010/20100301.html>, Mar. 1, 2010, 2 pages, F5 Networks, Inc., Seattle and Santa Clara, California.
“F5 Solutions Enable Government Organizations to Meet 2009 DNSSEC Compliance,” .<http://www.f5.com/news-press-events/press/2009/20091207.html>, Dec. 7, 2009, 2 pages, F5 Networks, Inc., Seattle, California.
“Market Research & Releases, CMPP PoC documentation”, last accessed Mar. 29, 2010, (http://mainstreet/sites/PD/Teams/ProdMgmt/MarketResearch/Universal).
“Market Research & Releases, Solstice Diameter Requirements”, last accessed Mar. 29, 2010, (http.//mainstreet/sites/PD/Teams/ProdMgmt/MarketResearch/Unisversal).
“NERSC Tutorials: I/O on the Cray T3E, ‘Chapter 8, Disk Striping’,” National Energy Research Scientific Computing Center (NERSC), http://hpcfnersc.gov, last accessed on Dec. 27, 2002.
“PDR/CDR for RQ-GTM-0000028,” BigipDNSDDOSProtectionPDR<TMOS<TWiki, last accessed on Mar. 31, 2010, pp. 1-14.
“Respond to Server Depending on TCP::Client_Port”, DevCentral Forums iRules, pp. 1-6, last accessed Mar. 26, 2010, (http://devcentral.f5.com/Default/aspx?tabid=53&forumid=5&tpage=1&v).
“Scaling Next Generation Web Infrastructure with Content-Intelligent Switching: White Paper,” Apr. 2000, p. 1-9 Alteon Web Systems, Inc.
“Secure64 DNS Signer”, <http://www.secure64.com>, Data sheet, Jun. 22, 2011, V.3.1., 2 pages.
“Servlet/Applet/HTML Authentication Process With Single Sign-On,” Research Disclosure 429128, Jan. 2000, pp. 163-164, IBM Corporation.
“The AFS File System in Distributed Computing Environment,” www.transarc.ibm.com/Library/whitepapers/AFS/afsoverview.html, last accessed on Dec. 20, 2002.
“Traffic Surges; Surge Queue; Netscaler Defense,” 2005, PowerPoint Presentation, slides 1-12, Citrix Systems, Inc.
“UDDI Overview”, Sep. 6, 2000, pp. 1-21, uddi.org, (http://www.uddi.org/).
“UDDI Technical White Paper,” Sep. 6, 2000, pp. 1-12, uddi-org, (http://www.uddi.org/).
“UDDI Version 3.0.1”, UDDI Spec Technical Committee Specification, Oct. 14, 2003, pp. 1-383, uddi.org, (http://www.uddi.org/).
“VERITAS SANPoint Foundation Suite(tm) and SANPoint Foundation Suite(tm) HA: New VERITAS Volume Management and File System Technology for Cluster Environments,” Sep. 2001, VERITAS Software Corp.
“Who is Xelerance,” <http://www.xelerance.com>, slides 1-6.
“Windows Clustering Technologies—An Overview,” Nov. 2001, Microsoft Corp., www.microsoft.com, last accessed on Dec. 30, 2002.
“Windows Server 2003 Kerberos Extensions,” Microsoft TechNet, 2003 (Updated Jul. 31, 2004), http://technet.microsoft.com/en-us/library/cc738207, Microsoft Corporation.
Abad, C., et al., “An Analysis on the Schemes for Detecting and Preventing ARP Cache Poisoning Attacks”, IEEE, Computer Society, 27th International Conference on Distributed Computing Systems Workshops (ICDCSW'07), 2007, pp. 1-8.
Aguilera, Marcos K. et al., “Improving recoverability in multi-tier storage systems,” International Conference on Dependable Systems and Networks (DSN-2007), Jun. 2007, 10 pages, Edinburgh, Scotland.
Anderson et al., “Serverless Network File System,” in the 15th Symposium on Operating Systems Principles, Dec. 1995, Association for Computing Machinery, Inc. (18 pages).
Anderson, Darrell C. et al., “Interposed Request Routing for Scalable Network Storage,” ACM Transactions on Computer Systems 20(1): (Feb. 2002), pp. 1-24.
Anonymous, “How DFS Works: Remote File Systems,” Distributed File System (DFS) Technical Reference, retrieved from the Internet on Feb. 13, 2009: URL<:http://technetmicrosoft.com/en-us/library/cc782417WS.10,printer).aspx> (Mar. 2003).
Apple, Inc., “Mac OS X Tiger Keynote Intro. Part 2,” Jun. 2004, www.youtube.com <http://www.youtube.com/watch?v=zSBJwEmRJbY>, p. 1.
Apple, Inc., “Tiger Developer Overview Series: Working with Spotlight,” Nov. 23, 2004, www.apple.com using www.archive.org <http://web.archive.org/web/20041123005335/developer.apple.com/macosx/tiger/spotlight.html>, pp. 1-6.
Arends et al., “DNS Security Introduction and Requirements”, Network Working Group, RFC 4033, Mar. 2005, pp. 1-20.
Arends et al., “Protocol Modifications for the DNS Security Extensions,” Network Working Group, RFC 4035, Mar. 1, 2005, 54 pages, The Internet Society.
Arends et al., “Resource Records for the DNS Security Extensions”, Network Working Group, RFC 4034, Mar. 2005, pp. 1-28.
Aura T., “Cryptographically Generated Addresses (CGA)”, Network Working Group, RFC 3972, Mar. 2005, pp. 1-21.
Baer, T., et al., “The Elements of Web Services” ADTmag.com, Dec. 1, 2002, pp. 1-6, (http://www.adtmag.com).
Bagnulo et al., “DNS 64: DNS extensions for Network Address Translation from IPv6 Clients to IPv4 Servers,” Internet draft, Jul. 2010, pp. 1-31, IETF Trust.
Basney et al., “Credential Wallets: A Classification of Credential Repositories Highlighting MyProxy,” Sep. 19-21, 2003, pp. 1-20, 31st Research Conference on Communication, Information and Internet Policy (TPRC 2003), Arlington, Virginia.
Bau et al., “A Security Evaluation of DNSSEC with NSEC3,” Mar. 2, 2010; updated version corrects and supersedes a paper in the NDSS' 10 proceedings, pp. 1-18.
Blue Coat, “Technology Primer: CIFS Protocol Optimization,” Blue Coat Systems Inc., 2007, pp. 1-3, (http://www.bluecoat.com).
Botzum, Keys, “Single Sign On—A Contrarian View,” Aug. 6, 2001, pp. 1-8, Open Group Website, http://www.opengroup.org/security/topics.htm.
Cabrera et al., “Swift: A Storage Architecture for Large Objects,” In Proceedings of the-Eleventh IEEE Symposium on Mass Storage Systems, Oct. 1991, pp. 123-128.
Cabrera et al., “Swift: Using Distributed Disk Striping to Provide High I/O Data Rates,” Fall 1991, pp. 405-436, vol. 4, No. 4, Computing Systems.
Cabrera et al., “Using Data Striping in a Local Area Network,” 1992, technical report No. UCSC-CRL-92-09 of the Computer & Information Sciences Department of University of California at Santa Cruz.
Callaghan et al., “NFS Version 3 Protocol Specifications” (RFC 1813), Jun. 1995, The Internet Engineering Task Force (IETN), www.ietf.org, last accessed on Dec. 30, 2002.
Carns et al., “PVFS: A Parallel File System for Linux Clusters,” in Proceedings of the Extreme Linux Track: 4th Annual Linux Showcase and Conference, Oct. 2000, pp. 317- 327, Atlanta, Georgia, USENIX Association.
Carpenter, B., “Transmission of IPv6 over IPv4 Domains without Explicit Tunnels”, Network Working Group, RFC 2529, Mar. 1999, pp. 1-10.
Cavale, M. R., “Introducing Microsoft Cluster Service (MSCS) in the Windows Server 2003”, Microsoft Corporation, Nov. 2002.
Crescendo Networks, “Application Layer Processing (ALP),” 2003-2009, pp. 168-186, Chapter 9, CN-5000E/5500E, Foxit Software Company.
Dan Kaminsky, (slideshow presentation) “Black Ops of Fundamental Defense: Introducing the Domain Key Infrastructure”, retrieved from Internet URL: http://www.slideshare.net/RecursionVentures/dki-2, (slides 1-116) (Aug. 2010).
Eastlake D., “Domain Name System Security Extensions”, Network Working Group, RFC 2535, Mar. 1999, pp. 1-44.
English Translation of Notification of Reason(s) for Refusal for JP 2002-556371 (Dispatch Date: Jan. 22, 2007).
F5 Networks Inc., “3-DNS® Reference Guide, version 4.5”, F5 Networks Inc., Sep. 2002, pp. 2-1-2-28, 3-1-3-12, 5-1-5-24, Seattle, Washington.
F5 Networks Inc., “Big-IP® Reference Guide, version 4.5”, F5 Networks Inc., Sep. 2002, pp. 11-1-11-32, Seattle, Washington.
F5 Networks Inc., “Case Information Log for ‘Issues with BoNY upgrade to 4.3’”, as early as Feb. 2008.
F5 Networks Inc., “Configuration Guide for Local Traffic Management”, F5 Networks Inc., Jan. 2006, version 9.2.2, 406 pgs.
F5 Networks Inc., “Deploying the BIG-IP LTM for Diameter Traffic Management” F5® Deployment Guide, Publication date Sep. 2010, Version 1.2, pp. 1-19.
F5 Networks Inc., “F5 Diameter RM”, Powerpoint document, Jul. 16, 2009, pp. 1-7.
F5 Networks Inc., “F5 WANJet CIFS Acceleration”, White Paper, F5 Networks Inc., Mar. 2006, pp. 1-5, Seattle, Washington.
F5 Networks Inc., “Routing Global Internet Users to the Appropriate Data Center and Applications Using F5's 3-DNS Controller”, F5 Networks Inc., Aug. 2001, pp. 1-4, Seattle, Washington, (http://www.f5.com/f5producs/3dns/relatedMaterials/UsingF5.html).
F5 Networks Inc., “Using F5's 3-DNS Controller to Provide High Availability Between Two or More Data Centers”, F5 Networks Inc., Aug. 2001, pp. 1-4, Seattle, Washington, (http://www.f5.com/f5products/3dns/relatedMaterials/3DNSRouting.html).
F5 Networks, Inc., “BIG-IP ASM 11.2.0”, Release Notes, Sep. 19, 2012, Version 11.2.0, F5 Networks, Inc.
F5 Networks, Inc., “BIG-IP Controller with Exclusive OneConnect Content Switching Feature Provides a Breakthrough System for Maximizing Server and Network Performance,” Press Release, May 8, 2001, 2 pages, Las Vegas, Nevada.
F5 Networks, Inc., “BIG-IP Systems: Getting Started Guide,” Manual 0300-00, Feb. 4, 2010, pp. 1-102, version 10.1, F5 Networks, Inc.
F5 Networks, Inc., “BIG-IP® Access Policy Manager®: Application Access,” version 12.1, published May 9, 2016 (66 pages).
F5 Networks, Inc., “BIG-IP® Access Policy Manager®: Authentication and Single Sign-On,” version 12.1, published May 9, 2016 (332 pages).
F5 Networks, Inc., “BIG-IP® Access Policy Manager®: Implementations,” version 12.1, published May 9, 2016 (168 pages).
F5 Networks, Inc., “BIG-IP® Access Policy Manager®: Network Access,” version 12.1, published May 9, 2016 (108 pages).
F5 Networks, Inc., “BIG-IP® Access Policy Manager®: Portal Access,” version 12.1, published May 9, 2016 (82 pages).
F5 Networks, Inc., “BIG-IP® Access Policy Manager®: Secure Web Gateway”, version 12.1, published May 9, 2016 (180 pages).
F5 Networks, Inc., “BIG-IP® Application Security Manager™ : Getting Started Guide”, Version 11.2, May 7, 2012, F5 Networks, Inc.
F5 Networks, Inc., “BIG-IP® Application Security Manager™ : Implementations”, Version 11.2, May 7, 2012, F5 Networks, Inc.
F5 Networks, Inc., “BIG-IP® TMOS® : Implementations”, Manual, May 5, 2015, Version 11.2, F5 Networks, Inc.
F5 Networks, Inc., “Configuration Guide for BIG-IP® Application Security Manager™ ”, Manual, May 7, 2012, Version 11.2, F5 Networks, Inc.
F5 Networks, Inc., “F5 TMOS Operations Guide”, Manual, Mar. 5, 2015, F5 Networks, Inc.
F5 Networks, Inc., “Release Note: BIG-IP APM 12.1.0,” published Jun. 6, 2016 (13 pages).
Fajardo V., “Open Diameter Software Architecture,” Jun. 25, 2004, pp. 1-6, Version 1.0.7.
Fan et al., “Summary Cache: A Scalable Wide-Area Protocol”, Computer Communications Review, Association Machinery, New York, USA, Oct. 1998, vol. 28, Web Cache Sharing for Computing No. 4, pp. 254-265.
Farley, M., “Building Storage Networks,” Jan. 2000, McGraw Hill, ISBN 0072120509.
Fielding et al., “Hypertext Transfer Protocol—HTTP/1.1,” Network Working Group, RFC: 2068, Jan. 1997, pp. 1-162.
Fielding et al., “Hypertext Transfer Protocol—HTTP/1.1,” Network Working Group, RFC: 2616, Jun. 1999, pp. 1-176, The Internet Society.
Floyd et al., “Random Early Detection Gateways for Congestion Avoidance,” Aug. 1993, pp. 1-22, IEEE/ACM Transactions on Networking, California.
Forrester Research, Inc., “DNSSEC Ready for Prime Time”, Forrester Research, Inc. Cambridge, MA, 23 pages (Jul. 2010).
Gibson et al., “File Server Scaling with Network-Attached Secure Disks,” in Proceedings of the ACM International Conference on Measurement and Modeling of Computer Systems (Sigmetrics '97), Association for Computing Machinery, Inc., Jun. 15-18, 1997.
Gibson et al., “NASD Scalable Storage Systems,” Jun. 1999, USENIX99, Extreme Linux Workshop, Monterey, California.
Gupta et al., “Algorithms for Packet Classification”, Computer Systems Laboratory, Stanford University, CA, Mar./Apr. 2001, pp. 1-29.
Hagino J., et al., “An IPv6-to-IPv4 Transport Relay Translator”, Network Working Group, RFC 3142, Jun. 2001, pp. 1-11.
Harrison, C., May 19, 2008 response to Communication pursuant to Article 96(2) EPC dated Nov. 9, 2007 in corresponding European patent application No. 02718824.2.
Hartman, J., “The Zebra Striped Network File System,” 1994, Ph.D. dissertation submitted in the Graduate Division of the University of California at Berkeley.
Haskin et al., “The Tiger Shark File System,” 1996, in proceedings of IEEE, Spring COMPCON, Santa Clara, CA, www.research.ibm.com, last accessed on Dec. 30, 2002.
Heinz G., “Priorities in Stream Transmission Control Protocol (SCTP) Multistreaming”, Thesis submitted to the Faculty of the University of Delaware, Spring 2003, pp. 1-35.
Higgins, Kelly Jackson, “Internet Infrastructure Reaches Long-Awaited Security Milestone,” Tech Center: Security Services, <http//www.darkreading.com/securityservices/security/management/showArticle.jhtml?article>, Jul. 28, 2010. pp. 1-4.
Hochmuth, Phil, “F5, CacheFlow pump up content-delivery lines,” Network World Fusion, May 4, 2001, 1 page, Las Vegas, Nevada.
Howarth, Fran, “Investing in security versus facing the consequences,” White Paper by Bloor Research, Sep. 2010, pp. 1-15.
Hu, J., Final Office action dated Sep. 21, 2007 for related U.S. Appl. No. 10/336,784.
Hu, J., Office action dated Feb. 6, 2007 for related U.S. Appl. No. 10/336,784.
Hwang et al., “Designing SSI Clusters with Hierarchical Checkpointing and Single 1/0 Space,” IEEE Concurrency, Jan.-Mar. 1999, pp. 60-69.
Ilvesmaki M., et al., “On the Capabilities of Application Level Traffic Measurements to Differentiate and Classify Internet Traffic”, Presented in SPIE's International Symposium ITcom, Aug. 19-21, 2001, pp. 1-11, Denver, Colorado.
International Search Report and Written Opinion for International Patent Application No. PCT/US2011/058469 (dated May 30, 2012).
International Search Report and Written Opinion for PCT/US2011/054331, dated Mar. 13, 2012, 13 pages.
International Search Report for International Patent Application No. PCT/US2008/083117 (dated Jun. 23, 2009).
International Search Report for International Patent Application No. PCT/US2008/060449 (dated Apr. 9, 2008).
International Search Report for International Patent Application No. PCT/US2008/064677 (dated Sep. 6, 2009).
International Search Report for International Patent Application No. PCT/US02/00720, dated Mar. 19, 2003.
International Search Report for International Patent Application No. PCT/US2012/071648 (dated May 27, 2013).
International Search Report from International Application No. PCT/US03/41202, dated Sep. 15, 2005.
Internet Protocol,“DARPA Internet Program Protocol Specification”, (RFC:791), Information Sciences Institute, University of Southern California, Sep. 1981, pp. 1-49.
Karamanolis et al., “An Architecture for Scalable and Manageable File Services,” HPL-2001-173, Jul. 26, 2001. p. 1-14.
Katsurashima et al., “NAS Switch: A Novel CIFS Server Virtualization, Proceedings,” 20th IEEE/11th NASA Goddard Conference on Mass Storage Systems and Technologies, 2003 (MSST 2003), Apr. 2003.
Kawamoto, D., “Amazon Files for Web Services Patent”, CNET News.com, Jul. 28, 2005, pp. 1-2, last accessed May 4, 2006, (http://news.com).
Kimball, C.E. et al., “Automated Client-Side Integration of Distributed Application Servers,” 13Th LISA Conf., 1999, pp. 275-282 of the Proceedings.
Klayman, J., response filed by Japanese associate to office action dated Jan. 22, 2007 in corresponding Japanese patent application No. 2002-556371.
Klayman, J., Nov. 13, 2008 e-mail to Japanese associate including instructions for response to office action dated May 26, 2008 in corresponding Japanese patent application No. 2002-556371.
Klayman, J., Jul. 18, 2007 e-mail to Japanese associate including instructions for response to office action dated Jan. 22, 2007 in corresponding Japanese patent application No. 2002-556371.
Kohl et al., “The Kerberos Network Authentication Service (V5),” RFC 1510, Sep. 1993. (http://www.ietf.org/ rfc/rfc1510.txt?number=1510).
Korkuzas, V., Communication pursuant to Article 96(2) EPC dated Sep. 11, 2007 in corresponding European patent application No. 02718824.2-2201.
LaMonica M., “Infravio Spiffs Up Web Services Registry Idea”, CNET News.com, May 11, 2004, pp. 1-2, last accessed Sep. 20, 2004, (http://www.news.com).
Laurie et al., “DNS Security (DNSSEC) Hashed Authenticated Denial of Existence,” Mar. 2008, pp. 1-52, The IETF Trust.
Laurie et al., “DNS Security (DNSSEC) Hashed Authenticated Denial of Existence,” Network Working Group, RFC 5155, Feb. 2008, pp. 1-51.
Lelil, S., “Storage Technology News: AutoVirt adds tool to help data migration projects,” Feb. 25, 2011, last accessed Mar. 17, 2011, <http://searchstorage.techtarget.com/news/article/0,289142,sid5_gci1527986,00.html>.
Long et al., “Swift/RAID: A distributed RAID System”, Computing Systems, Summer 1994, vol. 7, pp. 333-359.
Mac Vittie, L., “Message-Based Load Balancing: Using F5 Solutions to Address the Challenges of Scaling Diameter, RADIUS, and Message-Oriented Protocols”, F5 Technical Brief, 2005, pp. 1-9, F5 Networks Inc., Seattle, Washington.
Macvittie, Lori, “It's DNSSEC Not DNSSUX,” DevCentral>Weblogs, <http://devcentral.f5.com/weblogs/macvittie/archive/2009/11/18/itrsquos-dnssec-not-dnssux.aspx>, posted on Nov. 18, 2009, accessed on Jul. 6, 2010, pp. 3-7.
Macvittie, Lori, “Message-Based Load Balancing,” Technical Brief, Jan. 2010, pp. 1-9, F5 Networks, Inc.
Meyer et al., “F5 and Infoblox DNS Integrated Architecture: Offering a Complete Scalable, Secure DNS Solution,” F5 Technical Brief, Feb. 2, 2010, 18 pages, URL: http://web.archive.prg/web/20100326145019/http://www.f5.com/pdf/white-papers/infoblox-wp.pdf.
Modiano E., “Scheduling Algorithms for Message Transmission Over a Satellite Broadcast System”, MIT Lincoln Laboratory Advanced Network Group, Nov. 1997, pp. 1-7.
Nichols K., et al., “Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers”, (RFC:2474) Network Working Group, Dec. 1998, pp. 1-19, last accessed Oct. 8, 2012, (http://www.ietf.org/rfc/rfc2474.txt).
Noghani et al., “A Novel Approach to Reduce Latency on the Internet: ‘Component-Based Download’,” Proceedings of the Computing, Las Vegas, NV, Jun. 2000, pp. 1-6 on the Internet: Intl Conf. on Internet.
Norton et al., “CIFS Protocol Version CIFS-Spec 0.9,” 2001, Storage Networking Industry Association (SNIA), www.snia.org, last accessed on Mar. 26, 2001.
Notice of Reasons for Rejection and Its English Translation for corresponding Japanese Patent Application No. 2014-550426 (dated Apr. 13, 2016) (3 pages).
Novotny et al., “An Online Credential Repository for the Grid: MyProxy,” 2001, pp. 1-8.
Office Action for corresponding Chinese Application No. 201280070784.4 (dated Dec. 6, 2016) (15 pages).
Office Action for corresponding Taiwan Patent Application No. 101145417 (dated May 11, 2016) (11 pages).
Ott D., et al., “A Mechanism for TCP-Friendly Transport-level Protocol Coordination”, USENIX Annual Technical Conference, 2002, University of North Carolina at Chapel Hill, pp. 1-12.
Owasp, “Testing for Cross site scripting”, OWASP Testing Guide v2, Table of Contents, Feb. 24, 2011, pp. 1-5, (www.owasp.org/index.php/Testing_for_Cross_site_scripting).
Padmanabhan V., et al., “Using Predictive Prefetching to Improve World Wide Web Latency”, SIGCOM, 1996, pp. 1-15.
Pashalidis et al., “A Taxonomy of Single Sign-On Systems,” 2003, pp. 1-16, Royal Holloway, University of London, Egham Surray, TW20, 0EX, United Kingdom.
Pashalidis et al., “Impostor: A Single Sign-On System for Use from Untrusted Devices,” Global Telecommunications Conference, 2004, GLOBECOM '04, IEEE, Issue Date: Nov. 29-Dec. 3, 2004.Royal Holloway, University of London.
Patterson et al., “A case for redundant arrays of inexpensive disks (RAID)”, Chicago, Illinois, Jun. 1-3, 1998, in Proceedings of ACM SIGMOD conference on the Management of Data, pp. 109-116, Association for Computing Machinery, Inc., www.acm.org, last accessed on Dec. 20, 2002.
Pearson, P.K., “Fast Hashing of Variable-Length Text Strings,” Comm. of the ACM, Jun. 1990, pp. 1-4, vol. 33, No. 6.
Peterson, M., “Introducing Storage Area Networks,” Feb. 1998, InfoStor, www.infostor.com, last accessed on Dec. 20, 2002.
Preslan et al., “Scalability and Failure Recovery in a Linux Cluster File System,” in Proceedings of the 4th Annual Linux Showcase & Conference, Atlanta, Georgia, Oct. 10-14, 2000, pp. 169-180 of the Proceedings, www.usenix.org, last accessed on Dec. 20, 2002.
Response filed Jul. 6, 2007 to Office action dated Feb. 6, 2007 for related patent U.S. Appl. No. 10/336,784.
Response filed Mar. 20, 2008 to Final Office action dated Sep. 21, 2007 for U.S. Appl. No. 10/336,784.
Rodriguez et al., “Parallel-access for mirror sites in the Internet,” InfoCom 2000. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE Tel Aviv, Israel Mar. 26-30, 2000, Piscataway, NJ, USA, IEEE, US, Mar. 26, 2000 (Mar. 26, 2000), pp. 864-873, XP010376176 ISBN: 0-7803-5880-5 p. 867, col. 2, last paragraph-p. 868, col. 1, paragraph 1.
Rosen E., et al., “MPLS Label Stack Encoding”, (RFC:3032) Network Working Group, Jan. 2001, pp. 1-22, last accessed Oct. 8, 2012, (http://www.ietf.org/rfc/rfc3032.txt).
RSYNC, “Welcome to the RSYNC Web Pages,” Retrieved from the Internet URL: http://samba.anu.edu.ut.rsync/. (Retrieved on Dec. 18, 2009).
Savage, et al., “AFRAID—A Frequently Redundant Array of Independent Disks,” Jan. 22-26, 1996, pp. 1-13, USENIX Technical Conference, San Diego, California.
Schaefer, Ken, “IIS and Kerberos Part 5—Protocol Transition, Constrained Delegation, S4U2S and S4U2P,” Jul. 18, 2007, 21 pages, http://www.adopenstatic.com/cs/blogs/ken/archive/2007/07/19/8460.aspx.
Schilit B., “Bootstrapping Location-Enhanced Web Services”, University of Washington, Dec. 4, 2003, (http://www.cs.washington.edu/news/colloq.info.html).
Seeley R., “Can Infravio Technology Revive UDDI?”, ADTmag.com, Oct. 22, 2003, last accessed Sep. 30, 2004, (http://www.adtmag.com).
Shohoud, Y., “Building XML Web Services with VB .NET and VB 6”, Addison Wesley, 2002, pp. 1-14.
Silva, Peter, “DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks,” F5 Technical Brief, 2009, pp. 1-10.
Sleeper B., “The Evolution of UDDI” UDDI.org White Paper, The Stencil Group, Inc., Jul. 19, 2002, pp. 1-15, San Francisco, California.
Sleeper B., “Why UDDI Will Succeed, Quietly: Two Factors Push Web Services Forward”, The Stencil Group, Inc., Apr. 2001, pp. 1-7, San Francisco, California.
Soltis et al., “The Design and Performance of a Shared Disk File System for IRIX,” Mar. 23-26, 1998, pp. 1-17, Sixth NASA Goddard Space Flight Center Conference on Mass Storage and Technologies in cooperation with the Fifteenth IEEE Symposium on Mass Storage Systems, University of Minnesota.
Soltis et al., “The Global File System,” Sep. 17-19, 1996, in Proceedings of the Fifth NASA Goddard Space Flight Center Conference on Mass Storage Systems and Technologies, College Park, Maryland.
Sommers F., “Whats New in UDDI 3.0—Part 1”, Web Services Papers, Jan. 27, 2003, pp. 1-4, last accessed Mar. 31, 2004, http://www.webservices.org/index.php/article/articleprint/871/-1/24/).
Sommers F., “Whats New in UDDI 3.0—Part 2”, Web Services Papers, Mar. 2, 2003, pp. 1-8, last accessed Nov. 1, 2007, (http://www.web.archive.org/web/20040620131006/).
Sommers F., “Whats New in UDDI 3.0—Part 3”, Web Services Papers, Sep. 2, 2003, pp. 1-4, last accessed Mar. 31, 2007, (http://www.webservices.org/index.php/article/articleprint/894/-1/24/).
Sorenson, K.M., “Installation and Administration: Kimberlite Cluster Version 1.1.0, Rev. Dec. 2000,” Mission Critical Linux, http://oss.missioncriticallinux.corn/kimberlite/kimberlite.pdf.
Stakutis, C., “Benefits of SAN-based file system sharing,” Jul. 2000, pp. 1-4, InfoStor, www.infostor.com, last accessed on Dec. 30, 2002.
Tatipamula et al., “IPv6 Integration and Coexistence Strategies for Next-Generation Networks”, IEEE Communications Magazine, Jan. 2004, pp. 88-96.
Thekkath et al., “Frangipani: A Scalable Distributed File System,” in Proceedings of the 16th ACM Symposium on Operating Systems Principles, Oct. 1997, pp. 1-14, Association for Computing Machinery, Inc.
Thomson et al., “DNS Extensions to Support IP Version 6,” The Internet Society, Network Working Group, RFC 3596, Oct. 2003, pp. 1-8.
Tulloch, Mitch, “Microsoft Encyclopedia of Security,” 2003, pp. 218, 300-301, Microsoft Press, Redmond, Washington.
Uesugi, H., Nov. 26, 2008 amendment filed by Japanese associate in response to office action dated May 26, 2008 in corresponding Japanese patent application No. 2002-556371.
Uesugi, H., English translation of office action dated May 26, 2008 in corresponding Japanese patent application No. 2002-556371.
Uesugi, H., Jul. 15, 2008 letter from Japanese associate reporting office action dated May 26, 2008 in corresponding Japanese patent application No. 2002-556371.
Wallace, “Delegating Identity Using X.509 Certificates”, IETF Trust, Jul. 29, 2015, 8 pgs.
Wang B., “Priority and Realtime Data Transfer Over the Best-Effort Internet”, Dissertation Abstract, 2005, ScholarWorks@UMASS.
Weiler et al., “Minimally Covering NSEC Records and DNSSEC On-line Signing,” Network Working Group, RFC 4470, Apr. 2006, 8 pages, The Internet Society.
Wikipedia, “Diameter (protocol)”, pp. 1-11, last accessed Oct. 27, 2010, (http://en.wikipedia.org/wiki/Diameter_(protocol)).
Wikipedia, “Domain Name System Security Extensions,” <http://en.wikipedia.org/wiki/DNSSEC>, accessed Jun. 3, 2010, pp. 1-20.
Wikipedia, “IPv6”, <http://en.wikipedia.org/wiki/IPv6>, accessed Jun. 3, 2010, 20 pages.
Wikipedia, “List of DNS record types,” <http://en.wikipedia.org/wiki/List_of_DNS_record_types>, Jun. 2010, pp. 1-6.
Wilkes, J., et al., “The HP AutoRAID Hierarchical Storage System,” Feb. 1996, vol. 14, No. 1, ACM Transactions on Computer Systems.
Williams et al., “Forwarding Authentication,” The Ultimate Windows Server 2003 System Administrator's Guide, 2003, 2 pages, Figure 10.7, Addison-Wesley Professional, Boston, Massachusetts.
Woo T.Y.C., “A Modular Approach to Packet Classification: Algorithms and Results”, Bell Laboratories, Lucent Technologies, Mar. 2000, pp. 1-10.
Xelerance, “DNSX; DNSX Secure Signer; DNSSEC Management Solution,” <http://www.xelerance.com/dnssec>.pp. 1-9, Aug. 2009.
Zayas, E., “AFS-3 Programmer's Reference: Architectural Overview,” Transarc Corp., version 1.0 of Sep. 2, 1991, doc. No. FS-00-D160.
Provisional Applications (1)
Number Date Country
62281166 Jan 2016 US