Methods for secured SCEP enrollment for client devices and devices thereof

Description

FIELD

This technology generally relates to methods and devices for network traffic management and, more particularly, to methods for secured SCEP enrollment for client devices and devices thereof.

BACKGROUND

The Simple Certificate Enrollment Protocol (SCEP) allows network administrators to easily enroll network computing devices for certificates. SCEP allows for two different authorization mechanisms prior to obtaining the certificates. The first authorization mechanism is manual, where the requester is required to wait after submission for the Certification Authority (CA) administrator or certificate officer to approve the request. The second authorization method is pre-shared secret, where the SCEP server creates a challenge password that must be somehow delivered to the requester included with a submission back to the server.

However, one critical issue in the second authorization method is that it may be possible for a user or computing device to take their legitimately acquired SCEP challenge password and use it to obtain a certificate that represents a different user or computing device with a higher level of access or even to obtain a different type of certificate than what was intended. Additionally, when the challenge passwords are reused, certificates can be easily obtained even without registration of the computing device.

SUMMARY

A method for secured SCEP enrollment of client devices comprising one or more network traffic apparatuses, client devices, or server devices includes receiving a certificate signing request and an encrypted device key from an enrolled mobile device. The received certificate signing request is forwarded to a simple certificate enrollment protocol server upon determining a validity of the received encrypted device key. A signed device certificate is received from the simple certificate enrollment protocol server as a response to the forwarded certificate signing request. The secured simple certificate enrollment protocol enrollment is completed forwarding the signed device certificate to the enrolled mobile device.

A non-transitory computer readable medium having stored thereon instructions for secured SCEP enrollment of client devices comprising machine executable code which when executed by at least one processor, causes the processor to perform steps including receiving a certificate signing request and an encrypted device key from an enrolled mobile device. The received certificate signing request is forwarded to a simple certificate enrollment protocol server upon determining a validity of the received encrypted device key. A signed device certificate is received from the simple certificate enrollment protocol server as a response to the forwarded certificate signing request. The secured simple certificate enrollment protocol enrollment is completed forwarding the signed device certificate to the enrolled mobile device.

A mobile application manager apparatus including one or more processors coupled to a memory and configured to be capable of executing programmed instructions comprising and stored in the memory to receiving a certificate signing request and an encrypted device key from an enrolled mobile device. The received certificate signing request is forwarded to a simple certificate enrollment protocol server upon determining a validity of the received encrypted device key. A signed device certificate is received from the simple certificate enrollment protocol server as a response to the forwarded certificate signing request. The secured simple certificate enrollment protocol enrollment is completed forwarding the signed device certificate to the enrolled mobile device.

This technology provides a number of advantages including providing methods, non-transitory computer readable media and apparatuses that effectively assist with providing secure SCEP enrollment of client devices. The disclosed technology provides secure SCEP enrollment by: first, ensuring that only the enrolled devices can retrieve the certificates by including an obfuscated/encrypted device key as part of the SCEP uniform resource indicator (URI) sent to the client device; second, ensuring that device key is used only once by maintaining a list of keys used to authorize SCEP requests; and lastly, preventing an unauthorized user from retrieving the SCEP certificate for the device by determining whether the device key in the device certificate received from the requesting device is identical to the device key in the list of authorized device keys.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is an example of a block diagram of an environment including a mobile application manager apparatus for secured SCEP enrollment for client devices;

FIG. 2 is an example of a block diagram of the mobile application manager apparatus;

FIG. 3 is an exemplary flowchart of a method for secured SCEP enrollment for client devices; and

FIG. 4 is an exemplary sequence flow diagram of a method for secured SCEP enrollment for client devices.

DETAILED DESCRIPTION

An example of a network environment 10 which incorporates a network traffic management system for secured SCEP enrollment for client devices with the mobile application manager apparatus 14 is illustrated in FIGS. 1 and 2. The exemplary environment 10 includes a plurality of mobile computing devices 12(1)-12(n), a simple certificate enrollment protocol (SCEP) server 13, a mobile application manager apparatus 14, and a plurality of web application servers 16(1)-16(n) which are coupled together by communication networks 30, although the environment can include other types and numbers of systems, devices, components, and/or elements and in other topologies and deployments. While not shown, the exemplary environment 10 may include additional network components, such as routers, switches and other devices, which are well known to those of ordinary skill in the art and thus will not be described here. This technology provides a number of advantages including providing secured SCEP enrollment for client devices.

Referring more specifically to FIGS. 1 and 2, the mobile application manager apparatus 14 of the network traffic management system is coupled to the plurality of mobile computing devices 12(1)-12(n) through the communication network 30, although the plurality of mobile computing devices 12(1)-12(n) and mobile application manager apparatus 14 may be coupled together via other topologies. Additionally, the mobile application manager apparatus 14 is coupled to the plurality of web application servers 16(1)-16(n) through the communication network 30, although the web application servers 16(1)-16(n) and the mobile application manager apparatus 14 may be coupled together via other topologies. Further, the mobile application manager apparatus 14 is coupled to the SCEP server 13 through the communication network 30, although the SCEP server 13 and mobile application manager apparatus 14 may be coupled together via other topologies

The mobile application manager apparatus 14 assists with secured SCEP enrollment for client devices as illustrated and described by way of the examples herein, although the mobile application manager apparatus 14 may perform other types and/or numbers of functions. As illustrated in FIG. 2, the mobile application manager apparatus 14 includes processor or central processing unit (CPU) 18, memory 20, optional configurable hardware logic 21, and a communication system 24 which are coupled together by a bus device 26 although the mobile application manager apparatus 14 may comprise other types and numbers of elements in other configurations. In this example, the bus 26 is a PCI Express bus in this example, although other bus types and links may be used.

The processors 18 within the mobile application manager apparatus 14 may execute one or more computer-executable instructions stored in memory 20 for the methods illustrated and described with reference to the examples herein, although the processor can execute other types and numbers of instructions and perform other types and numbers of operations. The processor 18 may comprise one or more central processing units (“CPUs”) or general purpose processors with one or more processing cores, such as AMD® processor(s), although other types of processor(s) could be used (e.g., Intel®).

The memory 20 within the mobile application manager apparatus 14 may comprise one or more tangible storage media, such as RAM, ROM, flash memory, CD-ROM, floppy disk, hard disk drive(s), solid state memory, DVD, or any other memory storage types or devices, including combinations thereof, which are known to those of ordinary skill in the art. The memory 20 may store one or more non-transitory computer-readable instructions of this technology as illustrated and described with reference to the examples herein that may be executed by the processor 18. The exemplary flowchart shown in FIG. 3 is representative of example steps or actions of this technology that may be embodied or expressed as one or more non-transitory computer or machine readable instructions stored in the memory 20 that may be executed by the processor 18 and/or may be implemented by configured logic in the optional configurable logic 21.

Accordingly, the memory 20 of the mobile application manager apparatus 14 can store one or more applications that can include computer executable instructions that, when executed by the mobile application manager apparatus 14, causes the mobile application manager apparatus 14 to perform actions, such as to transmit, receive, or otherwise process messages, for example, and to perform other actions described and illustrated below with reference to FIGS. 3-4. The application(s) can be implemented as module or components of another application. Further, the application(s) can be implemented as operating system extensions, module, plugins, or the like. The application(s) can be implemented as module or components of another application. Further, the application(s) can be implemented as operating system extensions, module, plugins, or the like. Even further, the application(s) may be operative in a cloud-based computing environment. The application(s) can be executed within virtual machine(s) or virtual server(s) that may be managed in a cloud-based computing environment. Also, the application(s), including the mobile application manager apparatus 14 itself, may be located in virtual server(s) running in a cloud-based computing environment rather than being tied to one or more specific physical network computing devices. Also, the application(s) may be running in one or more virtual machines (VMs) executing on the mobile application manager apparatus 14. Additionally, in at least one of the various embodiments, virtual machine(s) running on the SCEP server may be managed or supervised by a hypervisor.

The optional configurable hardware logic device 21 in the mobile application manager apparatus 14 may comprise specialized hardware configured to implement one or more steps of this technology as illustrated and described with reference to the examples herein. By way of example only, the optional configurable logic hardware device 21 may comprise one or more of field programmable gate arrays (“FPGAs”), field programmable logic devices (“FPLDs”), application specific integrated circuits (ASICs”) and/or programmable logic units (“PLUs”).

The communication system 24 in the mobile application manager apparatus 14 is used to operatively couple and communicate between the mobile application manager apparatus 14, the plurality of mobile computing devices 12(1)-12(n), the SCEP server 13, and the plurality of web application servers 16(1)-16(n) which are all coupled together by communication network 30 such as one or more local area networks (LAN) and/or the wide area network (WAN), although other types and numbers of communication networks or systems with other types and numbers of connections and configurations to other devices and elements may be used. By way of example only, the communication network such as local area networks (LAN) and the wide area network (WAN) can use TCP/IP over Ethernet and industry-standard protocols, including NFS, CIFS, SOAP, XML, LDAP, and SNMP, although other types and numbers of communication networks, can be used. In this example, the bus 26 is a PCI Express bus in this example, although other bus types and links may be used.

Each of the plurality of mobile computing devices 12(1)-12(n) of the network traffic management system 10, include a central processing unit (CPU) or processor, a memory, input/display device interface, configurable logic device and an input/output system or I/O system, which are coupled together by a bus or other link. The plurality of mobile computing devices 12(1)-12(n), in this example, may run interface applications, such as Web browsers, that may provide an interface to make requests for and send and/or receive data to and/or from the web application servers 16(1)-16(n) via the mobile application manager apparatus 14. Additionally, the plurality of mobile computing devices 12(1)-12(n) can include any type of computing device that can receive, render, and facilitate user interaction, such as client computers, network computer, mobile computers, virtual machines (including cloud-based computer), or the like. Each of the plurality of mobile computing devices 12(1)-12(n) utilizes the mobile application manager apparatus 14 to conduct one or more operations with the web application servers 16(1)-16(n), such as to obtain data and/or access the applications from one of the web application servers 16(1)-16(n), by way of example only, although other numbers and/or types of systems could be utilizing these resources and other types and numbers of functions utilizing other types of protocols could be performed.

The SCEP server 13 of the network traffic management system include a central processing unit (CPU) or processor, a memory, and a communication system, which are coupled together by a bus or other link, although other numbers and/or types of network devices could be used. Generally, the SCEP server 13 assists with obtaining device certificates, via the communication network 30 according to the HTTP-based application RFC protocol or the CIFS or NFS protocol in this example, but the principles discussed herein are not limited to this example and can include other application protocols. A series of applications may run on the SCEP server 13 that allows the transmission of data requested by the mobile application manager apparatus 14. It is to be understood that the SCEP server 13 may be hardware or software or may represent a system with multiple external resource servers, which may include internal or external networks. In this example the SCEP server 13 may be any version of Microsoft® IIS servers or Apache® servers, although other types of servers may be used.

Each of the plurality of web application servers 16(1)-16(n) of the network traffic management system include a central processing unit (CPU) or processor, a memory, and a communication system, which are coupled together by a bus or other link, although other numbers and/or types of network devices could be used. Generally, the plurality of web application servers 16(1)-16(n) process requests for providing access to one or more enterprise web applications received from the plurality of mobile computing devices 12(1)-12(n), mobile application manager apparatus 14, via the communication network 30 according to the HTTP-based application RFC protocol or the CIFS or NFS protocol in this example, but the principles discussed herein are not limited to this example and can include other application protocols. A series of applications may run on the plurality web application servers 16(1)-16(n) that allows the transmission of applications requested by the plurality of mobile computing devices 12(1)-12(n), or the mobile application manager apparatus 14. The plurality of web application servers 16(1)-16(n) may provide data or receive data in response to requests directed toward the respective applications on the plurality web application servers 16(1)-16(n) from the plurality of mobile computing devices 12(1)-12(n) or the mobile application manager apparatus 14. It is to be understood that the plurality of web application servers 16(1)-16(n) may be hardware or software or may represent a system with multiple external resource servers, which may include internal or external networks. In this example the plurality of web application servers 16(1)-16(n) may be any version of Microsoft IIS servers or Apache® servers, although other types of servers may be used.

Although the plurality of web application servers 16(1)-16(n) are illustrated as single servers, one or more actions of the SCEP server 13 and each of the plurality of web application servers 16(1)-16(n) may be distributed across one or more distinct network computing devices. Moreover, the plurality of web application servers 16(1)-16(n) are not limited to a particular configuration. Thus, the plurality of plurality web application servers 16(1)-16(n) may contain a plurality of network computing devices that operate using a master/slave approach, whereby one of the network computing devices of the plurality of web application servers 16(1)-16(n) operate to manage and/or otherwise coordinate operations of the other network computing devices. The plurality of web application servers 16(1)-16(n) may operate as a plurality of network computing devices within cluster architecture, a peer-to peer architecture, virtual machines, or within a cloud architecture.

Thus, the technology disclosed herein is not to be construed as being limited to a single environment and other configurations and architectures are also envisaged. For example, the one or more of the plurality of web application servers 16(1)-16(n) depicted in FIG. 1 can operate within mobile application manager apparatus 14 rather than as a stand-alone server communicating with mobile application manager apparatus 14 via the communication network(s) 30. In this example the plurality of web application servers 16(1)-16(n) operate within the memory 20 of the mobile application manager apparatus 14.

While the mobile application manager apparatus 14 is illustrated in this example as including a single device, the mobile application manager apparatus 14 in other examples can include a plurality of devices or blades each with one or more processors each processor with one or more processing cores that implement one or more steps of this technology. In these examples, one or more of the devices can have a dedicated communication interface or memory. Alternatively, one or more of the devices can utilize the memory, communication interface, or other hardware or software components of one or more other communicably coupled of the devices. Additionally, one or more of the devices that together comprise mobile application manager apparatus 14 in other examples can be standalone devices or integrated with one or more other devices or applications, such as one of the SCEP server 13, plurality of web application servers 16(1)-16(n) or, the mobile application manager apparatus 14, or applications coupled to the communication network(s), for example. Moreover, one or more of the devices of the mobile application manager apparatus 14 in these examples can be in a same or a different communication network 30 including one or more public, private, or cloud networks, for example.

Although an exemplary network traffic management system 10 with the plurality of mobile computing devices 12(1)-12(n), the SCEP server 13, the mobile application manager apparatus 14, and the plurality of web application servers 16(1)-16(n), communication networks 30 are described and illustrated herein, other types and numbers of systems, devices, blades, components, and elements in other topologies can be used. It is to be understood that the systems of the examples described herein are for exemplary purposes, as many variations of the specific hardware and software used to implement the examples are possible, as will be appreciated by those skilled in the relevant art(s).

Further, each of the systems of the examples may be conveniently implemented using one or more general purpose computer systems, microprocessors, digital signal processors, and micro-controllers, programmed according to the teachings of the examples, as described and illustrated herein, and as will be appreciated by those of ordinary skill in the art.

One or more of the components depicted in the network traffic management system, such as the mobile application manager apparatus 14, the plurality of mobile computing devices 12(1)-12(n), the SCEP server 13 or the plurality of web application servers 16(1)-16(n), for example, may be configured to operate as virtual instances on the same physical machine. In other words, one or more of mobile application manager apparatus 14, the SCEP server 13, the plurality of mobile computing devices 12(1)-12(n), or the plurality of web application servers 16(1)-16(n) illustrated in FIG. 1 may operate on the same physical device rather than as separate devices communicating through a network as depicted in FIG. 1. There may be more or fewer plurality of mobile computing devices 12(1)-12(n), SCEP server 13, mobile application manager apparatus 14, or the plurality of web application servers 16(1)-16(n) than depicted in FIG. 1. The plurality of mobile computing devices 12(1)-12(n), the SCEP server 13, or the plurality of web application servers 16(1)-16(n) could be implemented as applications on mobile application manager apparatus 14.

In addition, two or more computing systems or devices can be substituted for any one of the systems or devices in any example. Accordingly, principles and advantages of distributed processing, such as redundancy and replication also can be implemented, as desired, to increase the robustness and performance of the devices and systems of the examples. The examples may also be implemented on computer system(s) that extend across any suitable network using any suitable interface mechanisms and traffic technologies, including by way of example only teletraffic in any suitable form (e.g., voice and modem), wireless traffic media, wireless traffic networks, cellular traffic networks, G3 traffic networks, Public Switched Telephone Network (PSTNs), Packet Data Networks (PDNs), the Internet, intranets, and combinations thereof.

The examples may also be embodied as a non-transitory computer readable medium having instructions stored thereon for one or more aspects of the technology as described and illustrated by way of the examples herein, which when executed by a processor (or configurable hardware), cause the processor to carry out the steps necessary to implement the methods of the examples, as described and illustrated herein.

An example of a method for secured SCEP enrollment for client devices will now be described with reference to FIGS. 1-4. First in step 305, the mobile application manager apparatus 14 receives a request to enroll from one of the plurality of mobile devices 12(1)-12(n), although the mobile application manager apparatus 14 can receive other types and/or numbers of requests from the plurality of mobile computing devices 12(1)-12(n). By way of example only, the mobile application manager apparatus 14 may receive the user credentials of the user of the requesting one of the plurality of mobile computing devices 12(1)-12(n) as the enrollment information, although the mobile application manager apparatus 14 can receive other types and/or amounts of information from the requesting one of the plurality of mobile computing devices 12(1)-12(n). In another example, the mobile application manager apparatus 14 can receive other information, such as geographic location information, role of the user of the requesting one of the plurality of mobile computing devices, IP address, type of the requesting device, current operating system on the mobile computing device, and/or installed mobile applications and security policies from the requesting one of the plurality of mobile computing devices 12(1)-12(n).

Next in step 310, the mobile application manager apparatus 14 performs an authentication check based on the received data to determine whether to enroll the requesting one of the plurality of mobile computing devices 12(1)-12(n), although the mobile application manager apparatus 14 can perform the authentication check in other manners and/or using other types and/or amounts of information. In this example, the mobile application manager apparatus 14 compares the received information associated with the requesting one of the plurality of mobile computing devices 12(1)-12(n) against the existing access control checks to determine when to enroll the requesting one of the plurality of mobile computing devices 12(1)-12(n), although the mobile application manager apparatus 14 can perform the authentication checks using other techniques. Accordingly, when the mobile application manager apparatus 14 determines that the requesting one of the plurality of mobile devices 12(1)-12(n) should not be enrolled, then the No branch is taken to next step 315.

In step 315, the mobile application manager apparatus 14 rejects the received request for enrollment and the exemplary method ends at step 375.

However if back in step 310, when the mobile application manager apparatus 14 determines that the requesting one of the plurality of mobile devices 12(1)-12(n) should be enrolled, then the Yes branch is taken to next step 320. In step 320, the mobile application manager apparatus 14 stores the received enrollment information within the memory 20, although the mobile application manager apparatus 14 can store the registration information at other memory locations. Further, the mobile application manager apparatus 14 may store the information associated with the requesting one of the plurality of mobile computing devices 12(1)-12(n), such as the one or more installed mobile applications and security policies by way of example, in a state table that includes a list of all enrolled devices, although the mobile application manager apparatus 14 can store the information at other memory locations.

Next in step 325, the mobile application manager apparatus 14 completes the enrollment of the requesting one of the plurality of mobile devices 12(1)-12(n) by sending the requesting one of the plurality of mobile devices 12(1)-12(n) a configuration file with a pre-shared secret and a SCEP uniform resource locator (URL) that includes a unique encrypted device key, although the mobile application manager apparatus 14 can include other types or amounts of information back to the requesting one of the plurality of mobile devices 12(1)-12(n) after successful enrollment. In this example, the mobile application manager apparatus 14 also stores the encrypted device key and the data associated with the requesting one of the plurality of mobile devices 12(1)-12(n) in order to use the enrollment information, and the encrypted device key to authenticate the requesting one of the plurality of mobile devices 12(1)-12(n) during subsequent requests. By way of example, the mobile application manager apparatus 14 can encrypt the unique device key that is obtained from the requesting one of the plurality of mobile devices 12(1)-12(n) during the enrollment step using a private key, although the mobile application manager apparatus 14 can encrypt the unique device key using other techniques.

Additionally in this example, the requesting one of the plurality of mobile devices 12(1)-12(n) sends a get certificate authority (CA) request to SCEP server 13 and receives a response with a public key back from the SCEP server 13, although the requesting one of the plurality of mobile devices 12(1)-12(n) can use other techniques to obtain the public key from the SCEP server 13. Further in this example, the requesting one of the plurality of mobile devices 12(1)-12(n) uses the public key received from the SCEP server 13 to encrypt a certificate signing request (CSR). As it would be appreciated by a person having ordinary skill in the art, the certificate signing request relates to a request to sign a device certificate and this request is required to be encrypted as the CSR includes confidential information associated with the enrolled one of the plurality of mobile devices. Additionally, the enrolled one of the plurality of mobile devices 12(1)-12(n) also generates a public-private key pair using the received public key from the SCEP server 13.

In the next step 330, the mobile application manager apparatus 14 receives an encrypted certificate signing request from the enrolled one of the plurality of mobile devices 12(1)-12(n) using the SCEP URL. In this example, the encrypted certificate signing request includes the actual request to sign the certificate, the pre-shared secret that was shared in step 325, and the public key that was generated by the enrolled one of the plurality of mobile devices 12(1)-12(n), although the encrypted CSR can include other types or amounts of information. Additionally as illustrated above, SCEP URL also includes the encrypted device key that is sent along with the encrypted certificate signing request.

Next in step 335, the mobile application manager apparatus 14 decrypts the encrypted device key that was received in the SCEP URL along with the encrypted certificate signing request using a private key, although the mobile application manager apparatus 14 can decrypt the encrypted device key using other techniques.

In step 340, the mobile application manager apparatus 14 determines when the decrypted device key is valid by comparing the decrypted device key against the data associated with the enrolled one of the plurality of mobile devices 12(1)-12(n) in a table stored in the memory 20, although the mobile application manager apparatus 14 can use other techniques to determine whether the decrypted device key is valid. Accordingly, when the decrypted device key exactly matches with the data stored in the table associated with the enrolled one of the plurality of mobile devices 12(1)-12(n), then it is determined that the decrypted device key is valid and also the enrolled one of the plurality of mobile devices 12(1)-12(n) being an authenticated device. By using this technique, the technology disclosed is able to prevent malicious devices from using the encrypted device key to obtain a device certificate from the SCEP server.

When the mobile application manager apparatus 14 determines in step 340 that the device key is not valid, then the No branch is taken to step 315 where the received request is rejected and the exemplary method ends at step 375. Additionally, the mobile application manager apparatus 14 can send a notification to a network administrator indicating that the device key is invalid so that unauthorized device certificate need not be issued to the enrolled one of the plurality of mobile devices 12(1)-12(n). Alternatively, the mobile application manager apparatus 14 can determine that the device key is valid when the encrypted device key is being used for the first time from the enrolled one of the plurality of mobile devices 12(1)-12(n). If the mobile application manager apparatus 14 had received the same encrypted device key for the second time, then it would determine that the encrypted device key is being compromised and so the encrypted device key would be determined as invalid.

However if back in step 340, when the mobile application manager apparatus 14 determines that the decrypted device key is valid, then the Yes branch is taken to step 345. In step 345, the mobile application manager apparatus 14 forwards the received encrypted certificate signing request to the SCEP server 13. In this example, the mobile application manager apparatus 14 updates the table indicating a request for a certificate was received with the encrypted certificate signing request along with the encrypted device key for the requesting one of the plurality of mobile devices 12(1)-12(n).

In step 350, the mobile application manager apparatus 14 receives the signed device certificate back from the SCEP server 13. In this example, the SCEP server 13 first decrypts the encrypted certificate signing request with the private key corresponding to the public key that was initially shared with the enrolled one of the plurality of mobile devices 12(1)-12(n), and then checks if the pre-shared secret that is present in the decrypted certificate signing request exactly matches with the pre-shared secret that is stored in the SCEP server 13, although the SCEP server can perform other types or amounts of functions prior to signing and sending the device certificate back to the mobile application manager apparatus 14.

In step 355, the mobile application manager apparatus 14 forwards the received signed device certificate back to the enrolled one of the plurality of mobile devices 12(1)-12(n). Additionally in this step, the mobile application manager apparatus 14 stores the information associated with the signed device certificate along with the information corresponding to the enrolled one of the plurality of mobile devices 12(1)-12(n) in the table, although the mobile application manager apparatus 14 can store the data at other memory locations. Using this stored information, the mobile application manager apparatus 14 can determine and prevent a malicious device from using signed device certificate that was originally created and sent to the enrolled one of the plurality of mobile devices 12(1)-12(n).

Next in step 360, the mobile application manager apparatus 14 receives a request to access the web application on the plurality of web application servers 16(1)-16(n) along with the signed device certificate from the enrolled one of the plurality of mobile devices 12(1)-12(n), although the enrolled one of the plurality of mobile devices 12(1)-12(n) can use the signed device certificate to authenticate itself with the mobile application manager apparatus 14. Additionally, the mobile application manager apparatus 14 obtains the device key along with the device certificate from the enrolled one of the plurality of mobile devices 12(1)-12(n).

In step 365, the mobile application manager apparatus 14 determines when the received device certificate is valid by comparing the details of the received device certificate against the data that is stored in the table include the list of authorized device keys, although the mobile application manager apparatus 14 can use other techniques to determine the validity of the device certificate. Accordingly, when the mobile application manager apparatus 14 determines that the device certificate is invalid, then the No branch is taken to step 315 where the received request is rejected indicating that it is from a malicious device and the exemplary method ends in step 375.

However if back in step 365, when the mobile application manager apparatus 14 determines that the device certificate is valid, then the Yes branch is taken to step 370. In step 370, the mobile application manager apparatus 14 successfully authenticates the requesting one of the plurality of mobile devices 12(1)-12(n) or provides the access to the requested web application executing on one of the plurality of web application servers 16(1)-16(n) and the exemplary method ends at step 375.

As illustrated and described by way of the examples here, the claimed technology effectively assist with providing secure SCEP enrollment of client devices. Additionally, the claimed technology provides secure SCEP enrollment by: first, ensuring that only the enrolled devices can retrieve the certificates by including an obfuscated/encrypted device key as part of the SCEP uniform resource indicator (URI) sent to the client device; second, ensuring that device key is used only once by maintaining a list of keys used to authorize SCEP requests; and lastly, preventing an unauthorized user from retrieving the SCEP certificate for the device by determining whether the device key in the device certificate received from the requesting device is identical to the device key in the list of authorized device keys.

Having thus described the basic concept of the technology, it will be rather apparent to those skilled in the art that the foregoing detailed disclosure is intended to be presented by way of example only, and is not limiting. Various alterations, improvements, and modifications will occur and are intended to those skilled in the art, though not expressly stated herein. These alterations, improvements, and modifications are intended to be suggested hereby, and are within the spirit and scope of the technology. Additionally, the recited order of processing elements or sequences, or the use of numbers, letters, or other designations therefore, is not intended to limit the claimed processes to any order except as may be specified in the claims. Accordingly, the technology is limited only by the following claims and equivalents thereto.

Claims

1. A method for secured SCEP enrollment for client devices implemented by a network traffic management system comprising one or more network traffic apparatuses, client devices, or server devices, the method comprising: receiving an encrypted certificate signing request and an encrypted device key from an enrolled mobile device, the encrypted certificate signing request and the encrypted device key being encrypted separately with different cryptographic keys;decrypting the received encrypted device key to generate a decrypted device key without decrypting the encrypted certificate signing request;forwarding the received encrypted certificate signing request to a simple certificate enrollment protocol server upon determining the decrypted device key is present in stored data and is being used only once;receiving a signed device certificate from the simple certificate enrollment protocol server as a response to the forwarded encrypted certificate signing request; andcompleting a secured simple certificate enrollment protocol enrollment by forwarding the signed device certificate to the enrolled mobile device.
2. The method as set forth in claim 1, further comprising sending a simple certificate enrollment protocol uniform resource locator including the encrypted device key to the enrolled mobile device in response to a request for enrollment.
3. The method as set forth in claim 1, further comprising: receiving a request to access a web application or authenticate the enrolled mobile device with the forwarded signed device certificate from the enrolled mobile device;determining the received signed device certificate to be valid when the device key in the received signed device certificate is present in a list comprising authorized device keys; andproviding access to the requested web application or authenticate the enrolled mobile device when the received signed device certificate is determined to be valid.
4. The method as set forth in claim 1, further comprising: rejecting a subsequent secured simple certificate enrollment protocol enrollment in response to determining encrypted device key is used for a second time.
5. The method as set forth in claim 1, further comprising: updating the stored data to indicate the encrypted device key has been used in response to forwarding the received encrypted certificate signing request.
6. The method as set forth in claim 1, wherein the encrypted certificate signing request and the encrypted device key are sent from the enrolled mobile device using a single request.
7. The method as set forth in claim 6, wherein the encrypted certificate signing request and the encrypted device key are incorporated in a uniform resource locator of the single request.
8. A non-transitory computer readable medium having stored thereon instructions for secured SCEP enrollment for client devices comprising executable code which when executed by one or more processors, causes the processors to: receive an encrypted certificate signing request and an encrypted device key from an enrolled mobile device, the encrypted certificate signing request and the encrypted device key being encrypted separately with different cryptographic keys;decrypt the received encrypted device key to generate a decrypted device key without decrypting the encrypted certificate signing request;forward the received encrypted certificate signing request to a simple certificate enrollment protocol server upon determining the decrypted device key is present in stored data and is being used only once;receive a signed device certificate from the simple certificate enrollment protocol server as a response to the forwarded encrypted certificate signing request; andcomplete a secured simple certificate enrollment protocol enrollment by forwarding the signed device certificate to the enrolled mobile device.
9. The computer readable medium as set forth in claim 8 further comprising send a simple certificate enrollment protocol uniform resource locator including the encrypted device key to the enrolled mobile device in response to a request for enrollment.
10. The computer readable medium as set forth in claim 8, further comprises: receive a request to access a web application or authenticate the enrolled mobile device with the forwarded signed device certificate from the enrolled mobile device;determine the received signed device certificate to be valid when the device key in the received signed device certificate is present in a list comprising authorized device keys; andprovide access to the requested web application or authenticate the enrolled mobile device when the received signed device certificate is determined to be valid.
11. The computer readable medium as set forth in claim 8, further comprising: reject a subsequent secured simple certificate enrollment protocol enrollment in response to determining the encrypted device key is used for a second time.
12. The computer readable medium as set forth in claim 8, wherein the instructions further comprise executable code which when executed by one or more processors, causes the processors to: update the stored data to indicate the encrypted device key has been used in response to forwarding the received encrypted certificate signing request.
13. A mobile application manager apparatus, comprising memory comprising programmed instructions stored in the memory and one or more processors configured to be capable of executing the programmed instructions stored in the memory to: receive an encrypted certificate signing request and an encrypted device key from an enrolled mobile device, the encrypted certificate signing request and the encrypted device key being encrypted separately with different cryptographic keys;decrypt the received encrypted device key to generate a decrypted device key without decrypting the encrypted certificate signing request;forward the received encrypted certificate signing request to a simple certificate enrollment protocol server upon determining the decrypted device key is present in stored data and is being used only once;receive a signed device certificate from the simple certificate enrollment protocol server as a response to the forwarded encrypted certificate signing request; andcomplete a secured simple certificate enrollment protocol enrollment by forwarding the signed device certificate to the enrolled mobile device.
14. The apparatus as set forth in claim 13, wherein the one or more processors are further configured to be capable of executing the programmed instructions stored in the memory to send a simple certificate enrollment protocol uniform resource locator including the encrypted device key to the enrolled mobile device in response to a request for enrollment.
15. The apparatus as set forth in claim 13, wherein the one or more processors are further configured to be capable of executing the programmed instructions stored in the memory to: receive a request to access a web application or authenticate the enrolled mobile device with the forwarded signed device certificate from the enrolled mobile device;determine the received signed device certificate to be valid when the device key in the received signed device certificate is present in a list comprising authorized device keys; andprovide access to the requested web application or authenticate the enrolled mobile device when the received signed device certificate is determined to be valid.
16. The apparatus as set forth in claim 13, wherein the one or more processors are further configured to be capable of executing the programmed instructions stored in the memory to: reject a subsequent secured simple certificate enrollment protocol enrollment in response to determining the encrypted device key is used for a second time.
17. The apparatus as set forth in claim 13, wherein the one or more processors are further configured to be capable of executing the programmed instructions stored in the memory to: update the stored data to indicate the encrypted device key has been used in response to forwarding the received encrypted certificate signing request.
18. A network traffic management system, comprising one or more traffic management apparatuses, client devices, or server devices, the network traffic management system comprising memory comprising programmed instructions stored thereon and one or more processors configured to be capable of executing the stored programmed instructions to: receive an encrypted certificate signing request and an encrypted device key from an enrolled mobile device, the encrypted certificate signing request and the encrypted device key being encrypted separately with different cryptographic keys;decrypt the received encrypted device key to generate a decrypted device key without decrypting the encrypted certificate signing request;forward the received encrypted certificate signing request to a simple certificate enrollment protocol server upon determining the decrypted device key is present in stored data and is being used only once;receive a signed device certificate from the simple certificate enrollment protocol server as a response to the forwarded encrypted certificate signing request; andcomplete a secured simple certificate enrollment protocol enrollment by forwarding the signed device certificate to the enrolled mobile device.
19. The network traffic management system of claim 18, wherein the one or more processors are further configured to be capable of executing the programmed instructions stored in the memory to send a simple certificate enrollment protocol uniform resource locator including the encrypted device key to the enrolled mobile device in response to a request for enrollment.
20. The network traffic management system of claim 18, wherein the one or more processors are further configured to be capable of executing the programmed instructions stored in the memory to: receive a request to access a web application or authenticate the enrolled mobile device with the forwarded signed device certificate from the enrolled mobile device;determine the received signed device certificate to be valid when the device key in the received signed device certificate is present in a list comprising authorized device keys; andprovide access to the requested web application or authenticate the enrolled mobile device when the received signed device certificate is determined to be valid.
21. The network traffic management system of claim 18, wherein the one or more processors are further configured to be capable of executing the programmed instructions stored in the memory to: reject a subsequent secured simple certificate enrollment protocol enrollment in response to determining the encrypted device key is used for a second time.
22. The network traffic management system of claim 18, wherein the one or more processors are further configured to be capable of executing the programmed instructions stored in the memory to: update the stored data to indicate the encrypted device key has been used in response to forwarding the received encrypted certificate signing request.

Parent Case Info

This application claims the benefit of U.S. Provisional Patent Application Ser. No. 62/281,166, filed Jan. 20, 2016 which is hereby incorporated by reference in its entirety.

US Referenced Citations (954)

Number	Name	Date	Kind
3950735	Patel	Apr 1976	A
4644532	George et al.	Feb 1987	A
4897781	Chang et al.	Jan 1990	A
4965772	Daniel et al.	Oct 1990	A
4993030	Krakauer et al.	Feb 1991	A
5023826	Patel	Jun 1991	A
5053953	Patel	Oct 1991	A
5167024	Smith et al.	Nov 1992	A
5218695	Noveck et al.	Jun 1993	A
5282201	Frank et al.	Jan 1994	A
5299312	Rocco, Jr.	Mar 1994	A
5303368	Kotaki	Apr 1994	A
5327529	Fults et al.	Jul 1994	A
5367635	Bauer et al.	Nov 1994	A
5371852	Attanasio et al.	Dec 1994	A
5406502	Haramaty et al.	Apr 1995	A
5473362	Fitzgerald et al.	Dec 1995	A
5475857	Dally	Dec 1995	A
5511177	Kagimasa et al.	Apr 1996	A
5517617	Sathaye et al.	May 1996	A
5519694	Brewer et al.	May 1996	A
5519778	Leighton et al.	May 1996	A
5521591	Arora et al.	May 1996	A
5528701	Aref	Jun 1996	A
5537585	Blickenstaff et al.	Jul 1996	A
5548724	Akizawa et al.	Aug 1996	A
5550965	Gabbe et al.	Aug 1996	A
5581764	Fitzgerald et al.	Dec 1996	A
5583995	Gardner et al.	Dec 1996	A
5586260	Hu	Dec 1996	A
5590320	Maxey	Dec 1996	A
5596742	Agarwal et al.	Jan 1997	A
5606665	Yang et al.	Feb 1997	A
5611049	Pitts	Mar 1997	A
5623490	Richter et al.	Apr 1997	A
5649194	Miller et al.	Jul 1997	A
5649200	Leblang et al.	Jul 1997	A
5659619	Sudia	Aug 1997	A
5663018	Cummings et al.	Sep 1997	A
5668943	Attanasio et al.	Sep 1997	A
5692180	Lee	Nov 1997	A
5721779	Funk	Feb 1998	A
5724512	Winterbottom	Mar 1998	A
5752023	Choucri et al.	May 1998	A
5761484	Agarwal et al.	Jun 1998	A
5768423	Aref et al.	Jun 1998	A
5774660	Brendel et al.	Jun 1998	A
5790554	Pitcher et al.	Aug 1998	A
5802052	Venkataraman	Sep 1998	A
5806061	Chaudhuri et al.	Sep 1998	A
5812550	Sohn et al.	Sep 1998	A
5822430	Doud	Oct 1998	A
5825772	Dobbins et al.	Oct 1998	A
5832283	Chou et al.	Nov 1998	A
5832496	Anand et al.	Nov 1998	A
5832522	Blickenstaff et al.	Nov 1998	A
5838970	Thomas	Nov 1998	A
5862325	Reed et al.	Jan 1999	A
5875296	Shi et al.	Feb 1999	A
5884303	Brown	Mar 1999	A
5892914	Pitts	Apr 1999	A
5892932	Kim	Apr 1999	A
5893086	Schmuck et al.	Apr 1999	A
5897638	Lasser et al.	Apr 1999	A
5905990	Inglett	May 1999	A
5917998	Cabrera et al.	Jun 1999	A
5919247	Van Hoff et al.	Jul 1999	A
5920873	Van Huben et al.	Jul 1999	A
5936939	Des Jardins et al.	Aug 1999	A
5937406	Balabine et al.	Aug 1999	A
5941988	Bhagwat et al.	Aug 1999	A
5946690	Pitts	Aug 1999	A
5949885	Leighton	Sep 1999	A
5951694	Choquier et al.	Sep 1999	A
5958053	Denker	Sep 1999	A
5959990	Frantz et al.	Sep 1999	A
5974460	Maddalozzo, Jr. et al.	Oct 1999	A
5983281	Ogle et al.	Nov 1999	A
5988847	McLaughlin et al.	Nov 1999	A
5991302	Beri et al.	Nov 1999	A
5995491	Richter et al.	Nov 1999	A
5999664	Mahoney et al.	Dec 1999	A
6006260	Barrick, Jr. et al.	Dec 1999	A
6006264	Colby et al.	Dec 1999	A
6012083	Savitzky et al.	Jan 2000	A
6026452	Pitts	Feb 2000	A
6028857	Poor	Feb 2000	A
6029168	Frey	Feb 2000	A
6029175	Chow et al.	Feb 2000	A
6038233	Hamamoto et al.	Mar 2000	A
6041365	Kleinerman	Mar 2000	A
6044367	Wolff	Mar 2000	A
6047129	Frye	Apr 2000	A
6051169	Brown et al.	Apr 2000	A
6067558	Wendt et al.	May 2000	A
6072942	Stockwell et al.	Jun 2000	A
6078929	Rao	Jun 2000	A
6078956	Bryant et al.	Jun 2000	A
6085234	Pitts et al.	Jul 2000	A
6088694	Burns et al.	Jul 2000	A
6092196	Reiche	Jul 2000	A
6104706	Richter et al.	Aug 2000	A
6108703	Leighton et al.	Aug 2000	A
6111876	Frantz et al.	Aug 2000	A
6118784	Tsuchiya et al.	Sep 2000	A
6119234	Aziz et al.	Sep 2000	A
6128279	O'Neil et al.	Oct 2000	A
6128627	Mattis et al.	Oct 2000	A
6128657	Okanoya et al.	Oct 2000	A
6128717	Harrison et al.	Oct 2000	A
6154777	Ebrahim	Nov 2000	A
6160874	Dickerman et al.	Dec 2000	A
6161145	Bainbridge et al.	Dec 2000	A
6161185	Guthrie et al.	Dec 2000	A
6170022	Linville et al.	Jan 2001	B1
6178423	Douceur et al.	Jan 2001	B1
6181336	Chiu et al.	Jan 2001	B1
6182139	Brendel	Jan 2001	B1
6192051	Lipman et al.	Feb 2001	B1
6202156	Kalajan	Mar 2001	B1
6223206	Dan et al.	Apr 2001	B1
6233612	Fruchtman et al.	May 2001	B1
6233648	Tomita	May 2001	B1
6237008	Beal et al.	May 2001	B1
6246684	Chapman et al.	Jun 2001	B1
6253226	Chidambaran et al.	Jun 2001	B1
6253230	Couland et al.	Jun 2001	B1
6256031	Meijer et al.	Jul 2001	B1
6259405	Stewart et al.	Jul 2001	B1
6260070	Shah	Jul 2001	B1
6263368	Martin	Jul 2001	B1
6282610	Bergsten	Aug 2001	B1
6289012	Harrington et al.	Sep 2001	B1
6289345	Yasue	Sep 2001	B1
6292832	Shah et al.	Sep 2001	B1
6298380	Coile et al.	Oct 2001	B1
6304913	Rune	Oct 2001	B1
6308162	Ouimet et al.	Oct 2001	B1
6324581	Xu et al.	Nov 2001	B1
6327622	Jindal et al.	Dec 2001	B1
6330574	Murashita	Dec 2001	B1
6338082	Schneider	Jan 2002	B1
6339785	Feigenbaum	Jan 2002	B1
6343324	Hubis et al.	Jan 2002	B1
6347339	Morris et al.	Feb 2002	B1
6349343	Foody et al.	Feb 2002	B1
6353848	Morris	Mar 2002	B1
6360270	Cherkasova et al.	Mar 2002	B1
6363056	Beigi et al.	Mar 2002	B1
6367009	Davis et al.	Apr 2002	B1
6370527	Singhal	Apr 2002	B1
6374263	Bunger et al.	Apr 2002	B1
6374300	Masters	Apr 2002	B2
6389433	Bolosky et al.	May 2002	B1
6389462	Cohen et al.	May 2002	B1
6393581	Friedman et al.	May 2002	B1
6396833	Zhang et al.	May 2002	B1
6397246	Wolfe	May 2002	B1
6412004	Chen et al.	Jun 2002	B1
6430562	Kardos et al.	Aug 2002	B1
6434081	Johnson et al.	Aug 2002	B1
6438595	Blumenau et al.	Aug 2002	B1
6446108	Rosenberg et al.	Sep 2002	B1
6466580	Leung	Oct 2002	B1
6469983	Narayana et al.	Oct 2002	B2
6477544	Bolosky et al.	Nov 2002	B1
6480476	Willars	Nov 2002	B1
6484261	Wiegel	Nov 2002	B1
6487561	Ofek et al.	Nov 2002	B1
6490624	Sampson et al.	Dec 2002	B1
6493804	Soltis et al.	Dec 2002	B1
6510135	Almulhem et al.	Jan 2003	B1
6510458	Berstis et al.	Jan 2003	B1
6513061	Ebata et al.	Jan 2003	B1
6514085	Slattery et al.	Feb 2003	B2
6516350	Lumelsky et al.	Feb 2003	B1
6516351	Borr	Feb 2003	B2
6519643	Foulkes et al.	Feb 2003	B1
6542936	Mayle et al.	Apr 2003	B1
6549916	Sedlar	Apr 2003	B1
6553352	Delurgio et al.	Apr 2003	B2
6556997	Levy	Apr 2003	B1
6556998	Mukherjee et al.	Apr 2003	B1
6560230	Li et al.	May 2003	B1
6578069	Hopmann et al.	Jun 2003	B1
6580717	Higuchi et al.	Jun 2003	B1
6601084	Bhaskaran et al.	Jul 2003	B1
6601101	Lee et al.	Jul 2003	B1
6606663	Liao et al.	Aug 2003	B1
6612490	Herrendoerfer et al.	Sep 2003	B1
6615267	Whalen et al.	Sep 2003	B1
6636503	Shiran et al.	Oct 2003	B1
6636894	Short et al.	Oct 2003	B1
6650640	Muller et al.	Nov 2003	B1
6650641	Albert et al.	Nov 2003	B1
6654346	Mahalingaiah et al.	Nov 2003	B1
6654701	Hatley	Nov 2003	B2
6661802	Homberg et al.	Dec 2003	B1
6683873	Kwok et al.	Jan 2004	B1
6690669	Tsuchiya et al.	Feb 2004	B1
6691165	Bruck et al.	Feb 2004	B1
6694517	James et al.	Feb 2004	B1
6701415	Hendren, III	Mar 2004	B1
6708187	Shanumgam et al.	Mar 2004	B1
6718380	Mohaban et al.	Apr 2004	B1
6721794	Taylor et al.	Apr 2004	B2
6728704	Mao et al.	Apr 2004	B2
6738357	Richter et al.	May 2004	B1
6738790	Klein et al.	May 2004	B1
6742035	Zayas et al.	May 2004	B1
6742045	Albert et al.	May 2004	B1
6744776	Kalkunte et al.	Jun 2004	B1
6748420	Quatrano et al.	Jun 2004	B1
6751663	Farrell et al.	Jun 2004	B1
6754215	Arikawa et al.	Jun 2004	B1
6754228	Ludwig	Jun 2004	B1
6754699	Swildens et al.	Jun 2004	B2
6757706	Dong et al.	Jun 2004	B1
6760337	Snyder, II et al.	Jul 2004	B1
6760775	Anerousis et al.	Jul 2004	B1
6772219	Shobatake	Aug 2004	B1
6775672	Mahalingam et al.	Aug 2004	B2
6775673	Mahalingam et al.	Aug 2004	B2
6775679	Gupta	Aug 2004	B2
6779039	Bommareddy et al.	Aug 2004	B1
6781986	Sabaa et al.	Aug 2004	B1
6782450	Arnott et al.	Aug 2004	B2
6795860	Shah	Sep 2004	B1
6798777	Ferguson et al.	Sep 2004	B1
6801960	Ericson et al.	Oct 2004	B1
6804542	Haartsen	Oct 2004	B1
6816901	Sitaraman et al.	Nov 2004	B1
6816977	Brakmo et al.	Nov 2004	B2
6826613	Wang et al.	Nov 2004	B1
6829238	Tokuyo et al.	Dec 2004	B2
6839761	Kadyk et al.	Jan 2005	B2
6839850	Campbell et al.	Jan 2005	B1
6847959	Arrouye et al.	Jan 2005	B1
6847970	Keller et al.	Jan 2005	B2
6850997	Rooney et al.	Feb 2005	B1
6865593	Reshef et al.	Mar 2005	B1
6868082	Allen, Jr. et al.	Mar 2005	B1
6868447	Slaughter et al.	Mar 2005	B1
6871221	Styles	Mar 2005	B1
6871245	Bradley	Mar 2005	B2
6876629	Beshai et al.	Apr 2005	B2
6876654	Hegde	Apr 2005	B1
6880017	Marce et al.	Apr 2005	B1
6883137	Girardot et al.	Apr 2005	B1
6888836	Cherkasova	May 2005	B1
6889249	Miloushev et al.	May 2005	B2
6907037	Tsuchiya et al.	Jun 2005	B2
6912219	Tsuchiya et al.	Jun 2005	B2
6914881	Mansfield et al.	Jul 2005	B1
6920136	Tsuchiya et al.	Jul 2005	B2
6920137	Tsuchiya et al.	Jul 2005	B2
6920138	Tsuchiya et al.	Jul 2005	B2
6922688	Frey, Jr.	Jul 2005	B1
6928077	Tsuchiya et al.	Aug 2005	B2
6928082	Liu et al.	Aug 2005	B2
6934706	Mancuso et al.	Aug 2005	B1
6938039	Bober et al.	Aug 2005	B1
6938059	Tamer et al.	Aug 2005	B2
6947985	Hegli et al.	Sep 2005	B2
6950434	Viswanath et al.	Sep 2005	B1
6954780	Susai et al.	Oct 2005	B2
6957272	Tallegas et al.	Oct 2005	B2
6959373	Testardi	Oct 2005	B2
6959394	Brickell et al.	Oct 2005	B1
6961815	Kistler et al.	Nov 2005	B2
6970924	Chu et al.	Nov 2005	B1
6973455	Vahalia et al.	Dec 2005	B1
6973490	Robertson et al.	Dec 2005	B1
6973549	Testardi	Dec 2005	B1
6975592	Seddigh et al.	Dec 2005	B1
6985936	Agarwalla et al.	Jan 2006	B2
6985956	Luke et al.	Jan 2006	B2
6986015	Testardi	Jan 2006	B2
6986040	Kramer et al.	Jan 2006	B1
6987763	Rochberger et al.	Jan 2006	B2
6990074	Wan et al.	Jan 2006	B2
6990114	Erimli et al.	Jan 2006	B1
6990547	Ulrich et al.	Jan 2006	B2
6990667	Ulrich et al.	Jan 2006	B2
6996841	Kadyk et al.	Feb 2006	B2
7003533	Noguchi et al.	Feb 2006	B2
7003564	Greuel et al.	Feb 2006	B2
7006981	Rose et al.	Feb 2006	B2
7007092	Peiffer	Feb 2006	B2
7010553	Chen et al.	Mar 2006	B2
7013379	Testardi	Mar 2006	B1
7020644	Jameson	Mar 2006	B2
7020699	Zhang et al.	Mar 2006	B2
7023974	Brannam et al.	Apr 2006	B1
7024427	Bobbitt et al.	Apr 2006	B2
7028182	Kilicommons	Apr 2006	B1
7039061	Connor et al.	May 2006	B2
7051112	Dawson	May 2006	B2
7054998	Arnott et al.	May 2006	B2
7058633	Gnagy et al.	Jun 2006	B1
7065482	Shorey et al.	Jun 2006	B2
7072338	Tsuchiya et al.	Jul 2006	B2
7072339	Tsuchiya et al.	Jul 2006	B2
7072917	Wong et al.	Jul 2006	B2
7075924	Richter et al.	Jul 2006	B2
7076689	Atkinson	Jul 2006	B2
7080314	Garofalakis et al.	Jul 2006	B1
7088726	Hamamoto et al.	Aug 2006	B1
7089286	Malik	Aug 2006	B1
7089491	Feinberg et al.	Aug 2006	B2
7111115	Peters et al.	Sep 2006	B2
7113962	Kee et al.	Sep 2006	B1
7113993	Cappiello et al.	Sep 2006	B1
7113996	Kronenberg	Sep 2006	B2
7120128	Banks et al.	Oct 2006	B2
7120746	Campbell et al.	Oct 2006	B2
7127556	Blumenau et al.	Oct 2006	B2
7133863	Teng et al.	Nov 2006	B2
7133944	Song et al.	Nov 2006	B2
7133967	Fujie et al.	Nov 2006	B2
7139792	Mishra et al.	Nov 2006	B1
7143146	Nakatani et al.	Nov 2006	B2
7146524	Patel et al.	Dec 2006	B2
7152184	Maeda et al.	Dec 2006	B2
7155466	Rodriguez et al.	Dec 2006	B2
7158526	Higuchi et al.	Jan 2007	B2
7162529	Morishige et al.	Jan 2007	B2
7165095	Sim	Jan 2007	B2
7167821	Hardwick et al.	Jan 2007	B2
7171496	Tanaka et al.	Jan 2007	B2
7173929	Testardi	Feb 2007	B1
7185359	Schmidt et al.	Feb 2007	B2
7191163	Herrera et al.	Mar 2007	B2
7193998	Tsuchiya et al.	Mar 2007	B2
7194579	Robinson et al.	Mar 2007	B2
7209759	Billing et al.	Apr 2007	B1
7228359	Monteiro	Jun 2007	B1
7228422	Morioka et al.	Jun 2007	B2
7234074	Cohn et al.	Jun 2007	B2
7236491	Tsao et al.	Jun 2007	B2
7240100	Wein et al.	Jul 2007	B1
7248591	Hamamoto et al.	Jul 2007	B2
7251247	Hamamoto et al.	Jul 2007	B2
7280536	Testardi	Oct 2007	B2
7280971	Wimberly et al.	Oct 2007	B1
7283540	Hamamoto et al.	Oct 2007	B2
7284150	Ma et al.	Oct 2007	B2
7287082	O'Toole, Jr.	Oct 2007	B1
7292541	C S	Nov 2007	B1
7293097	Borr	Nov 2007	B2
7293099	Kalajan	Nov 2007	B1
7293133	Colgrove et al.	Nov 2007	B1
7295827	Liu et al.	Nov 2007	B2
7296263	Jacob	Nov 2007	B1
7299491	Shelest et al.	Nov 2007	B2
7305480	Oishi et al.	Dec 2007	B2
7308475	Pruitt et al.	Dec 2007	B1
7308703	Wright et al.	Dec 2007	B2
7308709	Brezak et al.	Dec 2007	B1
7310339	Powers et al.	Dec 2007	B1
7315543	Takeuchi et al.	Jan 2008	B2
7319696	Inoue et al.	Jan 2008	B2
7321926	Zhang et al.	Jan 2008	B1
7324533	DeLiberato et al.	Jan 2008	B1
7328009	Takeda et al.	Feb 2008	B2
7328281	Takeda et al.	Feb 2008	B2
7333999	Njemanze	Feb 2008	B1
7343398	Lownsbrough	Mar 2008	B1
7343413	Gilde et al.	Mar 2008	B2
7346664	Wong et al.	Mar 2008	B2
7349391	Ben-Dor et al.	Mar 2008	B2
7383288	Miloushev et al.	Jun 2008	B2
7383570	Pinkas et al.	Jun 2008	B2
7385989	Higuchi et al.	Jun 2008	B2
7394804	Miyata et al.	Jul 2008	B2
7398552	Pardee et al.	Jul 2008	B2
7400645	Tsuchiya et al.	Jul 2008	B2
7400646	Tsuchiya et al.	Jul 2008	B2
7401220	Bolosky et al.	Jul 2008	B2
7403520	Tsuchiya et al.	Jul 2008	B2
7406484	Srinivasan et al.	Jul 2008	B1
7409440	Jacob	Aug 2008	B1
7415488	Muth et al.	Aug 2008	B1
7415608	Bolosky et al.	Aug 2008	B2
7433962	Janssen et al.	Oct 2008	B2
7437478	Yokota et al.	Oct 2008	B2
7440982	Lu et al.	Oct 2008	B2
7441429	Nucci et al.	Oct 2008	B1
7454480	Labio et al.	Nov 2008	B2
7457982	Rajan	Nov 2008	B2
7467158	Marinescu	Dec 2008	B2
7475241	Patel et al.	Jan 2009	B2
7477796	Sasaki et al.	Jan 2009	B2
7490162	Masters	Feb 2009	B1
7500243	Huetsch et al.	Mar 2009	B2
7500269	Huotari et al.	Mar 2009	B2
7505795	Lim et al.	Mar 2009	B1
7509322	Miloushev et al.	Mar 2009	B2
7512673	Miloushev et al.	Mar 2009	B2
7516492	Nisbet et al.	Apr 2009	B1
7519813	Cox et al.	Apr 2009	B1
7522581	Acharya et al.	Apr 2009	B2
7526541	Roese et al.	Apr 2009	B2
7558197	Sindhu et al.	Jul 2009	B1
7562110	Miloushev et al.	Jul 2009	B2
7571168	Bahar et al.	Aug 2009	B2
7574433	Engel	Aug 2009	B2
7577141	Kamata et al.	Aug 2009	B2
7577723	Matsuda et al.	Aug 2009	B2
7580971	Gollapudi et al.	Aug 2009	B1
7587471	Yasuda et al.	Sep 2009	B2
7590732	Rune	Sep 2009	B2
7590747	Coates et al.	Sep 2009	B2
7599941	Bahar et al.	Oct 2009	B2
7610307	Havewala et al.	Oct 2009	B2
7610390	Yared et al.	Oct 2009	B2
7620733	Tzakikario et al.	Nov 2009	B1
7624109	Testardi	Nov 2009	B2
7624424	Morita et al.	Nov 2009	B2
7639883	Gill	Dec 2009	B2
7644109	Manley et al.	Jan 2010	B2
7644137	Bozak et al.	Jan 2010	B2
7653077	Hamamoto et al.	Jan 2010	B2
7653699	Colgrove et al.	Jan 2010	B1
7668166	Rekhter et al.	Feb 2010	B1
7689596	Tsunoda	Mar 2010	B2
7689710	Tang et al.	Mar 2010	B2
7694082	Golding et al.	Apr 2010	B2
7701952	Higuchi et al.	Apr 2010	B2
7711771	Kirnos	May 2010	B2
7724657	Rao et al.	May 2010	B2
7725093	Sengupta et al.	May 2010	B2
7734603	McManis	Jun 2010	B1
7743035	Chen et al.	Jun 2010	B2
7746863	Tsuchiya et al.	Jun 2010	B2
7752294	Meyer et al.	Jul 2010	B2
7761597	Takeda et al.	Jul 2010	B2
7769711	Srinivasan et al.	Aug 2010	B2
7778187	Chaturvedi et al.	Aug 2010	B2
7788335	Miloushev et al.	Aug 2010	B2
7788408	Takeda et al.	Aug 2010	B2
7801978	Susai et al.	Sep 2010	B1
7808913	Ansari et al.	Oct 2010	B2
7822939	Veprinsky et al.	Oct 2010	B1
7831639	Panchbudhe et al.	Nov 2010	B1
7831662	Clark et al.	Nov 2010	B2
7849112	Mane et al.	Dec 2010	B2
7870154	Shitomi et al.	Jan 2011	B2
7877511	Berger et al.	Jan 2011	B1
7885970	Lacapra	Feb 2011	B2
7908245	Nakano et al.	Mar 2011	B2
7908314	Yamaguchi et al.	Mar 2011	B2
7913053	Newland	Mar 2011	B1
7921211	Larson et al.	Apr 2011	B2
7925908	Kim	Apr 2011	B2
7930365	Dixit et al.	Apr 2011	B2
7933946	Livshits et al.	Apr 2011	B2
7941517	Migault et al.	May 2011	B2
7941563	Takeda et al.	May 2011	B2
7945908	Waldspurger et al.	May 2011	B1
7953701	Okitsu et al.	May 2011	B2
7957405	Higuchi et al.	Jun 2011	B2
7958347	Ferguson	Jun 2011	B1
7965724	Hamamoto et al.	Jun 2011	B2
7984141	Gupta et al.	Jul 2011	B2
8005953	Miloushev et al.	Aug 2011	B2
8031716	Tsuchiya et al.	Oct 2011	B2
8069225	McCann et al.	Nov 2011	B2
8103781	Wu et al.	Jan 2012	B1
8107471	Nakamura et al.	Jan 2012	B2
8130650	Allen, Jr. et al.	Mar 2012	B2
8131863	Takeda et al.	Mar 2012	B2
8189567	Kavanagh et al.	May 2012	B2
8199757	Pani et al.	Jun 2012	B2
8205246	Shatzkamer et al.	Jun 2012	B2
8239954	Wobber et al.	Aug 2012	B2
8266427	Thubert et al.	Sep 2012	B2
8274895	Rahman et al.	Sep 2012	B2
8281383	Levy-Abegnoli et al.	Oct 2012	B2
8289968	Zhuang	Oct 2012	B1
8321908	Gai et al.	Nov 2012	B2
8351333	Rao et al.	Jan 2013	B2
8379640	Ichihashi et al.	Feb 2013	B2
8380854	Szabo	Feb 2013	B2
8417817	Jacobs	Apr 2013	B1
8437345	Takeda et al.	May 2013	B2
8447871	Szabo	May 2013	B1
8447970	Klein et al.	May 2013	B2
8464265	Worley	Jun 2013	B2
8468267	Yigang	Jun 2013	B2
8477804	Yoshimoto et al.	Jul 2013	B2
8488465	Solis et al.	Jul 2013	B2
8494485	Broch	Jul 2013	B1
8539224	Henderson et al.	Sep 2013	B2
8566474	Kanode et al.	Oct 2013	B2
8578050	Craig et al.	Nov 2013	B2
8582599	Hamamoto et al.	Nov 2013	B2
8594108	Tsuchiya et al.	Nov 2013	B2
8601161	Takeda et al.	Dec 2013	B2
8606921	Vasquez et al.	Dec 2013	B2
8615022	Harrison et al.	Dec 2013	B2
8646067	Agarwal et al.	Feb 2014	B2
8665868	Kay	Mar 2014	B2
8665969	Kay	Mar 2014	B2
8701179	Penno et al.	Apr 2014	B1
8725836	Lowery et al.	May 2014	B2
8726336	Narayanaswamy et al.	May 2014	B2
8726338	Narayanaswamy et al.	May 2014	B2
8737304	Karuturi et al.	May 2014	B2
8788665	Glide et al.	Jul 2014	B2
8804504	Chen	Aug 2014	B1
8819109	Krishnamurthy et al.	Aug 2014	B1
8819419	Carlson et al.	Aug 2014	B2
8819768	Koeten et al.	Aug 2014	B1
8830874	Cho et al.	Sep 2014	B2
8873753	Parker	Oct 2014	B2
8875274	Montemurro et al.	Oct 2014	B2
8886981	Baumann et al.	Nov 2014	B1
8908545	Chen et al.	Dec 2014	B1
8954080	Janakiriman et al.	Feb 2015	B2
9037166	de Wit et al.	May 2015	B2
9077554	Szabo	Jul 2015	B1
9083760	Hughes et al.	Jul 2015	B1
9088525	Takeda et al.	Jul 2015	B2
9106699	Thornewell et al.	Aug 2015	B2
9641344	Kim	May 2017	B1
20010007560	Masuda et al.	Jul 2001	A1
20010009554	Katseff et al.	Jul 2001	A1
20010014891	Hoffert et al.	Aug 2001	A1
20010023442	Masters	Sep 2001	A1
20010047293	Waller et al.	Nov 2001	A1
20010051955	Wong	Dec 2001	A1
20020010783	Primak et al.	Jan 2002	A1
20020012352	Hansson et al.	Jan 2002	A1
20020032777	Kawata et al.	Mar 2002	A1
20020035537	Waller et al.	Mar 2002	A1
20020038360	Andrews et al.	Mar 2002	A1
20020049842	Huetsch et al.	Apr 2002	A1
20020059263	Shima et al.	May 2002	A1
20020059428	Susai et al.	May 2002	A1
20020065810	Bradley	May 2002	A1
20020065848	Walker et al.	May 2002	A1
20020073105	Noguchi et al.	Jun 2002	A1
20020083067	Tamayo et al.	Jun 2002	A1
20020083118	Sim	Jun 2002	A1
20020087571	Stapel et al.	Jul 2002	A1
20020087744	Kitchin	Jul 2002	A1
20020087887	Busam et al.	Jul 2002	A1
20020099829	Richards et al.	Jul 2002	A1
20020103823	Jackson et al.	Aug 2002	A1
20020103916	Chen et al.	Aug 2002	A1
20020112061	Shih et al.	Aug 2002	A1
20020133330	Loisey et al.	Sep 2002	A1
20020133491	Sim et al.	Sep 2002	A1
20020138615	Schmeling	Sep 2002	A1
20020143819	Han et al.	Oct 2002	A1
20020143909	Botz et al.	Oct 2002	A1
20020147630	Rose et al.	Oct 2002	A1
20020150253	Brezak et al.	Oct 2002	A1
20020156905	Weissman	Oct 2002	A1
20020160161	Misuda	Oct 2002	A1
20020161911	Pinckney, III et al.	Oct 2002	A1
20020161913	Gonzalez et al.	Oct 2002	A1
20020162118	Levy et al.	Oct 2002	A1
20020174216	Shorey et al.	Nov 2002	A1
20020188667	Kirnos	Dec 2002	A1
20020194112	dePinto et al.	Dec 2002	A1
20020194342	Lu et al.	Dec 2002	A1
20020198956	Dunshea et al.	Dec 2002	A1
20020198993	Cudd et al.	Dec 2002	A1
20030005172	Chessell	Jan 2003	A1
20030009429	Jameson	Jan 2003	A1
20030009528	Sharif et al.	Jan 2003	A1
20030012382	Ferchichi et al.	Jan 2003	A1
20030018450	Carley	Jan 2003	A1
20030018585	Butler et al.	Jan 2003	A1
20030028514	Lord et al.	Feb 2003	A1
20030033308	Patel et al.	Feb 2003	A1
20030033535	Fisher et al.	Feb 2003	A1
20030037070	Marston	Feb 2003	A1
20030046291	Fascenda	Mar 2003	A1
20030055723	English	Mar 2003	A1
20030061240	McCann et al.	Mar 2003	A1
20030065951	Igeta et al.	Apr 2003	A1
20030065956	Belapurkar et al.	Apr 2003	A1
20030067923	Ju et al.	Apr 2003	A1
20030069918	Lu et al.	Apr 2003	A1
20030069974	Lu et al.	Apr 2003	A1
20030070069	Belapurkar et al.	Apr 2003	A1
20030074301	Solomon	Apr 2003	A1
20030074434	Jason et al.	Apr 2003	A1
20030086415	Bernhard et al.	May 2003	A1
20030105846	Zhao et al.	Jun 2003	A1
20030105983	Brakimo et al.	Jun 2003	A1
20030108052	Inoue et al.	Jun 2003	A1
20030115218	Bobbitt et al.	Jun 2003	A1
20030115439	Mahalingam et al.	Jun 2003	A1
20030128708	Inoue et al.	Jul 2003	A1
20030130945	Force et al.	Jul 2003	A1
20030139934	Mandera	Jul 2003	A1
20030140140	Lahtinen	Jul 2003	A1
20030145062	Sharma et al.	Jul 2003	A1
20030145233	Poletto et al.	Jul 2003	A1
20030149781	Yared et al.	Aug 2003	A1
20030156586	Lee et al.	Aug 2003	A1
20030159072	Bellinger et al.	Aug 2003	A1
20030163576	Janssen et al.	Aug 2003	A1
20030171978	Jenkins et al.	Sep 2003	A1
20030177364	Walsh et al.	Sep 2003	A1
20030177388	Botz et al.	Sep 2003	A1
20030179755	Fraser	Sep 2003	A1
20030191812	Agarwalla et al.	Oct 2003	A1
20030195813	Pallister et al.	Oct 2003	A1
20030204635	Ko et al.	Oct 2003	A1
20030212954	Patrudu	Nov 2003	A1
20030220835	Barnes, Jr.	Nov 2003	A1
20030221000	Cherkasova et al.	Nov 2003	A1
20030225485	Fritz et al.	Dec 2003	A1
20030229665	Ryman	Dec 2003	A1
20030236995	Fretwell, Jr.	Dec 2003	A1
20040003266	Moshir et al.	Jan 2004	A1
20040003287	Zissimopoulos et al.	Jan 2004	A1
20040006575	Visharam et al.	Jan 2004	A1
20040006591	Matsui et al.	Jan 2004	A1
20040010654	Yasuda et al.	Jan 2004	A1
20040015783	Lennon et al.	Jan 2004	A1
20040017825	Stanwood et al.	Jan 2004	A1
20040025013	Parker et al.	Feb 2004	A1
20040028043	Maveli et al.	Feb 2004	A1
20040028063	Roy et al.	Feb 2004	A1
20040030627	Sedukhin	Feb 2004	A1
20040030740	Stelting	Feb 2004	A1
20040030857	Krakirian et al.	Feb 2004	A1
20040043758	Sorvari et al.	Mar 2004	A1
20040054777	Ackaouy et al.	Mar 2004	A1
20040059789	Shum	Mar 2004	A1
20040064544	Barsness et al.	Apr 2004	A1
20040064554	Kuno et al.	Apr 2004	A1
20040072569	Omae et al.	Apr 2004	A1
20040093474	Lin et al.	May 2004	A1
20040098383	Tabellion et al.	May 2004	A1
20040103283	Hornak	May 2004	A1
20040111523	Hall et al.	Jun 2004	A1
20040111621	Himberger et al.	Jun 2004	A1
20040117493	Bazot et al.	Jun 2004	A1
20040122926	Moore et al.	Jun 2004	A1
20040123277	Schrader et al.	Jun 2004	A1
20040133605	Chang et al.	Jul 2004	A1
20040133606	Miloushev et al.	Jul 2004	A1
20040138858	Carley	Jul 2004	A1
20040139355	Axel et al.	Jul 2004	A1
20040148380	Meyer et al.	Jul 2004	A1
20040141185	Akama	Aug 2004	A1
20040151186	Akama	Aug 2004	A1
20040153479	Mikesell et al.	Aug 2004	A1
20040167967	Bastian et al.	Aug 2004	A1
20040181605	Nakatani et al.	Sep 2004	A1
20040192312	Li et al.	Sep 2004	A1
20040199547	Winter et al.	Oct 2004	A1
20040213156	Smallwood et al.	Oct 2004	A1
20040215665	Edgar et al.	Oct 2004	A1
20040236798	Srinivasan et al.	Nov 2004	A1
20040236826	Harville et al.	Nov 2004	A1
20040264472	Oliver et al.	Dec 2004	A1
20040264481	Darling et al.	Dec 2004	A1
20040267920	Hydrie et al.	Dec 2004	A1
20040267948	Oliver et al.	Dec 2004	A1
20040268358	Darling et al.	Dec 2004	A1
20050004887	Igakura et al.	Jan 2005	A1
20050021615	Arnott et al.	Jan 2005	A1
20050021703	Cherry et al.	Jan 2005	A1
20050021736	Carusi et al.	Jan 2005	A1
20050027841	Rolfe	Feb 2005	A1
20050027869	Johnson	Feb 2005	A1
20050028010	Wallman	Feb 2005	A1
20050044158	Malik	Feb 2005	A1
20050044213	Kobayashi et al.	Feb 2005	A1
20050050107	Mane et al.	Mar 2005	A1
20050052440	Kim et al.	Mar 2005	A1
20050055435	Gbadegesin et al.	Mar 2005	A1
20050078604	Yim	Apr 2005	A1
20050091214	Probert et al.	Apr 2005	A1
20050108575	Yung	May 2005	A1
20050114291	Becker-Szendy et al.	May 2005	A1
20050114701	Atkins et al.	May 2005	A1
20050117589	Douady et al.	Jun 2005	A1
20050122977	Lieberman	Jun 2005	A1
20050125195	Brendel	Jun 2005	A1
20050154837	Keohane et al.	Jul 2005	A1
20050165656	Frederick et al.	Jul 2005	A1
20050175013	Le Pennec et al.	Aug 2005	A1
20050187866	Lee	Aug 2005	A1
20050187934	Motsinger et al.	Aug 2005	A1
20050188220	Nilsson et al.	Aug 2005	A1
20050188423	Motsinger et al.	Aug 2005	A1
20050189501	Sato et al.	Sep 2005	A1
20050198234	Leib et al.	Sep 2005	A1
20050198310	Kim et al.	Sep 2005	A1
20050213587	Cho et al.	Sep 2005	A1
20050234928	Shkvarchuk et al.	Oct 2005	A1
20050240664	Chen et al.	Oct 2005	A1
20050246393	Coates et al.	Nov 2005	A1
20050256806	Tien et al.	Nov 2005	A1
20050262238	Reeves et al.	Nov 2005	A1
20050277430	Meisi	Dec 2005	A1
20050289109	Arrouye et al.	Dec 2005	A1
20050289111	Tribble et al.	Dec 2005	A1
20060010502	Mimatsu et al.	Jan 2006	A1
20060031374	Lu et al.	Feb 2006	A1
20060031520	Bedekar et al.	Feb 2006	A1
20060045096	Farmer et al.	Mar 2006	A1
20060047785	Wang et al.	Mar 2006	A1
20060059267	Cugi et al.	Mar 2006	A1
20060075475	Boulos et al.	Apr 2006	A1
20060077902	Kannan et al.	Apr 2006	A1
20060080353	Miloushev et al.	Apr 2006	A1
20060095573	Carle	May 2006	A1
20060106882	Douceur et al.	May 2006	A1
20060112151	Manley et al.	May 2006	A1
20060112176	Liu et al.	May 2006	A1
20060112272	Morioka et al.	May 2006	A1
20060112367	Harris	May 2006	A1
20060123062	Bobbitt et al.	Jun 2006	A1
20060129684	Datta	Jun 2006	A1
20060135198	Lee	Jun 2006	A1
20060140193	Kakani et al.	Jun 2006	A1
20060153201	Hepper et al.	Jul 2006	A1
20060156416	Huotari et al.	Jul 2006	A1
20060161577	Kulkarni et al.	Jul 2006	A1
20060167838	Lacapra	Jul 2006	A1
20060171365	Borella	Aug 2006	A1
20060179261	Rajan	Aug 2006	A1
20060184589	Lees et al.	Aug 2006	A1
20060190496	Tsunoda	Aug 2006	A1
20060200470	Lacapra et al.	Sep 2006	A1
20060209853	Hidaka et al.	Sep 2006	A1
20060212746	Amegadzie et al.	Sep 2006	A1
20060224687	Popkin et al.	Oct 2006	A1
20060230148	Forecast et al.	Oct 2006	A1
20060230265	Krishna	Oct 2006	A1
20060233106	Achlioptas et al.	Oct 2006	A1
20060242179	Chen et al.	Oct 2006	A1
20060242300	Yumoto et al.	Oct 2006	A1
20060259320	LaSalle et al.	Nov 2006	A1
20060259949	Schaefer et al.	Nov 2006	A1
20060268692	Wright et al.	Nov 2006	A1
20060271598	Wong et al.	Nov 2006	A1
20060277225	Mark et al.	Dec 2006	A1
20060282442	Lennon et al.	Dec 2006	A1
20060282461	Marinescu	Dec 2006	A1
20060282471	Mark et al.	Dec 2006	A1
20060288413	Kubota	Dec 2006	A1
20070005807	Wong	Jan 2007	A1
20070006293	Balakrishnan et al.	Jan 2007	A1
20070016613	Foresti et al.	Jan 2007	A1
20070016662	Desai et al.	Jan 2007	A1
20070024919	Wong et al.	Feb 2007	A1
20070027929	Whelan	Feb 2007	A1
20070027935	Haselton et al.	Feb 2007	A1
20070028068	Golding et al.	Feb 2007	A1
20070058670	Konduru et al.	Mar 2007	A1
20070064661	Sood et al.	Mar 2007	A1
20070083646	Miller et al.	Apr 2007	A1
20070088702	Fridella et al.	Apr 2007	A1
20070088822	Coile et al.	Apr 2007	A1
20070106796	Kudo et al.	May 2007	A1
20070107048	Halls et al.	May 2007	A1
20070118879	Yeun	May 2007	A1
20070124502	Li	May 2007	A1
20070124806	Shulman et al.	May 2007	A1
20070130255	Wolovitz et al.	Jun 2007	A1
20070136308	Tsirigotis et al.	Jun 2007	A1
20070136312	Shulman et al.	Jun 2007	A1
20070162891	Burner et al.	Jul 2007	A1
20070168320	Borthakur et al.	Jul 2007	A1
20070174491	Still et al.	Jul 2007	A1
20070208748	Li	Sep 2007	A1
20070209075	Coffman	Sep 2007	A1
20070214503	Shulman et al.	Sep 2007	A1
20070220598	Salowey et al.	Sep 2007	A1
20070226331	Srinivasan et al.	Sep 2007	A1
20070233809	Brownell et al.	Oct 2007	A1
20070233826	Tindal et al.	Oct 2007	A1
20070297410	Yoon et al.	Dec 2007	A1
20070297551	Choi	Dec 2007	A1
20080004022	Johannesson et al.	Jan 2008	A1
20080010372	Khedouri et al.	Jan 2008	A1
20080022059	Zimmerer et al.	Jan 2008	A1
20080025297	Kashyap	Jan 2008	A1
20080034136	Ulenas	Feb 2008	A1
20080046432	Anderson et al.	Feb 2008	A1
20080070575	Claussen et al.	Mar 2008	A1
20080072303	Syed	Mar 2008	A1
20080104443	Akutsu et al.	May 2008	A1
20080120370	Chan et al.	May 2008	A1
20080133518	Kapoor et al.	Jun 2008	A1
20080134311	Medvinsky et al.	Jun 2008	A1
20080137659	Levy-Abegnoli et al.	Jun 2008	A1
20080148340	Powell et al.	Jun 2008	A1
20080159145	Muthukrishnan et al.	Jul 2008	A1
20080178278	Grinstein et al.	Jul 2008	A1
20080201599	Ferraiolo et al.	Aug 2008	A1
20080205415	Morales	Aug 2008	A1
20080205613	Lopez	Aug 2008	A1
20080208933	Lyon	Aug 2008	A1
20080209073	Tang	Aug 2008	A1
20080222223	Srinivasan et al.	Sep 2008	A1
20080222646	Sigal et al.	Sep 2008	A1
20080225710	Raja et al.	Sep 2008	A1
20080229415	Kapoor et al.	Sep 2008	A1
20080243769	Arbour et al.	Oct 2008	A1
20080253395	Pandya	Oct 2008	A1
20080256224	Kaji et al.	Oct 2008	A1
20080270578	Zhang et al.	Oct 2008	A1
20080271132	Jokela et al.	Oct 2008	A1
20080275843	Lal	Nov 2008	A1
20080282047	Arakawa et al.	Nov 2008	A1
20080288661	Galles	Nov 2008	A1
20080301760	Lim	Dec 2008	A1
20080304457	Thubert et al.	Dec 2008	A1
20080320093	Thorne	Dec 2008	A1
20090007162	Sheehan	Jan 2009	A1
20090028337	Balabine et al.	Jan 2009	A1
20090037975	Ishikawa et al.	Feb 2009	A1
20090041230	Williams	Feb 2009	A1
20090049230	Pandya	Feb 2009	A1
20090055607	Schack et al.	Feb 2009	A1
20090070617	Arimilli et al.	Mar 2009	A1
20090077097	Lacapra et al.	Mar 2009	A1
20090077619	Boyce	Mar 2009	A1
20090089344	Brown et al.	Apr 2009	A1
20090094252	Wong et al.	Apr 2009	A1
20090094610	Sukirya	Apr 2009	A1
20090100518	Overcash	Apr 2009	A1
20090103524	Mantripragada	Apr 2009	A1
20090106255	Lacapra et al.	Apr 2009	A1
20090106263	Khalid et al.	Apr 2009	A1
20090119504	van Os et al.	May 2009	A1
20090125496	Wexler et al.	May 2009	A1
20090125532	Wexler et al.	May 2009	A1
20090125625	Shim et al.	May 2009	A1
20090125955	DeLorme	May 2009	A1
20090132616	Winter et al.	May 2009	A1
20090138749	Moll et al.	May 2009	A1
20090141891	Boyen et al.	Jun 2009	A1
20090187649	Migault et al.	Jul 2009	A1
20090193115	Sugita	Jul 2009	A1
20090196282	Fellman et al.	Aug 2009	A1
20090204649	Wong et al.	Aug 2009	A1
20090204650	Wong et al.	Aug 2009	A1
20090204705	Marinov et al.	Aug 2009	A1
20090210431	Marinkovic et al.	Aug 2009	A1
20090228956	He et al.	Sep 2009	A1
20090254592	Marinov et al.	Oct 2009	A1
20090265396	Ram et al.	Oct 2009	A1
20090271865	Jiang	Oct 2009	A1
20090287935	Aull et al.	Nov 2009	A1
20090296624	Ryu et al.	Dec 2009	A1
20090300161	Pruitt et al.	Dec 2009	A1
20090300407	Kamath et al.	Dec 2009	A1
20100011434	Kay	Jan 2010	A1
20100017846	Huang et al.	Jan 2010	A1
20100023582	Pedersen et al.	Jan 2010	A1
20100034381	Trace et al.	Feb 2010	A1
20100036959	Trace et al.	Feb 2010	A1
20100061380	Barach et al.	Mar 2010	A1
20100064001	Daily	Mar 2010	A1
20100071048	Novak et al.	Mar 2010	A1
20100077462	Joffe et al.	Mar 2010	A1
20100115236	Bataineh et al.	May 2010	A1
20100122091	Huang et al.	May 2010	A1
20100142382	Jungck et al.	Jun 2010	A1
20100150154	Viger et al.	Jun 2010	A1
20100161774	Huang et al.	Jun 2010	A1
20100165877	Shukla et al.	Jul 2010	A1
20100179984	Sebastian	Jul 2010	A1
20100211547	Kamei et al.	Aug 2010	A1
20100217890	Nice et al.	Aug 2010	A1
20100228813	Suzuki et al.	Sep 2010	A1
20100242092	Harris et al.	Sep 2010	A1
20100251330	Kroeselberg et al.	Sep 2010	A1
20100274885	Yoo et al.	Oct 2010	A1
20100322250	Shetty et al.	Dec 2010	A1
20100325264	Crowder et al.	Dec 2010	A1
20100325277	Muthiah et al.	Dec 2010	A1
20110038377	Haddad	Feb 2011	A1
20110040889	Garrett et al.	Feb 2011	A1
20110047620	Mahaffey et al.	Feb 2011	A1
20110055921	Narayanaswamy et al.	Mar 2011	A1
20110066718	Susai et al.	Mar 2011	A1
20110066736	Mitchell et al.	Mar 2011	A1
20110087696	Lacapra	Apr 2011	A1
20110153822	Rajan et al.	Jun 2011	A1
20110154132	Aybay	Jun 2011	A1
20110154443	Thakur et al.	Jun 2011	A1
20110173295	Bakke et al.	Jul 2011	A1
20110184733	Yu et al.	Jul 2011	A1
20110208714	Soukal et al.	Aug 2011	A1
20110211553	Haddad	Sep 2011	A1
20110246800	Accpadi et al.	Oct 2011	A1
20110273984	Hsu et al.	Nov 2011	A1
20110282997	Prince et al.	Nov 2011	A1
20110283018	Levine et al.	Nov 2011	A1
20110292857	Sarikaya et al.	Dec 2011	A1
20110295924	Morris	Dec 2011	A1
20110307629	Haddad	Dec 2011	A1
20110321122	Mwangi et al.	Dec 2011	A1
20120005372	Sarikaya et al.	Jan 2012	A1
20120016994	Nakamura et al.	Jan 2012	A1
20120039341	Latif et al.	Feb 2012	A1
20120041965	Vasquez et al.	Feb 2012	A1
20120047571	Duncan et al.	Feb 2012	A1
20120054497	Korhonen	Mar 2012	A1
20120059934	Rafiq et al.	Mar 2012	A1
20120063314	Pignataro et al.	Mar 2012	A1
20120066489	Ozaki et al.	Mar 2012	A1
20120071131	Zisapel et al.	Mar 2012	A1
20120101952	Raleigh et al.	Apr 2012	A1
20120110210	Huang et al.	May 2012	A1
20120117379	Thornewell et al.	May 2012	A1
20120173873	Bell	Jul 2012	A1
20120174217	Ormazabal	Jul 2012	A1
20120191847	Nas et al.	Jul 2012	A1
20120215704	Simpson et al.	Aug 2012	A1
20120259998	Kaufman	Oct 2012	A1
20120284296	Arifuddin et al.	Nov 2012	A1
20120311153	Morgan	Dec 2012	A1
20120317266	Abbott	Dec 2012	A1
20130007870	Devarajan et al.	Jan 2013	A1
20130029726	Berionne et al.	Jan 2013	A1
20130091002	Christie et al.	Apr 2013	A1
20130100815	Kakadia et al.	Apr 2013	A1
20130103805	Lyon	Apr 2013	A1
20130104230	Tang et al.	Apr 2013	A1
20130110939	Yang et al.	May 2013	A1
20130120168	Kumar et al.	May 2013	A1
20130151725	Baginski et al.	Jun 2013	A1
20130166715	Yuan et al.	Jun 2013	A1
20130198322	Oran et al.	Aug 2013	A1
20130201999	Savolainen et al.	Aug 2013	A1
20130205035	Chen	Aug 2013	A1
20130205040	Naor et al.	Aug 2013	A1
20130263259	Huston, III et al.	Oct 2013	A1
20130335010	Wu et al.	Dec 2013	A1
20130336122	Barush et al.	Dec 2013	A1
20130340079	Gottlieb	Dec 2013	A1
20140025823	Szabo et al.	Jan 2014	A1
20140040478	Hsu et al.	Feb 2014	A1
20140095661	Knowles et al.	Apr 2014	A1
20140269484	Dankberg et al.	Sep 2014	A1
20140317404	Carlson et al.	Oct 2014	A1
20150089215	Hattori	Mar 2015	A1
20160112406	Bugrov	Apr 2016	A1
20170041151	Kommireddy	Feb 2017	A1

Foreign Referenced Citations (43)

Number	Date	Country
2003300350	Jul 2004	AU
2080530	Apr 1994	CA
2512312	Jul 2004	CA
0 605 088	Jul 1994	EP
0 738 970	Oct 1996	EP
0744850	Nov 1996	EP
1 081 918	Mar 2001	EP
2 244 418	Oct 2010	EP
2 448 071	Oct 2008	GB
63010250	Jan 1988	JP
06-205006	Jul 1994	JP
06-332782	Dec 1994	JP
8021924	Mar 1996	JP
08-328760	Dec 1996	JP
08-339355	Dec 1996	JP
9016510	Jan 1997	JP
11282741	Oct 1999	JP
2000183935	Jun 2000	JP
2005-010913	Jan 2005	JP
2008-257738	Oct 2008	JP
2009-124113	Jun 2009	JP
2011-188071	Sep 2011	JP
2011-238263	Nov 2011	JP
566291	Dec 2008	NZ
WO 9114326	Sep 1991	WO
WO 9505712	Feb 1995	WO
WO 9709805	Mar 1997	WO
WO 9745800	Dec 1997	WO
WO 9905829	Feb 1999	WO
WO 9906913	Feb 1999	WO
WO 9910858	Mar 1999	WO
WO 9939373	Aug 1999	WO
WO 9964967	Dec 1999	WO
WO 0004422	Jan 2000	WO
WO 0004458	Jan 2000	WO
WO 0058870	Oct 2000	WO
WO 0239696	May 2002	WO
WO 02056181	Jul 2002	WO
WO 2004061605	Jul 2004	WO
WO 2006091040	Aug 2006	WO
WO 2009052668	Oct 2007	WO
WO 2008130983	Oct 2008	WO
WO 2008147973	Dec 2008	WO

Non-Patent Literature Citations (192)

Entry
Big-IP® Access Policy Manager®: Implementations, Version 12.0, F5 Networks, Inc., 2015, pp. 1-108.
Who is Xelerance,<http://www.xelerance.com>, slides 1-6 (2007).
“A Process for Selective Routing of Servlet Content to Transcoding Modules,” Research Disclosure 422124, Jun. 1999, pp. 889-890, IBM Corporation.
“A Storage Architecture Guide,” Second Edition, 2001, Auspex Systems, Inc., www.auspex.com, last accessed on Dec. 30, 2002.
“BIG-IP® Global Traffic Manager,” <http://www.f5.com/products/big-ip/product-modules/global-traffic-manager.html>, last accessed Jul. 6, 2010, 2 pages.
“BIG-IP® Global Traffic Manager™ and BIG-IP Link Controller™ : Implementations,” Manual 0304-00, Dec. 3, 2009, pp. 1-161, version 10.1, F5 Networks, Inc.
“BIG-IP® Systems: Getting Started Guide,” Manual 0300-00, Feb. 4, 2010, pp. 1-102, version 10.1, F5 Networks, Inc.
“CSA Persistent File System Technology,” A White Paper, Jan. 1, 1999, p. 1-3, http://www.cosoa.com/white_papers/pfs.php, Colorado Software Architecture, Inc.
“Detail Requirement Report: RQ-GTM-0000024,” <http://fpweb/fptopic.asp?REQ=RQ-GTM-0000024>, F5 Networks, Inc., 1999, printed Mar. 31, 2010, 2 pages.
“Detail Requirement Report: RQ-GTM-0000028,” <http://fpweb/fptopic.asp?REQ=RQ-GTM-0000028>, F5 Networks, Inc., 1999, printed Mar. 31, 2010, 2 pages.
“Diameter MBLB Support Phase 2: Generic Message Based Load Balancing (GMBLB)”, last accessed Mar. 29, 2010, pp. 1-10, (http://peterpan.f5net.com/twiki/bin/view/TMOS/TMOSDiameterMBLB).
“Distributed File System: A Logical View of Physical Storage: White Paper,” 1999, Microsoft Corp., www.microsoft.com, <http://www.eu.microsoft.com/TechNet/prodtechnol/windows2000serv/maintain/DFSnt95>, pp. 1-26, last accessed on Dec. 20, 2002.
“DNS DDOS Protection Functional Spec,” BigipDNSDDOSProtectionFS<TMO<TWiki, last accessed Mar. 31, 2010, 2 pages.
“DNS Security (DNSSEC) Solutions,” <http://www.f5.com/solutions/security/dnssec>, F5 Networks, Inc., printed Aug. 23, 2010, pp. 1-4.
“DNSSEC Functional Spec,” TMOSDnsSECFS<TMOS<TWiki, last accessed on Mar. 31, 2010, pp. 1-10.
“DNSX; DNSX Secure Signer; DNSSEC Management Solution,” <http://www.xelerance.com/dnssec>.pp. 1-9, Aug. 2009.
“F5 and Infoblox Provide Customers with Complete DNS Security Solution,” <http://www.f5.com/news-press-events/press/2010/20100301.html>, Mar. 1, 2010, 2 pages, F5 Networks, Inc., Seattle and Santa Clara, California.
“F5 Solutions Enable Government Organizations to Meet 2009 DNSSEC Compliance,” .<http://www.f5.com/news-press-events/press/2009/20091207.html>, Dec. 7, 2009, 2 pages, F5 Networks, Inc., Seattle, California.
“Market Research & Releases, CMPP PoC documentation”, last accessed Mar. 29, 2010, (http://mainstreet/sites/PD/Teams/ProdMgmt/MarketResearch/Universal).
“Market Research & Releases, Solstice Diameter Requirements”, last accessed Mar. 29, 2010, (http.//mainstreet/sites/PD/Teams/ProdMgmt/MarketResearch/Unisversal).
“NERSC Tutorials: I/O on the Cray T3E, ‘Chapter 8, Disk Striping’,” National Energy Research Scientific Computing Center (NERSC), http://hpcfnersc.gov, last accessed on Dec. 27, 2002.
“PDR/CDR for RQ-GTM-0000028,” BigipDNSDDOSProtectionPDR<TMOS<TWiki, last accessed on Mar. 31, 2010, pp. 1-14.
“Respond to Server Depending on TCP::Client_Port”, DevCentral Forums iRules, pp. 1-6, last accessed Mar. 26, 2010, (http://devcentral.f5.com/Default/aspx?tabid=53&forumid=5&tpage=1&v).
“Scaling Next Generation Web Infrastructure with Content-Intelligent Switching: White Paper,” Apr. 2000, p. 1-9 Alteon Web Systems, Inc.
“Secure64 DNS Signer”, <http://www.secure64.com>, Data sheet, Jun. 22, 2011, V.3.1., 2 pages.
“Servlet/Applet/HTML Authentication Process With Single Sign-On,” Research Disclosure 429128, Jan. 2000, pp. 163-164, IBM Corporation.
“The AFS File System in Distributed Computing Environment,” www.transarc.ibm.com/Library/whitepapers/AFS/afsoverview.html, last accessed on Dec. 20, 2002.
“Traffic Surges; Surge Queue; Netscaler Defense,” 2005, PowerPoint Presentation, slides 1-12, Citrix Systems, Inc.
“UDDI Overview”, Sep. 6, 2000, pp. 1-21, uddi.org, (http://www.uddi.org/).
“UDDI Technical White Paper,” Sep. 6, 2000, pp. 1-12, uddi-org, (http://www.uddi.org/).
“UDDI Version 3.0.1”, UDDI Spec Technical Committee Specification, Oct. 14, 2003, pp. 1-383, uddi.org, (http://www.uddi.org/).
“VERITAS SANPoint Foundation Suite(tm) and SANPoint Foundation Suite(tm) HA: New VERITAS Volume Management and File System Technology for Cluster Environments,” Sep. 2001, VERITAS Software Corp.
“Who is Xelerance,” <http://www.xelerance.com>, slides 1-6.
“Windows Clustering Technologies—An Overview,” Nov. 2001, Microsoft Corp., www.microsoft.com, last accessed on Dec. 30, 2002.
“Windows Server 2003 Kerberos Extensions,” Microsoft TechNet, 2003 (Updated Jul. 31, 2004), http://technet.microsoft.com/en-us/library/cc738207, Microsoft Corporation.
Abad, C., et al., “An Analysis on the Schemes for Detecting and Preventing ARP Cache Poisoning Attacks”, IEEE, Computer Society, 27th International Conference on Distributed Computing Systems Workshops (ICDCSW'07), 2007, pp. 1-8.
Aguilera, Marcos K. et al., “Improving recoverability in multi-tier storage systems,” International Conference on Dependable Systems and Networks (DSN-2007), Jun. 2007, 10 pages, Edinburgh, Scotland.
Anderson et al., “Serverless Network File System,” in the 15th Symposium on Operating Systems Principles, Dec. 1995, Association for Computing Machinery, Inc. (18 pages).
Anderson, Darrell C. et al., “Interposed Request Routing for Scalable Network Storage,” ACM Transactions on Computer Systems 20(1): (Feb. 2002), pp. 1-24.
Anonymous, “How DFS Works: Remote File Systems,” Distributed File System (DFS) Technical Reference, retrieved from the Internet on Feb. 13, 2009: URL<:http://technetmicrosoft.com/en-us/library/cc782417WS.10,printer).aspx> (Mar. 2003).
Apple, Inc., “Mac OS X Tiger Keynote Intro. Part 2,” Jun. 2004, www.youtube.com <http://www.youtube.com/watch?v=zSBJwEmRJbY>, p. 1.
Apple, Inc., “Tiger Developer Overview Series: Working with Spotlight,” Nov. 23, 2004, www.apple.com using www.archive.org <http://web.archive.org/web/20041123005335/developer.apple.com/macosx/tiger/spotlight.html>, pp. 1-6.
Arends et al., “DNS Security Introduction and Requirements”, Network Working Group, RFC 4033, Mar. 2005, pp. 1-20.
Arends et al., “Protocol Modifications for the DNS Security Extensions,” Network Working Group, RFC 4035, Mar. 1, 2005, 54 pages, The Internet Society.
Arends et al., “Resource Records for the DNS Security Extensions”, Network Working Group, RFC 4034, Mar. 2005, pp. 1-28.
Aura T., “Cryptographically Generated Addresses (CGA)”, Network Working Group, RFC 3972, Mar. 2005, pp. 1-21.
Baer, T., et al., “The Elements of Web Services” ADTmag.com, Dec. 1, 2002, pp. 1-6, (http://www.adtmag.com).
Bagnulo et al., “DNS 64: DNS extensions for Network Address Translation from IPv6 Clients to IPv4 Servers,” Internet draft, Jul. 2010, pp. 1-31, IETF Trust.
Basney et al., “Credential Wallets: A Classification of Credential Repositories Highlighting MyProxy,” Sep. 19-21, 2003, pp. 1-20, 31st Research Conference on Communication, Information and Internet Policy (TPRC 2003), Arlington, Virginia.
Bau et al., “A Security Evaluation of DNSSEC with NSEC3,” Mar. 2, 2010; updated version corrects and supersedes a paper in the NDSS' 10 proceedings, pp. 1-18.
Blue Coat, “Technology Primer: CIFS Protocol Optimization,” Blue Coat Systems Inc., 2007, pp. 1-3, (http://www.bluecoat.com).
Botzum, Keys, “Single Sign On—A Contrarian View,” Aug. 6, 2001, pp. 1-8, Open Group Website, http://www.opengroup.org/security/topics.htm.
Cabrera et al., “Swift: A Storage Architecture for Large Objects,” In Proceedings of the-Eleventh IEEE Symposium on Mass Storage Systems, Oct. 1991, pp. 123-128.
Cabrera et al., “Swift: Using Distributed Disk Striping to Provide High I/O Data Rates,” Fall 1991, pp. 405-436, vol. 4, No. 4, Computing Systems.
Cabrera et al., “Using Data Striping in a Local Area Network,” 1992, technical report No. UCSC-CRL-92-09 of the Computer & Information Sciences Department of University of California at Santa Cruz.
Callaghan et al., “NFS Version 3 Protocol Specifications” (RFC 1813), Jun. 1995, The Internet Engineering Task Force (IETN), www.ietf.org, last accessed on Dec. 30, 2002.
Carns et al., “PVFS: A Parallel File System for Linux Clusters,” in Proceedings of the Extreme Linux Track: 4th Annual Linux Showcase and Conference, Oct. 2000, pp. 317- 327, Atlanta, Georgia, USENIX Association.
Carpenter, B., “Transmission of IPv6 over IPv4 Domains without Explicit Tunnels”, Network Working Group, RFC 2529, Mar. 1999, pp. 1-10.
Cavale, M. R., “Introducing Microsoft Cluster Service (MSCS) in the Windows Server 2003”, Microsoft Corporation, Nov. 2002.
Crescendo Networks, “Application Layer Processing (ALP),” 2003-2009, pp. 168-186, Chapter 9, CN-5000E/5500E, Foxit Software Company.
Dan Kaminsky, (slideshow presentation) “Black Ops of Fundamental Defense: Introducing the Domain Key Infrastructure”, retrieved from Internet URL: http://www.slideshare.net/RecursionVentures/dki-2, (slides 1-116) (Aug. 2010).
Eastlake D., “Domain Name System Security Extensions”, Network Working Group, RFC 2535, Mar. 1999, pp. 1-44.
English Translation of Notification of Reason(s) for Refusal for JP 2002-556371 (Dispatch Date: Jan. 22, 2007).
F5 Networks Inc., “3-DNS® Reference Guide, version 4.5”, F5 Networks Inc., Sep. 2002, pp. 2-1-2-28, 3-1-3-12, 5-1-5-24, Seattle, Washington.
F5 Networks Inc., “Big-IP® Reference Guide, version 4.5”, F5 Networks Inc., Sep. 2002, pp. 11-1-11-32, Seattle, Washington.
F5 Networks Inc., “Case Information Log for ‘Issues with BoNY upgrade to 4.3’”, as early as Feb. 2008.
F5 Networks Inc., “Configuration Guide for Local Traffic Management”, F5 Networks Inc., Jan. 2006, version 9.2.2, 406 pgs.
F5 Networks Inc., “Deploying the BIG-IP LTM for Diameter Traffic Management” F5® Deployment Guide, Publication date Sep. 2010, Version 1.2, pp. 1-19.
F5 Networks Inc., “F5 Diameter RM”, Powerpoint document, Jul. 16, 2009, pp. 1-7.
F5 Networks Inc., “F5 WANJet CIFS Acceleration”, White Paper, F5 Networks Inc., Mar. 2006, pp. 1-5, Seattle, Washington.
F5 Networks Inc., “Routing Global Internet Users to the Appropriate Data Center and Applications Using F5's 3-DNS Controller”, F5 Networks Inc., Aug. 2001, pp. 1-4, Seattle, Washington, (http://www.f5.com/f5producs/3dns/relatedMaterials/UsingF5.html).
F5 Networks Inc., “Using F5's 3-DNS Controller to Provide High Availability Between Two or More Data Centers”, F5 Networks Inc., Aug. 2001, pp. 1-4, Seattle, Washington, (http://www.f5.com/f5products/3dns/relatedMaterials/3DNSRouting.html).
F5 Networks, Inc., “BIG-IP ASM 11.2.0”, Release Notes, Sep. 19, 2012, Version 11.2.0, F5 Networks, Inc.
F5 Networks, Inc., “BIG-IP Controller with Exclusive OneConnect Content Switching Feature Provides a Breakthrough System for Maximizing Server and Network Performance,” Press Release, May 8, 2001, 2 pages, Las Vegas, Nevada.
F5 Networks, Inc., “BIG-IP Systems: Getting Started Guide,” Manual 0300-00, Feb. 4, 2010, pp. 1-102, version 10.1, F5 Networks, Inc.
F5 Networks, Inc., “BIG-IP® Access Policy Manager®: Application Access,” version 12.1, published May 9, 2016 (66 pages).
F5 Networks, Inc., “BIG-IP® Access Policy Manager®: Authentication and Single Sign-On,” version 12.1, published May 9, 2016 (332 pages).
F5 Networks, Inc., “BIG-IP® Access Policy Manager®: Implementations,” version 12.1, published May 9, 2016 (168 pages).
F5 Networks, Inc., “BIG-IP® Access Policy Manager®: Network Access,” version 12.1, published May 9, 2016 (108 pages).
F5 Networks, Inc., “BIG-IP® Access Policy Manager®: Portal Access,” version 12.1, published May 9, 2016 (82 pages).
F5 Networks, Inc., “BIG-IP® Access Policy Manager®: Secure Web Gateway”, version 12.1, published May 9, 2016 (180 pages).
F5 Networks, Inc., “BIG-IP® Application Security Manager™ : Getting Started Guide”, Version 11.2, May 7, 2012, F5 Networks, Inc.
F5 Networks, Inc., “BIG-IP® Application Security Manager™ : Implementations”, Version 11.2, May 7, 2012, F5 Networks, Inc.
F5 Networks, Inc., “BIG-IP® TMOS® : Implementations”, Manual, May 5, 2015, Version 11.2, F5 Networks, Inc.
F5 Networks, Inc., “Configuration Guide for BIG-IP® Application Security Manager™ ”, Manual, May 7, 2012, Version 11.2, F5 Networks, Inc.
F5 Networks, Inc., “F5 TMOS Operations Guide”, Manual, Mar. 5, 2015, F5 Networks, Inc.
F5 Networks, Inc., “Release Note: BIG-IP APM 12.1.0,” published Jun. 6, 2016 (13 pages).
Fajardo V., “Open Diameter Software Architecture,” Jun. 25, 2004, pp. 1-6, Version 1.0.7.
Fan et al., “Summary Cache: A Scalable Wide-Area Protocol”, Computer Communications Review, Association Machinery, New York, USA, Oct. 1998, vol. 28, Web Cache Sharing for Computing No. 4, pp. 254-265.
Farley, M., “Building Storage Networks,” Jan. 2000, McGraw Hill, ISBN 0072120509.
Fielding et al., “Hypertext Transfer Protocol—HTTP/1.1,” Network Working Group, RFC: 2068, Jan. 1997, pp. 1-162.
Fielding et al., “Hypertext Transfer Protocol—HTTP/1.1,” Network Working Group, RFC: 2616, Jun. 1999, pp. 1-176, The Internet Society.
Floyd et al., “Random Early Detection Gateways for Congestion Avoidance,” Aug. 1993, pp. 1-22, IEEE/ACM Transactions on Networking, California.
Forrester Research, Inc., “DNSSEC Ready for Prime Time”, Forrester Research, Inc. Cambridge, MA, 23 pages (Jul. 2010).
Gibson et al., “File Server Scaling with Network-Attached Secure Disks,” in Proceedings of the ACM International Conference on Measurement and Modeling of Computer Systems (Sigmetrics '97), Association for Computing Machinery, Inc., Jun. 15-18, 1997.
Gibson et al., “NASD Scalable Storage Systems,” Jun. 1999, USENIX99, Extreme Linux Workshop, Monterey, California.
Gupta et al., “Algorithms for Packet Classification”, Computer Systems Laboratory, Stanford University, CA, Mar./Apr. 2001, pp. 1-29.
Hagino J., et al., “An IPv6-to-IPv4 Transport Relay Translator”, Network Working Group, RFC 3142, Jun. 2001, pp. 1-11.
Harrison, C., May 19, 2008 response to Communication pursuant to Article 96(2) EPC dated Nov. 9, 2007 in corresponding European patent application No. 02718824.2.
Hartman, J., “The Zebra Striped Network File System,” 1994, Ph.D. dissertation submitted in the Graduate Division of the University of California at Berkeley.
Haskin et al., “The Tiger Shark File System,” 1996, in proceedings of IEEE, Spring COMPCON, Santa Clara, CA, www.research.ibm.com, last accessed on Dec. 30, 2002.
Heinz G., “Priorities in Stream Transmission Control Protocol (SCTP) Multistreaming”, Thesis submitted to the Faculty of the University of Delaware, Spring 2003, pp. 1-35.
Higgins, Kelly Jackson, “Internet Infrastructure Reaches Long-Awaited Security Milestone,” Tech Center: Security Services, <http//www.darkreading.com/securityservices/security/management/showArticle.jhtml?article>, Jul. 28, 2010. pp. 1-4.
Hochmuth, Phil, “F5, CacheFlow pump up content-delivery lines,” Network World Fusion, May 4, 2001, 1 page, Las Vegas, Nevada.
Howarth, Fran, “Investing in security versus facing the consequences,” White Paper by Bloor Research, Sep. 2010, pp. 1-15.
Hu, J., Final Office action dated Sep. 21, 2007 for related U.S. Appl. No. 10/336,784.
Hu, J., Office action dated Feb. 6, 2007 for related U.S. Appl. No. 10/336,784.
Hwang et al., “Designing SSI Clusters with Hierarchical Checkpointing and Single 1/0 Space,” IEEE Concurrency, Jan.-Mar. 1999, pp. 60-69.
Ilvesmaki M., et al., “On the Capabilities of Application Level Traffic Measurements to Differentiate and Classify Internet Traffic”, Presented in SPIE's International Symposium ITcom, Aug. 19-21, 2001, pp. 1-11, Denver, Colorado.
International Search Report and Written Opinion for International Patent Application No. PCT/US2011/058469 (dated May 30, 2012).
International Search Report and Written Opinion for PCT/US2011/054331, dated Mar. 13, 2012, 13 pages.
International Search Report for International Patent Application No. PCT/US2008/083117 (dated Jun. 23, 2009).
International Search Report for International Patent Application No. PCT/US2008/060449 (dated Apr. 9, 2008).
International Search Report for International Patent Application No. PCT/US2008/064677 (dated Sep. 6, 2009).
International Search Report for International Patent Application No. PCT/US02/00720, dated Mar. 19, 2003.
International Search Report for International Patent Application No. PCT/US2012/071648 (dated May 27, 2013).
International Search Report from International Application No. PCT/US03/41202, dated Sep. 15, 2005.
Internet Protocol,“DARPA Internet Program Protocol Specification”, (RFC:791), Information Sciences Institute, University of Southern California, Sep. 1981, pp. 1-49.
Karamanolis et al., “An Architecture for Scalable and Manageable File Services,” HPL-2001-173, Jul. 26, 2001. p. 1-14.
Katsurashima et al., “NAS Switch: A Novel CIFS Server Virtualization, Proceedings,” 20th IEEE/11th NASA Goddard Conference on Mass Storage Systems and Technologies, 2003 (MSST 2003), Apr. 2003.
Kawamoto, D., “Amazon Files for Web Services Patent”, CNET News.com, Jul. 28, 2005, pp. 1-2, last accessed May 4, 2006, (http://news.com).
Kimball, C.E. et al., “Automated Client-Side Integration of Distributed Application Servers,” 13Th LISA Conf., 1999, pp. 275-282 of the Proceedings.
Klayman, J., response filed by Japanese associate to office action dated Jan. 22, 2007 in corresponding Japanese patent application No. 2002-556371.
Klayman, J., Nov. 13, 2008 e-mail to Japanese associate including instructions for response to office action dated May 26, 2008 in corresponding Japanese patent application No. 2002-556371.
Klayman, J., Jul. 18, 2007 e-mail to Japanese associate including instructions for response to office action dated Jan. 22, 2007 in corresponding Japanese patent application No. 2002-556371.
Kohl et al., “The Kerberos Network Authentication Service (V5),” RFC 1510, Sep. 1993. (http://www.ietf.org/ rfc/rfc1510.txt?number=1510).
Korkuzas, V., Communication pursuant to Article 96(2) EPC dated Sep. 11, 2007 in corresponding European patent application No. 02718824.2-2201.
LaMonica M., “Infravio Spiffs Up Web Services Registry Idea”, CNET News.com, May 11, 2004, pp. 1-2, last accessed Sep. 20, 2004, (http://www.news.com).
Laurie et al., “DNS Security (DNSSEC) Hashed Authenticated Denial of Existence,” Mar. 2008, pp. 1-52, The IETF Trust.
Laurie et al., “DNS Security (DNSSEC) Hashed Authenticated Denial of Existence,” Network Working Group, RFC 5155, Feb. 2008, pp. 1-51.
Lelil, S., “Storage Technology News: AutoVirt adds tool to help data migration projects,” Feb. 25, 2011, last accessed Mar. 17, 2011, <http://searchstorage.techtarget.com/news/article/0,289142,sid5_gci1527986,00.html>.
Long et al., “Swift/RAID: A distributed RAID System”, Computing Systems, Summer 1994, vol. 7, pp. 333-359.
Mac Vittie, L., “Message-Based Load Balancing: Using F5 Solutions to Address the Challenges of Scaling Diameter, RADIUS, and Message-Oriented Protocols”, F5 Technical Brief, 2005, pp. 1-9, F5 Networks Inc., Seattle, Washington.
Macvittie, Lori, “It's DNSSEC Not DNSSUX,” DevCentral>Weblogs, <http://devcentral.f5.com/weblogs/macvittie/archive/2009/11/18/itrsquos-dnssec-not-dnssux.aspx>, posted on Nov. 18, 2009, accessed on Jul. 6, 2010, pp. 3-7.
Macvittie, Lori, “Message-Based Load Balancing,” Technical Brief, Jan. 2010, pp. 1-9, F5 Networks, Inc.
Meyer et al., “F5 and Infoblox DNS Integrated Architecture: Offering a Complete Scalable, Secure DNS Solution,” F5 Technical Brief, Feb. 2, 2010, 18 pages, URL: http://web.archive.prg/web/20100326145019/http://www.f5.com/pdf/white-papers/infoblox-wp.pdf.
Modiano E., “Scheduling Algorithms for Message Transmission Over a Satellite Broadcast System”, MIT Lincoln Laboratory Advanced Network Group, Nov. 1997, pp. 1-7.
Nichols K., et al., “Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers”, (RFC:2474) Network Working Group, Dec. 1998, pp. 1-19, last accessed Oct. 8, 2012, (http://www.ietf.org/rfc/rfc2474.txt).
Noghani et al., “A Novel Approach to Reduce Latency on the Internet: ‘Component-Based Download’,” Proceedings of the Computing, Las Vegas, NV, Jun. 2000, pp. 1-6 on the Internet: Intl Conf. on Internet.
Norton et al., “CIFS Protocol Version CIFS-Spec 0.9,” 2001, Storage Networking Industry Association (SNIA), www.snia.org, last accessed on Mar. 26, 2001.
Notice of Reasons for Rejection and Its English Translation for corresponding Japanese Patent Application No. 2014-550426 (dated Apr. 13, 2016) (3 pages).
Novotny et al., “An Online Credential Repository for the Grid: MyProxy,” 2001, pp. 1-8.
Office Action for corresponding Chinese Application No. 201280070784.4 (dated Dec. 6, 2016) (15 pages).
Office Action for corresponding Taiwan Patent Application No. 101145417 (dated May 11, 2016) (11 pages).
Ott D., et al., “A Mechanism for TCP-Friendly Transport-level Protocol Coordination”, USENIX Annual Technical Conference, 2002, University of North Carolina at Chapel Hill, pp. 1-12.
Owasp, “Testing for Cross site scripting”, OWASP Testing Guide v2, Table of Contents, Feb. 24, 2011, pp. 1-5, (www.owasp.org/index.php/Testing_for_Cross_site_scripting).
Padmanabhan V., et al., “Using Predictive Prefetching to Improve World Wide Web Latency”, SIGCOM, 1996, pp. 1-15.
Pashalidis et al., “A Taxonomy of Single Sign-On Systems,” 2003, pp. 1-16, Royal Holloway, University of London, Egham Surray, TW20, 0EX, United Kingdom.
Pashalidis et al., “Impostor: A Single Sign-On System for Use from Untrusted Devices,” Global Telecommunications Conference, 2004, GLOBECOM '04, IEEE, Issue Date: Nov. 29-Dec. 3, 2004.Royal Holloway, University of London.
Patterson et al., “A case for redundant arrays of inexpensive disks (RAID)”, Chicago, Illinois, Jun. 1-3, 1998, in Proceedings of ACM SIGMOD conference on the Management of Data, pp. 109-116, Association for Computing Machinery, Inc., www.acm.org, last accessed on Dec. 20, 2002.
Pearson, P.K., “Fast Hashing of Variable-Length Text Strings,” Comm. of the ACM, Jun. 1990, pp. 1-4, vol. 33, No. 6.
Peterson, M., “Introducing Storage Area Networks,” Feb. 1998, InfoStor, www.infostor.com, last accessed on Dec. 20, 2002.
Preslan et al., “Scalability and Failure Recovery in a Linux Cluster File System,” in Proceedings of the 4th Annual Linux Showcase & Conference, Atlanta, Georgia, Oct. 10-14, 2000, pp. 169-180 of the Proceedings, www.usenix.org, last accessed on Dec. 20, 2002.
Response filed Jul. 6, 2007 to Office action dated Feb. 6, 2007 for related patent U.S. Appl. No. 10/336,784.
Response filed Mar. 20, 2008 to Final Office action dated Sep. 21, 2007 for U.S. Appl. No. 10/336,784.
Rodriguez et al., “Parallel-access for mirror sites in the Internet,” InfoCom 2000. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE Tel Aviv, Israel Mar. 26-30, 2000, Piscataway, NJ, USA, IEEE, US, Mar. 26, 2000 (Mar. 26, 2000), pp. 864-873, XP010376176 ISBN: 0-7803-5880-5 p. 867, col. 2, last paragraph-p. 868, col. 1, paragraph 1.
Rosen E., et al., “MPLS Label Stack Encoding”, (RFC:3032) Network Working Group, Jan. 2001, pp. 1-22, last accessed Oct. 8, 2012, (http://www.ietf.org/rfc/rfc3032.txt).
RSYNC, “Welcome to the RSYNC Web Pages,” Retrieved from the Internet URL: http://samba.anu.edu.ut.rsync/. (Retrieved on Dec. 18, 2009).
Savage, et al., “AFRAID—A Frequently Redundant Array of Independent Disks,” Jan. 22-26, 1996, pp. 1-13, USENIX Technical Conference, San Diego, California.
Schaefer, Ken, “IIS and Kerberos Part 5—Protocol Transition, Constrained Delegation, S4U2S and S4U2P,” Jul. 18, 2007, 21 pages, http://www.adopenstatic.com/cs/blogs/ken/archive/2007/07/19/8460.aspx.
Schilit B., “Bootstrapping Location-Enhanced Web Services”, University of Washington, Dec. 4, 2003, (http://www.cs.washington.edu/news/colloq.info.html).
Seeley R., “Can Infravio Technology Revive UDDI?”, ADTmag.com, Oct. 22, 2003, last accessed Sep. 30, 2004, (http://www.adtmag.com).
Shohoud, Y., “Building XML Web Services with VB .NET and VB 6”, Addison Wesley, 2002, pp. 1-14.
Silva, Peter, “DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks,” F5 Technical Brief, 2009, pp. 1-10.
Sleeper B., “The Evolution of UDDI” UDDI.org White Paper, The Stencil Group, Inc., Jul. 19, 2002, pp. 1-15, San Francisco, California.
Sleeper B., “Why UDDI Will Succeed, Quietly: Two Factors Push Web Services Forward”, The Stencil Group, Inc., Apr. 2001, pp. 1-7, San Francisco, California.
Soltis et al., “The Design and Performance of a Shared Disk File System for IRIX,” Mar. 23-26, 1998, pp. 1-17, Sixth NASA Goddard Space Flight Center Conference on Mass Storage and Technologies in cooperation with the Fifteenth IEEE Symposium on Mass Storage Systems, University of Minnesota.
Soltis et al., “The Global File System,” Sep. 17-19, 1996, in Proceedings of the Fifth NASA Goddard Space Flight Center Conference on Mass Storage Systems and Technologies, College Park, Maryland.
Sommers F., “Whats New in UDDI 3.0—Part 1”, Web Services Papers, Jan. 27, 2003, pp. 1-4, last accessed Mar. 31, 2004, http://www.webservices.org/index.php/article/articleprint/871/-1/24/).
Sommers F., “Whats New in UDDI 3.0—Part 2”, Web Services Papers, Mar. 2, 2003, pp. 1-8, last accessed Nov. 1, 2007, (http://www.web.archive.org/web/20040620131006/).
Sommers F., “Whats New in UDDI 3.0—Part 3”, Web Services Papers, Sep. 2, 2003, pp. 1-4, last accessed Mar. 31, 2007, (http://www.webservices.org/index.php/article/articleprint/894/-1/24/).
Sorenson, K.M., “Installation and Administration: Kimberlite Cluster Version 1.1.0, Rev. Dec. 2000,” Mission Critical Linux, http://oss.missioncriticallinux.corn/kimberlite/kimberlite.pdf.
Stakutis, C., “Benefits of SAN-based file system sharing,” Jul. 2000, pp. 1-4, InfoStor, www.infostor.com, last accessed on Dec. 30, 2002.
Tatipamula et al., “IPv6 Integration and Coexistence Strategies for Next-Generation Networks”, IEEE Communications Magazine, Jan. 2004, pp. 88-96.
Thekkath et al., “Frangipani: A Scalable Distributed File System,” in Proceedings of the 16th ACM Symposium on Operating Systems Principles, Oct. 1997, pp. 1-14, Association for Computing Machinery, Inc.
Thomson et al., “DNS Extensions to Support IP Version 6,” The Internet Society, Network Working Group, RFC 3596, Oct. 2003, pp. 1-8.
Tulloch, Mitch, “Microsoft Encyclopedia of Security,” 2003, pp. 218, 300-301, Microsoft Press, Redmond, Washington.
Uesugi, H., Nov. 26, 2008 amendment filed by Japanese associate in response to office action dated May 26, 2008 in corresponding Japanese patent application No. 2002-556371.
Uesugi, H., English translation of office action dated May 26, 2008 in corresponding Japanese patent application No. 2002-556371.
Uesugi, H., Jul. 15, 2008 letter from Japanese associate reporting office action dated May 26, 2008 in corresponding Japanese patent application No. 2002-556371.
Wallace, “Delegating Identity Using X.509 Certificates”, IETF Trust, Jul. 29, 2015, 8 pgs.
Wang B., “Priority and Realtime Data Transfer Over the Best-Effort Internet”, Dissertation Abstract, 2005, ScholarWorks@UMASS.
Weiler et al., “Minimally Covering NSEC Records and DNSSEC On-line Signing,” Network Working Group, RFC 4470, Apr. 2006, 8 pages, The Internet Society.
Wikipedia, “Diameter (protocol)”, pp. 1-11, last accessed Oct. 27, 2010, (http://en.wikipedia.org/wiki/Diameter_(protocol)).
Wikipedia, “Domain Name System Security Extensions,” <http://en.wikipedia.org/wiki/DNSSEC>, accessed Jun. 3, 2010, pp. 1-20.
Wikipedia, “IPv6”, <http://en.wikipedia.org/wiki/IPv6>, accessed Jun. 3, 2010, 20 pages.
Wikipedia, “List of DNS record types,” <http://en.wikipedia.org/wiki/List_of_DNS_record_types>, Jun. 2010, pp. 1-6.
Wilkes, J., et al., “The HP AutoRAID Hierarchical Storage System,” Feb. 1996, vol. 14, No. 1, ACM Transactions on Computer Systems.
Williams et al., “Forwarding Authentication,” The Ultimate Windows Server 2003 System Administrator's Guide, 2003, 2 pages, Figure 10.7, Addison-Wesley Professional, Boston, Massachusetts.
Woo T.Y.C., “A Modular Approach to Packet Classification: Algorithms and Results”, Bell Laboratories, Lucent Technologies, Mar. 2000, pp. 1-10.
Xelerance, “DNSX; DNSX Secure Signer; DNSSEC Management Solution,” <http://www.xelerance.com/dnssec>.pp. 1-9, Aug. 2009.
Zayas, E., “AFS-3 Programmer's Reference: Architectural Overview,” Transarc Corp., version 1.0 of Sep. 2, 1991, doc. No. FS-00-D160.

Provisional Applications (1)

	Number	Date	Country
	62281166	Jan 2016	US

Methods for secured SCEP enrollment for client devices and devices thereof

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

Agents

CPC

Field of Search

CPC

International Classifications

Term Extension