The present invention is related to U.S. patent application Ser. No. 12/344,994, filed Dec. 29, 2008, entitled “Method of Targeted Discovery of Devices in a Network”, by Jiang Zhang and Petr Peterka; U.S. patent application Ser. No. 12/344,997, filed Dec. 29, 2008, entitled “Secure and Efficient Domain Key Distribution for Device Registration”, by Jiang Zhang and Sasha Medvinsky; and U.S. patent application Ser. No. 12/345,002 (now U.S. Pat, No. 8,185,049), filed Dec. 29, 2008 , entitled “Multi-Mode Device Registration”, by Jiang Zhang and Petr Peterka, all of which are incorporated by reference in their entireties.
The WIRELESS HOME DIGITAL INTERFACE (WHDI) is a wireless standard proposed for a wireless multimedia device network, which may be used at home, in the office or in other short-range wireless network environments. WHDI allows for high bandwidth wireless channels for sending content between devices, which may support uncompressed High Definition (HD) content. For example, a DVD player may be connected to multiple HDTVs wirelessly and send uncompressed content to the HDTVs using WHDI. WHDI eliminates the need for cabling, such as High Definition Multimedia Interface (HDMI) cables, component cables, etc., used to transmit uncompressed content between devices. Conventional wireless technologies such as 802.11, BLUETOOTH, etc., do not have the bandwidth or interface to transmit uncompressed multimedia content between devices.
WHDI can be used in various environments. For example, a user located in a single family home or in an apartment may connect a DVD player, an MP3 player, a laptop PC, a gaming console, and flat panel TVs all together, wirelessly, using WHDI. In another environment, a user wirelessly connects a multimedia projector in a conference room to a desktop PC in his office, and to a set of notebook computers of numerous meeting participants using WHDI. In these examples and other examples, security is a concern because of the wireless communication between the WHDI devices. Due to the nature of wireless networks, typically they are easy to identify by unauthorized users. Also, an unauthorized user may attempt to identify and connect to the particular devices connected in a home WHDI network. The homeowner may desire to keep the identity of their devices private, and their devices away from the unauthorized users. For example, a homeowner may not want a neighbor to know they have 5 HDTVs, or they may not want any non-family members to know they have a server connected to their home network, because the server may contain confidential information, such as personal videos, etc. While WHDI provides the protocol and interfaces for high-bandwidth wireless networks, WHDI may lack the security procedures to maintain user privacy.
Features of the present invention will become apparent to those skilled in the art from the following description with reference to the figures, in which:
For simplicity and illustrative purposes, the present invention is described by referring mainly to exemplary embodiments thereof. In the following description, numerous specific details are set forth to provide a thorough understanding of the present invention. However, it will be apparent to one of ordinary skill in the art that the present invention may be practiced without limitation to these specific details. In other instances, well known methods and structures have not been described in detail to avoid unnecessarily obscuring the present invention.
Embodiments of the present invention provide a secure and user-friendly method and system for generating Personal Identification Numbers (PINs) among the different devices in a wireless network, in particular, a WHDI network in which the WHDI environment provides a set of security functions.
WHDI is a proposed standard for high bandwidth wireless digital data connectivity between multiple points. WHDI wirelessly transmits multimedia data, such as high definition video and the associated audio data, from source devices to sink devices in the WHDI network reliably. Devices in a WHDI network are referred to as WHDI devices, and a WHDI network include WHDI devices communicating wirelessly amongst each other using the WHDI standard. WHDI devices are characterized as two types. One type is a source device and the other type is a sink device. A WHDI device may be a source device, a sink device, or both depending on its functionality. A source device transmits data streams across a WHDI network to a sink device, and a sink device receives data streams across the WHDI network from the source device. Examples of source devices are set-top box, notebook Personal Computer (PC), desktop PC, DVD player, MP3 player, video camcorder, audio/video receiver, gaming console, etc. Examples of sink device are TVs, PCs, projectors, etc.
Many device networking technologies including WHDI face the issue of how to securely allow a new device to become part of any existing network. One way of doing this is using a Personal Identification Number (PIN) during a device registration process. The device registration is a process to let a new device join another device or a network of devices in a domain. A domain is a group of devices that are approved to share content with each other. Device registration or domain registration includes the process of approving or denying a device to join other devices, or a domain. Device registration can provide a user with control over which devices are allowed to connect to the other devices in the user's domain. So if a family has a domain, then all the devices owned by the family may be members of the domain, but a friend's device may not be allowed to join the domain.
Prior to a new device being allowed to connect to an existing device or join a domain, the new device must be authorized or pre-approved to ensure that the new device is a device that a user wants to connect to the existing device or be in the domain. For example, a family member purchases a new TV, and the family member wants the TV to become part of the family domain, so the TV can play content received from other devices in the family domain, such as a set-top box or a DVD player. However, if a neighbor purchases a TV, the family member likely does not want the neighbor's TV in the family's domain. Furthermore, through a wireless network, the neighbor's TV may inadvertently attempt to become part of the family domain. In order to limit this possibility, a PIN generation method, according to an embodiment, is described herein to determine whether a new device is authorized to join a domain. The PIN may also be used to generate a device registration key, which is used to securely distribute the domain key that is used by the new device to join the domain.
The source devices 140, 150, and 160, respectively, may be any source of content, such as a video content, audio content, or other data content from the Internet. Each of the source devices 140, 150, and 160 may have independent and possibly different content. In addition, each of the source devices 140, 150, and 160 may have a different connectivity with each of the sink devices 110, 120, and 130. Any one of the source devices 140, 150, and 160 may be connected to one or more of the sink devices 110, 120, and 130 simultaneously (e.g., for multicasting) or separately (e.g., unicasting).
When the source device 140 attempts to connect to the sink device 110 wirelessly within the WHDI network 100 for the first time, the sink device 110 needs to know whether the source device 140 is a secure device for the sink device 110. And at the same time, the source device 140 also needs to know whether the sink device 110 is a secure device for the source device 140. Secure device means that the device is a WHDI standard compliant device and the device is authorized to connect to the other device. Whether a device is a WHDI standard compliant device can be verified by an existence of a valid WHDI PKI (Public Key Infrastructure) certificate, which was issued by the WHDI certificate authority to the device. Even with a valid certificate, however, a device must still be “authorized” to be a secure device. For example, if the source device 140 is a media player belonging to your neighbor, who wants to stream data of an adult content or an unsolicited advertisement to your HDTV while you are watching a DISNEY channel with kids, the source device 140 would not be considered to be a secure device for the sink device 110.
One way of verifying whether the source device 140 is a secure device for the sink device 110 is that the source device 140 provides its valid WHDI device certificate to the sink device 110 and the sink device 110 generates a PIN for the source device 140 using a method described in further detail below. For example, PIN generation can be accomplished by entering any input choices, such as pressing particular buttons on the source device 140, pressing buttons in a particular sequence on the source device 140, etc., following one or more instructions from the sink device 110. This way, a user who wants to connect a new source device to an existing WHDI device has a simplified method of a PIN generation and entry for the existing WHDI device, for example, by using the interface on the WHDI device. It is more secure and user-friendly to let the devices generate a PIN at runtime than using a specific PIN already pre-assigned for a particular source device, because it reduces the possibility of the PIN being stolen or the PIN being forgotten by the user. With respect to the certificate validation, a WHDI device is initially loaded with a certificate in the factory as well as the device's identification. Thus, the WHDI device certificates of both devices have to be validated first. After validating the other device's certificate, any device can use that other device's public key (included in the certificate) to encrypt and protect the data transmitted between these two devices.
In
The WHDI network 100 also provides the ability to stream the persistently-stored content from the initial source device to another sink device, or from the initial source device to another source device that has been authenticated as part of the WHDI network. In one embodiment, this allows a media server as a source device, e.g., a dual-tuner set-top box (“STB”) with hard drive, to deliver recorded content to any sink device such as TV, in the house by streaming to a targeted sink device such as HDTV. Of course, it is noted that while a home network is described, extensions to a business, education, public entertainment or other such local wireless network are analogous.
It will be apparent that the WHDI network 100 may include additional elements not shown and that some of the elements described herein may be removed, substituted and/or modified without departing from the scope of the WHDI network system 100. It should also be apparent that one or more of the elements described in the embodiment of
An embodiment of a method in which the WHDI network 100 may be employed for generating a PIN among different WHDI devices will now be described with respect to the following flow diagram of the method 200 depicted in
Some or all of the operations set forth in the method 200 may be contained as one or more computer programs stored in any desired computer readable medium and executed by a processor on a computer system. Exemplary computer readable media that may be used to store software operable to implement the present invention include but are not limited to conventional computer system Random Access Memory (RAM), Read Only Memory (ROM), Electrically Programmable Read Only Memory (EPROM), Electrically Erasable Programmable Read Only Memory (EEPROM), hard disks, or other data storage devices.
Also,
At step 201, the first device sends a request to the second device. The request is a message that invokes the PIN generation method 200. Although the step 201 can be an option, the first device's certificate is sent to the second device when the first device sends a request to the second device and the second device uses the public key in the certificate to encrypt the random values for the button list in the following steps. So the encryption key may be included in the request. If the second device is already registered to the first device, the second device may reply to the first device with a message authenticated by the previously shared registration key so that the first device can recognize the second device as an option, or the second device may allow the registration process to continue and overwrite the old registration data if the new registration succeeds. If the second device is not registered to the first device, it means that the first device may not have generated a PIN for the second device previously and the second device does not have a registration key for connecting to the first device and further to the WHDI network, which the first device belongs to. When the second device is not registered to the first device, it shall proceed to the next step. In one embodiment, once the second device receives the request for the registration and replies, the second device may enable its buttons for the directed user entry mode for a predetermined period until the button(s) is pressed, otherwise it times out. During the user entry mode, the buttons shall be considered being used for that purpose only. For each WHDI source device, it is possible that the manufacturer may specify a list of buttons and button names that can be used for user entry and subsequent PIN generation.
At step 211, the second device receives the request. The received request, for example, places the second device in a user entry mode, where buttons or other manual inputs on the second device are used for PIN generation.
At step 212, the second device determines input choices, and at step 213, the second device determines values for each input choice. An input choice is information that can be input into the second device. The input choice typically is information that can be manually entered into the second device. In one example, the input choices are associated with buttons on the second device. Examples of input choices of the second device are a set of keypad or button list for function keys, such as “PLAY”, “STOP”, “PAUSE”, and “ENTER” depends on the type of the second device. For example, a DVD player as a second device may have buttons for “PLAY”, “STOP”, and “PAUSE” that are input choices. In another example, a notebook PC may use keys on its keyboard as input choices. Another example of an input choice may be a number of clicks of a button. Such as 3 clicks on PLAY and 2 clicks on PAUSE.
A value is determined for each input choice. Each value may be a random number. Each value may be generated by the second device, for example, using a random number generator, or pre-stored in the second device, such as during the manufacture process.
In one example, the input choices and values are comprised of a button list. The button list includes a button name and value for each button of a set of buttons on the second device. One example of a button list is {(PLAY, 10), (PAUSE,13), (STOP, 24)}.
At step 214, the second device transmits the input choices and corresponding values to the first device. The transmission should be secured, for example, by encrypting the information being transmitted, so that any other party cannot see the information. For example, when a button list is transmitted to the first device over the WHDI network, if the first device has sent its WHDI device certificate to the second device, the second device may use the first device's public key, which it obtained from the certificate, to encrypt the input choices information. The second device may keep the input choices and corresponding values until the registration process is over.
At step 202, the first device receives the input choices and corresponding values from the second device. If the information is encrypted, the first device must decrypt it first. For example, the button list is received from the second device and the first device must use its private key to decrypt the information first.
At step 203, the first device selects a sequence of the input choices. The sequence may be selected randomly. For example, if the button list is {(PLAY, 10), (PAUSE,13), (STOP, 24)}, the first device selects a random sequence of the buttons, such as {(STOP, 24), (PLAY, 10), (PAUSE,13)}. The number of input choices in the sequence can also be determined by the first device randomly. Also, an input choice can be repeated multiple times or not used at all in the sequence.
At step 204, the first device generates a first concatenated value from the values in the selected sequence. There are various ways to concatenate such values. For example, the sequence is STOP, PLAY, PAUSE. The corresponding values are 24, 10, and 13, respectively. The first concatenated value could be 241013, or the values can be concatenated in binary values, or the values can be concatenated after a transformation, such as adding a number (e.g. 5) to each value, as long as both devices do the same transformation. This step may be performed anytime after the sequence is selected.
At step 205, the first device presents only the input choices, and not the corresponding values, in the selected sequence. In one embodiment, the presentation of the sequence may include an audio or visual presentation. For example, if the first device is a TV, the TV displays the sequence of STOP, PLAY, PAUSE. Thus, the presentation can be to a user.
At step 215, the input choices are entered in the second device. This may include manual entry. For example, the user views the displayed sequence of STOP, PLAY, PAUSE, and pushes STOP, PLAY, PAUSE buttons in that order on the second device.
At step 216, the second device identifies the corresponding value for each input choice. For example, the button list is stored in the second device and is retrieved to determine the corresponding value for each input choice.
At step 217, the second device generates a second concatenated value from the values in the sequence of the entered input choices. For example, the sequence is STOP, PLAY, PAUSE. The corresponding values are 24, 10, and 13, respectively. The second concatenated value is 241013. Also there are many ways to concatenate the values with or without transformation, as long as both devices use the same approach.
The concatenated values formed at the first and second devices are the PINs. In other words, each device calculates its own PIN as represented by steps 206 and 218. If both devices generate the same PIN, then one device would be allowed to become a member of the domain or connect to the other device. There are many methods to verify whether these two devices generate the same PIN. The second device may send the PIN back to the first device securely for the first device to verify directly, or the second device may send some data derived from the PIN to the first device for the first device to verify indirectly. In one embodiment, the second device may derive a device registration key from the PIN generated by its own, or from the PIN and some other secret data shared between these two devices, and then use the derived key to generate a Message Authentication Code (MAC) over an acknowledgement message sent back to the first device. After receiving the acknowledgement message with the MAC from the second device, the first device will use the PIN generated by its own, or use the PIN with some other secret data shared between the two devices, to derive a device registration key, and then use the derived key to verify the acknowledgement message's MAC. If the MAC is verified, this means the second device has generated the right PIN to derive the right key. Thus, the PINs generated by these two devices are indirectly verified to be same. If the MAC verification failed, this means the PIN generated by the second device may not be same as the PIN the first device generated. If so, the PIN verification failed and these two devices may not be able to connect with each other to share content. The user may restart the process again to make the PIN verification successful, such that the first device and second device may effectively belong to the same domain or connect to each other, and can communicate further.
In another embodiment, after step 203, the first device presents the sequence of input choices to the second device. The presented input choices are entered in the second device. The second device securely sends the entered input choices to the first device, e.g. the entered choices may be encrypted using a key shared by these two devices. If the entered input choices match the input choices presented, then the PINs are verified and the two devices may communicate further, e.g. a device registration key can be exchanged and stored by the two devices for future communication. In this embodiment, a PIN does not need to be generated by concatenating information for the input choices. Instead, the input choices selected at the first device and presented to the second device are the PIN. Also, note that the input choices selected at the first device in this embodiment or the embodiments described above can be a subset of the input choices received from step 214.
As described above, the button list includes input choice, value pairs. In another embodiment, the button list does not include values, and may only include the input choices, such as only a set of buttons on the second device. Then the first device can select and display a sequence of the input choices and use this sequence in some fashion to generate a PIN. The second device, after having the input choices entered by a user in the correct sequence, can also use a matching approach to generate the PIN.
Note that the method 200 provides security because a user of an unauthorized first device would not be able to access the second device and enter the input choices to generate the same PIN on the second device using the method 200.
In one embodiment, the components of the WHDI network 100 in
The computer system 300 includes a processor 320, providing an execution platform for executing software. Commands and data from the processor 320 are communicated over a communication bus 330. The computer system 300 also includes a main memory 340, such as a Random Access Memory (RAM), where software may reside during runtime, and a secondary memory 350. The secondary memory 350 may include, for example, a nonvolatile memory where a copy of software is stored. In one example, the secondary memory 350 also includes ROM (read only memory), EPROM (erasable, programmable ROM), EEPROM (electrically erasable, programmable ROM), and other data storage devices, include hard disks.
The computer system 300 includes I/O devices 360. The I/O devices 360 may include a display and/or user interfaces comprising one or more I/O devices, such as a keyboard, a mouse, a stylus, speaker, and the like. A communication interface 380 is provided for communicating with other components. The communication interface 380 may be a wired or a wireless interface. The communication interface 380 may be a network interface.
Although described specifically throughout the entirety of the instant disclosure, representative embodiments of the present invention have utility over a wide range of applications, and the above discussion is not intended and should not be construed to be limiting, but is offered as an illustrative discussion of aspects of the invention.
What has been described and illustrated herein are embodiments of the invention along with some of their variations. The terms, descriptions and figures used herein are set forth by way of illustration only and are not meant as limitations. Those skilled in the art will recognize that many variations are possible within the spirit and scope of the invention, wherein the invention is intended to be defined by the following claims—and their equivalents—in which all terms are mean in their broadest reasonable sense unless otherwise indicated.
Number | Name | Date | Kind |
---|---|---|---|
5903651 | Kocher | May 1999 | A |
5909183 | Borgstahl et al. | Jun 1999 | A |
6084512 | Elberty et al. | Jul 2000 | A |
6199136 | Shteyn | Mar 2001 | B1 |
6591364 | Patel | Jul 2003 | B1 |
6741852 | Mohrs | May 2004 | B1 |
6826607 | Gelvin et al. | Nov 2004 | B1 |
6983370 | Eaton et al. | Jan 2006 | B2 |
6995655 | Ertin et al. | Feb 2006 | B2 |
7020121 | Hardacker et al. | Mar 2006 | B2 |
7092670 | Tanaka et al. | Aug 2006 | B2 |
7430758 | Toutonghi | Sep 2008 | B2 |
7511762 | Elnathan et al. | Mar 2009 | B2 |
7511765 | Ono | Mar 2009 | B2 |
7613426 | Kuehnel et al. | Nov 2009 | B2 |
7912076 | Kim et al. | Mar 2011 | B2 |
8001381 | Metke et al. | Aug 2011 | B2 |
8001584 | Lortz et al. | Aug 2011 | B2 |
8014355 | Koga | Sep 2011 | B2 |
8185049 | Zhang et al. | May 2012 | B2 |
8189627 | Xia et al. | May 2012 | B2 |
8239551 | Oda et al. | Aug 2012 | B2 |
8276209 | Knibbeler et al. | Sep 2012 | B2 |
8869238 | Gopalakrishna | Oct 2014 | B2 |
20020037708 | McCann et al. | Mar 2002 | A1 |
20020061748 | Nakakita et al. | May 2002 | A1 |
20020077077 | Rezvani et al. | Jun 2002 | A1 |
20020157002 | Messerges et al. | Oct 2002 | A1 |
20030045280 | Simons | Mar 2003 | A1 |
20030095521 | Haller et al. | May 2003 | A1 |
20050014503 | Nakakita et al. | Jan 2005 | A1 |
20050210261 | Kamperman et al. | Sep 2005 | A1 |
20060105712 | Glass et al. | May 2006 | A1 |
20060116107 | Hulvey | Jun 2006 | A1 |
20060156340 | Choi | Jul 2006 | A1 |
20060177066 | Han et al. | Aug 2006 | A1 |
20060224893 | Sales et al. | Oct 2006 | A1 |
20060288209 | Vogler | Dec 2006 | A1 |
20070079362 | Lortz et al. | Apr 2007 | A1 |
20070106894 | Zhang et al. | May 2007 | A1 |
20070107020 | Tavares | May 2007 | A1 |
20070118879 | Yeun | May 2007 | A1 |
20070141986 | Kuehnel et al. | Jun 2007 | A1 |
20070150720 | Oh et al. | Jun 2007 | A1 |
20070152826 | August et al. | Jul 2007 | A1 |
20070178884 | Donovan et al. | Aug 2007 | A1 |
20070277224 | Osborn et al. | Nov 2007 | A1 |
20080066120 | Igoe | Mar 2008 | A1 |
20080079601 | Ishihara et al. | Apr 2008 | A1 |
20080123739 | Reznic et al. | May 2008 | A1 |
20080134309 | Qin et al. | Jun 2008 | A1 |
20080250147 | Knibbeler et al. | Oct 2008 | A1 |
20080301436 | Yao et al. | Dec 2008 | A1 |
20080313462 | Zhao et al. | Dec 2008 | A1 |
20090061835 | Schmidt et al. | Mar 2009 | A1 |
20090103471 | Candelore | Apr 2009 | A1 |
20090122201 | Freundlich et al. | May 2009 | A1 |
20090132941 | Pilskalns et al. | May 2009 | A1 |
20090157521 | Moren et al. | Jun 2009 | A1 |
20090177511 | Shaw et al. | Jul 2009 | A1 |
20090217043 | Metke et al. | Aug 2009 | A1 |
20090235304 | Hardacker et al. | Sep 2009 | A1 |
20090240941 | Lee et al. | Sep 2009 | A1 |
20090241040 | Mattila et al. | Sep 2009 | A1 |
20090247197 | Graff et al. | Oct 2009 | A1 |
20090307492 | Cao et al. | Dec 2009 | A1 |
20090322948 | Funabiki et al. | Dec 2009 | A1 |
20100030904 | Oda et al. | Feb 2010 | A1 |
20100071010 | Elnathan et al. | Mar 2010 | A1 |
20100135259 | Lee et al. | Jun 2010 | A1 |
20100164693 | Zhang et al. | Jul 2010 | A1 |
20100169646 | Zhang et al. | Jul 2010 | A1 |
20100325654 | Moroney et al. | Dec 2010 | A1 |
20110047583 | Howard et al. | Feb 2011 | A1 |
20110268274 | Qiu et al. | Nov 2011 | A1 |
Number | Date | Country |
---|---|---|
1221915 | Jul 1999 | CN |
101179380 | May 2008 | CN |
1710656 | Oct 2006 | EP |
1804428 | Jul 2007 | EP |
1881664 | Jan 2008 | EP |
2000078669 | Mar 2000 | JP |
2001054171 | Feb 2001 | JP |
2001523419 | Nov 2001 | JP |
2008035517 | Feb 2008 | JP |
100703018 | Oct 2006 | KR |
10-2006-00113926 | Nov 2006 | KR |
10-0778477 | Nov 2007 | KR |
9818234 | Apr 1998 | WO |
2007094347 | Aug 2007 | WO |
2008-002081 | Jan 2008 | WO |
Entry |
---|
PCT Search Report & Written Opinion, Re: Application #PCT/US2009/066174 Jun. 23, 2010. |
PCT Search Report & Written Opinion, Re: Application #PCT/US2009/066529; Jun. 28, 2010. |
PCT Search Report & Written Opinion, Re: Application #PCT/US2009/065670; Jun. 29, 2010. |
PCT Search Report & Written Opinion, Re: Application #PCT/US2009/066178; Jun. 22, 2010. |
Menezes, et al, “Handbook of Applied Cryptography”, 1996; Chapter 12, pp. 489-541. |
Soriente, et al, “BEDA: Button-Enabled Device Association”, First International Worshop on Security for Spontaneous Interaction; Sep. 2007. |
“Wireless Home Digital Interface,” accessed at http://www.whdi.org/Technology/, accessed on Mar. 25, 2010, pp. 2. |
Barker, E, and Kelsey, J, “Recommendation for Random Number Generation Using Deterministic Random Bit Generators (Revised).” NISY Special Publication 800-90. pp. 133 (2007). |
International Search Report and Written Opinion for International Application No. PCT/US2010/038963, European Patent Office, The Hague, Netherlands, mailed on Sep. 22, 2010. |
Japanese Patent Office “Decision of Rejection” for Patent Application No. 2012-516290 dated Aug. 20, 2013, 2 pages. |
European Patent Office, “Extended European Search Report” for Patent Application No. 09836637.0 dated Nov. 21, 2013, 5 pages. |
United States Patent and Trademark Office, “Non-Final Rejection” for U.S. Appl. No. 12/344,994 dated May 23, 2013, 10 pages. |
European Patent Office, “Extended European Search Report” for European Application No. 09836624.8 dated Jul. 19, 2013, 6 pages. |
European Patent Office, “Extended European Search Report” for European Application No. 09836653.7 dated Jul. 26, 2013, 7 pages. |
United States Patent and Trademark Office, “Notice of Allowance and Fee(s) Due” for U.S. Appl. No. 12/816,817 dated May 14, 2013, 10 pages. |
European Patent Office, “Extended European Search Report” for European Application No. 09836638.8 dated Jul. 22, 2013, 8 pages. |
The State Intellectual Property Office of the People's Republic of China, “Notification of the Second Office Action” for Chinese Patent Application No. 200980153092.4 dated Feb. 11, 2014, 12 pages translated. |
Number | Date | Country | |
---|---|---|---|
20100169399 A1 | Jul 2010 | US |