TREA

Security associations for devices

Follow

Information

  • Patent Grant
  • 7778422
  • Patent Number
    7,778,422
  • Date Filed
    Friday, February 27, 2004
    21 years ago
  • Date Issued
    Tuesday, August 17, 2010
    14 years ago
Information
Abstract
Generating symmetric keys among distributed appliances, includes generating public and private values on at least one appliance, importing a public value from another appliance via an out-of-band entity, and generating a secret value as a function of the private value corresponding to the local appliance and the public value received from the other appliance.
Description
FIELD

The present invention relates to procuring trusted associations between at least two parties.


BACKGROUND

Secret key encryption is implemented by a sending party encrypting data to be transmitted using a key, transmitting the key and the encrypted data to a receiving party either separately or together over a network connection, and the receiving party using a same key to decrypt the received data. A public key infrastructure (hereafter “PKI”) is implemented by the sending party encrypting data to be transmitted using a public key corresponding to the receiving party, transmitting the encrypted data to the receiving party over a network connection, and the receiving party using its private key to decrypt the received data. However, the trust required for sharing both secret keys for secret key encryption and public keys for PKI is being breached at an alarmingly increasing rate among distributed network appliances, particularly in constrained situations such as securing a boot among multiple appliances or nodes over a network.


SUMMARY

Secure network associations among plural devices are described herein.


Generating symmetric keys among distributed appliances, includes generating public and private key values one at least one appliance, receiving a public key value from another appliance via an out-of-band third party mechanism, and generating a secret value as a function of the private key value corresponding to the local appliance and the public key value received from the other appliance.





BRIEF DESCRIPTION OF THE DRAWINGS

The scope of the present invention will be apparent from the following detailed description, when taken in conjunction with the accompanying drawings, and such detailed description, while indicating embodiments of the invention, are given as illustrations only, since various changes and modifications will become apparent to those skilled in the art from the following detailed description, in which:



FIG. 1 shows a client/network system in accordance with example embodiments;



FIG. 2 shows an association of devices in accordance with an example embodiment;



FIG. 3 illustrates a processing flow in accordance with an example embodiment;



FIG. 4 illustrates another processing flow in accordance with an example embodiment; and



FIG. 5 illustrates a general computer network environment which can be used to implement the techniques described herein.





DETAILED DESCRIPTION

In the example network environment of FIG. 1, multiple client computing devices 105, 110, 115, and 120, which are also referred to as client devices, are coupled to each other and to at least one server device 125 via network 100. Network 100 is intended to represent any of a variety of conventional network topologies and types, which may include wired and/or wireless networks. Network 100 may further utilize any of a variety of conventional network protocols, including public and/or proprietary protocols. Network 100 may include, for example, the Internet as well as possibly at least portions of one or more local area networks (LANs).


Client device 105 may include any of a variety of conventional computing devices, including a desktop personal computer (PC), workstations, mainframe computers, Internet appliances, and gaming consoles. Further client devices associated with network 100 may include personal digital assistant (PDA) 110, laptop computer 115, and cellular telephone 120, etc., which may be in communication with network 100 by a wired and/or wireless link. Further still, one or more of client devices 105, 110, 115, and 120 may include the same types of devices, or alternatively different types of devices.


Server device 125 may provide any of a variety of data and/or functionality to computing devices 105, 110, 115, and 120. The data may be publicly available or alternatively restricted, e.g., restricted to only certain users or available only if the appropriate fee is paid, etc. Server device 125 is at least one of a network server, an application server, a web blade, or any combination thereof. Server device 125 is any device that is the source of content, and client devices 105, 110, 115, and 120 include any devices that receive such content.


At data source 130 or 135, software programs, including operating systems and applications, are prepared for and/or provided to any one of server device 125 or client devices 105, 110, 115, and 120 for loading and/or execution. For the sake of consistency, the discussion hereafter refers to “applications” which encompass anyone of, at least, operating systems, programs, and applications, as known in the art, either singularly or in combination.


Secure associations between any of client devices 105, 110, 115, 120, server device 125, and data sources 130 and 135 is described herein with reference to the example embodiment of FIG. 2.


In particular, the example embodiment of FIG. 2 shows how a trust relationship is established between device 205 and device 230, with devices 205 and 230 representing any one of client devices 105, 110, 115, 120, server device 125, and data sources 130 and 135. Such devices may alternatively be regarded as network nodes. Trust relationships, or secure associations, in accordance with the example embodiments described herein, may be implemented by establishing a shared secret without requiring a high degree of trust for the dissemination of information between devices. The trust relationship may be established for the purposes that include, but are not limited to, exchanging information, e.g., e-mail, or for remotely loading an operating system (OS) from one node to another.


According to the example embodiment of FIG. 2, a trust relationship between devices 205 and 230 is not established over network 100, over which devices 205 and 230 are communicatively coupled, but rather using a third-party out-of-band, i.e., asynchronous, entity. Such entity, which will be referred to hereafter as “out-of-band mechanism” 245 may include, but is not limited to, any one of: a serial cable, a USB cable, an infrared-connection, a personal digital assistant (PDA), a flash memory, a memory stick, a barcode, and a smartcard. Out-of-band mechanism 245 may be program-driven or require user-intervention. Serial cable, USB cable, and infrared-compatible examples of out-of-band mechanism 245 may be alternatively program-driven or user-implemented. Peripheral devices such as a PDA, a flash memory, a memory stick, a barcode, and a smartcard serving as out-of-band mechanism 245 require physical transfer from one device to another, and therefore require user-intervention in order for data to be downloaded to a destination device.


According to a first embodiment, symmetric keys are established on at least devices 205 and 230 using the Diffie-Hellman cryptographic protocol. In particular, generator 215 on device 205 and generator 235 on device 230 each produce a local public/private key pair for the respective devices. The public key values generated on devices 205 and 230 are exchanged via out-of-band mechanism 245. Thus, having imported the public key value generated on the other device via out-of-band mechanism 245, devices 205 and 230 are able to produce a shared secret as a function of the imported public key value and the local private key value by executing a Diffie-Hellman computation, which is known in the art and is therefore not described in detail here.


That is, shared secret generator 225 on device 205 produces a Diffie-Hellman shared secret as a function of the private key value produced by generator 215 and the public key value imported from device 230 via out-of-band mechanism 245. Further, shared secret generator 240 on device 230 produces a Diffie-Hellman shared secret as a function of the private key value produced by generator 235 and the public key value imported from device 205 via out-of-band mechanism 245. As is known in the art with regard to the Diffie-Hellman cryptographic technique, by exchanging public keys, the shared secret key values generated on devices 205 and 230 are the same, i.e., symmetric, but neither device is required to export either a private key value or the shared secret value over a network. Rather, only a public key value is transmitted from one device to another, and that over an out-of-band mechanism, requiring only a low level of trust.


The Diffie-Hellman secret value generated at each of the devices is used for encryption/decryption or other known authentication purposes.


The embodiment of FIG. 2 may also establish a secret value to be shared among at least devices 205 and 230 using the Rivest-Shamir-Adleman (hereafter “RSA”) cryptographic protocol. According to such example embodiment, a secret value is produced on one of devices 205 and 230, and exported to the other node via out-of-band mechanism 245 while protected by the public key value corresponding to the destination device.


Specifically, to implement the RSA protocol, devices 205 and 230 are to produce a public key value, though only one of the devices is needed to produce a private key value. The private key value is produced on the device that is to generate the secret value to be shared. The description of the example embodiment continues assuming that generator 215 on device 205 and generator 235 on device 230 each produce a local public/private key pair for the respective devices, though such example is not limiting.


Assuming that device 205 is to generate the secret value to be shared, the public key value generated by generator 235 on device 230 is imported to device 205 via out-of-band mechanism 245. Shared secret generator 225 on device 205 produces an RSA secret value as a function of the local private key value produced by generator 215 and the public key value imported from device 230 via out-of-band mechanism 245. As is known in the art with regard to the RSA cryptographic technique, the secret value is then shared with device 230 by encrypting the secret value using the imported public key value, i.e., the public key value imported to device 205 from device 230 via out-of-band mechanism 245. Out-of-band mechanism 245 is then utilized again to export the secret value to device 230, with the secret value protected by the public key value of device 230. Thus, devices 205 and 230 benefit from sharing the secret value, which is then used for encryption/decryption or other known authentication purposes.


An example implementation for the embodiments described herein includes providing a secure boot over a network wherein boot loader code resides on the firmware of a network appliance. A description of such an example is hereby described with reference to the example embodiment of FIG. 2 and the example processing flow shown in FIG. 3. This description is exemplary only, and is not intended to be limiting in any manner. Further, the processing of FIG. 3 is not intended to be limiting in terms of order of actions taken since, as will become evident from the description, any sequence in the processing may be varied.


The processing of FIG. 3 is described with regard to the example of FIG. 2 whereby device 205 represents a RADIUS client and device 230 represents a RADIUS server. Remote Authentication Dial-In User Service (RADIUS) is an authentication service that allows a service infrastructure to maintain user profiles in a centralized database residing on an authentication server, and the profiles are then accessed by remote access servers.


When RADIUS client 205 attempts to remotely load an OS, the profile of which is stored on RADIUS server 230, public/private key values are generated 305 by generator 215 on RADIUS client 205. The public key value generated on RADIUS client 205 is exported 310 to RADIUS server 230 via out-of-band mechanism 245.


Public/private key values are also generated 305 on RADIUS server 230 by generator 235, either simultaneously with the generation of the public/private key values on RADIUS client 205 or, more likely, in response to receiving the public key value from RADIUS client 205 at RADIUS server 230. The public key value generated on RADIUS server 230 is exported 310 to RADIUS client 205 via out-of-band mechanism 245.


Generator 240 on RADIUS server 230 generates 315 a shared secret value by executing a Diffie-Hellman computation, with the shared secret being computed as a function of the private key value generated by generator 235 and the public key value imported from RADIUS client 205 via out-of-band mechanism 245.


Similarly, generator 225 on RADIUS client 205 generates 315 a shared secret value by executing a Diffie-Hellman computation, with the shared secret being computed as a function of the private key value generated by generator 215 and the public key value imported from RADIUS server 230 via out-of-band mechanism 245.


The secret values generated by generator 225 and generator 240 are symmetric, in accordance with the fundamental principals of the Diffie-Hellman encryption technique.


Alternatively, the secure boot of an OS from RADIUS server 230 on RADIUS client 205 can also be implemented using an RSA encryption technique. The description of such embodiment is described with reference to the examples of FIGS. 2 and 4. Further, the example is described under the assumption that RADIUS client 205 initiates the establishment of the trust relationship between RADIUS client 205 and RADIUS server 230, although such example is not limiting. It is noted that the depiction and number of the blocks of FIGS. 3 and 4 do not imply a strict order. Rather, the ordering described is by way of example only.


Therefore, by FIG. 4, when RADIUS client 205 attempts to remotely load an OS, the profile of which is stored on RADIUS server 230, public/private key values are generated 405 by generator 215 on RADIUS client 205. The public key value generated on RADIUS client 205 is exported 410 to RADIUS server 230 via out-of-band mechanism 245.


Public/private key values are also generated 405 on RADIUS server 230 by generator 235, either simultaneously with the generation of the public/private key values on RADIUS client 205 or in response to receiving the public key value from RADIUS client 205 at RADIUS server 230.


Generator 240 on RADIUS server 230 generates 415 a shared secret value by executing an RSA computation, with the shared secret being computed as a function of the private key value generated by generator 235 and the public key value imported from RADIUS client 205 via out-of-band mechanism 245.


The secret value generated on RADIUS server 230 is encoded to be protected by the public key value imported from RADIUS client 205, and exported 420 to RADIUS client 205 via out-of-band mechanism 245.


The techniques described above may also be utilized to establish a trust relationship between any of devices 105, 110, 115, 120, server 125, and data sources 130 and 135, shown in FIG. 1, for alternative purposes including the dissemination of data, e.g. e-mail, establishing a secure link for videoconferencing, etc. That is, the techniques described above utilize an out-of-band entity to reduce the trust required of any network node desiring a trust relationship with at least one other node, regardless of the purpose for such association.


Further, with regard to the example embodiments described herein, it is noted that means and methods for the generation of public/private key values are known in the art, and therefore are not presently described in detail. Similarly, encryption protocols including, but not limited to, the Diffie-Hellman protocol and the RSA protocol, which may be utilized in correspondence with the example embodiments described herein are also known, and therefore a description of such protocols is not provided.



FIG. 5 illustrates a general computer environment 500, which can be used to implement the techniques described herein. The computer environment 500 is only one example of a computing environment and is not intended to suggest any limitation as to the scope of use or functionality of the computer and network architectures. Neither should the computer environment 500 be interpreted as having any dependency or requirement relating to any one or combination of components illustrated in the example computer environment 500.


Computer environment 500 includes a general-purpose computing device in the form of a computer 502. The components of computer 502 can include, but are not limited to, one or more processors or processing units 504, system memory 506, and system bus 508 that couples various system components including processor 504 to system memory 506.


System bus 508 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, such architectures can include an Industry Standard Architecture (ISA) bus, a Micro Channel Architecture (MCA) bus, an Enhanced ISA (EISA) bus, a Video Electronics Standards Association (VESA) local bus, a Peripheral Component Interconnects (PCI) bus also known as a Mezzanine bus, a PCI Express bus, a Universal Serial Bus (USB), a Secure Digital (SD) bus, or an IEEE 1394, i.e., FireWire, bus.


Computer 502 may include a variety of computer readable media. Such media can be any available media that is accessible by computer 502 and includes both volatile and non-volatile media, removable and non-removable media.


System memory 506 includes computer readable media in the form of volatile memory, such as random access memory (RAM) 510; and/or non-volatile memory, such as read only memory (ROM) 512 or flash RAM. Basic input/output system (BIOS) 514, containing the basic routines that help to transfer information between elements within computer 502, such as during start-up, is stored in ROM 512 or flash RAM. RAM 510 typically contains data and/or program modules that are immediately accessible to and/or presently operated on by processing unit 504.


Computer 502 may also include other removable/non-removable, volatile/non-volatile computer storage media. By way of example, FIG. 5 illustrates hard disk drive 516 for reading from and writing to a non-removable, non-volatile magnetic media (not shown), magnetic disk drive 518 for reading from and writing to removable, non-volatile magnetic disk 520 (e.g., a “floppy disk”), and optical disk drive 522 for reading from and/or writing to a removable, non-volatile optical disk 524 such as a CD-ROM, DVD-ROM, or other optical media. Hard disk drive 516, magnetic disk drive 518, and optical disk drive 522 are each connected to system bus 508 by one or more data media interfaces 525. Alternatively, hard disk drive 516, magnetic disk drive 518, and optical disk drive 522 can be connected to the system bus 508 by one or more interfaces (not shown).


The disk drives and their associated computer-readable media provide non-volatile storage of computer readable instructions, data structures, program modules, and other data for computer 502. Although the example illustrates a hard disk 516, removable magnetic disk 520, and removable optical disk 524, it is appreciated that other types of computer readable media which can store data that is accessible by a computer, such as magnetic cassettes or other magnetic storage devices, flash memory cards, CD-ROM, digital versatile disks (DVD) or other optical storage, random access memories (RAM), read only memories (ROM), electrically erasable programmable read-only memory (EEPROM), and the like, can also be utilized to implement the example computing system and environment.


Any number of program modules can be stored on hard disk 516, magnetic disk 520, optical disk 524, ROM 512, and/or RAM 510, including by way of example, operating system 526, one or more application programs 528, other program modules 530, and program data 532. Each of such operating system 526, one or more application programs 528, other program modules 530, and program data 532 (or some combination thereof) may implement all or part of the resident components that support the distributed file system.


A user can enter commands and information into computer 502 via input devices such as keyboard 534 and a pointing device 536 (e.g., a “mouse”). Other input devices 538 (not shown specifically) may include a microphone, joystick, game pad, satellite dish, serial port, scanner, and/or the like. These and other input devices are connected to processing unit 504 via input/output interfaces 540 that are coupled to system bus 508, but may be connected by other interface and bus structures, such as a parallel port, game port, or a universal serial bus (USB).


Monitor 542 or other type of display device can also be connected to the system bus 508 via an interface, such as video adapter 544. In addition to monitor 542, other output peripheral devices can include components such as speakers (not shown) and printer 546 which can be connected to computer 502 via I/O interfaces 540.


Computer 502 can operate in a networked environment using logical connections to one or more remote computers, such as remote computing device 548. By way of example, remote computing device 548 can be a PC, portable computer, a server, a router, a network computer, a peer device or other common network node, and the like. Remote computing device 548 is illustrated as a portable computer that can include many or all of the elements and features described herein relative to computer 502. Alternatively, computer 502 can operate in a non-networked environment as well.


Logical connections between computer 502 and remote computer 548 are depicted as a local area network (LAN) 550 and a general wide area network (WAN) 552. Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets, and the Internet.


When implemented in a LAN networking environment, computer 502 is connected to local network 550 via network interface or adapter 554. When implemented in a WAN networking environment, computer 502 typically includes modem 556 or other means for establishing communications over wide network 552. Modem 556, which can be internal or external to computer 502, can be connected to system bus 508 via I/O interfaces 540 or other appropriate mechanisms. It is to be appreciated that the illustrated network connections are examples and that other means of establishing at least one communication link between computers 502 and 548 can be employed.


In a networked environment, such as that illustrated with computing environment 500, program modules depicted relative to computer 502, or portions thereof, may be stored in a remote memory storage device. By way of example, remote application programs 558 reside on a memory device of remote computer 548. For purposes of illustration, applications or programs and other executable program components such as the operating system are illustrated herein as discrete blocks, although it is recognized that such programs and components reside at various times in different storage components of computing device 502, and are executed by at least one data processor of the computer.


Various modules and techniques may be described herein in the general context of computer-executable instructions, such as program modules, executed by one or more computers or other devices. Generally, program modules include routines, programs, objects, components, data structures, etc. for performing particular tasks or implement particular abstract data types. Typically, the functionality of the program modules may be combined or distributed as desired in various embodiments.


An implementation of these modules and techniques may be stored on or transmitted across some form of computer readable media. Computer readable media can be any available media that can be accessed by a computer. By way of example, and not limitation, computer readable media may comprise “computer storage media” and “communications media.”


“Computer storage media” includes volatile and non-volatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules, or other data. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer.


“Communication media” typically embodies computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as carrier wave or other transport mechanism. Communication media also includes any information delivery media. The term “modulated data signal” means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. As a non-limiting example only, communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared, and other wireless media. Combinations of any of the above are also included within the scope of computer readable media.


Reference has been made throughout this specification to “one embodiment,” “an embodiment,” or “an example embodiment” meaning that a particular described feature, structure, or characteristic is included in at least one embodiment of the present invention. Thus, usage of such phrases may refer to more than just one embodiment. Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.


One skilled in the relevant art may recognize, however, that the invention may be practiced without one or more of the specific details, or with other methods, resources, materials, etc. In other instances, well known structures, resources, or operations have not been shown or described in detail merely to avoid obscuring aspects of the invention.


While example embodiments and applications of the present invention have been illustrated and described, it is to be understood that the invention is not limited to the precise configuration and resources described above. Various modifications, changes, and variations apparent to those skilled in the art may be made in the arrangement, operation, and details of the methods and systems of the present invention disclosed herein without departing from the scope of the claimed invention.

Claims
  • 1. An out-of-band method implemented on a computing device having instructions executable by a processor for asynchronously establishing a secure association with a server node, the method comprising: generating a local public value and a local private value on a client node: in response to an attempt to remotely load an operating system by the client node, wherein a profile of the operating system is stored on the server node; orsimultaneously with a generation of the local public value and the local private value on the server node;allowing a client node to exchange information for remotely loading an operating system from one node to another node;loading the operating system on the client node;storing the public value for configuration of the secure association on an out-of band computer-readable storage medium, wherein the stored public value is not used for authentication;transporting the out-of-band computer-readable storage medium to the server node to establish a trust relationship allowing for remotely loading the operating system on the client node from the server node, wherein a low level of trust is required as the trust relationship required between the client node and the server node is established by using a third party out-of-band entity;receiving from the server node a public value generated by the server node via the out-of-band computer-readable storage medium, wherein the public value generated by the server node is generated with a private value generated by the server node in response to receiving the public value from the client node;generating a secret value using the local private value in combination with the public value received from the server node; wherein the receiving is asynchronous to the generating the secret value; andproducing the secret value as a function of a local private value; andsharing the secret value by encrypting the secret value using an imported public key value, the public key value imported via the out-of-band mechanism.
  • 2. A method according to claim 1, wherein the method is performed on both of a pair of nodes, and wherein further the secret values generated at both of the nodes are symmetric.
  • 3. A method according to claim 2, wherein the generating a secret value includes performing a Diffie-Hellman computation.
  • 4. A method according to claim 1, further comprising: retaining the secret value locally;protecting the secret value using the public value received from the other node; andtransmitting the protected secret value to the other node via the out-of-band mechanism.
  • 5. A method according to claim 4, wherein the generating a secret value includes performing a Rivest-Shamir-Adleman (RSA) computation.
  • 6. A method according to claim 1, wherein the receiving of the public value from the other node via an out-of-band mechanism includes downloading the public value from an external device.
  • 7. A method according to claim 6, wherein the external device is any one of a personal digital assistant (PDA), flash memory, memory stick, barcode, smart card, USB-compatible device, Bluetooth-compatible device, and infrared-compatible device.
  • 8. A computer-readable storage medium having one or more instructions causing one or more processors to: generate a local two-part code having a public code component and a private code component: in response to an attempt to allow a processor to remotely load an operating system by a client node from another processor, wherein a profile of the operating system is stored on the another processor; orsimultaneously with a generation of the two-part code by a server node;load the operating system on the processor;store the public component on a peripheral out-of-band device which is then transported over an out-of-band mechanism to the another processor for configuration of a secure association and not authentication, wherein a low level of trust is required for transport as a trust relationship required between the processor and the another processor is established by using a third party out-of-band entity;receive the public code component asynchronously from another processor via the peripheral device;generate a secret value using the local private code component and the public code component received from the other processor;produce the secret value as a function of a local private value; andshare the secret value by encrypting the secret value using an imported public key value, the public key value imported via the out-of-band mechanism.
  • 9. A computer-readable storage medium according to claim 8, wherein the one or more instructions are executed on the other processor, and wherein further the secret value is symmetrical to the secret value generated on the other processor.
  • 10. A computer-readable storage medium according to claim 8, wherein the one or more instructions to generate a secret value includes one or more instructions to perform a Diffie-Hellman computation.
  • 11. A computer-readable storage medium according to claim 8, further comprising one or more instructions causing one or more processors to: encode the secret value using the public code component received from the other processor; andtransmit the encoded secret value to the other processor via the peripheral device.
  • 12. A computer-readable storage medium according to claim 11, wherein the one or more instructions to generate a secret value includes one or more instructions to perform an RSA computation.
  • 13. A computer-readable storage medium according to claim 8, wherein the one or more instructions to receive the public code component from the other processor via the peripheral device includes downloading the public code component from one of a personal digital assistant (PDA), flash memory, memory stick, barcode, smart card, USB-compatible device, Bluetooth-compatible device, and infrared-compatible device.
  • 14. An apparatus, comprising: a computer-readable storage medium;a key generator on a first node to generate a local public/private key pair based on: in response to an attempt to remotely load an operating system by the first node, wherein a profile of the operating system is stored on a second node; orsimultaneously with a generation of the local public/private key pair on the second node;a computer processor executing code to write the local public/private key pair to an out-of-band computer-readable storage medium to facilitate setup of a secure association and not for authentication, wherein the secure association allows the first node to remotely load an operating system having a profile stored on a second node;a shared secret generator on the second node to receive the public key from the first node via the out-of-band computer-readable storage medium connection without requiring a high degree of trust between the first node and the second node as a trust relationship required between the first node and the second node is established by using a third party out-of-band entity; andthe shared secret generator to generate a shared secret using the local private key and the public key received from the first node, wherein the shared secret is generated in response to receiving the public key from the first node.
  • 15. An apparatus according to claim 14, wherein the shared secret is symmetrical to a shared secret generated on the other node using the local public key and a private key corresponding to the other node.
  • 16. An apparatus according to claim 14, wherein the other node is a server.
  • 17. An apparatus according to claim 14, wherein the shared secret generator is to generate a shared secret by performing a Diffie-Hellman computation.
  • 18. An apparatus according to claim 14, further comprising an encoder to encode the secret value using the public key received from the other node and to transmit the encoded secret value to the other node via the out-of-band connection.
  • 19. An apparatus according to claim 18, wherein the shared secret generator is to generate a shared secret by performing an RSA computation.
  • 20. An apparatus according to claim 14, wherein the out-of-band connection includes any one of a personal digital assistant (PDA), flash memory, memory stick, barcode, smart card, USB-compatible device, Bluetooth-compatible device, and infrared-compatible device.
  • 21. A method implemented on a computing device having instructions executable by a processor for running a protocol for establishing a trust relationship between two or more processing nodes, the method comprising: generating a public key and a private key based at least in part: on each of at least two nodes in response to an attempt of allowing a first node of at least two nodes to remotely load an operating system, wherein a profile of the operating system is stored on a second node of at least two nodes; orsimultaneously with a generation of the public key and the private key on the second node;exchanging the public keys asynchronously between the at least two nodes using an out-of-band mechanism comprising a computer-readable storage medium wherein the public keys are not used for authentication and without requiring a high degree of trust for an exchange of the public keys between the two nodes as a trust relationship required between the first node and the second node is established by using a third party out-of-band entity; andcalculating a secret to be shared on at least one of the two nodes.
  • 22. A method for running a protocol according to claim 21, wherein the calculating of the secret to be shared includes performing a function using the public key from the other of the two nodes and the private key.
  • 23. A method for running a protocol according to claim 22, wherein the calculating the secret to be shared includes performing a Diffie-Hellman calculation.
  • 24. A method for running a protocol according to claim 22, wherein the secret to be shared is symmetrical on the at least two nodes.
  • 25. A method for running a protocol according to claim 21, further comprising: encoding the secret to be shared using the public key from the other of the two nodes; andtransmitting the encoded secret to be shared to the other of the two nodes via the out-of-band mechanism.
  • 26. A method for running a protocol according to claim 25, wherein the calculating the secret to be shared includes performing an RSA calculation.
  • 27. A method for running a protocol according to claim 21, wherein the out-of-band mechanism includes any one of a personal digital assistant (PDA), flash memory, memory stick, barcode, smart card, USB-compatible device, Bluetooth-compatible device, and infrared-compatible device.
  • 28. An apparatus, comprising: means for generating a local public/private key pair based at least in part on: in response to an attempt to allow a node to remotely load an operating system through a secure association with another node, wherein a profile of the operating system is stored on the another node; orsimultaneously with a generation of the local public/private key pair on the another node;means for storing a public key on an out-of-band computer-readable storage medium;means for transporting asynchronously the public key to the another node;means for receiving at the another node the public key from the out-of-band computer-readable storage medium wherein the public key is used for configuration of the secure association and not used for authentication; andmeans for generating a shared secret using the local private key and another public key received from the another node asynchronously via the out-of-band computer-readable storage medium, wherein the another public key is generated by the another node with a private value generated by the another node in response to receiving the public key from the node.
  • 29. An apparatus according to claim 28, wherein the means for generating a shared secret performs a Diffie-Hellman computation.
  • 30. An apparatus according to claim 28, further comprising means for encoding the shared secret using the public key received from the other node.
  • 31. An apparatus according to claim 30, wherein the means for generating a shared secret performs an RSA computation.
  • 32. An apparatus according to claim 28, wherein the out-of-band computer-readable storage medium includes any one of a personal digital assistant (PDA), flash memory, memory stick, barcode, smart card, USB-compatible device, Bluetooth-compatible device, and infrared-compatible device.
US Referenced Citations (469)
Number Name Date Kind
4200770 Hellman et al. Apr 1980 A
4218582 Hellman et al. Aug 1980 A
4405829 Rivest et al. Sep 1983 A
4424414 Hellman et al. Jan 1984 A
5031089 Liu et al. Jul 1991 A
5115505 Bishop et al. May 1992 A
5220621 Saitoh Jun 1993 A
5430810 Saeki Jul 1995 A
5490276 Doli, Jr. et al. Feb 1996 A
5499357 Sonty et al. Mar 1996 A
5504921 Dev et al. Apr 1996 A
5557774 Shimabukuro et al. Sep 1996 A
5579482 Einkauf et al. Nov 1996 A
5668995 Bhat Sep 1997 A
5686940 Kuga Nov 1997 A
5724508 Harple, Jr. et al. Mar 1998 A
5748958 Van Renesse May 1998 A
5758351 Gibson et al. May 1998 A
5768271 Seid et al. Jun 1998 A
5774660 Brendel et al. Jun 1998 A
5774689 Curtis et al. Jun 1998 A
5784463 Chen et al. Jul 1998 A
5790895 Krontz et al. Aug 1998 A
5801970 Rowland et al. Sep 1998 A
5802590 Draves Sep 1998 A
5815574 Fortinsky Sep 1998 A
5818937 Watson et al. Oct 1998 A
5822531 Gorczyca et al. Oct 1998 A
5826015 Schmidt Oct 1998 A
5845124 Berman Dec 1998 A
5845277 Pfeil et al. Dec 1998 A
5867706 Martin et al. Feb 1999 A
5872928 Lewis et al. Feb 1999 A
5878220 Olkin et al. Mar 1999 A
5895499 Chu Apr 1999 A
5905728 Han et al. May 1999 A
5917730 Rittie et al. Jun 1999 A
5930798 Lawler et al. Jul 1999 A
5958009 Friedrich et al. Sep 1999 A
5960371 Saito et al. Sep 1999 A
5968126 Ekstrom et al. Oct 1999 A
6012113 Tuckner Jan 2000 A
6035405 Gage et al. Mar 2000 A
6041054 Westberg Mar 2000 A
6047323 Krause Apr 2000 A
6049528 Hendel et al. Apr 2000 A
6052469 Johnson et al. Apr 2000 A
6059842 Dumarot et al. May 2000 A
6065058 Hailpern et al. May 2000 A
6073183 Slonim Jun 2000 A
6073227 Abily et al. Jun 2000 A
6075776 Tanimoto et al. Jun 2000 A
6076108 Courts et al. Jun 2000 A
6081826 Masuoka et al. Jun 2000 A
6085238 Yuasa et al. Jul 2000 A
6086618 Al-Hilali et al. Jul 2000 A
6097818 Saito Aug 2000 A
6108702 Wood Aug 2000 A
6112243 Downs et al. Aug 2000 A
6115393 Engel et al. Sep 2000 A
6118785 Araujo et al. Sep 2000 A
6125442 Maves et al. Sep 2000 A
6125447 Gong Sep 2000 A
6134594 Helland et al. Oct 2000 A
6144959 Anderson et al. Nov 2000 A
6147995 Dobbins et al. Nov 2000 A
6151688 Wipfel et al. Nov 2000 A
6167052 McNeill et al. Dec 2000 A
6167383 Henson Dec 2000 A
6167515 Lin Dec 2000 A
6178529 Short et al. Jan 2001 B1
6182275 Beelitz et al. Jan 2001 B1
6185308 Ando et al. Feb 2001 B1
6192401 Modiri et al. Feb 2001 B1
6195091 Harple et al. Feb 2001 B1
6195355 Demizu Feb 2001 B1
6208345 Sheard et al. Mar 2001 B1
6208649 Kloth Mar 2001 B1
6209099 Saunders Mar 2001 B1
6212559 Bixler et al. Apr 2001 B1
6215877 Matsumoto Apr 2001 B1
6215878 Harkins Apr 2001 B1
6226788 Schoening et al. May 2001 B1
6230312 Hunt May 2001 B1
6233610 Hayball et al. May 2001 B1
6236365 LeBlanc et al. May 2001 B1
6236729 Takaragi et al. May 2001 B1
6236901 Goss May 2001 B1
6253230 Couland et al. Jun 2001 B1
6256773 Bowman-Amuah Jul 2001 B1
6263089 Otsuka et al. Jul 2001 B1
6266707 Boden et al. Jul 2001 B1
6269076 Shamir et al. Jul 2001 B1
6269079 Marin et al. Jul 2001 B1
6304972 Shavit Oct 2001 B1
6305015 Akriche et al. Oct 2001 B1
6311144 Abu El Ata Oct 2001 B1
6311270 Challener et al. Oct 2001 B1
6327622 Jindal et al. Dec 2001 B1
6330605 Christensen et al. Dec 2001 B1
6336138 Caswell et al. Jan 2002 B1
6336171 Coskrey, IV Jan 2002 B1
6338112 Wipfel et al. Jan 2002 B1
6351685 Dimitri et al. Feb 2002 B1
6353861 Dolin, Jr. et al. Mar 2002 B1
6353898 Wipfel et al. Mar 2002 B1
6360265 Falck et al. Mar 2002 B1
6366578 Johnson Apr 2002 B1
6367010 Venkatram et al. Apr 2002 B1
6370573 Bowman-Amuah Apr 2002 B1
6370584 Bestavros et al. Apr 2002 B1
6377996 Lumelsky et al. Apr 2002 B1
6389464 Krishnamurthy et al. May 2002 B1
6393386 Zager et al. May 2002 B1
6393456 Ambler et al. May 2002 B1
6393485 Chao et al. May 2002 B1
6408390 Saito Jun 2002 B1
6424718 Holloway Jul 2002 B1
6424992 Devarakonda et al. Jul 2002 B2
6427163 Arendt et al. Jul 2002 B1
6427171 Craft et al. Jul 2002 B1
6438100 Halpern et al. Aug 2002 B1
6442557 Buteau et al. Aug 2002 B1
6442713 Block et al. Aug 2002 B1
6449650 Westfall et al. Sep 2002 B1
6457048 Sondur et al. Sep 2002 B2
6463536 Saito Oct 2002 B2
6466985 Goyal et al. Oct 2002 B1
6470025 Wilson et al. Oct 2002 B1
6470464 Bertram et al. Oct 2002 B2
6473791 Al-Ghosein et al. Oct 2002 B1
6480955 DeKoning et al. Nov 2002 B1
6484261 Wiegel Nov 2002 B1
6502131 Vaid et al. Dec 2002 B1
6505244 Natarajan et al. Jan 2003 B1
6519615 Wollrath et al. Feb 2003 B1
6529953 Van Renesse Mar 2003 B1
6539494 Abramson et al. Mar 2003 B1
6546423 Dutta et al. Apr 2003 B1
6546553 Hunt Apr 2003 B1
6549516 Albert et al. Apr 2003 B1
6549934 Peterson et al. Apr 2003 B1
6564261 Gudjonsson et al. May 2003 B1
6570847 Hosein May 2003 B1
6570875 Hegde May 2003 B1
6574195 Roberts Jun 2003 B2
6578144 Gennaro et al. Jun 2003 B1
6584499 Jantz et al. Jun 2003 B1
6587876 Mahon et al. Jul 2003 B1
6597956 Aziz et al. Jul 2003 B1
6598077 Primak et al. Jul 2003 B2
6598173 Sheikh et al. Jul 2003 B1
6598223 Vrhel, Jr. et al. Jul 2003 B1
6601101 Lee et al. Jul 2003 B1
6601233 Underwood Jul 2003 B1
6606708 Devine et al. Aug 2003 B1
6609148 Salo et al. Aug 2003 B1
6609213 Nguyen et al. Aug 2003 B1
6611522 Zheng et al. Aug 2003 B1
6628671 Dynarski et al. Sep 2003 B1
6631141 Kumar et al. Oct 2003 B1
6640303 Vu Oct 2003 B1
6651101 Gai et al. Nov 2003 B1
6651240 Yamamoto et al. Nov 2003 B1
6654782 O'Brien et al. Nov 2003 B1
6654796 Slater et al. Nov 2003 B1
6665714 Blumenau et al. Dec 2003 B1
6671699 Black et al. Dec 2003 B1
6675308 Thomsen Jan 2004 B1
6678821 Waugh et al. Jan 2004 B1
6678835 Shah et al. Jan 2004 B1
6681262 Rimmer Jan 2004 B1
6691148 Zinky et al. Feb 2004 B1
6691165 Bruck et al. Feb 2004 B1
6691168 Bal et al. Feb 2004 B1
6694436 Audebert Feb 2004 B1
6701363 Chiu et al. Mar 2004 B1
6717949 Boden et al. Apr 2004 B1
6718361 Basani et al. Apr 2004 B1
6718379 Krishna et al. Apr 2004 B1
6725253 Okano et al. Apr 2004 B1
6728885 Taylor et al. Apr 2004 B1
6735596 Corynen May 2004 B2
6738736 Bond May 2004 B1
6741266 Kamiwada et al. May 2004 B1
6742020 Dimitroff et al. May 2004 B1
6748447 Basani et al. Jun 2004 B1
6754716 Sharma et al. Jun 2004 B1
6754816 Layton et al. Jun 2004 B1
6757744 Narisi et al. Jun 2004 B1
6760765 Asai et al. Jul 2004 B1
6760775 Anerousis et al. Jul 2004 B1
6769008 Kumar et al. Jul 2004 B1
6769060 Dent et al. Jul 2004 B1
6772333 Brendel Aug 2004 B1
6779016 Aziz et al. Aug 2004 B1
6782408 Chandra et al. Aug 2004 B1
6789090 Miyake et al. Sep 2004 B1
6801528 Nassar Oct 2004 B2
6801937 Novaes et al. Oct 2004 B1
6801949 Bruck et al. Oct 2004 B1
6804783 Wesinger et al. Oct 2004 B1
6813778 Poli et al. Nov 2004 B1
6816897 McGuire Nov 2004 B2
6820121 Callis et al. Nov 2004 B1
6823299 Contreras et al. Nov 2004 B1
6823373 Pancha et al. Nov 2004 B1
6823382 Stone Nov 2004 B2
6829639 Lawson et al. Dec 2004 B1
6829770 Hinson et al. Dec 2004 B1
6836750 Wong et al. Dec 2004 B2
6845160 Aoki Jan 2005 B1
6853841 St. Pierre Feb 2005 B1
6854069 Kampe et al. Feb 2005 B2
6856591 Ma et al. Feb 2005 B1
6862613 Kumar et al. Mar 2005 B1
6868062 Yadav et al. Mar 2005 B1
6868454 Kubota et al. Mar 2005 B1
6879926 Schmit et al. Apr 2005 B2
6880002 Hirschfeld et al. Apr 2005 B2
6886038 Tabbara et al. Apr 2005 B1
6888807 Heller et al. May 2005 B2
6895534 Wong et al. May 2005 B2
6898791 Chandy et al. May 2005 B1
6904458 Bishop et al. Jun 2005 B1
6907395 Hunt et al. Jun 2005 B1
6915338 Hunt et al. Jul 2005 B1
6922791 Mashayekhi et al. Jul 2005 B2
6928482 Ben Nun et al. Aug 2005 B1
6947987 Boland Sep 2005 B2
6954930 Drake et al. Oct 2005 B2
6957186 Guheen et al. Oct 2005 B1
6963981 Bailey et al. Nov 2005 B1
6968291 Desai Nov 2005 B1
6968535 Stelting et al. Nov 2005 B2
6968550 Branson et al. Nov 2005 B2
6968551 Hediger et al. Nov 2005 B2
6971063 Rappaport et al. Nov 2005 B1
6971072 Stein Nov 2005 B1
6973620 Gusler et al. Dec 2005 B2
6973622 Rappaport et al. Dec 2005 B1
6976079 Ferguson et al. Dec 2005 B1
6976269 Avery, IV et al. Dec 2005 B1
6978379 Goh et al. Dec 2005 B1
6983317 Bishop et al. Jan 2006 B1
6985956 Luke et al. Jan 2006 B2
6986135 Leathers et al. Jan 2006 B2
6990666 Hirschfeld et al. Jan 2006 B2
7003562 Mayer Feb 2006 B2
7003574 Bahl Feb 2006 B1
7012919 So et al. Mar 2006 B1
7013462 Zara et al. Mar 2006 B2
7016950 Tabbara et al. Mar 2006 B2
7024451 Jorgenson Apr 2006 B2
7027412 Miyamoto et al. Apr 2006 B2
7028228 Lovy et al. Apr 2006 B1
7035786 Abu El Ata et al. Apr 2006 B1
7035930 Graupner et al. Apr 2006 B2
7043407 Lynch et al. May 2006 B2
7043545 Tabbara et al. May 2006 B2
7046680 McDysan et al. May 2006 B1
7050961 Lee et al. May 2006 B1
7054943 Goldszmidt et al. May 2006 B1
7058704 Mangipudi et al. Jun 2006 B1
7058826 Fung Jun 2006 B2
7058858 Wong et al. Jun 2006 B2
7062718 Kodosky et al. Jun 2006 B2
7069204 Solden et al. Jun 2006 B1
7069480 Lovy et al. Jun 2006 B1
7069553 Narayanaswamy et al. Jun 2006 B2
7072807 Brown et al. Jul 2006 B2
7072822 Humenansky et al. Jul 2006 B2
7076633 Tormasov et al. Jul 2006 B2
7080143 Hunt et al. Jul 2006 B2
7082464 Hasan et al. Jul 2006 B2
7089281 Kazemi et al. Aug 2006 B1
7089293 Grosner et al. Aug 2006 B2
7093005 Patterson Aug 2006 B2
7093288 Hydrie et al. Aug 2006 B1
7096258 Hunt et al. Aug 2006 B2
7099936 Chase et al. Aug 2006 B2
7103185 Srivastava et al. Sep 2006 B1
7103874 McCollum et al. Sep 2006 B2
7113900 Hunt et al. Sep 2006 B1
7117158 Weldon et al. Oct 2006 B2
7117261 Kryskow, Jr. et al. Oct 2006 B2
7120154 Bavant et al. Oct 2006 B2
7124289 Suorsa Oct 2006 B1
7127625 Farkas et al. Oct 2006 B2
7131123 Suorsa et al. Oct 2006 B2
7134011 Fung Nov 2006 B2
7134122 Sero et al. Nov 2006 B1
7139930 Mashayekhi et al. Nov 2006 B2
7139999 Bowman-Amuah Nov 2006 B2
7143420 Radhakrishnan Nov 2006 B2
7146353 Garg et al. Dec 2006 B2
7150015 Pace et al. Dec 2006 B2
7152109 Suorsa et al. Dec 2006 B2
7152157 Murphy et al. Dec 2006 B2
7155380 Hunt et al. Dec 2006 B2
7155490 Malmer et al. Dec 2006 B1
7162427 Myrick et al. Jan 2007 B1
7162509 Brown et al. Jan 2007 B2
7174379 Agarwal et al. Feb 2007 B2
7181731 Pace et al. Feb 2007 B2
7188335 Darr et al. Mar 2007 B1
7191344 Lin et al. Mar 2007 B2
7191429 Brassard et al. Mar 2007 B2
7194439 Kassan et al. Mar 2007 B2
7194616 Axnix et al. Mar 2007 B2
7197418 Fuller, III et al. Mar 2007 B2
7200530 Brown et al. Apr 2007 B2
7200655 Hunt et al. Apr 2007 B2
7203911 Williams Apr 2007 B2
7210143 Or et al. Apr 2007 B2
7213231 Bandhole et al. May 2007 B1
7222147 Black et al. May 2007 B1
7225441 Kozuch et al. May 2007 B2
7231410 Walsh et al. Jun 2007 B1
7254634 Davis et al. Aug 2007 B1
7257584 Hirschfeld et al. Aug 2007 B2
7275156 Balfanz et al. Sep 2007 B2
7278273 Whitted et al. Oct 2007 B1
7281154 Mashayekhi et al. Oct 2007 B2
7302608 Acharya et al. Nov 2007 B1
7305549 Hunt et al. Dec 2007 B2
7305561 Hunt et al. Dec 2007 B2
7313573 Leung et al. Dec 2007 B2
7315801 Dowd et al. Jan 2008 B1
7333000 Vassallo Feb 2008 B2
7349891 Charron et al. Mar 2008 B2
7350068 Anderson et al. Mar 2008 B2
7350186 Coleman et al. Mar 2008 B2
7366755 Cuomo et al. Apr 2008 B1
7367028 Kodosky et al. Apr 2008 B2
7370103 Hunt et al. May 2008 B2
7376125 Hussain et al. May 2008 B1
7379982 Tabbara May 2008 B2
7386721 Vilhuber et al. Jun 2008 B1
7395320 Hunt et al. Jul 2008 B2
7403901 Carley et al. Jul 2008 B1
7404175 Lee et al. Jul 2008 B2
7406517 Hunt et al. Jul 2008 B2
7406692 Halpern et al. Jul 2008 B2
7409420 Pullara et al. Aug 2008 B2
7461249 Pearson et al. Dec 2008 B1
7464147 Fakhouri et al. Dec 2008 B1
7624086 Keith, Jr. Nov 2009 B2
20010014158 Baltzley Aug 2001 A1
20010016909 Gehrmann Aug 2001 A1
20010020228 Cantu et al. Sep 2001 A1
20010039586 Primak et al. Nov 2001 A1
20010047400 Coates et al. Nov 2001 A1
20010051937 Ross et al. Dec 2001 A1
20020009079 Jungck et al. Jan 2002 A1
20020010771 Mandato Jan 2002 A1
20020022952 Zager et al. Feb 2002 A1
20020038421 Hamada Mar 2002 A1
20020040402 Levy-Abegnoli et al. Apr 2002 A1
20020049573 El Ata Apr 2002 A1
20020057684 Miyamoto et al. May 2002 A1
20020069267 Thiele Jun 2002 A1
20020069369 Tremain Jun 2002 A1
20020075844 Hagen Jun 2002 A1
20020082820 Ferguson et al. Jun 2002 A1
20020087264 Hills et al. Jul 2002 A1
20020090089 Branigan Jul 2002 A1
20020120761 Berg Aug 2002 A1
20020131601 Ninomiya Sep 2002 A1
20020138551 Erickson Sep 2002 A1
20020152086 Smith et al. Oct 2002 A1
20020156900 Marquette et al. Oct 2002 A1
20020161839 Colasurdo et al. Oct 2002 A1
20020171690 Fox et al. Nov 2002 A1
20020184327 Major et al. Dec 2002 A1
20020194342 Lu et al. Dec 2002 A1
20020194345 Lu et al. Dec 2002 A1
20020194369 Rawlings et al. Dec 2002 A1
20020198995 Liu et al. Dec 2002 A1
20030008712 Poulin Jan 2003 A1
20030009559 Ikeda Jan 2003 A1
20030014644 Burns et al. Jan 2003 A1
20030028642 Agarwal et al. Feb 2003 A1
20030028770 Litwin Feb 2003 A1
20030041142 Zhang et al. Feb 2003 A1
20030041159 Tinsley et al. Feb 2003 A1
20030046615 Stone Mar 2003 A1
20030051049 Noy et al. Mar 2003 A1
20030056063 Hochmuth et al. Mar 2003 A1
20030065743 Jenny et al. Apr 2003 A1
20030069369 Belenkaya et al. Apr 2003 A1
20030074395 Eshghi et al. Apr 2003 A1
20030101284 Cabrera et al. May 2003 A1
20030105963 Slick et al. Jun 2003 A1
20030120763 Volpano Jun 2003 A1
20030126464 McDaniel et al. Jul 2003 A1
20030130833 Brownell et al. Jul 2003 A1
20030138105 Challener et al. Jul 2003 A1
20030165140 Tang et al. Sep 2003 A1
20030200293 Fearn et al. Oct 2003 A1
20030204734 Wheeler Oct 2003 A1
20030214908 Kumar et al. Nov 2003 A1
20030217263 Sakai Nov 2003 A1
20030225563 Gonos Dec 2003 A1
20040002878 Maria Hinton Jan 2004 A1
20040049365 Keller et al. Mar 2004 A1
20040049509 Keller et al. Mar 2004 A1
20040054791 Chakraborty et al. Mar 2004 A1
20040059812 Assa Mar 2004 A1
20040068631 Ukeda et al. Apr 2004 A1
20040073443 Gabrick et al. Apr 2004 A1
20040073795 Jablon Apr 2004 A1
20040078787 Borek et al. Apr 2004 A1
20040111315 Sharma et al. Jun 2004 A1
20040117438 Considine et al. Jun 2004 A1
20040117476 Steele et al. Jun 2004 A1
20040160386 Michelitsch et al. Aug 2004 A1
20040161111 Sherman Aug 2004 A1
20040193388 Outhred et al. Sep 2004 A1
20040199572 Hunt et al. Oct 2004 A1
20040205179 Hunt et al. Oct 2004 A1
20040208292 Winterbottom Oct 2004 A1
20040226010 Suorsa Nov 2004 A1
20040261079 Sen Dec 2004 A1
20040264481 Darling et al. Dec 2004 A1
20040267920 Hydrie et al. Dec 2004 A1
20040268357 Joy et al. Dec 2004 A1
20040268358 Darling et al. Dec 2004 A1
20050008001 Williams et al. Jan 2005 A1
20050021742 Yemini et al. Jan 2005 A1
20050055435 Gbadegesin et al. Mar 2005 A1
20050080811 Speeter et al. Apr 2005 A1
20050086502 Rayes et al. Apr 2005 A1
20050091078 Hunt et al. Apr 2005 A1
20050091227 McCollum et al. Apr 2005 A1
20050097097 Hunt et al. May 2005 A1
20050097146 Konstantinou et al. May 2005 A1
20050102388 Tabbara et al. May 2005 A1
20050102513 Alve May 2005 A1
20050125212 Hunt et al. Jun 2005 A1
20050138416 Qian et al. Jun 2005 A1
20050152270 Gomez Paredes et al. Jul 2005 A1
20050192971 Tabbara et al. Sep 2005 A1
20050193103 Drabik Sep 2005 A1
20050246529 Hunt et al. Nov 2005 A1
20050246771 Hunt et al. Nov 2005 A1
20050251783 Torone et al. Nov 2005 A1
20050257244 Joly et al. Nov 2005 A1
20050268325 Kuno et al. Dec 2005 A1
20060025984 Papaefstathiou et al. Feb 2006 A1
20060025985 Vinberg et al. Feb 2006 A1
20060031248 Vinberg et al. Feb 2006 A1
20060034263 Outhred et al. Feb 2006 A1
20060037002 Vinberg et al. Feb 2006 A1
20060048017 Anerousis et al. Mar 2006 A1
20060123040 McCarthy et al. Jun 2006 A1
20060149838 Hunt et al. Jul 2006 A1
20060155708 Brown et al. Jul 2006 A1
20060161879 Lubrecht et al. Jul 2006 A1
20060161884 Lubrecht et al. Jul 2006 A1
20060232927 Vinberg et al. Oct 2006 A1
20060235664 Vinberg et al. Oct 2006 A1
20060259609 Hunt et al. Nov 2006 A1
20060259610 Hunt et al. Nov 2006 A1
20060271341 Brown et al. Nov 2006 A1
20070006177 Aiber et al. Jan 2007 A1
20070112847 Dublish et al. May 2007 A1
20070192769 Mimura et al. Aug 2007 A1
20080059214 Vinberg et al. Mar 2008 A1
Foreign Referenced Citations (25)
Number Date Country
1368694 Sep 2002 CN
1375685 Oct 2002 CN
0964546 Dec 1999 EP
1180886 Feb 2002 EP
1307018 May 2003 EP
8297567 Nov 1996 JP
11340980 Dec 1999 JP
2000293497 Oct 2000 JP
2001339437 Dec 2001 JP
2002084302 Mar 2002 JP
2002354006 Dec 2002 JP
2003532784 Nov 2003 JP
2111625 May 1998 RU
2189072 Sep 2002 RU
WO9853410 Nov 1998 WO
WO9930514 Jun 1999 WO
WO9963439 Dec 1999 WO
WO0022526 Apr 2000 WO
WO0031945 Jun 2000 WO
WO0073929 Dec 2000 WO
WO0230044 Apr 2002 WO
WO 0237748 May 2002 WO
WO02085051 Oct 2002 WO
WO03027876 Apr 2003 WO
WO03039104 May 2003 WO
Related Publications (1)
Number Date Country
20050193203 A1 Sep 2005 US