Patent Grant
7624276
Authentication and other security issues are currently areas of extensive research and development, both theoretical and practical. One field of endeavor is the authentication of data on a DVD or comparable technology, which may or may not include CDs and new DVD technologies, but is typically applicable across DVD technologies due to the similarities between DVD technologies. With DVDs, CDs, and other freely distributable media disks, the authentication has to be particularly strong (e.g., use a cryptographic method).
Disk-based media are typically block-based devices. So the access time of block data and the computation time of any cryptographic algorithm used should meet the specifications of a system on which the disk-based media are used. Moreover, the contents could sometimes be encrypted for secrecy. Other considerations for secure device secrecy and authenticity techniques for disk-based media include that the technique should support a read-only medium, should support mass production of disks (not requiring custom or unique data on each disk), and the additional data stored on the disk for authentication should only impose a reasonable overhead.
Some efforts to meet these requirements have been proposed, but, as is the case with many solutions in secrecy and authentication techniques, there is room for improvement. For example, one could attach a block signature based on public key cryptography (example, RSA signature), but this is relatively slow since every block of data that is read would require an RSA signature calculation. Besides, the size of an RSA signature for every block would impose a relatively high overhead. As another example, one could attach a SHA hash (or equivalent) for every block written in a custom protected area of disk, but this would require the manufacture of custom disks. As another example, one could attach a secret-key based message authentication code such as HMAC (or equivalent) for each block, but if the HMAC has to be the same for all disks, this becomes a common secret key mechanism, which may not provide a desired level of security. As another example, one could use a hierarchical signature approach that requires multiple seeks of the block device for every block access, to read the members of the hierarchy, but this may lead to increased latency.
The foregoing examples of the related art and limitations related therewith are intended to be illustrative and not exclusive. Other limitations of the related art will become apparent to those of skill in the art upon a reading of the specification and a study of the drawings.
The following embodiments and aspects thereof are described and illustrated in conjunction with systems, tools, and methods that are meant to be exemplary and illustrative, not limiting in scope. In various embodiments, one or more of the above-described problems have been reduced or eliminated, while other embodiments are directed to other improvements.
A technique for security and authentication on block-based media includes involves the use of protected keys, providing authentication and encryption primitives. A system according to the technique may include a secure device having a security kernel with protected keys. A disk drive security mechanism may support authentication of data, secrecy, and ticket validation using the security kernel and, for example, a ticket services module (e.g., a shared service that may or may not be used by other storage devices like flash). Depending upon the implementation, the security kernel, disk drive security mechanism, and ticket services module may operate in three different execution spaces, and can be commonly used by various I/O and storage devices including, by way of example but not limitation, an optical disk.
In a non-limiting embodiment, the block-based media is read-only, but the technique may be applicable on write once, read many (WORM), writable, or other block-based media. The technique may also be applicable to other storage media, other licensing mechanisms leading to alternate methods to derive the encryption key, and/or other transport media (for example, Internet packet-based download.
Embodiments of the inventions are illustrated in the figures. However, the embodiments and figures are illustrative rather than limiting; they provide examples of the invention.
In the following description, several specific details are presented to provide a thorough understanding of embodiments of the invention. One skilled in the relevant art will recognize, however, that the invention can be practiced without one or more of the specific details, or in combination with other components, etc. In other instances, well-known implementations or operations are not shown or described in detail to avoid obscuring aspects of various embodiments, of the invention.
H(i,i,Y)=F(Yi)
H(i,j,Y)=F(H(i,(i+j−1)/2,Y),H((i+j+1)/2,j,Y)),
where F(Yi) is a one-way function such as SHA-1. It follows that H(i, j, Y) is a one-way function of Yi, Yi+1, . . . Yj, and H(1, n, Y) is a one-way function of Y1 through Yn. Thus, the receiver can selectively authenticate Yk and a set of values of H.
In order to trust the root value, H(1,8,Y), of the binary tree structure 100, it should be possible to obtain, for example, a public key-based cryptographic signature (e.g., a RSA signature) against the value. The signature can be validated with appropriate certificate chain validation up to a trusted root key. However, any applicable known or convenient security mechanism could be used for the purpose of establishing trust.
In the example of
In the example of
Groups of H( ) values belonging to different levels of the binary tree structure 100 can be denoted by their level in the hierarchy. For example:
H3:=H(1,8,Y)
H2:=values from {H(1,4,Y), H(5,8,Y)}
H1:=values from {H(1,2,Y), H(3,4,Y), H(5,6,Y), . . . }
H0:=values from {H(1,1,Y), H(2,2,Y), H(3,3,Y), . . . }
Thus H0 hashes refer to hashes of data blocks Y1, Y2, etc., the leaf nodes of the binary tree structure 100. The structure of a tree may be defined by the number of levels in the hierarchy and the number of children for each node in the tree structure.
The technique described with reference to
In the example of
In the example of
Referring once again to the example of
The H3 hashes are chosen as H(1,31*8*8, Y), H(31*8*8+1,31*2*8*8, Y) etc. That is, each H3 hash covers 31*8*8 blocks of data. This translates to each H3 node having 8 children in H2. In this example, the multiplicand is an ‘8’, however any convenient number could be chosen. In a non-limiting embodiment, the number of H3 hashes is chosen to cover the maximum size of the data covered by the authentication mechanism. For example, 4182 hashes may be used in a 9.4G implementation, while 768 hashes may be used in a 1.5 G implementation. In the example of
A final H4 hash (the root of the tree hierarchy) is a signed value, and is signed by using known or convenient public key signature methods in a secure server authorized to publish the content data. The size of the content may or may not be arbitrary. In order to compute values of the hierarchy the additional content blocks or hash values may be padded as random bytes. The techniques described with reference to
Referring once again to
A header (not shown), such as a disk header, would typically be included with the 32 KB block 300. The header may be prepended, appended, or otherwise included with the block of data. In a non-limiting embodiment, the header includes the H4 hash and the relevant H3 hash (see, e.g.,
In a non-limiting embodiment, the header may include a signed data structure called a “ticket” which includes at least the final hash (e.g., H4), a content identification, and an optional key. The key may, for example, be signed by a content publishing server using a public key signature method such as, by way of example but not limitation, RSA. In a non-limiting embodiment, the ticket may include other rights management data granting rights to the content and a signature by another licensing server. The header may further include ancillary data structures to help validate the signatures, such as a chain of certificates, revocation lists, etc. Rights management licenses may be used in conjunction with other rights management licenses delivered by alternate means, to reduce or extend the rights applicable to the content.
Following the header, the hash blocks 310, 312, 314 and the 31 1 KB data blocks 304 may be interleaved. In the example of
In an embodiment, all data blocks are encrypted (e.g., using AES encryption) to ensure copy protection of the content. In an alternative embodiment, some of the data blocks may not be encrypted. In a non-limiting embodiment, data is decrypted starting from the hash block 302. Any known or convenient technique may be used to decrypt the hashes. For example, a constant known value may be chosen to decrypt the beginning of the hash block 302, and a portion of the H2 hashes may be used as a value for the data block decryption. The decryption key may be obtained as a byproduct of a ticket validation procedure (see, e.g.,
The computer 402 interfaces to external systems through the communications interface 410, which may include a modem or network interface. The communications interface 410 can be considered to be part of the computer system 400 or a part of the computer 402. The communications interface 410 can be an analog modem, ISDN modem, cable modem, token ring interface, satellite transmission interface (e.g. “direct PC”), or other interfaces for coupling a computer system to other computer systems. Although conventional computers typically include a communications interface of some type, it is possible to create a computer that does not include one, thereby making the communications interface 410 optional in the strictest sense of the word.
The processor 408 may include, by way of example but not limitation, a conventional microprocessor such as an Intel Pentium microprocessor or Motorola power PC microprocessor. While the processor 408 is a critical component of all conventional computers, any applicable known or convenient processor could be used for the purposes of implementing the techniques described herein. The memory 412 is coupled to the processor 408 by a bus 420. The memory 412, which may be referred to as “primary memory,” can include Dynamic Random Access Memory (DRAM) and can also include Static RAM (SRAM). The bus 220 couples the processor 408 to the memory 412, and also to the non-volatile storage 416, to the display controller 414, and to the I/O controller 418.
The I/O devices 404 can include a keyboard, disk drives, printers, a scanner, and other input and output devices, including a mouse or other pointing device. For illustrative purposes, at least one of the I/O devices is assumed to be a block-based media device, such as a DVD player. The display controller 414 may control, in a known or convenient manner, a display on the display device 406, which can be, for example, a cathode ray tube (CRT) or liquid crystal display (LCD).
The display controller 414 and I/O controller 418 may include device drivers. A device driver is a specific type of computer software developed to allow interaction with hardware devices. Typically this constitutes an interface for communicating with the device, through a bus or communications subsystem that the hardware is connected to, providing commands to and/or receiving data from the device, and on the other end, the requisite interfaces to the OS and software applications.
The device driver may include a hardware-dependent computer program that is also OS-specific. The computer program enables another program, typically an OS or applications software package or computer program running under the OS kernel, to interact transparently with a hardware device, and usually provides the requisite interrupt handling necessary for any necessary asynchronous time-dependent hardware interfacing needs.
The non-volatile storage 416, which may be referred to as “secondary memory,” is often a magnetic hard disk, an optical disk, or another form of storage for large amounts of data. Some of this data is often written, by a direct memory access process, into memory 412 during execution of software in the computer 402. The non-volatile storage 416 may include a block-based media device. The terms “machine-readable medium” or “computer-readable medium” include any known or convenient storage device that is accessible by the processor 408 and also encompasses a carrier wave that encodes a data signal.
The computer system 400 is one example of many possible computer systems which have different architectures. For example, personal computers based on an Intel microprocessor often have multiple buses, one of which can be an I/O bus for the peripherals and one that directly connects the processor 408 and the memory 412 (often referred to as a memory bus). The buses are connected together through bridge components that perform any necessary translation due to differing bus protocols.
Network computers are another type of computer system that can be used in conjunction with the teachings provided herein. Network computers do not usually include a hard disk or other mass storage, and the executable programs are loaded from a network connection into the memory 412 for execution by the processor 408. A Web TV system, which is known in the art, is also considered to be a computer system, but it may lack some of the features shown in
The computer system 400 may be controlled by an operating system (OS). An OS is a software program-used on most, but not all, computer systems—that manages the hardware and software resources of a computer. Typically, the OS performs basic tasks such as controlling and allocating memory, prioritizing system requests, controlling input and output devices, facilitating networking, and managing files. Examples of operating systems for personal computers include Microsoft Windows®, Linux, and Mac OS®. Delineating between the OS and application software is sometimes rather difficult. Fortunately, delineation is not necessary to understand the techniques described herein, since any reasonable delineation should suffice.
The lowest level of an OS may be its kernel. The kernel is typically the first layer of software loaded into memory when a system boots or starts up. The kernel provides access to various common core services to other system and application programs.
As used herein, algorithmic descriptions and symbolic representations of operations on data bits within a computer memory are believed to most effectively convey the techniques to others skilled in the art. An algorithm is here, and generally, conceived to be a self-consistent sequence of operations leading to a desired result. The operations are those requiring physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated. It has proven convenient at times, principally for reasons of common usage, to refer to these signals as bits, values, elements, symbols, characters, terms, numbers, or the like.
It should be borne in mind, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities. Unless specifically stated otherwise as apparent from the following discussion, it is appreciated that throughout the description, discussions utilizing terms such as “processing” or “computing” or “calculating” or “determining” or “displaying” or the like, refer to the action and processes of a computer that manipulates and transforms data represented as physical (electronic) quantities within the computer system's registers and memories into other data similarly represented as physical quantities within the computer system memories or registers or other such information storage, transmission or display devices.
An apparatus for performing techniques described herein may be specially constructed for the required purposes, or it may comprise a general purpose computer selectively activated or reconfigured by a computer program stored in the computer. Such a computer program may be stored in a computer readable storage medium, such as, by way of example but not limitation, read-only memories (ROMs), RAMs, EPROMs, EEPROMs, magnetic or optical cards, any type of disk including floppy disks, optical disks, CD-ROMs, DVDs, and magnetic-optical disks, or any known or convenient type of media suitable for storing electronic instructions.
The algorithms and displays presented herein are not inherently related to any particular computer architecture. The techniques may be implemented using any known or convenient programming language, whether high level (e.g., C/C++) or low level (e.g., assembly language), and whether interpreted (e.g., Perl), compiled (e.g., C/C++), or Just-In-Time (JIT) compiled from bytecode (e.g., Java). Any known or convenient computer, regardless of architecture, should be capable of executing machine code compiled or otherwise assembled from any language into machine code that is compatible with the computer's architecture.
In the example of
For illustrative simplicity, protected memory is represented as a single memory. However protected memory may include protected primary memory, protected secondary memory, and/or secret memory. It is assumed that known or convenient mechanisms are in place to ensure that memory is protected. The interplay between primary and secondary memory and/or volatile and non-volatile storage is known so a distinction between the various types of memory and storage is not drawn with reference to
The ticket services 512 may be thought of as “digital license validation services” and, in a non-limiting embodiment, may include known or convenient procedures associated with license validation. For example, the ticket services 512 may include procedures for validating digital licenses, PKI validation procedures, etc. In the example of
In an embodiment, the security kernel 514 may be loaded at start-up. In another embodiment, a portion of the security kernel may be loaded at start-up, and the remainder loaded later. An example of this technique is described in application Ser. No. 10/360,827 entitled “Secure and Backward-Compatible Processor and Secure Software Execution Thereon” filed on Feb. 7, 2003 by Srinivasan et al., which is incorporated by reference. Any known or convenient technique may be used to load the security kernel 514 in a secure manner.
The key store 516 is a set of locations for keys. The key store 516 may be thought of as an array of keys, though the data structure used to store the keys is not critical. Any applicable known or convenient structure may be used to store the keys. In a non-limiting embodiment, the key store 516 is initialized with static keys, but variable keys are not initialized (or are initialized to a value that is not secure). For example, some of the key store locations are pre-filled with trusted values (e.g., a trusted root key), with the remaining extra index slots left unused.
The security API 518 is capable of performing operations using the keys in the key store 516 without bringing the keys out into the clear (i.e., the keys do not leave the security kernel 514). The security API 518 may include services to create, populate and use keys (and potentially other security material) in the key store 516. In an embodiment, the security API 518 also provides access to internal secrets and non-volatile data, including secret keys and device private key. Depending upon the implementation, the security API 518 may support AES and SHA operations using hardware acceleration.
In an embodiment, some operations performed by the security API 518 include encryption and decryption. For example, in operation, an application may request of the security API 518 a key handle that the application can use for encryption, then request that the API 518 encrypt data using the key handle. Advantageously, the API 518 provides the key handle in the clear, but the key itself never leaves the security kernel 514.
In the example of
1) Decrypt the media device 508 using a secret key, and
2) Authenticate content on the media device 508 using authentication data on the media device 508. (Read fails if the authentication fails.)
In the example of
In an embodiment, the security kernel 514 uses secret common keys from the key store 518 to perform this decryption. In another embodiment, the ticket services 512 could use a device personalized ticket obtained from flash or network (not shown), validate some rights to content, and then return the key. In any case, this process returns to the block-based media driver 506 a reference to a key for use in decrypting blocks. This key reference is used by the block-based media driver 506 to make subsequent calls to the security kernel 514 to decrypt blocks associated with the key.
After decryption, the block-based media driver 506 makes calls to the security API 516 (or some other interface to a hash computation engine) to validate a hierarchical hash tree associated with the ticket. (See, e.g.,
An example of data flow in the system 500 is provided for illustrative purposes as arrows 520-536. Receiving the block header at the block-based media driver 506 is represented by a data block header arrow 520 from the block-based media device 508 to the block-based media driver 506. Sending data from the data block header, including a ticket, to the ticket services 512 is represented by an authentication data arrow 522. The ticket may include an encrypted key. Sending a request to the security API 516 to decrypt the key is represented as a key decryption request arrow 524. Returning a reference to the decrypted key, now stored in the key store 518, is represented by a reference to key arrow 526. After a successful validation of the ticket, the ticket services will send ticket validation data to the block-based media driver 506, including a reference to a key that the driver can use to decrypt blocks. The data sent from the ticket services 512 to the block-based media driver 506 is represented as a ticket validation arrow 528. A data block access arrow 530 represents reading blocks from the block-based media device 508 by the block-based media driver 506. The data access may or may not occur concurrently with the receipt of the header (520). The accessed blocks are decrypted using the ticket validation data (528) and a block decryption request arrow 532 represents the request. A hash tree validation arrow 534 represents a subsequent validation of the content of a block.
In an alternative embodiment, values of portions of a hierarchical hash tree could be hashed for future reference. This could save some hash computation time.
In the example of
In the example of
In the example of
In the example of
In the example of
In the example of
In the example of
As used herein, the term “content” is intended to broadly include any data that can be stored in memory.
As used herein, the term “embodiment” means an embodiment that serves to illustrate by way of example but not limitation.
It will be appreciated to those skilled in the art that the preceding examples and embodiments are exemplary and not limiting to the scope of the present invention. It is intended that all permutations, enhancements, equivalents, and improvements thereto that are apparent to those skilled in the art upon a reading of the specification and a study of the drawings are included within the true spirit and scope of the present invention. It is therefore intended that the following appended claims include all such modifications, permutations and equivalents as fall within the true spirit and scope of the present invention.
This application claims priority to U.S. Provisional Application No. 60/852,151, entitled SECURE DEVICE AUTHENTICATION SYSTEM AND METHOD, filed Oct. 16, 2006, which is hereby incorporated by reference in its entirety.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5095798 | Okada et al. | Mar 1992 | A |
| 5184830 | Okada et al. | Feb 1993 | A |
| 5238250 | Leung et al. | Aug 1993 | A |
| 5261069 | Wilkinson et al. | Nov 1993 | A |
| 5367698 | Webber et al. | Nov 1994 | A |
| 5400402 | Garfinkle | Mar 1995 | A |
| 5404505 | Levinson | Apr 1995 | A |
| 5426763 | Okada | Jun 1995 | A |
| 5528513 | Vaitzblit et al. | Jun 1996 | A |
| 5586264 | Belknap et al. | Dec 1996 | A |
| 5590199 | Krajewski et al. | Dec 1996 | A |
| 5610839 | Karolak et al. | Mar 1997 | A |
| 5638443 | Stefik et al. | Jun 1997 | A |
| 5715398 | Lubenow et al. | Feb 1998 | A |
| 5715403 | Stefik | Feb 1998 | A |
| 5765152 | Erickson | Jun 1998 | A |
| 5781901 | Kuzma | Jul 1998 | A |
| 5790170 | Suzuki | Aug 1998 | A |
| 5809242 | Shaw et al. | Sep 1998 | A |
| 5815662 | Ong | Sep 1998 | A |
| 5818512 | Fuller | Oct 1998 | A |
| 5829046 | Tzelnic et al. | Oct 1998 | A |
| 5867223 | Schindler et al. | Feb 1999 | A |
| 5892900 | Ginter et al. | Apr 1999 | A |
| 5903723 | Beck et al. | May 1999 | A |
| 5905860 | Olsen et al. | May 1999 | A |
| 5913039 | Nakamura et al. | Jun 1999 | A |
| 5933498 | Schneck et al. | Aug 1999 | A |
| 5983227 | Nazem et al. | Nov 1999 | A |
| 6016348 | Blatter et al. | Jan 2000 | A |
| 6032200 | Lin | Feb 2000 | A |
| 6038601 | Lambert et al. | Mar 2000 | A |
| 6044157 | Uesaka et al. | Mar 2000 | A |
| 6049821 | Theriault et al. | Apr 2000 | A |
| 6052720 | Traversat et al. | Apr 2000 | A |
| 6085193 | Malkin et al. | Jul 2000 | A |
| 6141756 | Bright et al. | Oct 2000 | A |
| 6148340 | Bittinger et al. | Nov 2000 | A |
| 6157721 | Shear et al. | Dec 2000 | A |
| 6167441 | Himmel | Dec 2000 | A |
| 6185625 | Tso et al. | Feb 2001 | B1 |
| 6205475 | Pitts | Mar 2001 | B1 |
| 6212657 | Wang et al. | Apr 2001 | B1 |
| 6219680 | Bernardo et al. | Apr 2001 | B1 |
| 6219708 | Martenson | Apr 2001 | B1 |
| 6226618 | Downs et al. | May 2001 | B1 |
| 6243719 | Ikuta et al. | Jun 2001 | B1 |
| 6256637 | Venkatesh et al. | Jul 2001 | B1 |
| 6259471 | Peters et al. | Jul 2001 | B1 |
| 6289452 | Arnold et al. | Sep 2001 | B1 |
| 6292899 | McBride | Sep 2001 | B1 |
| 6321209 | Pasquali | Nov 2001 | B1 |
| 6330566 | Durham | Dec 2001 | B1 |
| 6338050 | Conklin et al. | Jan 2002 | B1 |
| 6371854 | Ikeda et al. | Apr 2002 | B1 |
| 6377972 | Guo et al. | Apr 2002 | B1 |
| 6389460 | Stewart et al. | May 2002 | B1 |
| 6412008 | Fields et al. | Jun 2002 | B1 |
| 6412011 | Agraharam et al. | Jun 2002 | B1 |
| 6427238 | Goodman et al. | Jul 2002 | B1 |
| 6446113 | Ozzie et al. | Sep 2002 | B1 |
| 6466048 | Goodman | Oct 2002 | B1 |
| 6480883 | Tsutsumitake | Nov 2002 | B1 |
| 6500070 | Tomizawa et al. | Dec 2002 | B1 |
| 6510502 | Shimizu | Jan 2003 | B1 |
| 6526581 | Edson | Feb 2003 | B1 |
| 6544126 | Sawano et al. | Apr 2003 | B2 |
| 6557104 | Vu et al. | Apr 2003 | B2 |
| 6571279 | Herz et al. | May 2003 | B1 |
| 6574605 | Sansders et al. | Jun 2003 | B1 |
| 6594682 | Peterson et al. | Jul 2003 | B2 |
| 6606644 | Ford et al. | Aug 2003 | B1 |
| 6637029 | Maissel et al. | Oct 2003 | B1 |
| 6654388 | Lexenberg et al. | Nov 2003 | B1 |
| 6669096 | Saphar et al. | Dec 2003 | B1 |
| 6675350 | Abrams et al. | Jan 2004 | B1 |
| 6691312 | Sen et al. | Feb 2004 | B1 |
| 6697948 | Rabin et al. | Feb 2004 | B1 |
| 6704797 | Fields et al. | Mar 2004 | B1 |
| 6785712 | Hogan et al. | Aug 2004 | B1 |
| 6805629 | Weiss | Oct 2004 | B1 |
| 6811486 | Luciano, Jr. | Nov 2004 | B1 |
| 6826593 | Acharya et al. | Nov 2004 | B1 |
| 6832241 | Tracton et al. | Dec 2004 | B2 |
| 6873975 | Hatakeyama et al. | Mar 2005 | B1 |
| 6901386 | Dedrick et al. | May 2005 | B1 |
| 6920567 | Doherty et al. | Jul 2005 | B1 |
| 6928551 | Lee et al. | Aug 2005 | B1 |
| 6993557 | Yen | Jan 2006 | B1 |
| 7092953 | Haynes | Aug 2006 | B1 |
| 7099479 | Ishibashi et al. | Aug 2006 | B1 |
| 20010014882 | Stefik et al. | Aug 2001 | A1 |
| 20010026287 | Watanabe | Oct 2001 | A1 |
| 20020016818 | Kirani et al. | Feb 2002 | A1 |
| 20020032784 | Darago et al. | Mar 2002 | A1 |
| 20020057799 | Kohno | May 2002 | A1 |
| 20020059384 | Kaars | May 2002 | A1 |
| 20020071557 | Nguyen | Jun 2002 | A1 |
| 20020085720 | Okada et al. | Jul 2002 | A1 |
| 20020116615 | Nguyen et al. | Aug 2002 | A1 |
| 20020137566 | Tomizawa et al. | Sep 2002 | A1 |
| 20020138764 | Jacobs et al. | Sep 2002 | A1 |
| 20020154779 | Asano et al. | Oct 2002 | A1 |
| 20020160833 | Lloyd et al. | Oct 2002 | A1 |
| 20020161673 | Lee et al. | Oct 2002 | A1 |
| 20020162115 | Brucknet et al. | Oct 2002 | A1 |
| 20020165022 | Hiraoka | Nov 2002 | A1 |
| 20020165028 | Miyamoto et al. | Nov 2002 | A1 |
| 20020169974 | McKune | Nov 2002 | A1 |
| 20020184160 | Tadayon et al. | Dec 2002 | A1 |
| 20030009423 | Wang et al. | Jan 2003 | A1 |
| 20030023564 | Padhye et al. | Jan 2003 | A1 |
| 20030028622 | Inoue et al. | Feb 2003 | A1 |
| 20030114227 | Rubin | Jun 2003 | A1 |
| 20030120541 | Siann et al. | Jun 2003 | A1 |
| 20030144869 | Fung et al. | Jul 2003 | A1 |
| 20030157985 | Shteyn | Aug 2003 | A1 |
| 20030182142 | Valenzuela et al. | Sep 2003 | A1 |
| 20030220142 | Siegel | Nov 2003 | A1 |
| 20040015426 | Tadayon et al. | Jan 2004 | A1 |
| 20040039929 | Decime | Feb 2004 | A1 |
| 20040044901 | Serkowski | Mar 2004 | A1 |
| 20040054923 | Seago et al. | Mar 2004 | A1 |
| 20040098297 | Borthwick | May 2004 | A1 |
| 20040098580 | DeTreville | May 2004 | A1 |
| 20040098610 | Hrastar | May 2004 | A1 |
| 20040102987 | Takahashi et al. | May 2004 | A1 |
| 20050004875 | Kontio et al. | Jan 2005 | A1 |
| 20050071640 | Sprunk et al. | Mar 2005 | A1 |
| 20060031222 | Hannsmann | Feb 2006 | A1 |
| 20060090084 | Buer | Apr 2006 | A1 |
| 20060129848 | Paksoy et al. | Jun 2006 | A1 |
| 20070016832 | Weiss | Jan 2007 | A1 |
| 20070067826 | Conti | Mar 2007 | A1 |
| 20070150730 | Conti | Jun 2007 | A1 |
| Number | Date | Country |
|---|---|---|
| 0 992 922 | Apr 2000 | EP |
| 1 091 274 | Apr 2001 | EP |
| 2002024178 | Jan 2002 | JP |
| WO0229642 | Apr 2002 | WO |
| WO0230088 | Apr 2002 | WO |
| Number | Date | Country | |
|---|---|---|---|
| 20080091945 A1 | Apr 2008 | US |
| Number | Date | Country | |
|---|---|---|---|
| 60852151 | Oct 2006 | US |
