To access certain data or services, a user may be asked to provide appropriate credentials, such as an account identifier and a correct corresponding password. To prevent unauthorized access using the credentials (e.g., if the credentials are obtained by an unauthorized third-party), the user may be asked to provide additional data and or perform one or more actions (e.g., provide multifactor authentication). For example, the user may be asked to provide certain data associated with the user (e.g., a name of a family member, a residence address, a telephone number, additional account details, etc.) to verify that the credentials are being presented by the correct user. In another example, data may be sent via a short messaging service (SMS), e-mail, or other message to a device associated with the user, and the user may be asked to provide the data in connection with the credentials to verify that the credentials are being sent from the device associated with the user.
The following detailed description refers to the accompanying drawings. The same reference numbers in different drawings may identify the same or similar elements. Also, the following detailed description does not limit the invention.
Implementations discussed herein relate to automatically generating and forwarding verification data related to a user device. For example, the verification data may be generated based on a mobile device number (MDN) or other data identifying the user device. The verification data may be used to perform multifactor verification with respect to credentials (e.g., account data and a password) sent from the user device. For example, attributes associated with a session forwarding the credentials (e.g., data identifying a source device in the session) may be compared to the forwarded verification data to confirm that the credentials are actually sent from the user device associated with the credentials.
As used herein, the term “user” is intended to be broadly interpreted to include a user device or a person using the user device. Also, the terms “user,” “consumer,” “subscriber,” and/or “customer” may be used interchangeably.
As shown in
As further shown in
Additionally, login data 102 may include data identifying one or more attributes of user device 140. For example, login data 102 may include a mobile device number (MDN), a mobile subscriber identification number (MSIN), an international mobile subscriber identity (IMSI), a temporary mobile subscriber identity (TMSI), a media access control address (MAC address), internet protocol (IP) address, or other data that may be presented by user device 140 when accessing service network 120. In other examples, login data 102 may include an international mobile station equipment identity (IMEI) for mobile devices, a mobile equipment identifier (MEID), a universally unique identifier (UUID) for non-mobile devices such as devices that communicate using short range communications protocols, such as Wi-Fi or Bluetooth®. Verification device 150 may store login data 102 in verification data storage 152. For example, verification data storage 152 may store data identifying an MDN or other device identifier and password associated with an account.
As shown in
If verification device 150 determines that first verification data 103 includes valid credentials, verification device 150 may direct the source device to forward additional verification data. For example, the source device may forward a second verification data request 104 to verification data generation system 110. Based on receiving second verification data request 104, verification data generation system 110 may determine one or more attributes of the source device and/or a session between the source device and verification device 150. For example, verification data generation system 110 may identify a source IP address, a source port, a destination IP address, and a destination port used to transmit first verification data 103. Verification data generation system 110 may use the contents of second verification data request 104 and the data in device data storage 112 to identify the source device and verification device 150 associated with the session. For example, verification data generation system 110 may identify the source device based on the source IP address and/or the source port for the session, and verification data generation system 110 may identify verification device 150 based on the destination IP address and/or the destination port for the session.
Verification data generation system 110 may generate second verification data 105 that includes information identifying the source device and may encrypt second verification data 105 using the encryption key associated with verification device 150. For example, verification data generation system 110 may determine an MDN or other identifier associated with the source device, and may encrypt the identifier (or a value, such as a hash, calculated based on the identifier) using the encryption key associated with verification device 150. Verification data generation system 110 may then forward the encrypted second verification data 105 to verification device 150, such as via the session between source device and verification device 150. Because second verification data 105 is encrypted using an encryption key for verification device 150, second verification data 105, although possibly sent via the source, cannot be accessed and/or modified by the source device.
Verification device 150 may decrypt second verification data 105 and may compare the resulting device identifier (e.g., the MDN value for the source device) with a stored identifier associated with the account identifier (e.g., an MDN for user device 140). In other words, verification device 150 may use second verification data 105 to determine whether first verification data 103 is received from user device 140. If second verification data 105 and the stored identifier include corresponding values (e.g., the same hash value), verification device 150 may determine that first verification data 103 was sent from user device 140.
If second verification data 105 and the stored identifier do not include corresponding values (e.g., the same hash value), verification device 150 may determine that first verification data 103 was not sent from user device 140. Verification device 150 may request additional verification data, such as personal data for a user associated with the account (e.g., a name of a family member, a residence address, a telephone number, additional account details, etc.) and/or forwarding of an alphanumeric string sent to the source device via a short messaging service (SMS), e-mail, or other message.
Environment 200 may include a radio access network (RAN) that is associated with a long-term evolution (LTE) network and/or another type of wireless communications network, and a core network, such as an evolved packet core (EPC) that operates based on a third generation partnership project (3GPP) wireless communication standard. The RAN may include one or more base stations, such as evolved Node Bs (eNBs), via which user device 140 communicates with the core network. As shown in
User device 140 may include a communication device, such as a wireless mobile device that is capable of communicating with base station 210 and/or a network (e.g., service network 120 and/or data network 130). For example, user device 140 may include a cellular telephone, a personal communications system (PCS) terminal (e.g., a device that combines a cellular radiotelephone with data processing and data communications capabilities), a personal digital assistant (PDA), a smart phone, a laptop computer, a tablet computer, a camera, a personal gaming system, or another type of computation or communication device. In other implementations, user device 140 may include a set-top box (STB), a tablet, a gaming machine, a computer, a fitness tracker, a smart watch, smart glasses, or another peripheral and/or wearable device that may be used in connection with another user device.
Base station 210 may include one or more network devices that receive, process, and/or transmit traffic, such as audio, video, text, and/or other data, destined for and/or received from user device 140. In an example implementation, base station 210 may be an eNB device and may be part of the LTE network. Base station 210 may receive traffic from and/or send traffic to data network 130 via SGW 215 and PGW 225. Base station 210 may send traffic to and/or receive traffic from user device 140 via an wireless interface. Base station 210 may be associated with a RAN.
SGW 215 may include one or more network devices, such as a gateway, a router, a modem, a switch, a firewall, a network interface card (NIC), a hub, a bridge, a proxy server, an optical add-drop multiplexer (OADM), or another type of device that processes and/or transfers traffic. SGW 215 may, for example, aggregate traffic received from one or more base stations 210 and may send the aggregated traffic to data network 130 via PGW 225. In one example implementation, SGW 215 may route and forward user data packets, may act as a mobility anchor for a user plane during inter-eNB handovers, and may act as an anchor for mobility between LTE and other 3GPP technologies.
MME 220 may include one or more network devices that perform operations associated with a handoff to and/or from service network 120. MME 220 may perform operations to register user device 140 with the service network to handoff user device 140 from service network 120 to another network, to handoff a user device 140 from the other network to the service network 120 and/or to perform other operations. MME 220 may perform policing operations for traffic destined for and/or received from user device 140. MME 220 may authenticate user device 140 (e.g., via interaction with HSS 235) to establish the session between user device 140 and verification device 150.
PGW 225 may include one or more network devices, such as a gateway, a router, a modem, a switch, a firewall, a NIC, a hub, a bridge, a proxy server, an optical add/drop multiplexor (OADM), or another type of device that processes and/or transfers traffic. PGW 225 may, for example, provide connectivity of user device 140 to data network 130 by serving as a traffic exit/entry point for user device 140. PGW 225 may perform policy enforcement, packet filtering, charging support, lawful intercept, and/or packet screening. PGW 225 may also act as an anchor for mobility between 3GPP and non-3GPP technologies.
SES 230 may identify user profiles as provided by HSS and/or PRCF 245 to PGW 225 and may forward information regarding these user profiles to authentication server 250. For example, SES 230 may identify IP session records associated with transmission of first verification data or other communications between user device 140 and verification device 150. As described in greater detail below, SES 230 may identify, based on session records associated with user device 140, an MDN or other associated identifier. SES 230 may form a hash or calculate another value based on the MDN, may encrypt the resulting value based on a key provided by authentication server 250, and may forward, as second verification data 106, the encrypted MDN-based value to verification device 150 via PGW 225.
HSS 235 may include one or more server devices. In some implementations, HSS 235 may gather, process, search, store, and/or provide information in a manner described herein. For example, HSS 235 may manage, update, and/or store, in a memory associated with HSS 235, profile information associated with a generated identifier that identifies services and/or data that may be accessed by user device 140.
Additionally or alternatively, HSS 235 may perform authentication, authorization, and/or accounting operations associated with a communication connection with user device 140. In some implementations, HSS 235 may maintain billing information and may assess charges and credits to an account associated with user device 140 based on network usage information received from the core network and/or from the cloud services. Additionally, or alternatively, HSS 235 may store information regarding temporary credentials that are assigned to user device 140 (e.g., as used to transmit first verification data 103).
Billing server 240 may store data identifying changes in services (e.g., based on receiving registration data 101 from verification device 150) and may modify user and device profiles, as applied by HSS 235 and/or PRCF based on the service changes. Billing server 240 may further determine and collect fees associated the requested service changes.
PRCF 245 may include one or more devices that provide policy control decisions and flow based charging control functionalities. PRCF 245 may provide network control regarding service data flow detection, gating, quality of service (QoS) and flow based charging, etc. PRCF 245 may determine how a certain service data flow shall be treated, and may ensure that user plane traffic mapping and treatment are in accordance with a user's subscription profile. For example, PRCF 245 may identify and apply a user profile related to user device 140 when transmitting first verification data 103.
Authentication server 250 may receive and store information regarding verification device 150 (e.g., registration data 101). For example, authentication server 250 may store data identifying public keys used to encrypt data intended for different verification devices 150. When user device 140 is transmitting second verification data 105, authentication server 250 may identify one of the public encryption keys to be used based on a destination address, an application identifier (APP-ID) associated with verification device 150, etc. Authentication server 250 may then forward data identifying the selected encryption key to SES for encryption of an identifier (e.g., an MDN or a hash of the MDN) associated with user device 140.
Provisioning portal 255 may include a device for receiving registration data 101 from verification device 150 and for updating authentication server 250 to store data identifying verification device 150, an associated address, an encryption key, etc.
Data network 130 may include one or more wired and/or wireless networks. For example, data network 130 may include the Internet, a public land mobile network (PLMN), and/or another network. Additionally, or alternatively, data network 130 may include a local area network (LAN), a wide area network (WAN), a metropolitan network (MAN), the Public Switched Telephone Network (PSTN), an ad hoc network, a managed IP network, a virtual private network (VPN), an intranet, the Internet, a fiber optic-based network, and/or a combination of these or other types of networks.
The number of devices and/or networks, illustrated in
Bus 310 may include a path that permits communication among the components of computing device 300. Processor 320 may include a processor, a microprocessor, or processing logic that may interpret and execute instructions. Memory 330 may include any type of dynamic storage device that may store information and instructions, for execution by processor 320, and/or any type of non-volatile storage device that may store information for use by processor 320.
Input component 340 may include a mechanism that permits a user to input information to computing device 300, such as a keyboard, a keypad, a button, a switch, etc. Output component 350 may include a mechanism that outputs information to the user, such as a display, a speaker, one or more light emitting diodes (LEDs), etc. Communication interface 360 may include a transceiver mechanism that enables computing device 300 to communicate with other devices and/or systems via wireless communications, wired communications, or a combination of wireless and wired communications. For example, communication interface 360 may include mechanisms for communicating with another device or system via a network. Alternatively or additionally, communication interface 360 may be a logical component that includes input and output ports, input and output systems, and/or other input and output components that facilitate the transmission of data to other devices. In one implementation, user device 140 may include an antenna to exchange signals with base station 210.
Computing device 300 may perform certain operations in response to processor 320 executing software instructions contained in a computer-readable medium, such as memory 330. A computer-readable medium may be defined as a non-transitory memory device. A memory device may include space within a single physical memory device or spread across multiple physical memory devices. The software instructions may be read into memory 330 from another computer-readable medium or from another device. The software instructions contained in memory 330 may cause processor 320 to perform processes described herein. Alternatively, hardwired circuitry may be used in place of or in combination with software instructions to implement processes described herein. Thus, implementations described herein are not limited to any specific combination of hardware circuitry and software.
As shown in
As shown in
As shown in
As shown in
If first verification data 103 is valid (block 520—YES), verification device 150 may identify an attribute of user device 140 associated with the account identified in first verification data 103 (block 550). For example, verification device 150 may identify an MDN and/or a hash of the MDN associated with user device 140. Verification device 150 may further request second verification data 105 identifying an attribute of the source device (block 550). For example, verification device 150 may forward a request to the source device requesting second verification data 105, and the source device may forward the request to verification data generation system 110. As previously described with respect to process 400, second verification data 105 may determine a MDN associated with the source device, form a hash of the MDN, and encrypt the hash based on an encryption key associated with verification device 150. Verification device 150 may receive second verification data 105 (block 560). For example, verification device 150 may receive, as second verification data 105, the encrypted hash of the MDN of the source device.
Verification device 150 may determine whether the attribute of the source device corresponds to the attribute of user device 140 (block 570). For example, verification device 150 may decrypt second verification data 105 to recover the encrypted hash of the MDN of the source device, and verification device 150 may determine whether the hash of the MDN of the sending device corresponds to the hash of the MDN of user device 140. If the attribute of the source device does not correspond to the attribute of user device 140 (block 570—NO), verification device 150 may request other verification data from the source device (block 580). For example, verification device 150 may direct the source device to forward biographical information associated with the account holder. Additionally or alternatively, verification device 150 may forward a message (e.g., an SMS or e-mail message) carrying an alphanumeric code to the source device and may direct the source device to reply with the alphanumeric code. Otherwise, if the attribute of the source device does corresponds to the attribute of user device 140 (block 570—YES), verification device 150 may enable access by the source device (block 590). For example, verification device 150 may forward data (e.g., access credentials) and/or code that enables the source device to access a service or data.
For example, verification device 150 may forward a registration message 610. In registration message 610, verification device 150 may sign up for an account, login, and subscribe to an authentication service related to receiving second verification data 105. Verification device 150 may specify, in registration message 610, a destination (e.g., an IP address and a port of verification device 150) for receiving a reply from provisioning portal 255 and data from other components in environment 200 (e.g., second verification data 105). Registration message 610 may also include, for example, a public key for verification device 150 (VD-PUK)
In response to receiving registration message 610, provisioning portal 255 may create an identifier for an application associated with verification device 150 (e.g., the APP-ID) and may forward a key generation request 620 to authentication server 250. Key generation request 620 may request generation of a public key (AS-PUK) and a private key (AS-PRK) by authentication server 250 (e.g., AS-PKC) with respect to the APP-ID, VD-PUK, IP address, and port for verification device 150. Key generation request 620 may include, for example, data associated with the APP-ID, contents included in registration message 610, and the IP address and the port of verification device 150. Based on receiving key generation request 620, authentication server 250 may generate and store the public key (AS-PUK) and the private key (AS-PRK) pair. Authentication server 250 may generate key forwarding message 630 forwarding the public key (AS-PUK) to provisioning portal 255 and to verification device 150. As described in greater detail below, verification device 150 may use the public key (AS-PUK) to access first verification data 103 when received from user device 140.
As shown in
As shown in
After a session is established (e.g., by PGW 225 based on session establishment request 710), user device 140 may forward a first verification data message 730 to SES 230. First verification data message 730 may include, for example, first verification data 103 (e.g., the credentials associated with user device 140). First verification data message 730 may further identify, for example, a source IP address, a destination IP, and a destination port associated with the session.
Based on receiving first verification data message 730, SES 230 may identify the MDN for user device 140 based on the source IP address and may further determine that the destination IP and the destination port associated with first verification data message 730 correspond to the IP address and the port for verification device 150. As shown in
If more than a threshold amount of time since user device 140 has forwarded a prior first verification data message 730 (e.g., user device 140 previously attempted to access services via verification device 150), SES 230 may send an update message 750 to authentication server 250. Update message 750 may include, for example, data identifying the MDN for user device 140, the source IP address for user device 140, a source port for user device 140 used to forward first verification data message 730, the destination IP address for verification device 150, the port for verification device 150, the APP-ID, etc. Authentication server 250 may update data for user device 140 and/or verification device 150 based on receiving update message 750.
As shown in
Verification device 150 may determine whether first verification data 103 received from user device 140 includes valid credentials. For example, verification device 150 may determine whether the account identifier is valid and whether a hash of the password correctly corresponds to a stored hash associated with the account identifier. If verification device 150 determines that first verification data 103 includes valid credentials, verification device 150 may generate a random security identifier (SID), determine an MDN associated with the account identifier (MDN-A), and forward a second verification data request 830 to user device 140. Second verification data request 830 may request second verification data 105. For example, second verification data request 830 may request a MDN token associated with user device 140. For example, second verification data request 830 may name the APP-ID and the SID encoded based on the public key for authentication server 250 (AS-PUK) (e.g., as forwarded in key forwarding message 630).
As shown in
HMAC(K,m)=H((K⊕opad)∥H(K⊕ipad)∥m)) (1).
In equation 1, H is a cryptographic hash function, K is a secret key padded to the right with extra zeroes to the input block size of the hash function, or the hash of the original key if it is longer than that block size, m is the message to be authenticated, II denotes concatenation, ⊕ denotes exclusive or (XOR), opad is the outer padding, and ipad is the inner padding.
As shown in
Based on receiving second verification data forwarding message 860, verification device 150 may determine whether second verification data 105 is accurate with respect to user device 140 and the session for forwarding first verification data 103. For example, verification device 150 may decrypt the HMAC value based on the private key for verification device 150 (VD-PRK). Verification device 150 may further generate an HMAC with respect to a device associated with the first verification data based on, for example, the APP-ID, the SID, the MDN-A (e.g., the telephone number associated with the account), and other session data (e.g., the source IP address, the source port, the destination IP address, and the destination). Verification device 150 may then compare the decrypted HMAC for user device 140 (e.g., from second verification data 105) with the generate HMAC associated with the account credentials. If the two HMACs match, verification device 150 may conclude that user device 140 corresponds to a device associated with first verification data 103. Conversely, if the two HMACs do not match, verification device 150 may conclude that user device 140 is not associated with first verification data 103. Verification device 150 may forward a verification response message 870 based on comparing the HMACs. For example, if the two HMACs do not match, verification response message 870 may request additional verification from user device 140 (e.g., providing personal data, supplying an alpha-numerical forwarded to user device 140 via SMS, etc.). If the two HMACs do match, verification response message 870 may indicate that user device 140 is authorized to access a restricted service and/or restricted data.
Various preferred embodiments have been described herein with reference to the accompanying drawings. It will, however, be evident that various modifications and changes may be made thereto, and additional embodiments may be implemented, without departing from the broader scope of the invention as set forth in the claims that follow. The specification and drawings are accordingly to be regarded in an illustrative rather than restrictive sense. For example, while a series of blocks has been described with respect to
It will be apparent that different aspects of the description provided above may be implemented in many different forms of software, firmware, and hardware in the implementations illustrated in the figures. The actual software code or specialized control hardware used to implement these aspects is not limiting of the implementations. Thus, the operation and behavior of these aspects were described without reference to the specific software code—it being understood that software and control hardware can be designed to implement these aspects based on the description herein.
To the extent the aforementioned embodiments collect, store or employ personal information provided by individuals, it should be understood that such information shall be used in accordance with all applicable laws concerning protection of personal information. Additionally, the collection, storage and use of such information may be subject to consent of the individual to such activity, for example, through well known “opt-in” or “opt-out” processes as may be appropriate for the situation and type of information. Storage and use of personal information may be in an appropriately secure manner reflective of the type of information, for example, through various encryption and anonymization techniques for particularly sensitive information.
Number | Name | Date | Kind |
---|---|---|---|
5825890 | Elgamal | Oct 1998 | A |
6952781 | Chang | Oct 2005 | B1 |
7216236 | Kou | May 2007 | B2 |
8209222 | Esclamada | Jun 2012 | B2 |
8448719 | Furukawa | May 2013 | B2 |
8700894 | Hammell | Apr 2014 | B2 |
8745390 | Atwood | Jun 2014 | B1 |
8966267 | Pahl | Feb 2015 | B1 |
8996873 | Pahl | Mar 2015 | B1 |
9026784 | Buruganahalli | May 2015 | B2 |
9253171 | Neumann | Feb 2016 | B2 |
9262642 | Roth | Feb 2016 | B1 |
9426185 | Vora | Aug 2016 | B1 |
20020046286 | Caldwell | Apr 2002 | A1 |
20020172190 | Vatanen | Nov 2002 | A1 |
20030051146 | Ebina | Mar 2003 | A1 |
20030212615 | Whitehead, Jr. | Nov 2003 | A1 |
20040111378 | Howell | Jun 2004 | A1 |
20050125684 | Schmidt | Jun 2005 | A1 |
20050149730 | Aissi | Jul 2005 | A1 |
20050160269 | Akimoto | Jul 2005 | A1 |
20050193211 | Kurose | Sep 2005 | A1 |
20060144927 | Love | Jul 2006 | A1 |
20060174110 | Strom | Aug 2006 | A1 |
20060182124 | Cole | Aug 2006 | A1 |
20060274899 | Zhu | Dec 2006 | A1 |
20060276998 | Gupta | Dec 2006 | A1 |
20070067833 | Colnot | Mar 2007 | A1 |
20070180227 | Akimoto | Aug 2007 | A1 |
20070198834 | Ksontini | Aug 2007 | A1 |
20080212771 | Hauser | Sep 2008 | A1 |
20080248763 | Park | Oct 2008 | A1 |
20080287101 | An | Nov 2008 | A1 |
20080301436 | Yao | Dec 2008 | A1 |
20080320302 | Pilant | Dec 2008 | A1 |
20090007198 | Lavender | Jan 2009 | A1 |
20090109477 | Oomura | Apr 2009 | A1 |
20090113203 | Tsuge | Apr 2009 | A1 |
20090249448 | Choi | Oct 2009 | A1 |
20090249489 | Livshits | Oct 2009 | A1 |
20090271633 | Cohen | Oct 2009 | A1 |
20090288143 | Stebila | Nov 2009 | A1 |
20090292927 | Wenzel | Nov 2009 | A1 |
20100070768 | Furukawa | Mar 2010 | A1 |
20100088517 | Piersol | Apr 2010 | A1 |
20100142499 | Zhang | Jun 2010 | A1 |
20100150347 | Teruyama | Jun 2010 | A1 |
20100183150 | Lee | Jul 2010 | A1 |
20100268783 | Mizosoe | Oct 2010 | A1 |
20100306542 | Funk | Dec 2010 | A1 |
20100325435 | Park | Dec 2010 | A1 |
20100332398 | Aage | Dec 2010 | A1 |
20110026715 | Rossi | Feb 2011 | A1 |
20110065426 | Bae | Mar 2011 | A1 |
20110145891 | Bade | Jun 2011 | A1 |
20110154443 | Thakur | Jun 2011 | A1 |
20110194698 | Asano | Aug 2011 | A1 |
20110231319 | Bayod | Sep 2011 | A1 |
20120110324 | Geng | May 2012 | A1 |
20120159167 | Lee | Jun 2012 | A1 |
20120166801 | Park | Jun 2012 | A1 |
20120204032 | Wilkins | Aug 2012 | A1 |
20120275597 | Knox | Nov 2012 | A1 |
20130024688 | Wen | Jan 2013 | A1 |
20130054960 | Grab | Feb 2013 | A1 |
20130067016 | Adkins | Mar 2013 | A1 |
20130086652 | Kavantzas | Apr 2013 | A1 |
20130159195 | Kirillin | Jun 2013 | A1 |
20130305039 | Gauda | Nov 2013 | A1 |
20140122888 | Yoon | May 2014 | A1 |
20140143155 | Karlov | May 2014 | A1 |
20140259134 | Scavo | Sep 2014 | A1 |
20140277837 | Hatton | Sep 2014 | A1 |
20140344326 | Kamath | Nov 2014 | A1 |
20140351588 | Hedtke | Nov 2014 | A1 |
20140351593 | Anson | Nov 2014 | A1 |
20140358777 | Gueh | Dec 2014 | A1 |
20150019442 | Hird | Jan 2015 | A1 |
20150039890 | Khosravi | Feb 2015 | A1 |
20150052352 | Dolev | Feb 2015 | A1 |
20150067328 | Yin | Mar 2015 | A1 |
20150089568 | Sprague | Mar 2015 | A1 |
20150188704 | Takenaka | Jul 2015 | A1 |
20150208326 | Vrbaski | Jul 2015 | A1 |
20150208335 | Vrbaski | Jul 2015 | A1 |
20150271177 | Mun | Sep 2015 | A1 |
20150288514 | Pahl | Oct 2015 | A1 |
20150381621 | Innes | Dec 2015 | A1 |
20160014100 | Matsuo | Jan 2016 | A1 |
20160014213 | Ajitomi | Jan 2016 | A1 |
20160065370 | Le Saint | Mar 2016 | A1 |
20160072775 | Choi | Mar 2016 | A1 |
20160072807 | Park | Mar 2016 | A1 |
20160087797 | Barbir | Mar 2016 | A1 |
20160088430 | Connor | Mar 2016 | A1 |
20160094543 | Innes | Mar 2016 | A1 |
20160110711 | Collinge | Apr 2016 | A1 |
20160140334 | Forehand | May 2016 | A1 |
20160171238 | Sibillo | Jun 2016 | A1 |
20160191507 | Bao | Jun 2016 | A1 |
20160192163 | Miner | Jun 2016 | A1 |
20160234022 | Motika | Aug 2016 | A1 |
20160241389 | Le Saint | Aug 2016 | A1 |
20160275300 | Ko | Sep 2016 | A1 |
20160315772 | McCallum | Oct 2016 | A1 |
20160330179 | Choi | Nov 2016 | A1 |
20160344724 | Shoshan | Nov 2016 | A1 |
20160352524 | Kinney | Dec 2016 | A1 |
20160352705 | Lockhart | Dec 2016 | A1 |
20160357951 | Fasoli | Dec 2016 | A1 |
20160366127 | Tanoni | Dec 2016 | A1 |
20170006006 | Rawcliffe | Jan 2017 | A1 |
20170006132 | Sorenson, III | Jan 2017 | A1 |
20170070497 | McCallum | Mar 2017 | A1 |
20170244608 | Reaux-Savonte | Aug 2017 | A1 |
20180247049 | Fang | Aug 2018 | A1 |
Number | Date | Country | |
---|---|---|---|
20170126675 A1 | May 2017 | US |