Patent Grant
7970788
In a managed information environment, users typically access a mass storage subsystem, such as one or more databases (DBs) for various data items used in the normal course of operations. Often, it is desirable to monitor and oversee transactions occurring with respect to data base access. Monitoring the databases access transactions can identify potential security breaches, inappropriate usage of sensitive information, track usage trends to assist with resource planning and accounting chargebacks, and provide continuous tracking of access to sensitive data for government mandated auditing and regulatory compliance.
In modern managed information environments, database security is a growing concern. With the increasing availability of computing power and mass storage, many corporations are maintaining larger data stores of sensitive or confidential information. Such information includes not only intrinsic proprietary corporate data, but also data external to the corporation, such as customer account information, names, addresses, credit card and bank account information, etc. At the same time, public awareness about privacy and the responsibility of entrusted entities to safeguard the information entrusted to them increases. Accordingly, database operators strive to maintain transaction monitoring, access control, and audit trail recording over such a database repository.
Database security and monitoring mechanisms can impose a substantial processing burden on the systems they monitor. Performance and throughput can be detrimentally affected by security mechanisms which intercede in every database access for security processing and transaction logging. However, nonintrusive database security mechanisms can mitigate this overhead. Nonintrusive database monitoring avoids burdening the database server with the transactional gathering associated with monitoring and controlling the database access attempts. Rather, the interception and collection of database access attempts (transactions) is offloaded to a separate computing device, or collector.
Accordingly, some systems employ nonintrusive data level database access monitoring techniques. Nonintrusive access monitoring resides in a separate computing device in communication with an access path, such as an Ethernet cable, between the users and the database server. Such nonintrusive devices observe database access requests (transactions) in a passive manner during transport from the user to the database server. Accordingly, a database monitor device passively intercepts these transactions in a nonintrusive manner from an access network, a technique sometimes referred to as “sniffing.” Accordingly, a database monitor and access control framework may gather the database transactional data via an offloaded processor which does not impede database access or compete with database servers for available CPU cycles.
Conventional network-based security techniques identify and scrutinize each access path from a network to a protected resource, such as a server, VPN, or database. Exclusive perimeter or network access point-based approaches may not be entirely appropriate for all installations. With respect to database security, conventional perimeter access control mechanisms may not address local access that does not employ the network, or that otherwise avoids network based access controls (e.g. an encrypted SSH connection). For example, a conventional database security mechanism which monitors Internet connections may not be effective against an unscrupulous operator using a local privileged account. Configurations of the invention are based, in part, on the observation that conventional non-intrusive database security measures may need to account for each available potential local access path, in addition to analyzing each remote access connection (i.e. SQL over the wire). The local access paths may potentially be employed, for example, to circumvent perimeter access (or other external connection monitoring) protection provided by a network access monitoring approach that covers remote access attempts. Accordingly, a more robust security approach covers all available local access mediums, as well as remote connections.
Such local access mediums typically employ an InterProcess Communication (IPC) mechanism inherent in the operating system of the particular database server. Such IPC mechanisms may include, for example, shared memory, sockets, Unix pipes, Windows LPC (Windows specific) and Named pipes. Other mediums may be available depending on the hardware and OS employed. Protecting the database against unauthorized or malicious local access includes covering the available IPC or other local access mediums with a selective access mechanism as discussed further below. Typically, such coverage includes identifying system calls which employ the IPC mechanism for DB access, and intercepting the access attempt to analyze it for suspect activity. On particular systems, however, it may be overly intrusive or burdensome to intercept the system calls or other access medium underlying the local access mechanism.
Accordingly, configurations discussed herein substantially overcome the shortcomings with conventional perimeter schemes by employing a hybrid approach that disallows, or blocks, the access mediums which are not feasible to intercept or analyze, as well as intercepting and analyzing access mediums for which interception and interrogation is available. Accordingly, configurations herein provide the hybrid coverage approach to identifying access mediums, and either block or intercept the access attempts. In this manner, access mediums, such as IPC system calls, which may be efficiently intercepted and analyzed are captured and substantively processed, while other access mediums that are excessively burdensome or intrusive to capture are unselectively blocked from any communication, avoiding the need to analyze such access attempts.
In the exemplary arrangement discussed herein, a local nonintrusive access monitoring mechanism complements a remote access nonintrusive monitoring mechanism for protecting a database. The local monitoring mechanism monitors database access attempts performed on the local server, as opposed to remote access via a network connected to the database server. Local access monitoring and control is achieved by accessing the interprocess communication mechanism (IPC) employed by the operating system (OS) for local access to the database. Typically, the IPC mechanism employs file structures or shared memory via system calls to the operating system from the requesting processes. Monitoring and/or analyzing these requests involves intercepting and collecting the system service calls. The nonintrusive access monitoring application may then perform substantive analysis. However, typical operating systems often have multiple system calls, or access paths, employable via the IPC mechanisms. Protection, therefore, involves intercepting and collecting all of these calls. However, certain access paths may be infeasible or undesirable to monitor, intercept and collect. In particular circumstances, interception and substantive analysis of the access attempt, such as a SQL database access request, may be overly intrusive. For example, certain calls may require modifications at a low level of the operating system (e.g. kernel changes) in order to be effective. Such changes may trigger substantial regressive testing and/or present a risk of leaving the server in an inconsistent state, for example. Generally, different operating systems present different issues for aggregately catching all IPC call to provide complete coverage.
In further detail, the method of providing nonintrusive database security as disclosed herein includes identifying a plurality of access mediums operable to provide local access to a database via access attempts from a user, and enumerating, for each of the identified access mediums, an access control mechanism operable to limit access attempts via the access medium. The enumeration may take the form of a configuration file or matrix, for example, listing the available IPC access mediums. The method applies, to each of the identified access mediums, the enumerated access control mechanism, such that each of the enumerated access control mechanisms is applicable to a subset of the identified access mediums on the server. The enumeration lists, or covers, each available IPC mechanism to identify access mediums for all access permutations on a particular local server, and the enumeration involves collectively covering all access permutations through which access attempts emanate on the particular local server. The database server then identifies local access attempts to the database via the enumerated access mediums, and restricts local access by performing at least one of preventing the access attempt and reporting (intercepting) the access attempt for further analysis, depending on the enumerated entry for the particular access medium. It should be noted that the local access refers to the client employed for database access, not necessarily the disposition of the user/querying device. In other words, the local access is meant to encompass access which may not be detected by remote parsing or stream based interrogation of an incoming network connection.
In the exemplary configuration, enumerating the access mediums includes determining if the access medium is responsive to an interceptor operable to retrieve and analyze access attempts made via the access medium. Applying access control includes intercepting, if the access medium is responsive to the interceptor, the access attempt for selective access analysis, and preventing, if the access medium is not responsive to the interceptor, access attempts via the enumerated access medium. The identification of access mediums, therefore, includes identifying access mediums which are not interceptable, and preventing access via the particular access medium for each of the access mediums which are not interceptable. Prevention of access, as discussed further below, may include simply monitoring/recording the access attempt, and also blocking the attempt via process termination or otherwise, depending on the configuration.
During operation of the monitored server, application of access control further includes eliminating a potential threat from each of the enumerated access mediums by either intercepting the access attempts made via the enumerated access medium, or preventing usage of the enumerated access medium. Therefore, applying the enumerated access control mechanism to the access attempts further includes collecting access attempts for analysis, either blocking or enumerating (recording) the access attempts, and transmitting the collected access attempts to a collector for substantive analysis.
In particular configurations, to prevent unauthorized and unrecordable database access attempts, the method for preventing unauthorized access to a database includes identifying a plurality of access mediums to a protected database, and enumerating access mediums responsive to an interrogative process, in which the interrogative process is operable to intercept access attempts via the enumerated access mediums. An enforcer process or other termination mechanism then blocks access from access mediums nonresponsive to an interrogative process by prohibiting all activity via the nonresponsive access mediums.
Alternate configurations of the invention include a multiprogramming or multiprocessing computerized device such as a workstation, handheld or laptop computer or dedicated computing device or the like configured with software and/or circuitry (e.g., a processor as summarized above) to process any or all of the method operations disclosed herein as embodiments of the invention. Still other embodiments of the invention include software programs such as a Java Virtual Machine and/or an operating system that can operate alone or in conjunction with each other with a multiprocessing computerized device to perform the method embodiment steps and operations summarized above and disclosed in detail below. One such embodiment comprises a computer program product that has a computer-readable medium including computer program logic encoded thereon that, when performed in a multiprocessing computerized device having a coupling of a memory and a processor, programs the processor to perform the operations disclosed herein as embodiments of the invention to carry out data access requests. Such arrangements of the invention are typically provided as software, code and/or other data (e.g., data structures) arranged or encoded on a computer readable medium such as an optical medium (e.g., CD-ROM), floppy or hard disk or other medium such as firmware or microcode in one or more ROM or RAM or PROM chips, field programmable gate arrays (FPGAs) or as an Application Specific Integrated Circuit (ASIC). The software or firmware or other such configurations can be installed onto the computerized device (e.g., during operating system for execution environment installation) to cause the computerized device to perform the techniques explained herein as embodiments of the invention.
The foregoing and other objects, features and advantages of the invention will be apparent from the following description of particular embodiments of the invention, as illustrated in the accompanying drawings in which like reference characters refer to the same parts throughout the different views. The drawings are not necessarily to scale, emphasis instead being placed upon illustrating the principles of the invention.
Configurations of the invention in the exemplary arrangement discussed herein provide a local nonintrusive DB access monitoring mechanism that complements a remote access nonintrusive monitoring mechanism for protecting the database. The local monitoring mechanism monitors database access attempts performed on the local server, as opposed to remote access via a network connected to the database server. Local access monitoring and control is achieved by accessing the interprocess communication mechanism (IPC) employed by the operating system (OS) for local access to the database. Typically, the IPC mechanism employs file structures or shared memory via system calls to the operating system from the requesting processes. Monitoring and/or analyzing these requests involves intercepting and collecting these system service calls. The nonintrusive access monitoring application may then perform substantive analysis.
Since typical operating systems often have multiple IPC mechanisms, local protection involves intercepting and collecting each of these calls. However, certain access paths may be infeasible or undesirable to monitor, intercept and collect. In particular circumstances, interception and substantive analysis of the access attempt, such as a SQL database access request, may be overly intrusive. For example, certain calls may require modifications at a low level of the operating system (e.g. kernel changes) in order to be effective. Such changes may trigger substantial regressive testing and/or present a risk of leaving the server in an inconsistent state, for example. Configurations discussed herein provide a hybrid coverage approach to identifying access paths, or mechanisms and either block or intercept access attempts. In this manner, access mediums, such as IPC system calls, which may be efficiently intercepted and analyzed are substantively captured and processed, while other access mediums that are excessively burdensome or intrusive to capture are unselectively blocked from any communication, avoiding the need to substantively analyze such access attempts.
As indicated above, the characterization of access attempts as local and remote refers to the database client employed for such access. As defined below, an access medium is a mechanism by which database access may be sought and for which a protection mechanism may be applied. Configurations discussed herein apply different protection mechanisms to certain access mediums, depending, inter alia, on whether a local or remote database client is employed. Other variations and arrangements of the access mediums will be apparent to those of skill in the art. Accordingly, an access medium is intended to denote a particular virtual or physical access path to the database for which protections and access control may be applied.
In further detail, while the term “local access” may suggest console access whereas remote implies that the user/operator is sitting on another node, such generalizations may be inaccurate. One particular distinguishing feature is where the database client is run. For example, if a user at a workstation uses SSH to log into the host hosting the database server and run a database access tool there, such operation is local access as well. Certain arrangements may not reliably intercept such access on the network for a variety of reasons. One is encryption—e.g. SSH encrypts all the network connection. The second is that the protocols are not always textual—e.g. certain applications and message formats pass bitmaps and events which are not amenable to parsing a text based SQL extract for substantive analysis. Other variations and abstractions of the message transport which dilute the local/remote distinction will be apparent. Accordingly, it is one feature of the exemplary configuration to selectively analyze and monitor particular access mediums, rather than exclusively remote and/or local access. The local/remote configuration of the exemplary system is intended as illustrative only, and is not intended to limit the configurations discussed herein.
In the case of IPC mechanisms which are overly intrusive to monitor, therefore, it is beneficial to prohibit communication via the access mediums providing the access paths. Often, IPC communication may be effectively blocked or prevented more discretely than substantively intercepting and analyzing the substance of the communication. Therefore, if the intrusiveness of intercepting access attempts via a particular access medium outweighs the need or utility of the access medium, it may be more beneficial to block access via the access medium. This approach balances the intrusiveness of the interception with the likelihood or convenience of permitting access the access medium. In this manner, by either interception or prevention of all available access mediums for a particular server device, complete coverage of access points into a database or other protected resource may be achieved.
As indicated above, local access to the database 110 is also available to a local user 132 via local access mediums 134-1 . . . 134-N (134, generally). Local access may involve database operators or maintainers (e.g. DBAs) having privileged accounts, or simply local users who do not need network access. In either case, the local access mediums 134 may present a potential bypass to the scrutiny provided by the remote collector 150. In the exemplary configuration, the local access mediums are an interprocess communication mechanism (IPC) employed by the operating system (OS) of the server 130. Typically such IPC mechanisms include shared memory, file structured devices, Unix sockets, named pipes, and other suitable mechanisms. Alternatively, other mechanisms for detecting and intercepting DB access attempts, such as employing database auditing and access tracking tools. Accordingly, configurations discussed herein provide a local collector 160 having an access controller 162 for monitoring the local access mediums 134. The local collector 160 is operable to intercept and analyze the local IPC mechanisms. The local collector 160, therefore, scrutinizes the local access mediums 134 for complementing the monitoring, oversight, and access control capabilities afforded by the remote collector 150.
At step 201, the access controller 162 enumerates access mediums 134 that are responsive to an interrogative process, such that the interrogative process is operable to intercept access attempts via the enumerated access mediums 134. The access mediums 134 may be enumerated in a table, including entries specific to the OS, that includes the available IPC mechanisms providing the access mediums 134. For each access medium 134, the table lists those that may be intercepted (i.e. are interceptable) for monitoring and analysis. If a particular access medium 134 cannot effectively be interrogated, i.e. the access attempts cannot be substantively intercepted and collected, then at step 202, the access controller 162 monitors and/or prevents access from access mediums 134 nonresponsive to an interrogative process by either recording or alternatively, simply prohibiting activity via the nonresponsive access mediums. Once detected, subsequent activity is a matter of individual site configuration and policy. Monitoring and enforcing allowed usage patterns may be provided by recording such detected access as a deterrent means. Alternatively, some sites may adopt a prevention and blocking approach. Typically, such blocking includes terminating a process attempting to perform an access attempt via a non-interceptable access medium, as listed in the table. Therefore, the local collector 160 monitors database access attempts by intercepting access attempts through access mediums 134 which are substantively interceptable, records, and optionally disallows any access attempts 140 through access mediums 134 which are deemed not interceptable.
The enforcer 170 is operable to monitor all local connections, report on, and optionally, terminate local processes 136′ which correspond to disallowed access mediums. Disallowed access mediums 136′ are those which the interceptor 164 does not intercede with, due to either performance, stability, or configuration constraints. The enforcer 170 therefore monitors and/or restricts access paths 138′ to the database 110 by logging the existence of, and optionally, terminating processes 136′ operable to employ such access paths. The access matrix 168, discussed further with respect to
A configuration file 152, typically at the remote collector 150, populates the access matrix 168 indicative of which access mediums 134 are covered by the interceptor 164 and the enforcer 170, respectively. Alternatively, the access matrix 168 may take alternate forms of persistency. The access matrix 168 indicates, for the particular operating system in use on the server 130 and for each of the access mediums 134 (i.e. IPC mechanisms), which of the interceptor 164 and enforcer 170 apply. In alternate embodiments, other responsible entities may be designated in the access matrix 168 for monitoring, or covering, other access mediums 134 to the database. For a particular operating system, the access matrix 168 enumerates each applicable access medium 134 (IPC mechanism), and designates either the interceptor 164 to cover the access path 138 employed by that access medium 134 or designates the enforcer 170 to terminate processes 136′ that would employ alternate access paths 138′ not covered by the interceptor 164. In this manner, complete coverage of all database access paths 138, 138′ is afforded by the access matrix 168, as shown by dotted line 172.
For intercepted transactions 140, after passing scrutiny, the analyzer 166 passes them through to the native local communication manager 174 (e.g. IPC mechanism) from which they were intercepted. The analyzer 166 therefore provides equivalent scrutiny as the remote collector 150, as defined further in copending U.S. patent application Ser. No. 10/723,521, filed Nov. 26, 2003, entitled “System and Methods for Nonintrusive Database Security”. In the exemplary configuration, the remote collector may include the SQL Guard application, marketed commercially by Guardium, Inc. of Waltham, Mass.
In the exemplary configuration, identification includes, enumerating, for each of the identified access mediums 134, an access control mechanism operable to limit access attempts via the access medium 134, as depicted at step 302. If the access medium is deemed not interceptable, then access prevention is the access control mechanism applicable to that access medium. Prevention includes termination of processes attempting to employ the access medium 134, through determinations and mechanisms discussed further below.
At step 303, identifying further includes identifying access mediums for all access permutations on a particular local server 130, and enumerating involves collectively covering all access permutations through which access attempts 134 emanate on the particular local server 130. In the exemplary arrangement, this takes the form of the access matrix 168 of
The information identifying the access mediums 134 is employed to generate an access medium repository, such as the access matrix 168, indicative of, for each of the enumerated access mediums, those which the interrogative process is operable to intercept and analyze access attempts via the respective access medium, in which the access mediums 134 are local access mediums emanating from the server 130 in direct communication with the database 110, as disclosed at step 305. In the exemplary configuration, the repository takes the form of the access matrix 168, populated from the configuration file 152, that indicates whether the local collector 160 prevents the access attempt or reports, or tracks, the access attempt for further analysis, as depicted at step 306.
Based on the information in the access matrix, the interceptor 164 configures an interception mechanism to intercept, if the access medium 134 is responsive to the interceptor 164, the access attempt 140 for selective access analysis, as shown at step 404, and sends the access attempt 140 to the analyzer 166 for substantive analysis. Therefore, the interceptor 164 applies the information in the access matrix 168 to eliminate a potential threat from each of the enumerated access mediums 134 by intercepting the access attempts 140 made via the enumerated access medium 134, as depicted at step 405.
In intercepting access attempts 140 to the database to selectively allow the access attempts, at step 406, the interceptor 164 employs several mechanisms. At step 407, the interceptor 164 executes a proxy process operable to emulate a port for accessing the database 110. The proxy intercept mechanism inserts a proxy process between the database by resetting the default port used for database access, for example port 1521, used by default for Oracle® databases. The proxy connects to port 1521, and resets the configuration parameter such that other processes connect to the proxy rather then the actual database. The proxy may then scrutinize all access attempts 140 to the database. Further, the enforcer 170, discussed further below, identifies unauthorized access by any process other than the proxy connecting to port 1521. In other words, only the designated proxy is to be connected directly to the database port 1521; other processes that attempt to connect are terminated by the enforcer process 170.
Alternatively, at step 408, intercepting may include redirecting system calls to access the database 110 to the executing proxy process. The operating system call to invoke the access medium (e.g. IPC mechanism) for passing data to the database 110 is modified to reference the proxy. Although effective, this mechanism may trigger regressive testing because of OS modifications, and therefore may not be appropriate for all configurations.
At step 409, the interceptor 164 modifies a library path operable for accessing an access medium 134 to the database 110 by inserting the interceptor 164 process in the library path operable to receive and analyze access attempts via the access medium 134. Such a library path is a prioritized list of objects or directories for resolving a reference, such as the IPC call to access the database 110. Inserting the interceptor 164 prior to the actual database 110 reference ensures that processed employing the library search list will resolve the DB reference in favor of the interceptor 164 before the actual DB 110. This mechanism, however, assumes that the library search path is employed by the scrutinized local process 136.
Once intercepted, by any suitable mechanism, the interceptor 164 reports the intercepted access attempt to the analyzer 166, as shown at step 410. The analyzer 166 then analyzes the access attempt 140 to determine whether to allow the access attempt 140, as shown at step 411. As indicated above, the analyzer 166 is in communication with the remote collector 150 for performing substantive analysis on the intercepted access attempt 140.
From the check at step 403, for the access mediums 134 that are not responsive to the remote collector 150, at step 412, the interceptor 164 collects the access attempts 140 and enumerates (i.e. records) the access attempts. In the exemplary configuration, the analyzer 166 transmits the collected access attempts 140 to the remote collector 150 for similar substantive analysis as the intercepted network 102 access attempts, as depicted at step 413. Alternatively, the analysis may be performed locally by the analyzer 166.
For access mediums 134 which are to be recorded or blocked, the local collector 160 invokes the enforcer 170 to prevent, if the access medium 134 is not responsive to the interceptor 164, access attempts via the enumerated access medium, as shown at step 414. Given the OS in use on the server 130, for each access medium 134 designated in the access matrix as B (block), the enforcer 170 prevents access via the particular access medium 134 for each of the access mediums 134 which are not interceptable, as depicted at step 415. The enforcer 170 therefore applies, to each of the identified access mediums 134, the enumerated access control mechanism indicated in the access matrix 168, such that each the enumerated access control mechanisms applicable to a subset of the identified access mediums 134, as shown at step 416. In the exemplary configuration, the enforcer 170 generally terminates processes of a disallowed access medium 136.′ Such processes are those which are operable to access the database 110 other then designated proxies. Alternate configurations may employ other access control mechanisms enumerated in the access matrix 168.
In the exemplary configuration, the enforcer 170 performs a check, as disclosed at step 417, to determine if the disallowed access medium 134 to be prevented is one of either a shared memory operation, a file structure/device based operation, or a proxy operation. In the case of shared memory, at step 418, the enforcer 170 identifies access mediums corresponding to shared memory segments in use. Typically this involves querying the operating system for a list of shared memory segments and corresponding processes accessing them. The enforcer computes processes that are employing the same shared memory segment as the database 110, as shown at step 419, such as through a matching operation on the list of shared memory segments to identify processes accessing a common shared memory segment. The enforcer 170 then identifies, logs and/or terminates the process 136′ computed to be employing the same shared memory segment as the database 110, as depicted at step 420.
If, at step 417, a file structure device is employed as the access method, than at step 421 the enforcer identifies file handles in use for accessing a file structured device. In many operating systems, several types of IPC communications are handled via a file descriptor. Often, the file descriptors in use are readily obtained via an OS call. For example, Unix systems typically employ file descriptors for all but shared memory IPC transfers. Accordingly, communicating processes are identifiable by listing file descriptors and identifying processes accessing a common file descriptor. For example, the Unix List Open Files call (LSOF) may be employed to identify file handles in use. Other mechanisms will be apparent. Therefore, the enforcer 170 computes multiple processes accessing the same identified file handle, as shown at step 422, and at step 423, and records/terminates processes sharing the same file handle as the database 110.
At step 424, in the case of proxy access to the database, the enforcer 170 identifies a port employed by the access medium 134 for accessing the DB 110. The enforcer 170 determines a defined proxy for accessing the database, such that the proxy is employed by allowed access mediums 134, as depicted at step 425. As indicated above with respect to intercepted access, the proxy is the only designated allowable access point (e.g. process) to the database 110. Accordingly, accesses to the database by any other than the designated proxy, are disallowed. Accordingly, at step 426 the enforcer 170 identifies attempts to connect to the database other than by the proxy, and terminates the identified process 136′ employing the non-proxy access for accessing the identified port or other access path into the database 110, as depicted at step 427.
In alternate configurations, utilities or tools targeting the DB may be employed. For example, database auditing tools and access tracking utilities provide yet another way (which uses the database) to track connections to the DB. In such configurations, the interceptor employs database auditing features to collect all login/logout operations, and then correlates this with intercepted data; anything that is a delta means that it was a “rogue connection” (i.e. potentially unauthorized).
Those skilled in the art should readily appreciate that the programs and methods for monitoring and selectively analyzing and preventing database access as defined herein are deliverable to a processing device in many forms, including but not limited to a) information permanently stored on non-writeable storage media such as ROM devices, b) information alterably stored on writeable storage media such as floppy disks, magnetic tapes, CDs, RAM devices, and other magnetic and optical media, or c) information conveyed to a computer through communication media, for example using baseband signaling or broadband signaling techniques, as in an electronic network such as the Internet or telephone modern lines. The operations and methods may be implemented in a software executable object or as a set of instructions embedded in a carrier wave. Alternatively, the operations and methods disclosed herein may be embodied in whole or in part using hardware components, such as Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs), state machines, controllers or other hardware components or devices, or a combination of hardware, software, and firmware components.
While the system and method for monitoring and selectively analyzing and preventing database access has been particularly shown and described with references to embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the scope of the invention encompassed by the appended claims. Accordingly, the present invention is not intended to be limited except by the following claims.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4451916 | Casper et al. | May 1984 | A |
| 4611205 | Eglise | Sep 1986 | A |
| 4672572 | Alsberg | Jun 1987 | A |
| 4956769 | Smith | Sep 1990 | A |
| 5224058 | Mickaels | Jun 1993 | A |
| 5261102 | Hoffman | Nov 1993 | A |
| 5299257 | Fuller et al. | Mar 1994 | A |
| 5325290 | Cauffman et al. | Jun 1994 | A |
| 5355474 | Thuraisngham et al. | Oct 1994 | A |
| 5557742 | Smaha et al. | Sep 1996 | A |
| 5594899 | Knudsen et al. | Jan 1997 | A |
| 5606668 | Shwed | Feb 1997 | A |
| 5701342 | Anderson et al. | Dec 1997 | A |
| 5737316 | Lee | Apr 1998 | A |
| 5758083 | Singh et al. | May 1998 | A |
| 5825772 | Dobbins et al. | Oct 1998 | A |
| 5826267 | McMillan | Oct 1998 | A |
| 5828666 | Focsaneanu et al. | Oct 1998 | A |
| 5835726 | Shwed et al. | Nov 1998 | A |
| 5845281 | Benson et al. | Dec 1998 | A |
| 5848233 | Radia et al. | Dec 1998 | A |
| 5881225 | Worth | Mar 1999 | A |
| 5884025 | Baehr et al. | Mar 1999 | A |
| 5953707 | Huang et al. | Sep 1999 | A |
| 5963642 | Goldstein | Oct 1999 | A |
| 5974396 | Anderson et al. | Oct 1999 | A |
| 5978788 | Castelli et al. | Nov 1999 | A |
| 5978813 | Foltz et al. | Nov 1999 | A |
| 6009475 | Shrader | Dec 1999 | A |
| 6016491 | Kou | Jan 2000 | A |
| 6044376 | Kurtzman, II | Mar 2000 | A |
| 6049821 | Theriault et al. | Apr 2000 | A |
| 6052447 | Golden et al. | Apr 2000 | A |
| 6061797 | Jade et al. | May 2000 | A |
| 6070243 | See et al. | May 2000 | A |
| 6075926 | Atkins et al. | Jun 2000 | A |
| 6076168 | Fiveash et al. | Jun 2000 | A |
| 6081900 | Subramaniam et al. | Jun 2000 | A |
| 6085191 | Fisher et al. | Jul 2000 | A |
| 6088796 | Cianfrocca et al. | Jul 2000 | A |
| 6097399 | Bhatt et al. | Aug 2000 | A |
| 6105027 | Schneider et al. | Aug 2000 | A |
| 6119236 | Shipley | Sep 2000 | A |
| 6122403 | Rhoads | Sep 2000 | A |
| 6125447 | Gong | Sep 2000 | A |
| 6151601 | Papierniak et al. | Nov 2000 | A |
| 6192476 | Gong | Feb 2001 | B1 |
| 6205475 | Pitts | Mar 2001 | B1 |
| 6226749 | Carloganu et al. | May 2001 | B1 |
| 6230156 | Hussey | May 2001 | B1 |
| 6236996 | Bapat et al. | May 2001 | B1 |
| 6253321 | Nikander et al. | Jun 2001 | B1 |
| 6272641 | Ji | Aug 2001 | B1 |
| 6279010 | Anderson | Aug 2001 | B1 |
| 6298327 | Hunter et al. | Oct 2001 | B1 |
| 6304975 | Shipley | Oct 2001 | B1 |
| 6311272 | Gressel | Oct 2001 | B1 |
| 6330562 | Boden et al. | Dec 2001 | B1 |
| 6332163 | Bowman-Amuah | Dec 2001 | B1 |
| 6336996 | Steiner | Jan 2002 | B1 |
| 6341312 | French et al. | Jan 2002 | B1 |
| 6347374 | Drake et al. | Feb 2002 | B1 |
| 6347376 | Attwood et al. | Feb 2002 | B1 |
| 6356941 | Cohen | Mar 2002 | B1 |
| 6366952 | Pitts | Apr 2002 | B2 |
| 6393568 | Ranger et al. | May 2002 | B1 |
| 6442748 | Bowman-Amuah | Aug 2002 | B1 |
| 6460046 | Meek | Oct 2002 | B1 |
| 6480861 | Kanevsky et al. | Nov 2002 | B1 |
| 6496850 | Bowman-Amuah | Dec 2002 | B1 |
| 6505241 | Pitts | Jan 2003 | B2 |
| 6529909 | Bowman-Amuah | Mar 2003 | B1 |
| 6529948 | Bowman-Amuah | Mar 2003 | B1 |
| 6532465 | Hartley et al. | Mar 2003 | B2 |
| 6539396 | Bowman-Amuah | Mar 2003 | B1 |
| 6550057 | Bowman-Amuah | Apr 2003 | B1 |
| 6578068 | Bowman-Amuah | Jun 2003 | B1 |
| 6581052 | Slutz | Jun 2003 | B1 |
| 6601192 | Bowman-Amuah | Jul 2003 | B1 |
| 6606660 | Bowman-Amuah | Aug 2003 | B1 |
| 6609123 | Cazemier et al. | Aug 2003 | B1 |
| 6615253 | Bowman-Amuah | Sep 2003 | B1 |
| 6633936 | Keller et al. | Oct 2003 | B1 |
| 6636585 | Salzberg et al. | Oct 2003 | B2 |
| 6658091 | Naidoo et al. | Dec 2003 | B1 |
| 6658625 | Allen | Dec 2003 | B1 |
| 6678355 | Eringis al. | Jan 2004 | B2 |
| 6681331 | Munson et al. | Jan 2004 | B1 |
| 6687702 | Vaitheeswaran et al. | Feb 2004 | B2 |
| 6694368 | An et al. | Feb 2004 | B1 |
| 6714778 | Nykanen et al. | Mar 2004 | B2 |
| 6789046 | Murstein et al. | Sep 2004 | B1 |
| 6807546 | Young-Lai | Oct 2004 | B2 |
| 6820082 | Cook et al. | Nov 2004 | B1 |
| 6842105 | Henderson et al. | Jan 2005 | B1 |
| 6851004 | Keller et al. | Feb 2005 | B2 |
| 6941369 | Krack et al. | Sep 2005 | B1 |
| 6941472 | Moriconi et al. | Sep 2005 | B2 |
| 7038611 | Gounalis | May 2006 | B2 |
| 7043541 | Bechtolsheim et al. | May 2006 | B1 |
| 7080077 | Ramamurthy et al. | Jul 2006 | B2 |
| 7085834 | Delany et al. | Aug 2006 | B2 |
| 7089322 | Stallmann | Aug 2006 | B1 |
| 7111059 | Garcea et al. | Sep 2006 | B1 |
| 7171413 | Puz et al. | Jan 2007 | B2 |
| 7231378 | Lawson et al. | Jun 2007 | B2 |
| 7248568 | Loc et al. | Jul 2007 | B1 |
| 7308388 | Beverina et al. | Dec 2007 | B2 |
| 7337105 | Sugimoto | Feb 2008 | B2 |
| 7342896 | Ayyagari | Mar 2008 | B2 |
| 7426512 | Ben-Natan | Sep 2008 | B1 |
| 7437362 | Ben-Natan | Oct 2008 | B1 |
| 7506371 | Ben-Natan | Mar 2009 | B1 |
| 7567819 | Alone et al. | Jul 2009 | B2 |
| 20020007363 | Vaitzblit | Jan 2002 | A1 |
| 20020010800 | Riley et al. | Jan 2002 | A1 |
| 20020019944 | Kou | Feb 2002 | A1 |
| 20020027907 | Tateoka | Mar 2002 | A1 |
| 20020059451 | Haviv | May 2002 | A1 |
| 20020066033 | Dobbins et al. | May 2002 | A1 |
| 20020066038 | Mattsson et al. | May 2002 | A1 |
| 20020078384 | Hippelainen | Jun 2002 | A1 |
| 20020095496 | Antes et al. | Jul 2002 | A1 |
| 20020095603 | Godwin et al. | Jul 2002 | A1 |
| 20020104017 | Stefan | Aug 2002 | A1 |
| 20020129140 | Peled et al. | Sep 2002 | A1 |
| 20020129271 | Stanaway et al. | Sep 2002 | A1 |
| 20020133723 | Tait | Sep 2002 | A1 |
| 20020147726 | Yehia et al. | Oct 2002 | A1 |
| 20020147927 | Tait | Oct 2002 | A1 |
| 20020152399 | Smith | Oct 2002 | A1 |
| 20020154646 | Dubois et al. | Oct 2002 | A1 |
| 20020157020 | Royer | Oct 2002 | A1 |
| 20020177910 | Quarterman et al. | Nov 2002 | A1 |
| 20030028624 | Hasan et al. | Feb 2003 | A1 |
| 20030046302 | Miron | Mar 2003 | A1 |
| 20030056200 | Li et al. | Mar 2003 | A1 |
| 20030084320 | Tarquini et al. | May 2003 | A1 |
| 20030084328 | Tarquini et al. | May 2003 | A1 |
| 20030182580 | Lee | Sep 2003 | A1 |
| 20030217069 | Fagin et al. | Nov 2003 | A1 |
| 20040024764 | Hsu et al. | Feb 2004 | A1 |
| 20040093506 | Grawrock et al. | May 2004 | A1 |
| 20040111344 | Fetter et al. | Jun 2004 | A1 |
| 20040111623 | Miller et al. | Jun 2004 | A1 |
| 20040117037 | Hinshaw et al. | Jun 2004 | A1 |
| 20040143733 | Ophir et al. | Jul 2004 | A1 |
| 20040255301 | Turski et al. | Dec 2004 | A1 |
| 20040260947 | Brady et al. | Dec 2004 | A1 |
| 20050005031 | Gordy et al. | Jan 2005 | A1 |
| 20050071650 | Jo et al. | Mar 2005 | A1 |
| 20050086529 | Buchsbaum | Apr 2005 | A1 |
| 20050097149 | Vaitzblit et al. | May 2005 | A1 |
| 20050149537 | Balin et al. | Jul 2005 | A1 |
| 20050203921 | Newman et al. | Sep 2005 | A1 |
| 20060059154 | Raab | Mar 2006 | A1 |
| 20060242431 | LeCrone et al. | Oct 2006 | A1 |
| 20070112864 | Ben-Natan | May 2007 | A1 |
| 20070180275 | Metzger et al. | Aug 2007 | A1 |
| 20080011843 | Barenburg et al. | Jan 2008 | A1 |
| 20090271453 | Ben-Natan | Oct 2009 | A1 |
| 20100131758 | Ben-Natan | May 2010 | A1 |
| 20100132024 | Ben-Natan et al. | May 2010 | A1 |
| Number | Date | Country |
|---|---|---|
| 0398645 | Nov 1990 | EP |
| 9831124 | Jul 1998 | WO |
| 9966384 | Dec 1999 | WO |
| Number | Date | Country | |
|---|---|---|---|
| 20100131512 A1 | May 2010 | US |
