Patent Grant
7178166
The present application is related to U.S. patent application Ser. No. 09/607,375, filed on Jun. 30, 2000, entitled “Method and Apparatus for Network Assessment and Authentication,” which is fully incorporated herein by reference.
The present invention relates to network security for distributed computer systems and, more specifically, to granting computer services based upon a local vulnerability assessment of a computer by a browser-based scanner operating on that computer.
While the open network architecture of the Internet permits a user on a network to have access to information on many different computers, it also provides access to messages generated by a user's computer and to the resources of the user's computer. In fact, there are persons who attempt to use knowledge regarding the operations of the protocol stack and operating systems in an effort to gain access to computers without authorization. These persons are typically called “hackers.” hackers present a significant security risk to any computer coupled to a network where a user for one computer may attempt to gain unauthorized access to resources on another computer of the network. For example, an employee may attempt to gain access to private and confidential employee records on a computer used by the human resources department of an employer.
The present invention solves the security compromise problem by using services provided by a scanner operable with a Web-enabled browser for the invocation and execution of scans and risk assessment. The invention can accomplish this desirable objective using a browser-based tool to scan the user's workstation for evidence of a security compromise or a vulnerability.
The disadvantages of the prior art are overcome by the present invention, which can complete a local scan of a workstation upon installation of a browser-based scanner provided to the workstation by a remote server via a distributed computer network. A remote server receives a request for an on-line scanner from a browser operating on a workstation connected to a computer network. In response to receiving the scanner via the network, the browser installs the scanner at the workstation to support the completion of vulnerability assessment scans within the local operating environment of the workstation. Using this local scanner, the browser can perform a scan of the workstation and its operating environment and generate a scan results report for presentation to the user or a system administrator. The browser also can transmit the scan results to the remote server for archival storage and subsequent reporting. In one aspect of the invention, the browser can attempt to address an identified security risk by implementing a repair solution or “fix of the workstation.”
In view of the foregoing, it will be understood that the present invention can deploy a scanning tool from a remote server to a browser-enabled workstation to support a local assessment of the vulnerability of a workstation coupled to a computer network. This scanning tool can operate within the browser environment to complete a scan of the workstation and to generate workstation credentials. The advantages and implementation of the present invention will be described in more detail below in connection with the detailed description, the drawing set, and the attached claims.
In environments where computers are shared, users want an assurance that the computer they are accessing is secure, before completion of the log-in operation. For an exemplary embodiment, a local scanner can complete a vulnerability assessment of the workstation and provide the scan results to the user or to a system administrator. If the local scanner finds a vulnerability, a local process can inform the user that the machine is or may be compromised, or repair an identified vulnerability. The local scanner can be implemented as a plug-in or a control for operation with a browser operating on the workstation. For example, the local scanner can be implemented as an ActiveX control maintained at a Web server available for download to a workstation in response to a network request transmitted by a browser operated on the workstation. Once installed, the ActiveX control can operate in tandem with the browser to perform a vulnerability assessment of the workstation and to generate a report identifying the scanned results.
For another exemplary embodiment, the results of the local host assessment can be provided to a network server prior to the delivery of the requested network service to the workstation. For example, a local scanner operating in tandem with a browser on the workstation can complete a vulnerability assessment of the workstation and supply the scan results to the browser installed on workstation. In turn, the browser can transmit the local scan results to the network server via the computer network for evaluation by the network server. Performing a vulnerability assessment at the local level of the workstation allows a network server to determine whether the workstation is a “trusted” platform from which to accept network service requests. If the vulnerability assessment shows that the computer is compromised, or if the possibility of remote compromise is high, the network server can deny service to the workstation. Optionally, the network server can distribute a vulnerability assessment tool via the computer network to repair the vulnerability of the workstation.
Turning now to the drawing set, in which like numbers reference like elements,
The client application 130 can present the results of the local scan assessment, namely the workstation credentials, to the user. This allows the user to compare the scan assessment results to a workstation security policy to determine the extent to which the workstation 115 complies with that security policy. In the event that the local workstation assessment service 135 detects a vulnerability, the client application 130 can present to the user the recommended course of action to repair the detected vulnerability. The client application 130 can be implemented by a browser, such as the “INTERNET EXPLORER” browser marketed by Microsoft Corporation, and the local workstation assessment service 135 can be implemented by a scanner plug-in or control for installation at the browser. For example, the local workstation assessment service 135 can be embodied by an ActiveX control available for download from the Web server for use with the browser operating on the workstation 115 to complete local scan operations. The plug-in or control operates in tandem with the browser to complete a scan of the workstation and its environment and to generate scan results.
The client application 130, which also resides on the workstation 115, can present the local scan results to a network service 140 on the network server 120. The network service 140 can store the local scan results of the server 120 to create an archival record of the vulnerability assessment of the workstation 115. The network service 140 can also decide whether to provide service to the workstation 115 via the network 125 based on workstation credentials, namely the local scan results. Specifically, the network service 140 completes this decision-making process by evaluating the workstation against a workstation security policy. This allows the network service 140 to determine the extent to which the workstation 115 complies with its security policy. The network service 140 typically uses a policy compliance measurement to decide what, if any, service level to be the supplied to the workstation 115. In the alternative, the network service 140 can transmit a vulnerability assessment tool to repair the vulnerability of the workstation 115.
An exemplary process 200 for a Web-based authentication service relying upon browser-based technology is shown in
The workstation assessment agent, i.e., the browser plug-in 205′, transmits the workstation credentials to the Web server 210 via the computer network. An application on the Web server 210, typically a CGI 215, compares the workstation credentials to a workstation security policy to decide whether the workstation is secure. Service by the Web server 210 is allowed if the CGI 215 determines that the workstation is secure and the Web server 210 authenticates the user. If the CGI 215 decides to continue, and the Web server 210 has not already authenticated the user, the server may begin the user authentication process. There is a benefit to authenticating the user after completing a vulnerability analysis of the workstation—it is more difficult for an intruder to steal a user's credentials if the intrusion is detected and the user authentication process is terminated before the user presents their credentials.
Table I provides an overview of the primary network service authentication tasks completed for the Web-based operating environment of a workstation assessment agent operating on a workstation and a Web server, as shown in
The exemplary Web-based process shown in
The workstation assessment agent, implemented as a browser plug-in 205′, has three main functions: host assessment; communication of workstation assessment results; and reporting workstation assessment results. The host assessment is completed to determine whether the workstation is compromised. The browser plug-in 205′ runs a series of checks or exploits, each looking for a particular security risk. Each check generates a scan result, which indicates whether a vulnerability risk is present at the workstation. The browser plug-in 205′ then prepares assessment results for transmission to the Web server.
The browser plug-in 205′ communicates the assessment results to the CGI script 215 operating on the Web server 210. This communication is preferably completed in a secure manner, between the workstation and the Web server, so that results cannot be intercepted by a third party. The communication also should be secure in such a way as to prevent the transmission of false information to the CGI script 215. This can be accomplished by the use of authentication or encryption technologies
For example, the communication between the browser plug-in 205′ and the CGI script 215 can be completed by sending an HTTPS GET request with vulnerability assessment results stored as parameters of the GET request. The browser plug-in 205′ can generate a URL that uses HTTPS for confidentiality and contains the scan results as parameters. These parameters can be obfuscated by using shared secret encryption to prevent reverse engineering of the communications channel and to insure transmission only to appropriate servers.
The CGI script 215 receives scan results from a Web-enabled client and decides, based on the results, whether to continue the authentication process. The script 215 responds to the scan results by redirecting the Web client, i.e., the workstation, to one of two different Web pages based on this decision. If the script 215 decides to allow authentication to continue, it redirects the browser 205 to a page that continues or completes the log-on process. If the script 215 decides to deny access, it redirects the browser 205 to a page that explains that service is denied, why access is denied, and what can be done to obtain access to the requested service.
The CGI script 215 is preferably capable of receiving encrypted data comprising scan results from the browser plug-in 205′, decrypting the data, and making a decision based on the results. The script 215 can assign a score to each different vulnerability identified by the browser plug-in 205′. When all results are received from the browser plug-in 205′, the script 215 calculates a total score by adding the score assigned to each vulnerability. The total score is then compared by the script 215 against a maximum allowable score. If the total score is less than or equal to the maximum allowable score, authentication is allowed to proceed. If the total score is greater than the maximum allowable score, access by the workstation to the Web server 210 is denied by the script 215.
The Web-based design illustrated in
In many web service contexts, the result of a decision-making process for determining whether to grant access by a client to a network service can be expressed as making a choice between URLs. If the decision comes out one way, the browser points to one URL. If it comes out another way, the browser points to a different URL. This can be accomplished on the server side by instructing the client to submit scan information to the server, and having the server redirect the client to the appropriate URL after making the service access decision.
In the past, a local host scanning device has typically been implemented as an installable, executable program that uses services provided by the operating system on a workstation for the completion of vulnerability assessment scans. In contrast to the prior art, the present invention operates within the environment of a browser on a workstation to complete vulnerability assessments of the workstation and its operating environment. In an alternative exemplary embodiment, a browser operating on the workstation can request a scanner from a Web server via a computer network. The Web server transmits the scanner to the browser via the computer network for installation at the local workstation, otherwise described as a client computer. The scanner is a browser-based program that can be downloaded from a remote server to a browser-compatible workstation to complete local vulnerability assessments without the use of operating system services. Upon installation at the browser, the scanner can complete vulnerability assessment operations and generate a report describing the scan results. The scan results can be presented to the user or to a system administrator responsible for resources of the computer network coupled to the workstation. The scanner also can attempt to repair an identified security risk. Vulnerability assessments and repair operations are completed within the Web-enabled browser environment.
Turning now to
The browser 305 can download the scanner by accessing an OBJECT tag at the control hosting page published by the Web server 310. The OBJECT tag typically comprises a class identifier (ID) for an ActiveX control and a uniform resource locator (URL) to the online scanner program (.CAB file) containing the ActiveX control. The scanner program typically includes a current version identifier for the ActiveX control. The browser 305 preferably uses the current version of the ActiveX control to support online scan operations within the browser environment of the workstation. If an ActiveX control with the specified class ID has been installed at the workstation, the browser can compare the version number for that ActiveX control to the version number specified by the OBJECT tag. If the version number in the OBJECT tag represents a more recent version of the ActiveX control, then the browser can download the current version of the ActiveX control to deploy the online scanner. If, on the other hand, the version number for the currently installed ActiveX control is the same as or less than the OBJECT tag, then the browser should not download a new copy of the ActiveX control. This functionality is supported by Microsoft's “INTERNET EXPLORER” browser and is used by the exemplary embodiment to operate an online scanner within the browser environment of the workstation based upon the current version of the appropriate ActiveX control.
In response to the deployment request, the control hosting page at the Web server 310 transmits the online scanner to the browser 305 at the workstation via the computer network. Upon completing the download operation, the browser 305 can use “Authenticode” technology to verify the identity of the publisher of the ActiveX control for the scanner and to query the user whether the scanner should be installed as part of the browser operating on the workstation. As known to those of skill in the art, Authenticode technology comprises a special signing key and the signing of either the ActiveX control or the .CAB file representing the scanner. This signing key must, in turn, be signed by a trusted third party to support a secure installation of the scanner at the browser 305. For example, Verisign can provide a code-signing key to sign the ActiveX control of the scanner program. Upon downloading the scanner, the browser 305 can query the user as to whether the user wishes to download an ActiveX control published by a publisher having an identity verified by Verisign.
Upon completion of the installation operation, the browser-compatible scanner 305′ can complete vulnerability assessments of the local workstation and its operating environment. The scanner 305′ can generate a report in response to completing vulnerability assessment scan operations. The scanner 305′ typically presents this report to the user or to a system administrator for the computer network coupled to the workstation. For example, the scanner 305′ can display the scan results as a report published in the form of a HYPERTEXT MARKUP LANGUAGE (HTML) page published at the workstation. The scanner also can transmit the results using the HTTP or HTTPS protocol to a remote server, such as the Web server 310, for archival storage and to generate subsequent reports. The scanner 305′ can support this transmission of scan results via the computer network based upon a browser-supplied application programming interface (API).
For an exemplary embodiment, the scanner 305′ also can attempt to repair security risks identified by the vulnerability assessment report. In the alternative, the scanner can identify a repair solution in the report presented to the user or to the system administrator. It will be understood that an optional scanner operation is the transmission of scan results via the browser 305 to another server connected to the computer network.
Significantly, the present invention supports the distribution and execution of a vulnerability assessment tool within a browser operating at a workstation coupled to a computer network. Although this online scanner is typically supported by Microsoft's ActiveX control technology, it will be understood that alternative Web technologies can be used to implement the online scanner, including Sun's “JAVA” language or other Web-deployed technologies, such as “JavaScript”, VBSCript, and Macromedia's “Shockwave” technologies. Rather than install a software program for operation with the operating system of a workstation, the present invention can support a vulnerability assessment of the workstation and its operating environment via a Web-enabled browser. This enables the scanner to be installed on a central server for deployment to multiple workstations via a browser operating on each workstation.
In view of the foregoing, it will be understood that the present invention also provide a Web-based system for completing local scan assessments of a workstation in connection with the operation of a browser running on that workstation. The scanner can be downloaded to the workstation from a Web server and installed as a plug-in or control within the browser environment of the workstation. The scanner can complete a local scan of the workstation and its operating environment and generate workstation assessments results for presentation to the user or delivery to a network server.
The above-described embodiments are presented as illustrative examples. Although the preferred operating environment for the present invention is a Web-based computing environment, such as the Internet, those skilled in the art that the present invention is operable within other forms of distributed computer networks, such as local area or wide area network. It will be readily appreciated that deviations may be made from the specific embodiments disclosed in this specification without departing from the invention. Accordingly, the scope of this invention is to be determined by the claims below rather than being limited to the specifically described embodiments above.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4223380 | Antonaccio et al. | Sep 1980 | A |
| 4400769 | Kaneda et al. | Aug 1983 | A |
| 4672609 | Humphrey et al. | Jun 1987 | A |
| 4773028 | Tallman | Sep 1988 | A |
| 4819234 | Huber | Apr 1989 | A |
| 4975950 | Lentz | Dec 1990 | A |
| 5032979 | Hecht et al. | Jul 1991 | A |
| 5121345 | Lentz | Jun 1992 | A |
| 5204966 | Wittenberg et al. | Apr 1993 | A |
| 5210704 | Husseiny | May 1993 | A |
| 5274824 | Howarth | Dec 1993 | A |
| 5278901 | Shieh et al. | Jan 1994 | A |
| 5309562 | Li | May 1994 | A |
| 5311593 | Carmi | May 1994 | A |
| 5345595 | Johnson et al. | Sep 1994 | A |
| 5347450 | Nugent | Sep 1994 | A |
| 5353393 | Bennett et al. | Oct 1994 | A |
| 5359659 | Rosenthal | Oct 1994 | A |
| 5371852 | Attanasio et al. | Dec 1994 | A |
| 5398196 | Chambers | Mar 1995 | A |
| 5414833 | Hershey et al. | May 1995 | A |
| 5440723 | Arnold et al. | Aug 1995 | A |
| 5452442 | Kephart | Sep 1995 | A |
| 5454074 | Hartel et al. | Sep 1995 | A |
| 5475839 | Watson et al. | Dec 1995 | A |
| 5511184 | Lin | Apr 1996 | A |
| 5515508 | Pettus et al. | May 1996 | A |
| 5522026 | Records et al. | May 1996 | A |
| 5539659 | McKee et al. | Jul 1996 | A |
| 5557742 | Smaha et al. | Sep 1996 | A |
| 5586260 | Hu | Dec 1996 | A |
| 5590331 | Lewis et al. | Dec 1996 | A |
| 5606668 | Shwed | Feb 1997 | A |
| 5623600 | Ji et al. | Apr 1997 | A |
| 5623601 | Vu | Apr 1997 | A |
| 5630061 | Richter et al. | May 1997 | A |
| 5649095 | Cozza | Jul 1997 | A |
| 5649185 | Antognini et al. | Jul 1997 | A |
| 5675711 | Kephart et al. | Oct 1997 | A |
| 5696486 | Poliquin et al. | Dec 1997 | A |
| 5696822 | Nachenberg | Dec 1997 | A |
| 5706210 | Kumano et al. | Jan 1998 | A |
| 5734697 | Jabbarnezhad | Mar 1998 | A |
| 5745692 | Lohmann, II et al. | Apr 1998 | A |
| 5748098 | Grace | May 1998 | A |
| 5761504 | Corrigan et al. | Jun 1998 | A |
| 5764887 | Kells et al. | Jun 1998 | A |
| 5764890 | Glasser et al. | Jun 1998 | A |
| 5765030 | Nachenberg et al. | Jun 1998 | A |
| 5774727 | Walsh et al. | Jun 1998 | A |
| 5787177 | Leppek | Jul 1998 | A |
| 5790799 | Mogul | Aug 1998 | A |
| 5796942 | Esbensen | Aug 1998 | A |
| 5798706 | Kraemer et al. | Aug 1998 | A |
| 5812763 | Teng | Sep 1998 | A |
| 5815574 | Fortinsky | Sep 1998 | A |
| 5822517 | Dotan | Oct 1998 | A |
| 5826013 | Nachenberg | Oct 1998 | A |
| 5828833 | Belville et al. | Oct 1998 | A |
| 5832208 | Chen et al. | Nov 1998 | A |
| 5832211 | Blakley, III et al. | Nov 1998 | A |
| 5835726 | Shwed et al. | Nov 1998 | A |
| 5838903 | Blakely, III et al. | Nov 1998 | A |
| 5842002 | Schnurer et al. | Nov 1998 | A |
| 5845067 | Porter et al. | Dec 1998 | A |
| 5848233 | Radia et al. | Dec 1998 | A |
| 5854916 | Nachenberg | Dec 1998 | A |
| 5857191 | Blackwell, Jr. et al. | Jan 1999 | A |
| 5864665 | Tran | Jan 1999 | A |
| 5864803 | Nussbaum | Jan 1999 | A |
| 5872915 | Dykes et al. | Feb 1999 | A |
| 5872978 | Hoskins | Feb 1999 | A |
| 5875296 | Shi et al. | Feb 1999 | A |
| 5878420 | de la Salle | Mar 1999 | A |
| 5881236 | Dickey | Mar 1999 | A |
| 5884033 | Duvall et al. | Mar 1999 | A |
| 5892903 | Klaus | Apr 1999 | A |
| 5899999 | De Bonet | May 1999 | A |
| 5907834 | Kephart et al. | May 1999 | A |
| 5919257 | Trostle | Jul 1999 | A |
| 5919258 | Kayashima et al. | Jul 1999 | A |
| 5922051 | Sidey | Jul 1999 | A |
| 5925126 | Hsieh | Jul 1999 | A |
| 5931946 | Terada et al. | Aug 1999 | A |
| 5940591 | Boyle et al. | Aug 1999 | A |
| 5950012 | Shiell et al. | Sep 1999 | A |
| 5961644 | Kurtzberg et al. | Oct 1999 | A |
| 5964839 | Johnson et al. | Oct 1999 | A |
| 5964889 | Nachenberg | Oct 1999 | A |
| 5974237 | Shurmer et al. | Oct 1999 | A |
| 5974457 | Waclawsky et al. | Oct 1999 | A |
| 5978917 | Chi | Nov 1999 | A |
| 5983270 | Abraham et al. | Nov 1999 | A |
| 5983348 | Ji | Nov 1999 | A |
| 5983350 | Minear et al. | Nov 1999 | A |
| 5987606 | Cirasole et al. | Nov 1999 | A |
| 5987610 | Franczek et al. | Nov 1999 | A |
| 5987611 | Freund | Nov 1999 | A |
| 5991856 | Spilo et al. | Nov 1999 | A |
| 5991881 | Conklin et al. | Nov 1999 | A |
| 5999711 | Misra et al. | Dec 1999 | A |
| 5999723 | Nachenberg | Dec 1999 | A |
| 6003132 | Mann | Dec 1999 | A |
| 6006016 | Faigon et al. | Dec 1999 | A |
| 6009467 | Ratcliff et al. | Dec 1999 | A |
| 6014645 | Cunningham | Jan 2000 | A |
| 6016553 | Schneider et al. | Jan 2000 | A |
| 6021510 | Nachenberg | Feb 2000 | A |
| 6026442 | Lewis et al. | Feb 2000 | A |
| 6029256 | Kouznetsov | Feb 2000 | A |
| 6035323 | Narayen et al. | Mar 2000 | A |
| 6035423 | Hodges et al. | Mar 2000 | A |
| 6041347 | Harsham et al. | Mar 2000 | A |
| 6052709 | Paul | Apr 2000 | A |
| 6061795 | Dircks et al. | May 2000 | A |
| 6067410 | Nachenberg | May 2000 | A |
| 6070190 | Reps et al. | May 2000 | A |
| 6070244 | Orchier et al. | May 2000 | A |
| 6073172 | Frailong et al. | Jun 2000 | A |
| 6081894 | Mann | Jun 2000 | A |
| 6085224 | Wagner | Jul 2000 | A |
| 6088803 | Tso et al. | Jul 2000 | A |
| 6088804 | Hill et al. | Jul 2000 | A |
| 6092194 | Touboul | Jul 2000 | A |
| 6094731 | Waldin et al. | Jul 2000 | A |
| 6098173 | Elgressy et al. | Aug 2000 | A |
| 6104783 | DeFino | Aug 2000 | A |
| 6108799 | Boulay et al. | Aug 2000 | A |
| 6118940 | Alexander, III et al. | Sep 2000 | A |
| 6119165 | Li et al. | Sep 2000 | A |
| 6119234 | Aziz et al. | Sep 2000 | A |
| 6122738 | Millard | Sep 2000 | A |
| 6144961 | de la Salle | Nov 2000 | A |
| 6154844 | Touboul et al. | Nov 2000 | A |
| 6161109 | Matamoros et al. | Dec 2000 | A |
| 6167520 | Touboul | Dec 2000 | A |
| 6173413 | Slaughter et al. | Jan 2001 | B1 |
| 6185689 | Todd, Sr. et al. | Feb 2001 | B1 |
| 6195687 | Greaves et al. | Feb 2001 | B1 |
| 6199181 | Rechef et al. | Mar 2001 | B1 |
| 6205552 | Fudge | Mar 2001 | B1 |
| 6226372 | Beebe et al. | May 2001 | B1 |
| 6230288 | Kuo et al. | May 2001 | B1 |
| 6266773 | Kisor et al. | Jul 2001 | B1 |
| 6266774 | Sampath et al. | Jul 2001 | B1 |
| 6271840 | Finseth et al. | Aug 2001 | B1 |
| 6272641 | Ji | Aug 2001 | B1 |
| 6275938 | Bond et al. | Aug 2001 | B1 |
| 6275942 | Bernhard et al. | Aug 2001 | B1 |
| 6278886 | Hwang | Aug 2001 | B1 |
| 6279113 | Vaidya | Aug 2001 | B1 |
| 6282546 | Gleichauf et al. | Aug 2001 | B1 |
| 6298445 | Shostack et al. | Oct 2001 | B1 |
| 6301668 | Gleichauf et al. | Oct 2001 | B1 |
| 6314520 | Schell et al. | Nov 2001 | B1 |
| 6314525 | Mahalingham et al. | Nov 2001 | B1 |
| 6321338 | Porras et al. | Nov 2001 | B1 |
| 6324627 | Kricheff et al. | Nov 2001 | B1 |
| 6324647 | Bowman-Amuah | Nov 2001 | B1 |
| 6324656 | Gleichauf et al. | Nov 2001 | B1 |
| 6338141 | Wells | Jan 2002 | B1 |
| 6347374 | Drake et al. | Feb 2002 | B1 |
| 6353385 | Molini et al. | Mar 2002 | B1 |
| 6357008 | Nachenberg | Mar 2002 | B1 |
| 6377994 | Ault et al. | Apr 2002 | B1 |
| 6396845 | Sugita | May 2002 | B1 |
| 6397242 | Devine et al. | May 2002 | B1 |
| 6397245 | Johnson et al. | May 2002 | B1 |
| 6405318 | Rowland | Jun 2002 | B1 |
| 6405364 | Bowman-Amuah | Jun 2002 | B1 |
| 6408391 | Huff et al. | Jun 2002 | B1 |
| 6415321 | Gleichauf et al. | Jul 2002 | B1 |
| 6418472 | Mi et al. | Jul 2002 | B1 |
| 6429952 | Olbricht | Aug 2002 | B1 |
| 6434615 | Dinh et al. | Aug 2002 | B1 |
| 6438600 | Greenfield et al. | Aug 2002 | B1 |
| 6445822 | Crill et al. | Sep 2002 | B1 |
| 6453345 | Trcka et al. | Sep 2002 | B2 |
| 6453346 | Garg et al. | Sep 2002 | B1 |
| 6460141 | Olden | Oct 2002 | B1 |
| 6463426 | Lipson et al. | Oct 2002 | B1 |
| 6470449 | Blandford | Oct 2002 | B1 |
| 6477585 | Cohen et al. | Nov 2002 | B1 |
| 6477648 | Schell et al. | Nov 2002 | B1 |
| 6477651 | Teal | Nov 2002 | B1 |
| 6484203 | Porras et al. | Nov 2002 | B1 |
| 6487666 | Shanklin et al. | Nov 2002 | B1 |
| 6496858 | Frailong et al. | Dec 2002 | B1 |
| 6499107 | Gleichauf et al. | Dec 2002 | B1 |
| 6510523 | Perlman et al. | Jan 2003 | B1 |
| 6517587 | Satyavolu et al. | Feb 2003 | B2 |
| 6519647 | Howard et al. | Feb 2003 | B1 |
| 6519703 | Joyce | Feb 2003 | B1 |
| 6530024 | Proctor | Mar 2003 | B1 |
| 6535227 | Fox et al. | Mar 2003 | B1 |
| 6546493 | Magdych et al. | Apr 2003 | B1 |
| 6563959 | Troyanker | May 2003 | B1 |
| 6574737 | Kingsford et al. | Jun 2003 | B1 |
| 6578147 | Shanklin et al. | Jun 2003 | B1 |
| 6584454 | Hummel et al. | Jun 2003 | B1 |
| 6601190 | Meyer et al. | Jul 2003 | B1 |
| 6606744 | Mikurak | Aug 2003 | B1 |
| 6618501 | Osawa et al. | Sep 2003 | B1 |
| 6628824 | Belanger | Sep 2003 | B1 |
| 6647139 | Kunii et al. | Nov 2003 | B1 |
| 6647400 | Moran | Nov 2003 | B1 |
| 6661904 | Sasich et al. | Dec 2003 | B1 |
| 6668082 | Davison et al. | Dec 2003 | B1 |
| 6668084 | Minami | Dec 2003 | B1 |
| 6681331 | Munson et al. | Jan 2004 | B1 |
| 6691232 | Wood et al. | Feb 2004 | B1 |
| 6704874 | Porras et al. | Mar 2004 | B1 |
| 6708212 | Porras et al. | Mar 2004 | B2 |
| 6711127 | Gorman et al. | Mar 2004 | B1 |
| 6711615 | Porras et al. | Mar 2004 | B2 |
| 6718383 | Hebert | Apr 2004 | B1 |
| 6721806 | Boyd et al. | Apr 2004 | B2 |
| 6725377 | Kouznetsov | Apr 2004 | B1 |
| 6725378 | Schuba et al. | Apr 2004 | B1 |
| 6775780 | Muttik | Aug 2004 | B1 |
| 6792144 | Yan et al. | Sep 2004 | B1 |
| 6792546 | Shanklin et al. | Sep 2004 | B1 |
| 6816973 | Gleichauf et al. | Nov 2004 | B1 |
| 6829711 | Kwok et al. | Dec 2004 | B1 |
| 6839850 | Campbell et al. | Jan 2005 | B1 |
| 6850915 | Wiehler | Feb 2005 | B1 |
| 20010034847 | Gaul, Jr. | Oct 2001 | A1 |
| 20020032717 | Malan et al. | Mar 2002 | A1 |
| 20020032793 | Malan et al. | Mar 2002 | A1 |
| 20020032880 | Poletto et al. | Mar 2002 | A1 |
| 20020035698 | Malan et al. | Mar 2002 | A1 |
| 20020083331 | Krumel | Jun 2002 | A1 |
| 20020083334 | Rogers et al. | Jun 2002 | A1 |
| 20020138753 | Munson | Sep 2002 | A1 |
| 20020144156 | Copeland, III | Oct 2002 | A1 |
| 20030037136 | Labovitz et al. | Feb 2003 | A1 |
| 20030088791 | Porras et al. | May 2003 | A1 |
| 20030212903 | Porras et al. | Nov 2003 | A1 |
| 20040010718 | Porras et al. | Jan 2004 | A1 |
| Number | Date | Country |
|---|---|---|
| 0 636 977 | May 2001 | EP |
| 0 985 995 | Aug 2003 | EP |
| WO 9325024 | Dec 1993 | WO |
| WO 9841919 | Sep 1998 | WO |
| WO 9900720 | Jan 1999 | WO |
| WO 9913427 | Mar 1999 | WO |
| WO 9915966 | Apr 1999 | WO |
| WO 9950734 | Oct 1999 | WO |
| WO 9953391 | Oct 1999 | WO |
| WO 9957626 | Nov 1999 | WO |
| WO 0002115 | Jan 2000 | WO |
| WO 0010278 | Feb 2000 | WO |
| WO 0025214 | May 2000 | WO |
| WO 0025527 | May 2000 | WO |
| WO 0034867 | Jun 2000 | WO |
| WO 00054458 | Sep 2000 | WO |
| WO 0054458 | Sep 2000 | WO |
| WO 01084285 | Nov 2001 | WO |
| WO 0184285 | Nov 2001 | WO |
| WO 0206928 | Jan 2002 | WO |
| WO 02006928 | Jan 2002 | WO |
| WO 02056152 | Jul 2002 | WO |
| WO 02101516 | Dec 2002 | WO |
