Patent Grant
7181014
The present application is related to U.S. patent application Ser. No. 09/608,831, “Establishing A Shared Secret Key Over A Broadcast Channel” by Srinath Gundavelli and David McNamee, which was filed on Jun. 30, 2000.
The invention relates to cryptographic communication systems, and more specifically, to a key exchange approach for providing secure communication among broadcast or multicast groups in a communications network.
The proliferation of network computing has shaped how society transacts business andengages in personal communication. As reliance on computer networks grows, the flow of information between computers continues to increase in dramatic fashion. Accompanying this increased flow of information is a proportionate concern for network security. Commercial users, who regularly conduct business involving the exchange of confidential or company proprietary information over their computer networks, demand that such information is secure against interception by an unauthorized party or susceptible to corruption. In addition, with the acceptance of such applications as electronic commerce over the global Internet, all users recognize the critical role cryptographic systems play in maintaining the integrity of network communication.
The goal of cryptography is to keep messages secure. A message can be defined as information or data that is arranged or formatted in a particular way. In general, a message, sometimes referred to as “plaintext” or “cleartext”, is encrypted or transformed using a cipher to create “ciphertext,” which disguises the message in such a way as to hide its substance. In the context of cryptography, a cipher is a mathematical function that can be computed by a data processor. Once received by the intended recipient, the ciphertext is decrypted to convert the ciphertext back into plaintext. Ideally, ciphertext sufficiently disguises a message in such a way that even if the ciphertext is obtained by an unintended recipient, the substance of the message cannot be discerned from the ciphertext.
Many different encryption/decryption approaches for protecting information exist. In general, the selection of an encryption/decryption scheme depends upon considerations such as the types of communications to be made more secure, the particular parameters of the network environment in which the security is to be implemented, and the desired level of security. Since the level of security often has a direct effect on system resources, an important consideration is the particular system on which a security scheme is to be implemented.
For example, for small applications that require a relatively low level of security, a traditional restricted algorithm approach may be appropriate. With a restricted algorithm approach, a group of participants agree to use a specific, predetermined algorithm to encrypt and decrypt messages exchanged among the participants. Because the algorithm is maintained in secret, a relatively simple algorithm may be used. However, if the secrecy of the algorithm is compromised, the algorithm must be changed to preserve secure communication among the participants.
Scalability, under this approach, is a problem. As the number of participants increases, keeping the algorithm secret and updating it when compromises occur place an undue strain on network resources. In addition, standard algorithms cannot be used since each group of participants must have their own unique algorithm.
To address the shortcomings of traditional restricted algorithm approaches, many contemporary cryptography approaches use a key-based algorithm. Generally two types of key-based algorithms exist: symmetric algorithms; and asymmetric algorithms, of which one example is a public key algorithm. In a key-based algorithm, a key forms one of the inputs to a mathematical function that a computer or processor uses to generate a ciphertext.
Public key algorithms are designed so that the key used for encryption is different than the key used for decryption. The decryption key cannot be determined from the encryption key, at least not in any reasonable amount of time with practical computing resources. Typically, the encryption key (public key) is made public so that anyone, including an eavesdropper, can use the public key to encrypt a message. Only a specific participant in possession of the decryption key (private key) can decrypt the message.
Public key algorithms, however, often are not employed as a mechanism to encrypt messages largely because such algorithms consume an inordinate amount of system resources and time to encrypt entire messages. Further, public key encryption systems are vulnerable to chosen-plaintext attacks, particularly when there are relatively few possible encrypted messages.
As a result, a public key cryptosystem is utilized to establish a secure data communication channel through key exchanges among the participants. Two or more parties, who wish to communicate over a secure channel, exchange or make available to each other public (or non-secure) key values. Each party uses the other party's public key value to privately and securely compute a private key, using an agreed-upon algorithm. The parties then use their derived private keys in a separate encryption algorithm to encrypt messages passed over the data communication channel. Conventionally, these private keys are valid only on a per communication session basis, and thus, are referred to as session keys. These session keys can be used to encrypt/decrypt a specified number of messages or for a specified period of time.
A typical scenario involves exchanging a message between two users, or participants, A and B. User A is considered a publisher of a message to a subscriber, user B. The public key algorithm used to establish a secure channel between publisher, A, and subscriber, B, is as follows:
A known public key exchange method is the Diffie-Hellman method described in U.S. Pat. No. 4,200,770. The Diffie-Hellman method relies on the difficulty associated with calculating discrete logarithms in a finite field. According to this method, two participants, A and B, each select random large numbers a and b, which are kept secret. A and B also agree (publicly) upon a base number p and a large prime number q, such that p is primitive mod q. A and B exchange the values of p and q over a non-secure channel or publish them in a database that both can access. Then A and B each privately compute public keys A and B, respectively, as follows:
A privately computes a public key A as: A=pa mod (q) (1)
B privately computes a public key B as: B=pb mod (q) (2)
A and B then exchange or publish their respective public keys A and B and determine private keys ka and kb as follows:
A computes a private key ka as: ka=Ba mod (q) (3)
B computes a private key kb as: kb=Ab mod (q) (4)
As evident from equation (3), A's private key is a function of its own private random number, a, and the public key, B. Likewise, equation (4) indicates that B's private key depends on its own private number, b, and the public key of A. As it turns out, A and B arrive at the shared secret key based upon the following:
ka=Ba mod (q) and kb=Ab mod (q)
Substituting for A and B using equations (1) and (2) above yields:
ka=(pb mod (q))a mod (q) and kb=(pa mod (q))b mod (q)
k=pba mod (q) and kb=pab mod (q)
Therefore, ka=kb.
Using the Diffie-Hellman protocol, A and B each possesses the same secure key ka, kb, which can then be used to encrypt messages to each other. An eavesdropper who intercepts an encrypted message can recover it only by knowing the private values, a or b, or by solving an extremely difficult discrete logarithm to yield a or b. Thus, the Diffie-Hellman protocol provides a relatively secure approach.
Initially, each of the participants A, B, and C randomly generates private integers, a, b, and c, respectively. Thereafter, they compute their public keys, as in block 601, as follows:
A=pa mod (q) (5)
B=pb mod (q) (6)
C=pc mod (q) (7).
Next, in block 603, user A sends message C′=Ca mod (q) to user B. In turn, B transmits the message, A′=Ab mod (q) to C, per block 605. User C sends A, as in block 607, the message B′=Bc mod (q). Lastly, the users arrive at a shared secret key, k, by computing the following:
A computes k: k=B′a mod (q)=pabc mod (q) (8)
B computes k: k=C′b mod (q)=pabc mod (q) (9)
C computes k: k=A′c mod (q)=pabc mod (q) (10)
When it is used in a network environment comprising a plurality of network nodes, the Diffie-Hellman key-exchange algorithm requires N×(N−1) rounds of point-to-point unicast messages between logically adjacent member nodes. With three nodes, as in this instance, there are 6 total messages exchanged as each member node communicates its public key to the other members of the group. As the number of multicast group members grows, this method of key-exchange requires extensive message traffic and may introduce appreciable system delay.
One approach for improving the efficiency of public key exchange is presented in co-pending application Ser. No. 09/393,410, filed on the same date as this application, by the same named inventor, and entitled “OPERATIONAL OPTIMIZATION OF A SHARED SECRET DIFFIE-HELLMAN KEY EXCHANGE AMONG BROADCAST OR MULTICAST GROUPS.” This approach operationally optimizes key exchange and permits nodes in a network to carry out public key exchange using far fewer messages than the number of messages required in the Diffie-Hellman approach. However, an approach using a different computational method still is desirable.
Based upon the foregoing, there is a clear need for improved approaches to key exchange that minimize network processing delays, especially among broadcast or multicast group members in a network.
In particular, there is an acute need for an improved approach to enhance scalability.
Other needs and objects will become apparent from the following description.
Based on the need to provide secure communication while limiting the adverse effects on system resources and the limitations in the prior approaches, an approach for providing secure communication that provides a relatively high level of security while requiring relatively fewer system resources and time to perform is highly desirable.
The foregoing needs and objects, and other needs and objects that may become apparent from the following description, are fulfilled by the present invention, which comprises, in one aspect, a method for establishing a secure communication session among a first node of a network and one or more other nodes using a group shared secret key, each of the nodes having a private key value associated therewith. The method may comprise communicating a first public key value of the first node to a second node; creating and storing an initial shared secret key for the first node and second node based on a first private key value and a second public key value that is received from the second node; creating and storing information at the first node that associates the first node with a first network communication entity by generating a collective public key value that is shared by the first node and a second node and based on the first private key value and a second private key value that is derived by the first node from the second public key value; receiving a third public key value from a third node that seeks to join the first network communication entity; creating and storing a shared secret key value based on the collective public key value and the third public key value; joining the first node to a second network communication entity that includes the first network communication entity and the third node and that uses secure communication with messages that are encrypted using the shared secret key value.
In one feature, joining the first node to a second network communication entity includes the step of communicating the first private key value to the second node and to the third node using messages encrypted using the shared secret key value. In another feature, creating and storing a shared secret key value further comprises creating and storing the shared secret key based upon how many times each node of the second network communication entity has participated in formation of any such entity and based upon each private number of each node in the second network communication entity.
According to another feature, creating and storing a subsequent shared secret key for use by the first network communication entity and the third node to enable the third node to independently compute the group shared secret key. In another feature, creating and storing the subsequent shared secret key comprises creating and storing the subsequent shared secret key, k, according to the relation
k=p(a*x)(b*y)(c*z) mod (q)
where p=a random number, q=a prime number, a=the first private key value, b=the second private key value, c=a private key value of the third node, x=a number of times the first node has participated in entity formation, y=a number of times the second node has participated in entity formation, and z=a number of times the third node has participated in entity formation.
Yet another feature involves storing and distributing the first public value and the second public value using a key distribution center. According to still another feature, joining the first node to a second network communication entity further comprises creating and storing a collective public key based upon the first private key value, the second private key value, and the third private key value; and communicating a collective public key of the second network communication entity to the third node.
In another feature, joining the first node to a second network communication entity further comprises determining which one of the nodes of the first network communication entity is designated to transfer the collective public key based upon order of entry into the formed entity. A related feature is that joining the first node to a second network communication entity further comprises determining which one of the nodes of the first network communication entity is designated to transfer the collective public key based upon a predetermined metric.
Embodiments are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings in which like reference numerals refer to similar elements and in which:
In the following description, for the purposes of explanation, specific details are set forth in order to provide a thorough understanding of the invention. However, it will be apparent that the invention may be practiced without these specific details. In some instances, well-known structures and devices are depicted in block diagram form in order to avoid unnecessarily obscuring the invention.
As will become apparent, an approach for key exchange based upon a public key algorithm, such as the Diffie-Hellman protocol, is optimized to enhance operation in terms of speed of processing as well as scaling of a multicast or broadcast group. Authentication and authorization are orthogonal to exchanging messages in a secret way with a third party. Having third party endorsed key-based signed messages helps tackle the repudiation problem.
The basic public key encryption approach is for a group of participants to publish their public keys, for example, in a database and maintain their own private keys. These participants can access the database to retrieve the public key of the participant to whom they want to send a message and use it to encrypt a message destined for that participant. Unfortunately, the database, even if secure, is vulnerable to key substitution during transmission of the keys. This problem is alleviated by using a trusted intermediary that has the responsibility of distributing the stored public keys to the multicast or broadcast group members. The trusted intermediary is a third party, trusted authentication authority. When Kerberos key exchange is used for authentication, the trusted intermediary may be implemented as a Key Distribution Center (KDC). When public key infrastructure is used, the trusted intermediary may be a Certificate Authority (CA).
The KDC or other trusted intermediary distributes the stored public keys to the multicast or broadcast group members by encrypting the public keys with its own private key, which is shared with each of the group members. The group members then decipher the encrypted message to determine each others' public keys.
Central Authority 111 may be a KDC subnetwork in an environment that uses an exchange of Kerberos credentials for communications security. However, any other suitable central authority mechanism may be substituted. For example, a certificate authority (CA) may be used as Central Authority 111 when a public key infrastructure (PKI) is used for communications security in the network.
In an exemplary embodiment, a distributed directory provides the services of the Central Authority 111. In general, directory technology creates active associations among the users, applications, and the network. A directory is a logically centralized, highly distributed data repository, which can be accessed by the applications. The distributed architecture is achieved by replicating data across multiple directory servers strategically located throughout the network. Directories can represent network elements, services, and policies to enable ease of network administration and security. In particular, a directory can supply authentication services, whereby all users, applications, and network devices can authenticate themselves through a common scheme. One type of directory within contemplation of the present invention is Active Directory from Microsoft Corporation. The directory may be an X.500 directory or an LDAP-compatible directory.
In the system of
According to an alternative embodiment, a centralized KDC approach may be utilized whereby the Central Authority 111 comprises a single KDC that serves each of the workstations 103, 105, 107, 109 of users A, B, C, D, respectively. In the centralized case, the KDC utilizes point-to-point communication with each group member or user A, B, C, D to authenticate them. Central Authority 111 uses database 113 for storing the public key values of all the participants.
As seen in the exemplary embodiment of
Participants 103, 105 use the Diffie-Hellman method to exchange their keys. Using this approach, these participants 103, 105 can securely exchange information over link 107 using a public key exchange protocol. An eavesdropper, having access to ciphertext transmitted on link 107, cannot feasibly decrypt the encrypted information.
As the number of participants in a multicast or broadcast group increases beyond two, the standard broadcast version of Diffie-Hellman begins to introduce greater delays in establishing the secured channel. As shown in
In the preferred embodiment, the user who last joins the multicast group is designated as the node that relays the group's information to the new user. The current multicast group (entity 301) has only two users A, B, because B can be considered as joining with A, B is the designated node. Alternatively, the designated node can be determined according to physical proximity or other metrics (e.g., telecommunication cost, reliability, link utilization, etc.) to the new node. Once entity 301 and user C arrive at a new shared secret key, they form a new entity 303, constituting a new multicast group that subsumes multicast group 301.
If user D wishes to join the multicast group, only one of the users among A, B, C needs to share the group's public value (“collective key”). Because user C was the last member to join, it forwards the group's public value to user D, who may then compute the shared secret key based on the collective key. This “binary” approach of coming to a shared secret key between two entities at a time, as further described with respect to
In block 401, a new node wishes to join the existing multicast group and initiates this process by communicating the new node's public value to all other nodes in the multicast group. In an exemplary embodiment, a directory provides this service by storing the public value for ready access by the members of the multicast group.
The multicast group sends the new node the collective public value of the multicast group, as shown in block 403. The computation of this public value is more fully discussed below in
In block 411, A and B each compute a shared secret key, k=pab mod (q), thereby forming entity 301. Thus, block 411 may involve forming entity 301 in a manner similar to the standard two party Diffie-Hellman method discussed herein. A and B each publishes its respective public key (A=pa mod (q) and B=pb mod (q)). User A obtains B's public key to compute B a mod (q), which equals pab mod (q); in turn, user B performs a similar computation based on A's public key. Once A and B have reached a shared secret key, they exchange their private numbers, a and b.
Numbers a and b are randomly generated integers and are embedded in messages that are sent by users A and B to each other. These messages can be signed by the sending node using a private key that differs from the sending node's private number. In one embodiment, the private key may be a permanent private key; by using separate private keys, the multicast group obtains an additional level of security.
Currently, the multicast group includes users A and B; however, user C has a message to multicast to both A and B. As a result C seeks to join the multicast group. In block 413, user C broadcasts its public value, C=pc mod (q), to the other users, A, B, within the established multicast group. Next, as in block 415, a public key value, AB, determined by users A and B, is sent to user C by either A or B.
AB=kabab mod (q)=p(ab)(ab) mod (q) (11)
As shown in Equation 11, the private number of the formed entity or multicast group AB is the product of the individual private numbers a and b, raised to a power that is function of the number of nodes within the formed entity. Thus, the private value of AB is (ab)2.
As earlier discussed, in the preferred embodiment, the last member to join the group has the responsibility of transferring the collective public key value to a “joining” node. Thus, user B transmits public key, AB, to C. At the time ofjoining the multicast group, the new member C has knowledge of only one entity. As noted previously, the entity may be a single node or multiple nodes; in this case, A and B are considered one entity. Thereafter, A and B independently compute the shared secret, as shown by block 417, as follows:
kabc=C(ab)(ab) mod (q)=p(ab)(ab)c mod (q)=P(ab**2)c mod (q) (12)
Users A, B are able to compute the shared secret key because they know each other's randomly generated private numbers a, b. Equation 12 shows that this computation, operationally, can be accomplished by tracking the number of times each of the nodes has undergone multicast membership joins. In this instance, users A, B have been involved with multicast joins twice, while user C has done so only once.
User C computes the group shared secret key according to Equation 13:
kabc=(AB)c mod (q)=p(ab)(ab)c mod (q)=p(ab**2)c mod (q) (13)
Now that a group shared secret key has been computed by all the members of the “new” multicast group, the members exchange their private values to begin communicating over a secure channel, as shown by block 419.
Another user D now wants to communicate with all the users of the multicast group. User D, thus, is required to broadcast its public value, D (=pd mod (q)) to the multicast group, as shown by block 421. The multicast group, in block 423, transfers an agreed upon collective public value, ABC, to D. According to one embodiment, C is designated as the member to convey this public value, ABC, to user D. The public value is:
ABC=kabcabc mod (q)=p(((ab)(ab)c)(abc)) mod (q)=p(ab**3)(c**2) mod q (14)
Based on Equation (14), the private value for the multicast group is (ab)3(c2). Thus, the private value is the product of the private values of the nodes raised to the number of times each node has been in group formations. This approach is computationally advantageous because the collective public key can be derived by simply having each node track the number of times it has participated in multicast group formation. With this information, in block 425 user D, as the new node, computes a new group shared secret key, kabcd:
kabcd=(ABC)d mod (q)=p(((ab)(ab)c))(abc)d mod (q)=p(ab**3)(c**2)d mod (q) (15)
Likewise, the other members of the multicast group (i.e., users A, B, and C) calculate the new group shared secret key.
The above protocol advantageously requires only 2n+2(n−1) messages, where n is the round of iteration of exchanging messages between two entities. Noting that 2 nodes are combined in the first round and 3 nodes in the second round, the number of messages may be expressed as:
2(N−1)+2(N−1−1)=4N−6 messages,
where N is the number of nodes in the multicast or broadcast group. The standard broadcast version of Diffie-Hellman requires N(N−1) or N2+N messages. Thus, with an increase in the number of nodes, the standard Diffie-Hellman approach grows exponentially, while the present approach follows a linear progression. Operationally the present approach is more efficient but provides the same level of security.
In the preferred embodiment, the processes shown in
Computer system 501 may be coupled via bus 503 to a display 513, such as a cathode ray tube (CRT), for displaying information to a computer user. An input device 515, including alphanumeric and other keys, is coupled to bus 503 for communicating information and command selections to processor 505. Another type of user input device is cursor control 517, such as a mouse, a trackball, or cursor direction keys for communicating direction information and command selections to processor 505 and for controlling cursor movement on display 513.
Embodiments are related to the use of computer system 501 to implement a public key exchange encryption approach for securely exchanging data between participants. According to one embodiment, the public key exchange encryption approach is provided by computer system 501 in response to processor 505 executing one or more sequences of one or more instructions contained in main memory 507. Such instructions may be read into main memory 507 from another computer-readable medium, such as storage device 511. Execution of the sequences of instructions contained in main memory 507 causes processor 505 to perform the process steps described herein. One or more processors in a multi-processing arrangement may also be employed to execute the sequences of instructions contained in main memory 507. In alternative embodiments, hard-wired circuitry may be used in place of or in combination with software instructions. Thus, embodiments are not limited to any specific combination of hardware circuitry and software.
The term “computer-readable medium” as used herein refers to any medium that participates in providing instructions to processor 505 for execution. Such a medium may take many forms, including but not limited to, non-volatile media, volatile media, and transmission media. Non-volatile media includes, for example, optical or magnetic disks, such as storage device 511. Volatile media includes dynamic memory, such as main memory 507. Transmission media includes coaxial cables, copper wire and fiber optics, including the wires that comprise bus 503. Transmission media can also take the form of acoustic or light waves, such as those generated during radio wave and infrared data communications.
Common forms of computer-readable media include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, or any other magnetic medium, a CD-ROM, any other optical medium, punch cards, paper tape, any other physical medium with patterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave as described hereinafter, or any other medium from which a computer can read.
Various forms of computer readable media may be involved in carrying one or more sequences of one or more instructions to processor 505 for execution. For example, the instructions may initially be carried on a magnetic disk of a remote computer. The remote computer can load the instructions relating to computation of the shared secret key into its dynamic memory and send the instructions over a telephone line using a modem. A modem local to computer system 501 can receive the data on the telephone line and use an infrared transmitter to convert the data to an infrared signal. An infrared detector coupled to bus 503 can receive the data carried in the infrared signal and place the data on bus 503. Bus 503 carries the data to main memory 507, from which processor 505 retrieves and executes the instructions. The instructions received by main memory 507 may optionally be stored on storage device 511 either before or after execution by processor 505.
Computer system 501 also includes a communication interface 519 coupled to bus 503. Communication interface 519 provides a two-way data communication coupling to a network link 521 that is connected to a local network 523. For example, communication interface 519 may be a network interface card to attach to any packet switched local area network (LAN). As another example, communication interface 519 may be an asymmetrical digital subscriber line (ADSL) card, an integrated services digital network (ISDN) card or a modem to provide a data communication connection to a corresponding type of telephone line. Wireless links may also be implemented. In any such implementation, communication interface 519 sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
Network link 521 typically provides data communication through one or more networks to other data devices. For example, network link 521 may provide a connection through local network 523 to a host computer 525 or to data equipment operated by an Internet Service Provider (ISP) 527. ISP 527 in turn provides data communication services through the Internet 529. Local network 523 and Internet 529 both use electrical, electromagnetic or optical signals that carry digital data streams. The signals through the various networks and the signals on network link 521 and through communication interface 519, which carry the digital data to and from computer system 501, are exemplary forms of carrier waves transporting the information.
Computer system 501 can send messages and receive data, including program code, through the network(s), network link 521 and communication interface 519. In the Internet example, a server 531 might transmit a requested code for an application program through Internet 529, ISP 527, local network 523 and communication interface 519. One such downloaded application provides a public key exchange encryption approach for securely exchanging data between participants as described herein.
The received code may be executed by processor 505 as it is received, and/or stored in storage device 511, or other non-volatile storage for later execution. In this manner, computer system 501 may obtain application code in the form of a carrier wave.
The techniques described herein provide several advantages over prior public key exchange encryption approaches for securely exchanging data among multiple participants. Because the number of messages required for the key exchange is reduced, network latency correspondingly decreases. Further, the multicast or broadcast group exhibits improved scalability.
In the foregoing specification, particular embodiments have been described. It will, however, be evident that various modifications and changes may be made thereto without departing from the broader spirit and scope of the invention. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense.
The present application is a continuation of and claims priority to U.S. patent application Ser. No. 09/393,411, “PROCESSING METHOD FOR KEY EXCHANGE AMONG BROADCAST OR MULTICAST GROUPS THAT PROVIDES A MORE EFFICIENT SUBSTITUTE FOR DIFFIE-HELLMAN KEY EXCHANGE” by Sunil K. Srivastava, which was filed on Sep. 10, 1999 now abandoned, and is incorporated by reference herein.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4200770 | Hellman et al. | Apr 1980 | A |
| 4531020 | Wechselberger et al. | Jul 1985 | A |
| 4578531 | Everhart et al. | Mar 1986 | A |
| 4776011 | Busby | Oct 1988 | A |
| 4881263 | Herbison et al. | Nov 1989 | A |
| 5309516 | Takaragi et al. | May 1994 | A |
| 5351295 | Perlman et al. | Sep 1994 | A |
| 5361256 | Doeringer et al. | Nov 1994 | A |
| 5491750 | Bellare et al. | Feb 1996 | A |
| 5588060 | Aziz | Dec 1996 | A |
| 5588061 | Ganesan et al. | Dec 1996 | A |
| 5600642 | Pauwels et al. | Feb 1997 | A |
| 5630184 | Roper et al. | May 1997 | A |
| 5633933 | Aziz | May 1997 | A |
| 5663896 | Aucsmith | Sep 1997 | A |
| 5666415 | Kaufman | Sep 1997 | A |
| 5668877 | Aziz | Sep 1997 | A |
| 5724425 | Chang et al. | Mar 1998 | A |
| 5748736 | Mittra | May 1998 | A |
| 5761305 | Vanstone et al. | Jun 1998 | A |
| 5805578 | Stirpe et al. | Sep 1998 | A |
| 5832229 | Tomoda et al. | Nov 1998 | A |
| 5841864 | Klayman et al. | Nov 1998 | A |
| 5850451 | Sudia | Dec 1998 | A |
| 5889865 | Vanstone et al. | Mar 1999 | A |
| 5920630 | Wertheimer et al. | Jul 1999 | A |
| 5987131 | Clapp | Nov 1999 | A |
| 6009274 | Fletcher et al. | Dec 1999 | A |
| 6026167 | Aziz | Feb 2000 | A |
| 6049878 | Caronni et al. | Apr 2000 | A |
| 6055575 | Paulsen et al. | Apr 2000 | A |
| 6088336 | Tosey | Jul 2000 | A |
| 6091820 | Aziz | Jul 2000 | A |
| 6119228 | Angelo et al. | Sep 2000 | A |
| 6151395 | Harkins | Nov 2000 | A |
| 6216231 | Stubblebine | Apr 2001 | B1 |
| 6226383 | Jablon | May 2001 | B1 |
| 6240188 | Dondeti et al. | May 2001 | B1 |
| 6240513 | Friedman et al. | May 2001 | B1 |
| 6247014 | Ladwig et al. | Jun 2001 | B1 |
| 6256733 | Thakkar et al. | Jul 2001 | B1 |
| 6263435 | Dondeti et al. | Jul 2001 | B1 |
| 6272135 | Nakatsugawa | Aug 2001 | B1 |
| 6279112 | O'Toole, Jr. et al. | Aug 2001 | B1 |
| 6295361 | Kadansky et al. | Sep 2001 | B1 |
| 6330671 | Aziz | Dec 2001 | B1 |
| 6332163 | Bowman-Amuah | Dec 2001 | B1 |
| 6363154 | Peyravian et al. | Mar 2002 | B1 |
| 6483921 | Harkins | Nov 2002 | B1 |
| 6507562 | Kadansky et al. | Jan 2003 | B1 |
| 6570847 | Hosein | May 2003 | B1 |
| 6584566 | Hardjono | Jun 2003 | B1 |
| 6606706 | Li | Aug 2003 | B1 |
| 6629243 | Kleinman et al. | Sep 2003 | B1 |
| 6633579 | Tedijanto et al. | Oct 2003 | B1 |
| 6636968 | Rosner et al. | Oct 2003 | B1 |
| 6643773 | Hardjono | Nov 2003 | B1 |
| 6684331 | Srivastava | Jan 2004 | B1 |
| 6745243 | Squire et al. | Jun 2004 | B2 |
| 6782475 | Sumner | Aug 2004 | B1 |
| 6785809 | Hardjono | Aug 2004 | B1 |
| 6901510 | Srivastava | May 2005 | B1 |
| 6917685 | Watanabe et al. | Jul 2005 | B1 |
| 6987855 | Srivastava | Jan 2006 | B1 |
| 20030044017 | Briscoe | Mar 2003 | A1 |
| Number | Date | Country |
|---|---|---|
| 0 952 718 | Oct 1999 | EP |
| 0 994 600 | Apr 2000 | EP |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 09393411 | Sep 1999 | US |
| Child | 10715721 | US |
