The present invention relates generally to protecting electronic devices, such as storage devices, computer systems, access control/management and authentication technologies, and electrical tools.
Security (e.g., access control/management and authentication technologies) is a critical issue with almost all aspects of computer use as well as use of other tools, such as electrical power tools, door security solutions, electronic padlock and key systems, among others. For example, storage media, such as hard disk drives attached to computers, contain valuable information, which is vulnerable to data theft. A great deal of money and effort are being applied to guarding personal, corporate, and government security information.
As portable memory storage devices have become smaller, easier to lose, more ubiquitous, cheaper, and larger in memory capacity, they have come to pose extraordinary security problems. It is now possible to download massive amounts of information surreptitiously into portable memory storage devices, such as universal serial bus flash and micro drives, cellphones, camcorders, digital cameras, iPODs, MP3/4 players, smart phones, palm and laptop computers, gaming equipment, authenticators, tokens (containing memory), etc.—in general, a mass storage device (MSD).
More specifically, there are millions of MSDs being used for backup, transfer, intermediate storage, and primary storage into which information can be easily downloaded from a computer and carried away. The primary purpose of any MSD is to store and retrieve “portable content,” which is data and information tied to a particular owner, not a particular computer.
The most common means of providing storage security is to authenticate the user with a computer-entered password. A password is validated against a MSD stored value. If a match occurs, the drive will open. Or, the password itself is used as the encryption key to encrypt/decrypt data stored to the MSD.
For drives that support on-the-fly encryption, the encryption key is often stored on the media in an encrypted form. Since the encryption key is stored on the media, it becomes readily available to those willing to circumvent the standard interface and read the media directly. Thus, a password is used as the key to encrypt the encryption key.
For self-authenticating drives with on-the-fly encryption—e.g., self-encrypting drives (SEDs), their authentication sub-system is responsible for maintaining security. There is no dependency on a host computer to which it is connected. Thus, a password cannot (or need not) be sent from the host in order to unlock the MSD. In fact, the encryption key no longer needs to be stored on the media. The authentication subsystem becomes the means for managing encryption keys.
Some SEDs may also be installed within other devices, such as hard drives with encryption capabilities installed within servers, personal computers, printers, scanners, laptops, tablets, embedded systems, mobile devices, Internet of Things (IoT) devices, data centers, access control and management systems, tools and instruments, etc. However, some solutions rely on a user entering a password on the hosting device, and then the password is transmitted to the SED. Because they rely on the host, these SEDs have dependencies on the architecture of the host, such as interfaces and host operating systems. Further, by having to maintain a communication channel to receive the passwords, the STDs are susceptible to hacking via this communication channel; the SEDs cannot be completely locked out from the host as the SEDs have to have some open data channels to send the user-authentication information.
Further, some industrial power tools are susceptible to theft, especially those that are handheld or easy to transport. Protection against theft or misuse for these industrial tools is difficult due to their lack of security measures. Also, many of these tools lack connectivity that could provide some degree of control. Further yet, many of these tools have no controls for monitoring use, such as the number of hours used per month, allowed location and others which may be an important metric when dealing with tools that are expensive to operate and accuracy of the related leasing or renting business of such tools.
Thus, a need still remains for improved security, monitoring, and management. In view of the ever-increasing commercial competitive pressures, along with growing consumer expectations and diminishing opportunities for meaningful product differentiation in the marketplace, it is critical that answers be found for these problems. Additionally, the needs to reduce costs, improve efficiencies and performance, and meet competitive pressures add an even greater urgency to the critical necessity for finding answers to these problems.
Solutions to these problems have been long sought, but prior developments have not taught or suggested any solutions and, thus, solutions to these problems have long eluded those skilled in the art.
The present invention provides a method of operation of a security system including providing a mobile device with a security system application, also referred to as “app,” for connectivity with the security system, starting the security system application, and maintaining connectivity of the security system with the mobile device.
The present invention provides a security system (SECSYS) including a data security transceiver or receiver, an authentication subsystem operatively connected to the data security transceiver or receiver, and a storage subsystem connected to the authentication subsystem. The SECSYS provides host-independent (e.g., autonomous) user-authentication because the SEC SYS does not use the resources from the host to authenticate the user, instead, the SEC SYS utilizes its own resources to authenticate a user. Further, the user authentication by the SECSYS is independent, not only from the host, but also from the operating system (OS) executing in the host because the OS resources are not used for the user authentication. The resources used by the SEC SYS for authenticating the user include a radiofrequency transceiver to receive the user-authentication information wirelessly. In some aspects, the SECSYS is used to secure a storage device, a self-encrypting device, access control and management systems, an IoT device, or a power tool, among others.
In some aspects, methods, devices, and systems are presented for securing and managing electronic devices, e.g., power tools, manufacturing tools, construction tools. The SECSYS is a device that is integrated within a power tool to control the use of the power tool. The SEC SYS provides wireless communications to receive user authentication information. For example, the user authentication may be captured by an application executing on a mobile device. Until a user is authenticated via the wireless communication, a system access controller, in communication with the SECSYS, prevents the powering on of the power tool. Additionally, a remote management system is provided for managing the authorized users of the tool as well as conditions (e.g., geolocation, hours of operation) for operating the tool.
Certain embodiments of the invention have other aspects in addition to or in place of those mentioned above. The aspects will become apparent to those skilled in the art from a reading of the following detailed description when taken with reference to the accompanying drawings.
The following embodiments are described in sufficient detail to enable those skilled in the art to make and use the invention. It is to be understood that other embodiments would be evident based on the present disclosure, and that system, process, or mechanical changes may be made without departing from the scope of the present invention.
In some implementations, the SECSYS is used to provide control of the use of an electronic system, such as a power tool. The SECSYS includes a wireless transceiver for authenticating a user, that wants to use the electronic system, via wireless communications that are independent from the electronic system. In one example, an application executing on a mobile device communicates with the SECSYS to unlock use of the electronic system. In some examples, a remote management console communicates with the application so the user authentication is performed via the remote management console.
In some implementations, a self-encrypting drive (SED), with embedded wireless user authentication, is presented. Implementations are described for the use of SEDs as hard drives, e.g., hard disk drives (HDD), solid-state drives (SSD), or other types of Flash-based data storage memory devices and boards), but the SEDs may also be used for other types of applications, such as printers, scanners, tablets, embedded systems, mobile devices, etc. The SED may be referred to herein also as a Security System (SECSYS) or simply as drive. The wireless authentication is performed independently of the host device that is accessing the storage of the SED. For example, a mobile device may establish a direct, wireless connection to the SED to provide user-authentication information and unlock the SED for access from another device, such as a host. The host may be unaware of the wireless authentication and view the SED as a regular hard drive or other type of storage device. It is noted that to allow users to change their passwords without decrypting/re-encrypting data again, the encryption key is independent from the user password and other means of user authentication.
The user-authentication information is kept in an authentication subsystem that is separate from the communication channel. Therefore, the user-authentication information is never accessible from the outside, via the communication channel or any other communication channel.
Additionally, the data in the storage media of the SED is encrypted for internal storage, but the data is transmitted in clear form when sending to or receiving from the host.
In other implementations, a remote management system is provided for providing administrative control of users and SEDs. From the remote management system console, an administrator is able to control the SEDs, such as enabling or disabling an SED, configuring access by users, setting time or geographic limits on the use of the SED, permanently disabling the SED, etc. Additionally, the remote management system may create, enable, or disable user accounts, define administrators and users, provide user interfaces for users and drives, manage user licenses, and set up and enforce security options and features.
In the following description, numerous specific details are given to provide a thorough understanding of the invention. However, it will be apparent that the invention may be practiced without these specific details. In order to avoid obscuring the present invention, some well-known circuits, system configurations, and process steps are not disclosed in detail.
Likewise, the drawings showing embodiments of the system are semi-diagrammatic and not to scale and, particularly, some of the dimensions are for the clarity of presentation and are shown exaggerated in the drawing figures. Where multiple embodiments are disclosed and described having some features in common, for clarity and ease of illustration, description, and comprehension thereof, similar and like features one to another will ordinarily be described with similar or the same reference numerals. Similarly, although the views in the drawings for ease of description generally show similar orientations, this depiction in the figures is arbitrary for the most part. Generally, the invention can be operated in any orientation.
The term “system” as used herein refers to and is defined as the method and as the apparatus of the present invention in accordance with the context in which the term is used. The term “method” as used herein refers to and is defined as the operational steps of an apparatus.
For reasons of convenience and not limitation, the term “data” is defined as information that is capable of being produced by or stored in a computer's (host) internal storage or external storage media. The term “security system” is defined as meaning a device incorporating systems for authenticating users. The term “storage media” as used herein refers to and is defined as any solid state, NAND flash, and/or magnetic data recording system. The term “locked” refers to the security system when the protected resource/asset (e.g., storage media, power tool, self-encrypting drive) is not accessible, and the term “unlocked” refers to the security system when the protected resource/asset is accessible.
There are generally two methods to make a storage device tamper-resistant: 1. Apply epoxy to components—an epoxy resin applied to the printed circuit board can make it difficult to disassemble the storage device without destroying storage media. 2. Encrypt memory data—data gets encrypted as it is written to the storage media and an encryption key is required to decipher the data.
Referring now to
The storage subsystem 106 is electronic circuitry that includes an interface controller 108, an encryption engine 110, and storage media 112. The storage media 112 can be an internal or external hard disk drive, USB flash drive, solid state drive, hybrid drive, memory card, tape cartridge, and optical media including optical disk (e.g., Blu-ray disk, digital versatile disk or DVD, and compact disk or CD). The storage media 112 can include a data protection appliance, archival storage system, and cloud-based data storage system. The cloud storage system may be accessed utilizing a plug-in (or “plugin”) application or extension software installed in a browser application, either on the host computer or on another system coupled to the host computer via a wired or wireless network, such as RF or optical, or over the world wide web.
The interface controller 108 includes electronic components such as a micro-controller with the encryption engine 110 of software or hardware, although the encryption engine 110 can be in a separate controller in the storage subsystem 106.
The authentication subsystem 104 is electronic circuitry that includes an authentication controller 114, such as a micro-controller, which may have its own non-volatile memory, such as an electrically erasable programmable read-only memory (EEPROM).
The external communication channel 102 provides a means of exchanging data with a host computer system 120. Universal Serial Bus (USB) is one of the most popular means to connect the security system 100 to the host computer system 120. Other examples of the external communication channel 102 include Firewire, wireless USB, Serial ATA (SATA), Peripheral Component Interconnect (PCI), NVM Express (NVMe) or Non-Volatile Memory Host Controller Interface Specification (NVMHCIS), Integrated Drive Electronics (IDE), Small Computer System Interface (SCSI), Industry Standard Architecture (ISA), Personal Computer Memory Card International Association (PCMCIA), Peripheral Component Interconnect Express (PCI Express), a switch fabric, High Definition Multimedia Interface (HDMI), Recommended Standard 232 (RS-232), and radio frequency wireless networks, among others.
The interface controller 108 is capable of translating USB packet data to data that can be written to the storage media 112 in a USB flash-memory-based drive (or other types of data storage media). In some example embodiments, the interface controller 108 is not operational until the authentication subsystem 104 has authenticated the user 122, that is, the encryption engine 110 will not encrypt or decrypt data and the external communication channel 102 will not transfer any data until the user 122 is authenticated.
The encryption engine 110 is implemented as part of the interface controller 108 and takes clear text and/or data (information) from the host computer system 120 and converts it to an encrypted form that is written to the MSD or the storage media 112. The encryption engine 110 also converts encrypted information from the storage media 112 and decrypts it to clear information for the host computer system 120. The encryption engine 110 can also be a two-controller subsystem with an encryption controller that has the encryption capability to encrypt/decrypt data on the fly along with managing the communication protocol, memory, and other operating conditions, and a communication/security controller for handling the communication, encryption key management, and communications with the encryption controller.
An encryption key 116 is required by the encryption engine 110 to encrypt/decrypt the information. The encryption key 116 is used in an algorithm (e.g., a 256-bit Advanced Encryption Standard (AES) encryption) that respectively encrypts/decrypts the data by an encryption algorithm to render data unreadable or readable. The encryption key 116 can be stored either internally or externally to the authentication controller 114.
The encryption key 116 is transmitted to the encryption engine 110 by the authentication subsystem 104 once a user 122, having an identification number or key, has been verified against an authentication key 118. As noted above, the encryption key 116 is independent from the user password and any other user credentials (authentication key 118).
It has been discovered that, by the employment of the authentication key 118 and the encryption key 116, portable memory storage devices of the various embodiments of the present invention can provide an extremely high level of security previously not available in other such devices.
When the security system 100 is locked, the authentication key 118 remains inside the authentication subsystem 104 and cannot be read from outside. One method of hiding the authentication key 118 is to store it in the authentication controller 114 in the authentication subsystem 104. Setting the security fuse of the authentication controller 114 makes it impossible to access the authentication key 118 unless the authentication controller 114 allows retrieval once the user 122 has been verified. Many micro-controllers come equipped with a security fuse that prevents accessing any internal memory when blown. This is a well-known and widely used security feature. Such a micro-controller could be used for the authentication controller 114. The authentication controller 114 can be a micro-controller or microprocessor.
The authentication key 118 can be used as in several capacities: 1. As the encryption key 116 to encrypt/decrypt the information directly. 2. As a key to recover the encryption key 116 stored in the security system 100 that can be accessed by the interface controller 108. 3. Used for direct comparison by the interface controller 108 to activate the external communication channel 102.
Referring now to
The user 122 interacts with the authentication subsystem 104 by providing user identification 202, a number or key, to the authentication subsystem 104. The authentication subsystem 104 validates the user 122 against the authentication key 118. The authentication subsystem 104 then transmits the authentication key 118 as the encryption key 116 to the interface controller 108.
The encryption engine 110, in the interface controller 108, employs the encryption key 116 to convert clear information to encrypted information and encrypted information to clear information along a data channel 206-207. Clear data channel 206 is used to exchange clear data, and encrypted data channel 207 is used to exchange encrypted data. Any attempt to read encrypted information from the storage media 112 without the encryption key 116 will generally result in information that is unusable by any computer.
The security system 100 is being used as a self-encrypting drive, and the security system 100 interfaces directly with the user 122 for authenticating the user 122 so the security system 100 may be accessed through the clear data channel 206 (e.g., internal bus 214). Although the security system 100 may be situated within the computer casing of the host computer system 204, or may be attached to the host computer system, and the security system 100 may be upgraded or replaced, the security system 100 is still independent from the host computer system 204 for authenticating the user 122.
Other solutions for SEDs store the encryption key on the storage media 112 or inside a communications controller, but this type of implementation is susceptible to attack because the user-authentication information is still going thru the host computer and the encryption key may be obtained by brute force or by other means, just by reading the storage media or the communications controller. Because the authentication is provided through the communications controller, in these other solutions, the encryption key that is stored therein may be hacked.
On the other hand, in the security system 100, the clear data channel 206 is completely locked until the user is authenticated. In some example embodiments, the storage subsystem 106 is not powered until the user is authenticated. Further, the security system 100 does not keep the encryption key 116 inside the encryption engine 110 of the interface controller 108. Once the user is authenticated, the encryption key 116 is sent from the authentication subsystem 104 to the encryption engine 110.
Afterwards, the user unlocks (operation 224) the SED via a mobile app executing on a mobile device 232. The mobile app is used to enter authentication via wireless connection to the SED, as described in more detail below. The wireless connection to the SED may be protected with its own independent encryption layer.
After the SED is enabled (operation 226), the laptop 228 is able to boot 234, and the SED behaves as a regular hard drive. The software and the hardware in the laptop 228 is not aware that the SED is different from any regular hard drive, and no special software or hardware is required to support the SED in the laptop 228.
Additionally, for security reasons, the SED may be locked, even when the operating system in the laptop 228 is up and running. The remote management system may send a command (e.g., via the mobile device 232) to lock the SED. For example, if an administrator has detected malicious activity, the administrator may send a command to lock the SED immediately, the operating system would report the failure of the hard drive, and the laptop 228 will not be operational anymore. In some cases, when there is not an urgent threat, the remote lock may be sent with a timer (e.g., five minutes) to enable the user to close files and maybe power down the laptop 228; when the timer expires, the SED is locked. In some example embodiments, the SED may generate a shutdown signal of the laptop 228 for the laptop to shut down before the SED is locked.
During a malicious attack, the attacker may take out the SED and read the data in the media to look for the encryption. With prior solutions, the hacker may gain access to the media. However, the SED described herein, when locked, does not provide a data channel to give access to the storage media, so the attacker may not use brute force to read the media.
In some cases, the remote management system may send a remove wipe (remote reset, remote kill) command to the SED, and the SED will not only lock the communication channel, but also delete the encryption key (in some cases, the encryption key is zeroized causing the SED to be “safe erased”). Since the encryption key is never made available outside the SED, no other user or entity will have the encryption key and the data in the SED will not be accessible (unless the attacker is able to break the encryption, which is an almost impossible task given the computing resources currently required to break long encryption keys).
In some example embodiments, the electronic system 254 includes the SECSYS 100 embedded inside, e.g., within the same casing as the electronic system 254. The electronic system 254 further includes input/output devices 208, the processor 210, the memory 212, a system access controller 258, an on/off module 252 (also referred to herein as a startup switch or an ignition switch), and the internal bus 214. Although the internal bus 214 is illustrated to interconnect different components, other types of connections between the components (e.g., direct connections between two components) may be used.
The on/off module 252 controls the powering on of the electronic system 254, that is, turning on or off the electronic system to provide the functionality associated with it. When the on/off module 252 is ON, the electronic system is available, and when the on/off module 252 is OFF, the electronic system is not available to the user 122.
The system access controller 258 controls the operation of the on/off module 252, that is, controls when the on/off module 252 is activated. If the system access controller 258 disables the on/off module 252, the electronic system may not be turned on by the user. If the system access controller 258 enables the on/off module 252, the electronic system may be turned on by the user 122.
The SECSYS 100 is in communication with the system access controller to control the enabling of the turning on of the electronic system 254. In some example embodiments, the electronic system 254 cannot be turned on until the SECSYS 100 communicates to the system access controller 258 that the electronic system 254 is enabled for operation.
A data and control channel 256 provides communications between the interface controller 108 and the system access controller 258. In some example embodiments, the communications are encrypted, and in other sample embodiments, the communications are in clear form (e.g., not encrypted). In some embodiments, there is a mix of encrypted and unencrypted communications. The communications may also be in the form of a direct electric communication with two or more ranges of voltage levels, such that each voltage level corresponds to a different command. In one example embodiment, two voltage levels are defined: a first voltage level (e.g., a positive voltage) to enable the powering of the electronic system 254, and a second voltage level (e.g., ground) to disable the powering of the electronic system 254. Other possible forms of communication are also possible; therefore, these communication methods are not be interpreted to be exclusive or limiting, but rather illustrative.
Further, the storage media 112 of the SECSYS 100 securely usage data of the electronic system 254, e.g., number of hours of operation, start and end times of the operation of the tool.
Further, the SECSYS 100 provides remote management capabilities by communicating with a management server to control user authentication data and other operating parameters, such as enabled geographic locations, enabled users, enabled hours of operation, user groups, etc. In some example embodiments, the electronic system 254 includes a tamper protection mechanism to disable the bypassing of the control mechanism to control the powering on of the electronic system 254 without the authentication provided by the SECSYS 100. As a result, bypassing the connection to the SECSYS would not enable power tool to operate. As a result, if only authorized users can use the tool, there is no incentive to steal the tool by malicious users.
When the SECSYS is locked, the system access controller, in the power tool 272, disables the ON/OFF mechanism of the power tool 272. Thus, the power tool 272 will appear as if the power tool 272 is not working. In some example embodiments, one or more indicators are provided (e.g., Light-Emitting Diode (LED) lights) to show that the power tool 272 is locked and authentication is required to operate the power tool 272.
Further, the user unlocks (operation 276) the power tool 272 via a mobile app executing on the mobile device 232. The mobile app is used to enter authentication via wireless connection to the SED, as described in more detail below. The wireless connection to the SED may be protected with its own independent encryption layer.
After the power tool 272 is enabled (operation 278), the power tool 272 is operable and is able to power on (operation 280). Additionally, for security reasons, the power tool 272 may be locked with a command received from a management system. The remote management system may send a command (e.g., via the mobile device 232) to lock the power tool 272. For example, if an administrator has detected malicious activity, the administrator may send a command to lock the power tool 272 immediately. In some cases, when there is not an urgent threat, the remote lock may be sent with a timer (e.g., five minutes); when the timer expires, the power tool 272 is locked. In some example embodiments, the DDS may send a shutdown signal to the power tool 272 to warn the power tool 272 that there will be a power off within a predetermined amount of time (e.g., one minute, five minutes).
During a malicious attack, the attacker may take out the SECSYS and read the data in the storage media to look for the encryption key. With prior solutions, the hacker may gain access to the storage media. However, the SECSYS described herein, when locked, does not provide a data channel to give access to the storage media, so the attacker may not use brute force to read the media.
In some cases, the remote management system may send a remote block command to the SECSYS, and the SECSYS will lock the tool and the communication channel
Referring now to
In one method for wireless authentication 308, a mobile transceiver 302 (e.g., in a mobile phone, tablet, a key-fob, etc.) is employed to transmit user identification 304 to a data security transceiver 306 in an authentication subsystem 310. For exemplary purposes, transceivers are employed for bi-directional communication flexibility, but a transmitter-receiver combination for uni-directional communication could also be used.
The authentication subsystem 310 includes the authentication controller 114, which is connected to the interface controller 108 in the storage subsystem 106. The user identification 304 is supplied to the data security transceiver 306 within the authentication subsystem 310 by the mobile transceiver 302 from outside the storage subsystem 106 of the security system 300. The wireless communication may include Wireless Fidelity (WiFi), Bluetooth (BT), Bluetooth Smart, Near Field Communication (NFC), Global Positioning System (GPS), optical, cellular communication (for example, Long-Term Evolution (LTE), Long-Term Evolution Advanced (LTE-A)), Code Division Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Universal Mobile Telecommunications System (UMTS), Wireless Broadband (WiBro), or Global System for Mobile Communications (GSM), and the like.
The authentication subsystem 310 validates the user 122 against the authentication key 118 by a code sent from the mobile transceiver 302 being validated against the authentication key 118. After a successful user authentication validation, the authentication subsystem 310 then transmits the encryption key 116 to the interface controller 108 across the communication channel 307.
The encryption engine 110 then employs the encryption key 116 to convert clear information to encrypted information and encrypted information to clear information along the data channel 206-207. Any attempt to read encrypted information from the storage media 112 without the encryption key 116 will result in information that is unusable by the host computer system 120.
In an optional second authentication mechanism, the authentication subsystem 310 validates the user 122 against the authentication key 118 by having the user 122 employ a biometric sensor 320 to supply a biometric input 322 to verify his/her identity as an authorized user. Types of biometric identification include a fingerprint, a face and its unique features, an iris scan, a voice imprint, etc.
In an optional third authentication mechanism, the authentication subsystem 310 validates the user 122 against the authentication key 118 by having the user 122 employ an electro-mechanical input mechanism 330 to supply a unique code 332 to verify his/her identity as an authorized user. The unique code 332 can include a numerical, alphanumeric, or alphabetic code, such as a PIN. The electro-mechanical input mechanism 330 is within the authentication subsystem 310. The electro-mechanical input mechanism 330 receives the unique code 332 from the user 122 from outside of the security system 300. The unique code 332 is supplied to the electro-mechanical input mechanism 330 within the authentication subsystem 310 from outside the storage subsystem 106 of the security system 300.
No matter which method is used to validate the user 122, the authentication key 118 and the encryption key 116 remain hidden in the authentication subsystem 310 until the user 122 is authenticated, and the interface controller 108 does not have access to the authentication key 118 or the encryption key 116. In some embodiments, the security controller may not even have a power until the user has been authenticated.
In some example embodiments, the security system 300 includes an internal power source, such as a battery 334. In other example embodiments, the security system 300 does not include an internal power source and uses the power source provided by the host computer system 120. In other example embodiments, the security system 300 may use both a power source provided by the host and the internal power source.
Other SED solutions require authentication utilizing the host computer resources (e.g., I/O 208, processor 210, memory 212). For example, in other solutions, the user-authentication information is entered into the host computer system 204 via the input/output devices 208, such as a keyboard or a fingerprint reader.
The user-authentication information is then sent to the SED via the interface controller 108. This means that the interface controller 108 has to be opened (e.g., unlocked) in order to receive the user-authentication information. In the security system (e.g., SED) 300, the interface controller 108 is completely locked from access by the host computer system 204 until the user 122 is authenticated via the RF transceiver 306, biometric sensor 320, or electro-mechanical input mechanism 330. In some example embodiments, when the interface controller 108 is locked, the host computer system 204 may not even recognize that there is an SED installed in the host computer system 204.
When the user is authenticated with the SECSYS 300, the SECSYS 300 communicates with the system access controller 258 (via the data and control channel 256) to provide a notification that the electronic system 254 has been enabled. In some example embodiments, the electronic system 254 is enabled as long as a signal in the data control channel 256 remains active. Once the signal is deactivated, the system access controller will disable the on/off module 252, which will cause the electronic system to stop operating.
In other example embodiments, the enable signal sent from the SECSYS 300 enables the operation of the electronic system 254 for a predetermined amount of time (e.g., five minutes, one hour, 12 hours, 24 hours) using an internal timer of the electronic system 254 without relying on the continuing wireless connection with a mobile device. Further, in some other embodiments, the SECSYS may continue sending enable signals to the system access controller 258 as long as the SECSYS 300 is in wireless communication with the mobile device 232. For example, the user using the tool has the mobile device 232 in her pocket, and there will be continuous operation after authentication, until the connection with the mobile device 232 is terminated. After the connection is terminated, the user 122 passed to authenticate again to turn on the electronic system 254.
The electronic system 254 includes power module 352 used to provide power to the electronic system 254 during operation. The power module 352 may be a connection to an electrical outlet, a non-rechargeable battery, or a rechargeable battery. In some example embodiments, the system access controller 258 disables the power 352 of the electronic system 254 and to the user 122 is authenticated. In other example embodiments, the power 352 is not disabled to allow presenting information to the user 122, such as a display indicating that authentication is required.
In some example embodiments, the SECSYS includes an internal battery 334 that allows the SECSYS to operate, even when the electronic system is disabled. This way, the user can be authenticated independently of the state of the electronic system 254. In other example embodiments, the SECSYS utilizes the power 352 from the electronic system 254 and the battery 334 is not included.
In some example embodiments, the SECSYS 300 includes two LEDs of different colors (e.g., red and green) or one multi-color LED to indicate the state of the user-authentication state (e.g., user authenticated or not). Additionally, LEDs may be used to indicate when the wireless connection with the mobile device 232 is active.
In the example illustrated in
In some example embodiments, the system access controller provides status information to the SECSYS 300 via the clear channel 354 or the encrypted channel 256. The status information may include notification of events, such as power on, power off, low battery level, device malfunction, etc.
Referring now to
The host computer system 120 is provided with a host application 402. The host application 402 is software or firmware, which communicates over the external communication channel 102 of the security system 100.
The host application 402 delivers host identifiers 406, such as internal component serial numbers (e.g., hard drive), media access control (MAC) address of a network card, login name of the user, network Internet Protocol (IP) address, an ID created by the security system 100 and saved to the host, an ID created by the security system 100 and saved to the network, etc., associated with its environment. The host identifiers 406 are employed by an authentication subsystem 408 in the security system 100.
When the authentication subsystem 408 validates the user 122 against the authentication key 118 by verifying the host identifiers 406, the security system 100 will unlock.
For example, the user 122 connects the security system 100 that is locked to the host computer system 120. The host application 402 sends the MAC address of its network card to the security system 100. The security system 100 recognizes this MAC address as legitimate and unlocks without the user 122 of
The security system 100 includes: providing the authentication key 118 stored in the authentication subsystem 104; providing verification of the host computer system 120 by the authentication subsystem 104; presenting the encryption key 116 to the storage subsystem 106 by the authentication subsystem 104; and providing access to the storage media 112 by the storage subsystem 106 by way of decrypting the storage media content.
The security system 100 further includes the authentication subsystem 104 for interpretation of biometric input and verification of the user 122.
The security system 100 further includes using the authentication key 118 as the encryption key 116 directly.
The security system 100 further includes using the authentication key 118 to decrypt and retrieve the encryption key 116 used to decipher internal content.
The security system 100 further includes the authentication subsystem 104 for interpretation of signal inputs and verification of sending unit.
The security system 100 further includes the authentication subsystem 104 for interpretation of manually entered input and verification of the user 122.
The security system 100 further includes the authentication subsystem 104 for interpretation of input sent by a host resident software application for verification of the host computer system 120.
The security system 100 further includes the encryption engine 110 outside the interface controller 108 but connected to the external communication channel 102 for the purpose of converting clear data to encrypted data for unlocking the security system 100.
Referring now to
The management console 640 may be used to access several user interfaces for configuring the remote management, such as interfaces for managing accounts, users, devices, enforcing IT policies, etc. Some user interfaces are described below with reference to
The user management database 642 stores information regarding users and devices. More details for the user management database 642 are provided below with reference to
The management server 604 may manage a plurality of devices, such as laptops 228, PCs 661, thermostats 664, smart TVs 666, tablets 668, servers 670, printers and scanners 672, smart appliances 674, mobile devices 610, and other devices, such as residence doors, elevator doors, garage doors, hotel doors, office room doors, water supply valves, meters, medical devices and instruments, medicine cabinets, safes, home and corporate security and access-control systems, home automation devices, smart speakers, voice-mail systems, etc. Some devices may belong to the same company, such as the laptops of Company A 660 or the devices for Company B 662.
For example, the remote management server 604 may control the access to an SED 101, as described above. Further, the remote management server 604 may control different types of motors that can open or close a door or a safe, provide controlled access to video security cameras and their recorded video, etc.
Remote management may be used for different types of services, such as secure-access control systems, home automation and security systems, healthcare and medical devices, external and internal data storage devices, etc.
The management server 604 communicates with the mobile device 610 to control the use of the SED 101 inside host computer 630. The application executing in mobile device 610, as described above with reference to
For example, the remote management server 604 may control the access to the power tool 272, as described above. Remote management may be used control the use of the power tools 272, such as turning on and off, hours of operation, authorized users, etc.
The management server 604 communicates with the mobile device 610 to control the use of the power tool 272. The application executing in the mobile device 610, communicates with the management server 604 to enable access to the power tool 272.
Referring now to
The communication combination 301 in the exemplary data security communication system 602 includes a mobile transceiver 612 in the mobile device 610 with an antenna 614 wirelessly communicating with an antenna 622 of a data security transceiver 624 in the security system 620.
The mobile device 610 in one embodiment can be a smartphone. In the mobile device 610, the mobile transceiver 612 can be connected to conventional mobile device components and to a security system application 618, which provides information to be used with the security system 620.
The data security transceiver 624 is connected to a security controller 626, which can contain identification, passwords, profiles, or information including that of different mobile devices that can access the security system 620. The security controller 626 is connected to subsystems similar to the authentication subsystem 310, the storage subsystem 106 (which in some embodiments can have encryption to encrypt data), and the external communication channel 102.
The external communication channel 102 is connectable to the host computer 630 to allow, under specified circumstances, access to data in the storage subsystem 106.
One implementation of the security system 620 can eliminate the biometric sensor 320 and the electro-mechanical input mechanism 330 of
The security system application 618 allows the mobile device 610 to discover all security systems in the vicinity of the mobile device 610 and show their status (locked/unlocked/blank, paired/unpaired etc.).
The security system application 618 allows the mobile device 610 to connect/pair, lock, unlock, change the name and password, and reset all data on the security system 620.
The security system application 618 allows the mobile device 610 to set an inactivity auto-lock so the security system 620 will automatically lock after a predetermined period of inactivity or to set a proximity auto-lock so the security system 620 will be locked when the mobile device 610 is not within a predetermined proximity for a predetermined time period (to improve reliability and avoid signal de-bouncing).
The security system application 618 allows the mobile device 610 to remember a password, use biometric and wearables (e.g. TouchID, FaceID and Apple Watch), so security system 620 can be unlocked without entering re-entering a password on the mobile device 610.
The security system application 618 allows the mobile device 610 to be set to operate only with a specific mobile device, such as the mobile device 610, so the security system 620 cannot be unlocked with other mobile devices (1Phone).
The security system application 618 allows the mobile device 610 to set the security system 620 to Read-Only.
The security system application 618 allows the mobile device 610 to be operated in User Mode or Administrator Mode (administrator's mode overrides user's settings) and use the server/console 640. The server/console 640 is a combination of a computer with a console for entering information into the computer.
The server/console 640 contains a user management database 642, which contains additional information that can be transmitted over the cloud 650 to the mobile device 610 to provide additional functionality to the mobile device 610.
The user management database 642 allows the server/console 640 to create and identify users using UserID (username and password), to lock or unlock the security system 620, and to provide remote help.
The user management database 642 allows the server/console 640 to remotely reset or unlock the security system 620.
The user management database 642 allows the server/console 640 to remotely change the security system user's PIN.
The user management database 642 allows the server/console 640 to restrict/allow unlocking security system 620 from specific locations (e.g., by using geo-fencing).
The user management database 642 allows the server/console 640 to restrict/allow unlocking security system 620 in specified time periods and different time zones.
The user management database 642 allows the server/console 640 to restrict unlocking security system 620 outside of specified team/organization/network, etc.
The data interface 646 is used to communicate with other components of the host computer system 204, via data channel 676, such as I/O 208, processor 210, memory 212, and power supply 678. In some example embodiments, the battery 334 is not included in the SED 101, and the SED 101 may utilize the power supply 678 of the host computer (or overall embedded) system 204.
As described above with reference to
The data interface 646 is used to communicate with the system access controller 258. In some example embodiments, the battery 334 is not included in the SECSYS 300, and the SECSYS 300 may utilize the power supply 352 of the electronic system 254.
The data security transceiver 624 may be used to authenticate the electronic system 254. In some example embodiments, the data interface 646 remains locked (e.g., no data is sent out or received via the data interface 646) until the user is authenticated.
The device table 680 stores information about the device manage by the remote management server. The device table 680 includes the following fields:
The user table 682 stores information for each of the users authorized by the remote management system. The user table 682 includes the following fields:
As described above, the geographic fencing (e.g., boundaries) as well as the time-of-use boundaries are defined for each user. In other example embodiments, the geographic and time limitations may be defined by device, which means that a particular device may only be used in the area and/or time allowed.
The administrator user table 684 is a table for storing information regarding the users that are authorized to operate as administrators for their respective accounts. The administrator user table 684 includes the following fields:
In
The device-user mapping table 690 includes the following fields:
The license table 692 stores information regarding the licenses given to users for accessing the remote management system, including accessing the configured devices, such as activation codes, when the license was issued, to whom the license was issued, duration of the license, etc. The license table 692 includes the following fields:
It is noted that the embodiments illustrated in
Referring now to
Connectivity 700, between the security system 620 and the mobile device 610, is first established with mutual discovery of the other device or system, pairing the device and system, and connection of the device and system. The connectivity 700 is secured using a shared secret, which is then used to secure (encrypt) communications between the security system 620 and the mobile device 610 for all future communication sessions. A standard encryption algorithm is selected to be both efficient to run on the security system 620 and to be approved by world-wide security standards.
The connectivity 700 is maintained by the security system application 618 or the security controller 626 or both operating together as long as the security system 620 and the mobile device 610 are within a predetermined distance of each other. Further, if the predetermined distance is exceeded, the connectivity 700 is maintained for a predetermined period of time after which the security system 620 is locked.
After connection of the mobile device 610 and the security system 620, a security system administrator application start operation 702 occurs in the mobile device 610. Then an administrator sets a password in an administrator password operation 704. Also, after connection of the mobile device 610 and the security system 620, the security system 620 is connected to the host computer 630 of
After the administrator password operation 704, the mobile device 610 sends a set administrator password and unlock signal 708 to the security system 620. The set administrator password and unlock signal 708 causes an administrator password set and security system unlocked operation 716 to occur in the security system 620.
When the administrator password set and security system unlocked operation 716 is completed, a confirmation: security system unlocked signal 712 is sent to the mobile device 610 where a confirmation: security system unlocked as administrator operation 714 operates. The confirmation: security system unlocked as administrator operation 714 permits a set other restrictions operation 715 to be performed using the mobile device 610. The set other restrictions operation 715 causes a set administrator restrictions signal 718 to be sent to the security system 620 where the administrator restrictions are set and a confirmation: restrictions set signal 720 is returned to the mobile device 610. Thereafter, the mobile device 610 and the security system 620 are in full operative communication.
Because it is possible to communicate with the security system 620 without having physical contact with the security system 620, it is required that significant interactions with the security system 620 be accompanied by a security system unique identifier that is either printed on the security system 620 itself, or that comes with the security system 620 packaging and is readily available to the security system 620 owner.
On making requests that could affect user data, such as unlocking or resetting the security system 620, this unique identifier (unique ID) is required. Attempts to perform these operations without the correct identifier are ignored and made harmless. The unique identifier is used to identify the security system 620 to the mobile device 610 in a way that requires the user to have physical control over the security system 620 and to verify the connectivity 700 is established between the authorized, previously paired device and system, such as the mobile device 610 and the security system 620. Once the devices are paired, the shared secret is used to make the communication confidential. It is understood that wireless connection between a mobile phone and device can use independent encryption (protection layers) and techniques to protect such communication from known threats and vulnerabilities.
Pairing connotes that a mobile device and a security system have a unique and defined relationship established at some time in the past and enduring.
The unique identifier makes for giving the user some control over the security system when the user has physical control of the security system.
To increase the security of the communication with the security system 620 where the mobile device 610 is a smartphone, a user may choose to enable a feature, such as a feature called 1Phone here. This feature restricts significant user interactions with the security system 620 to one and only one mobile device 610. This is done by replacing the security system unique identifier described above with a random identifier shared securely between the security system 620 and the mobile device 610. So, instead of presenting the security system unique identifier when, for example, the user unlocks the security system 620, the 1Phone identifier must be given instead. In effect, this makes the user's mobile device 610 a second authentication factor, in addition to a PIN or password, for using the security system 620. As an example, the paired user phone selected as “1Phone” can be used without a PIN, and as the user-authentication single factor and/or in a combination with any other user-authentication factors. If such feature (1Phone) is selected, the security system 620 cannot be opened with any other phones, except if an administrator's unlock was enabled before.
It will be understood that other embodiments can be made to require an administrator's password on the security system 620 in order to use the 1Phone feature. Another embodiment may require that the server/console 640 is capable of recovering the security system 620 in case the 1Phone data is lost on the mobile device 610.
The user may enable a proximity auto-lock feature for the security system 620. During a communication session, the data security transceiver 624 of
Because the signal strength varies due to environmental conditions around the transceivers, the security system 620 mathematically smooths the signal strength measurements to reduce the likelihood of a false positive. When the security system 620 detects that the signal power received has dropped below a defined threshold for a predetermined period of time, it will immediately lock the security system 620 and prevent access to the storage subsystem 106 of
The security system 620 could be used in three different modes: a User Mode where the functionalities of the security system 620 are determined by the user; an Administrator Mode where an administrator can set an Administrator password and enforce some restrictions on the security system 620 (e.g., automatic lock after a predetermined period of inactivity, Read-Only, 1Phone, Prohibiting use of any biometrics, etc.) and where restrictions cannot be removed by a User; and a Server Mode where an administrator role is set where the server/console 640 can remotely reset the security system 620, change user passwords, or just unlock the security system 620.
Referring now to
While similar to
If a PIN (Personal Identification Number) was not set up, then the paired mobile device is used as one-factor authentication.
After the SECSYS is unlocked at operation 804, the SECSYS 620 sends a “system enabled” message 820 to the electronic system (e.g., via the system access controller) to confirm that the user has been authenticated via the mobile device 610.
The electronic system 254 is enabled 822 in response to receiving the “system enabled” message 820. For example, the system access controller will enable the operation of the ON/OFF mechanism of the electronic system 254. In some cases, the system access controller enables the operation of a motor in the electronic system 254, where the motor is not operable until the “system enabled” message 820 is received.
In some example embodiments, the electronic system 254 sends a confirmation message 824 to the SECSYS 620 to confirm that the electronic system 254 has been enabled for operation. In some example embodiments, after the confirmation is received, the SECSYS 620 will provide a visual (e.g., turning on an LED) or tactile feedback (e.g., vibration) to the user to indicate that the electronic system 254 is ready for operation.
Referring now to
While similar to
When the username/password valid determination 904 verifies the user, a valid user signal 906 is sent to the mobile device 610 for the user to enter the correct PIN in an enter PIN operation 908 in the mobile device 610. The mobile device 610 then sends a verify unlock signal 910 to determine if the correct PIN has been entered to the server/console 640.
The server/console 640 makes a user authorized determination 912 and determines if the user is authorized to use the specific security system, such as the security system 620, that the PIN is authorized for. If authorized, an unlock allowed signal 914 is sent to the mobile device 610, which passes on an unlock request signal 916 to the security system 620.
The security system unlocked operation 804 is performed and the confirmation: security system unlocked signal 712 is sent to the mobile device 610 where the confirmation, security system unlocked operation 806 is performed.
Referring now to
While similar to
At the mobile device 610, a current condition determination is made, such as in an acquire location and/or current time operation 1002. This operation is performed to determine where the mobile device 610 is located and or what the current time is where the mobile device 610 is located. Other current conditions around the mobile device 610 may also be determined and sent by a verify unlock signal 1004 to the server/console 640 where a conditions-met determination 1006 is made.
When the desired conditions are met, an unlock allowed signal 1008 is sent to the mobile device 610 for the enter PIN operation 908 to be performed. After the PIN is entered, a verify unlock signal 1010 is sent with the PIN and an identification of the security system 620 that is in operational proximity to the mobile device 610. The verify unlock signal 1010 is received by the server/console 640 and a security system allowed determination 1012 is made to determine that the specified security system is allowed to be unlocked by the authorized user. The server/console 640 verifies that this “specific” user is authorized to use the specified security system.
After determining the correct information has been provided, the server/console 640 will provide an unlock allowed signal 914 to the mobile device 610, which will provide a unlock request signal 916. The unlock request signal 916 causes the security system 620 to operate.
In some example embodiments, the electronic system 254 sends a confirmation message 824 to the SECSYS 620 to acknowledge receipt of the “system enabled” message 120, as described above with reference to
Referring now to
While similar to
The mobile device 610 will send a reset security system signal 1106 to the security system 620 to start a security system reset operation 1108. Upon completion of the security system reset operation 1108, the security system 620 will send a confirmation: security system reset signal 1110 to the mobile device 610 to set a confirmation: security system reset operation 1112 into operation. Thereafter, the mobile device 610 and the security system 620 are in full operative communication with the security system 620 reset.
Referring now to
While similar to
In some example embodiments, the electronic system 254 sends a confirmation message 824 to the SECSYS 620 to acknowledge receipt of the “system enabled by administrator” message 1212, as described above with reference to
Referring now to
While similar to
In some example embodiments, a user may interact with the server/console 640 to recover a lost or forgotten password. The user sends a request to the server/console 640 to recover the password, which may be a general password for the user, or a particular password for a particular device.
The server/console 640 then authenticates the user (e.g., two factor authentication), and if the user is authenticated, the server/console retrieves the password from the server database and provides the password to the user.
In other example embodiments, the password may be reset instead of recovered and the user would enter the new password at the server/console 640.
A method of operation of a security system comprising: providing a mobile device with a security system application for connectivity with the security system; starting the security system application; and maintaining connectivity of the security system with the mobile device.
The method as described above wherein maintaining the connectivity maintains the connectivity when the security system is within a predetermined proximity to the mobile device.
The method as described above wherein maintaining the connectivity maintains the connectivity when the security system is within a predetermined proximity to the mobile device for a predetermined period of time.
The method as described above wherein establishing the connectivity includes using bi-directional communication between the security system and the mobile device.
The method as described above wherein establishing the connectivity includes using uni-directional communication between the security system and the mobile device.
The method as described above further comprising communication between the mobile device with the security system application and a server containing a user management database.
The method as described above further comprising providing security information in a security controller in the security system.
The method as described above further comprising: providing a server with identification of a specified security system; providing the security system with a specific identification; and unlocking the security system when the identification of the specified security system is the same as the specific identification of the security system.
The method as described above wherein providing a mobile device with the security system application provides a security system administrator's application and further includes: setting an administrator's password in the mobile device; transmitting the administrator's password from the mobile device to the security system; and setting the administrator's password in the security system and unlocking the security system.
The method as described above further comprising: providing an unlock request along with a mobile device identification from the mobile device to the security system; and receiving the unlock request in the security system and unlocking the security system.
The method as described above further comprising: entering a user name or password in the mobile device; determining when the user name or password is valid in a server after receiving the user name or password from the mobile device; communicating from the server to the mobile device when the user name or password is valid; and communicating from the mobile device to the security system when the user name or password is valid to unlock the security system.
The method as described above further comprising: entering a user name or password in the mobile device; determining when the user name or password is valid in a server after receiving the user name or password from the mobile device; communicating from the server to the mobile device when the user name or password is valid; determining when the identification number is valid in the server after receiving the identification number from the mobile device; and unlocking the security system through the mobile device when the server determines the identification number is valid.
The method as described above further comprising: providing a valid location of the mobile device to a server; determining in the server when the mobile device is in the valid location; and unlocking the security system through the mobile device when the server determines the mobile device is in the valid location.
The method as described above further comprising: providing a current time of operation for the security system at the mobile device to a server; determining in the server when the mobile device is within the current time; and unlocking the security system through the mobile device when the server determines the mobile device has the current time.
The method as described above further comprising: providing a command in a server; providing the command to the mobile device from the server in response to a command waiting signal from the mobile device; and performing the command in the security system through the mobile device when the command is provided from the server.
The method as described above further comprising: providing a change password command in a server; providing the change password command to the mobile device from the server in response to a change password signal from the mobile device; and unlocking the security system with the changed password in the security system.
The method as described above further comprising connecting the security system to a host computer for power and to be discoverable by the host computer.
A security system comprising: a data security transceiver or receiver; an authentication subsystem operatively connected to the data security transceiver or receiver; and a storage subsystem connected to the authentication subsystem.
The system as described above further comprising a security controller connected to the data security transceiver or the receiver and to the authentication subsystem.
The system as described above further comprising a mobile device having a security system application operating with the security controller for maintaining connectivity when the security system is within a predetermined proximity to the mobile device.
The system as described above further comprising a mobile device having a security system application operating with the security controller for maintaining connectivity when the security system is within a predetermined proximity to the mobile device for a predetermined period of time.
The system as described above further comprising a mobile device having a mobile transceiver or receiver for maintaining connectivity using bi-directional communication between the security system and the mobile device.
The system as described above further comprising a mobile device having a mobile transceiver or receiver for maintaining connectivity using uni-directional communication between the security system and the mobile device.
The system as described above further comprising a wired or wireless connection communication between a mobile device with a security system application and a server containing a user management database.
The system as described above wherein the security system includes an external communication channel for connection to a host computer.
At operation 1402, the lock is specified at the server/console 640 for the specific security system 620. When the mobile device 610 sends a connection request 1404 from the application executing on the mobile device, the server/console responds 1406 with a command to lock the security system 620.
The mobile device 610 forwards 1408 the lock SECSYS command. The security system 620 then performs the law of operation 1410, which disables user unlocking of the security system 620 until a new unlock command is received. For example, the new unlock command may be sent by an administrator of the account associated with the security system 620.
After the security system 620 is locked, the security system 620 sends a locked confirmation 1412 to the mobile device 610. The mobile device 610 then forwards 1414 the locked confirmation to the server/console 640. The server/console 640 then confirms 1416 that the SECSYS has been locked, so the SECSYS 620 will show as locked and the lock request is completed.
When the host restarts, the SED will not be available until the user unlocks the SED. However, in some cases, it is convenient to keep the SED unlocked during a reboot, or some other short-term power cycle, so the user does not have to go through the unlock process again. From the point of view of the user, the user already unlocked the SED, so there shouldn't be a need to unlock it again, just because the host reboots.
In some example embodiments, a restart timer is used to keep the security system 620 unlocked during a reboot. The restart timer may be implemented on the mobile device 610, as illustrated in
At operation 1502, the application executing on the mobile device 610 is activated, and at operation 1504, the SECSYS 620 is unlocked as previously described.
At operation 1506, the security system 620 detects a host restart operation, and a restart notification is sent 1508 to the mobile device 610. The mobile device 610 then starts a restart timer 1510, such that when the security system 620 restarts within a threshold amount of time, the security system 620 will automatically be initialized in the unlocked state without requiring user authentication.
In operation 1512, the security system 620 initializes. The security system is discovered at operation 1514 by the mobile device 610. After the discovery, the mobile device 610 performs a check 1516 to determine if the restart timer has expired.
If the restart timer has not expired, the mobile device 610 sends a start-unlocked command 1518 to the security system 620. If the restart timer has expired, the mobile device 610 starts a new unlock sequence 1520 that requires user authentication. At operation 1522, the security system 620 initializes in the unlocked state in response to the start unlocked command 1518 received from the mobile device 610.
If the security system 620 implements the restart timer, the security system 620 will check the timer upon initialization. If the timer has not expired, the security system 620 will initialize in the unlock state; otherwise, the security system 620 will wait for the unlock sequence.
The device information is presented in tabular form in a device dashboard 1604, which includes device table 1608 and a search option 1606 for searching devices. The device table 1608 includes information for a list of devices, identified in the first column by a device identifier (ID), e.g., serial number. For each device, the device table 1608 indicates if the device is active or not, a flag indicating if offline use is allowed a flag indicating if an administrator unlock command is pending, a flag indicating if a change of user password is pending, and a more button 1612 that provides additional options. In some example embodiments, the more button 1612 provides options for deleting a device from the system and for instantly locking the device (as soon as communication with the device is established).
The options for managing devices allow flexibility in the control of SEDs and electronic systems. For example, if an administrator suspects that a device is being attacked by a malicious agent, the administrator can set a command to delete the device or instantly lock the device 1610. Once communication is established with the device (e.g., via the mobile device), a delete-device operation will destroy the encryption key in the device, and since the data is stored encrypted, it will not be possible to access the data stored in the device. Further, the delete-device operation will delete any information about users authenticated to use the device, so there will be no authorized users to perform authentication.
If the instant lock is set, the device will automatically lock. For example, if a laptop is stolen, the instant lock will automatically lock the drive, without having to wait for a timeout or detecting that the mobile device is beyond the safe area of operation.
Additionally, the administrator may request a remote unlock of the device, and when communication is established with the device, the device will automatically unlock and enable the data channel.
If the administrator selects one of the devices, a new screen (not shown) will provide additional options for managing the device, such as enabling or disabling the device, resetting the device, changing the user password, and ordering an administrator unlock, indicating the user associated with the device.
The users dashboard 1704 presents the users of the system in the users table 1708. For each user, the users table 1708 provides the name of the user, the login, a flag indicating if the user is enabled or disabled, and a button that provides additional commands, such as delete user, rename user, change password, etc.
The window 1706 provides fields for entering the name of the new user, the email address of the new user, an option for importing data for the user, and a create-user button 1710.
Further, the windows 1808 and 1806 provide options for setting limits to the use of the devices. The window 1808 includes two fields for entering a begin time and an end time in the day when the use is allowed. Another field allows the user to select the time zone for the time boundaries. If no time limits are set, the user may use the device anytime of the day.
The window 1806 enables setting geographic limitations for the use of the allowed devices. The limitations may include setting an address (including street address, city, and country) or geographic coordinates, that together with a radius defines the region where the device or devices may be used. The geographic limitations may also be configured for use in a given continent. A map 1810 highlights the areas where use is enabled or disabled based on the geographic parameters configured.
For example, an administrator authorizes the use of tool with device ID 501901700000111, on March 3rd from 9 AM to 5 PM, to users John, Michael, and Joe at a location defined by a GPS coordinate obtained by the mobile device and a predetermined radius (e.g., 5 km). Users John, Michael, and Joe can then unlock the device if they are in the permitted location at the allowed time.
In some example embodiments, the administrator performs a remote unlock of the device to bypass the configured usage conditions for a predetermined amount of time. For example, if the device is rented to user that is not in the system, the administrator may enable operation of the device for 24 hours without having to register the renter in the system.
In some example embodiments, the summary data includes the following fields: Licensed to, which indicates the name of the company or person that owns the license; License Type, which indicates the type of license; License Created By, which indicates the creator of the license; the License Key; Number of Administrators, which indicates the current number of administrators and the total number of possible administrators; Number of Users, which indicates the current number of users and the maximum number of users; and Number of Drives, which indicates the current number of drives in use and the maximum number of drives allowed by the license.
A similar interface (not shown) is presented when the user selects the User Contacts option, and the information about the users is presented. Additional details may be provided, including any of the fields of user table 682 of
Each entry in the devices table 2106 includes the device identifier (e.g., serial number), the date when the device was provisioned (e.g., configured into the system), the administrator that provisioned the device, the last time the device was used, the user that used the device last, and a geographical icon that would present the location where the device was used for the last time. In other example embodiments, additional device information may be provided, such as the device data from device table 680 of
The user interface 2120 further includes window 2122 with information about a selected device (e.g., device 345AS345). The information presented includes a description of the device (e.g., 2019 ACME Power Drill Model XYZ) and options for selecting summary view 2124, administrator contacts for the device, user contacts for the device, and device activity. The user interface 2120 presented in
The user interface 2120 further includes table 2126 with information about the device. In some example embodiments, the information in table 2126 includes the company the owns the license for managing the device (e.g., CorpA), the number of licensed users for the device (e.g., 7), the amount of lifetime usage registered for the device (e.g., 125:47), the total amount of hours of use of the device for the identified reporting period (e.g., 1:52), a maximum time of continuous use of the device within the selected period (e.g., 14:10), the number of ignitions of the device (e.g., 43), and the licensed users for the device (e.g., Joe@corpA, Mike@corpA).
The user interface 2120 further includes usage table 2128 that presents the times when the device was used. Each row of the usage table 2128 includes the date of operation, start time, and time, and the user that used the device. The user interface 2120 further includes a usage chart 2130 that shows the times when the device was in use.
In some example embodiments, the SECSYS stores the usage data in the internal storage, and the SECSYS sent the information to the remote management server, via the mobile device, with a connection is established with the mobile device.
The usage data may be used by the administrator to monitor the use of a rented tool. For example, the rental agreement may include a maximum usage of the tool in a period where the tool can be used. If the tool is used beyond the amount in the rental agreement, the administrator may charge additional fees for the additional use. Further, the usage information may be used to show that the owner of the tool is complying with warranty requirements.
It is noted that the embodiments illustrated in
At operation 2202, a self-encrypting device is provided in a host computer system having one or more processors, and a data channel.
From operation 2202, the method 2200 flows to operation 2204 for establishing a clear communication channel between a data interface of the self-encrypting device and a data channel of the host computer system. The clear communication channel is locked until the self-encrypting device is authenticated.
From operation 2204, the method 2200 flows to operation 2206 for receiving, via a radio frequency (RF) transceiver of the self-encrypting device, user-authentication information.
From operation 2206, the method 2200 flows to operation 2208 where an authentication subsystem of the self-encrypting device unlocks the clear communication channel based on the user-authentication information.
From operation 2208, the method 2200 flows to operation 2210 for encrypting data, received by the self-encrypting device through the data interface, with an encryption key provided by the user-authentication subsystem of the self-encrypting device.
From operation 2210, the method 2200 flows to operation 2212, where the encrypted data is stored in a storage subsystem of the self-encrypting device.
In one example, the self-encrypting device authenticates a user without use of the one or more processors of the host computer system.
In one example, the RF transceiver is configured for communication with a mobile device, wherein the mobile device sends the user-authentication information to unlock the self-encrypting device.
In one example, an application in the mobile device provides a user interface for obtaining the user-authentication information from a user.
In one example, an application in the mobile device authenticates a user by validating the user with a management server, wherein the self-encrypting device receives an unlock command from the mobile device in response to the management server validating the user.
In one example, the host computer system further includes an encryption engine, wherein the authentication subsystem stores an encryption key and the authentication subsystem transmits the encryption key to the encryption engine when the self-encrypting device is unlocked.
In one example, the self-encrypting device initializes a timer when a shutdown of the system is detected, wherein the self-encrypting device initializes in a locked state and the self-encrypting device is automatically unlocked if the self-encrypting device is initialized before an expiration of the timer.
In one example, data is transmitted in clear form between the data interface and the data channel.
In one example, the authentication subsystem stores an authentication key for authenticating a user for unlocking the self-encrypting device.
In one example, the host computer system is one of a laptop, a personal computer, a kitchen appliance, a printer, a scanner, a server, a tablet device, a medical device, a fiscal cash register machine, or a smart television set.
Operation 2302 is for providing a user interface to access a management server for managing users of self-encrypting devices. The management server comprises a database storing information about the users and the self-encrypting devices.
From operation 2302, the method 2300 flows to operation 2304 for receiving, by the management server, a request from a mobile device to unlock a self-encrypting device for a user, the self-encrypting device being in wireless communication with the mobile device.
From operation 2304, the method 2300 flows to operation 2306 where the management server verifies user-authentication information of the user, received in the request, for unlocking access to the self-encrypting device.
From operation 2306, the method 2300 flows to operation 2308 where the management server sends an unlock command to the mobile device based on the checking, the mobile device sending an unlock request to the self-encrypting device via the wireless communication. The self-encrypting device is configured to unlock the data channel, to provide data access to encrypted storage in the self-encrypting device.
In one example, the method 2300 further comprises receiving, via the user interface, a second request to lock the self-encrypting device; detecting, by the management server, a connection with the mobile device in wireless communication with the self-encrypting device; and sending a lock command to the mobile device to lock the self-encrypting device.
In one example, the method 2300 further comprises receiving, via the user interface, a third request to reset the self-encrypting device; detecting, by the management server, a connection with the mobile device in wireless communication with the self-encrypting device; and sending a reset command to the mobile device, the self-encrypting device configured to delete an encryption key in the self-encrypting device in response to the reset command.
In one example, the method 2300 further comprises providing, in the user interface, options to configure the self-encrypting devices, the options being to reset, enable, disable, lock, or unlock each self-encrypting device.
In one example, each drive has a unique hardware identifier stored in the database.
In one example, the method 2300 further comprises providing, in the user interface, options to allow access to one or more self-encrypting devices by a given user.
In one example, the method 2300 further comprises providing, in the user interface, options to establish geographic boundaries for use of the self-encrypting devices by the user.
In one example, the method 2300 further comprises providing, in the user interface, options to establish time-of-day boundaries for use of the self-encrypting devices by the user.
In one example, the method 2300 further comprises providing in the user interface, options to manage licenses for an account in the management server, the options including determining a maximum number of administrators, a maximum number of self-encrypting devices, and a maximum number of users.
In one example, the method 2300 further comprises providing, in the user interface, options to view self-encrypting device activity including data of provisioning, user that provisioned, time of last access, user in last access, and geographic location of last access.
Operation 2402 is for establishing a data channel between the security system and the electronic system, which has one or more processors.
From operation 2402, the method flows to operation 2404, for receiving, via a radio frequency (RF) transceiver of the security system, user-authentication information from a mobile device.
From operation 2404, the method flows to operation 2406 where an authentication subsystem of the security system unlocks the security system based on the user-authentication information.
From operation 2406, the method flows to operation 2408 for sending, from the security system to the electronic system, an enable command via the data channel based on the unlocking of the security system. The electronic system is not operable until the enable command is received.
In one example, the security system authenticates a user without use of one or more computer processors of the electronic system.
In one example, an application in the mobile device provides a user interface for obtaining the user-authentication information from a user.
In one example, an application in the mobile device authenticates a user by validating the user with a management server, wherein the security system receives an unlock command from the mobile device in response to the management server validating the user.
In one example, the electronic system includes a system access controller in communication with the security system, the system access controller enabling or disabling operation of the electronic system based on information received from the security system.
Examples, as described herein, may include, or may operate by, logic, a number of components, or mechanisms. Circuitry is a collection of circuits implemented in tangible entities that include hardware (e.g., simple circuits, gates, logic, etc.). Circuitry membership may be flexible over time and underlying hardware variability. Circuitries include members that may, alone or in combination, perform specified operations when operating. In an example, hardware of the circuitry may be immutably designed to carry out a specific operation (e.g., hardwired). In an example, the hardware of the circuitry may include variably connected physical components (e.g., execution units, transistors, simple circuits, etc.) including a computer-readable medium physically modified (e.g., magnetically, electrically, by moveable placement of invariant massed particles, etc.) to encode instructions of the specific operation. In connecting the physical components, the underlying electrical properties of a hardware constituent are changed (for example, from an insulator to a conductor or vice versa). The instructions enable embedded hardware (e.g., the execution units or a loading mechanism) to create members of the circuitry in hardware via the variable connections to carry out portions of the specific operation when in operation. Accordingly, the computer-readable medium is communicatively coupled to the other components of the circuitry when the device is operating. In an example, any of the physical components may be used in more than one member of more than one circuitry. For example, under operation, execution units may be used in a first circuit of a first circuitry at one point in time and reused by a second circuit in the first circuitry, or by a third circuit in a second circuitry, at a different time.
The machine (e.g., computer system) 2500 may include a hardware processor 2502 (e.g., a central processing unit (CPU), a hardware processor core, or any combination thereof), a self-encrypting drive (SED) 2503, a main memory 2504, and a static memory 2506, some or all of which may communicate with each other via an interlink (e.g., bus) 2508. The machine 2500 may further include a display device 2510, an alphanumeric input device 2512 (e.g., a keyboard), and a user interface (UI) navigation device 2514 (e.g., a mouse). In an example, the display device 2510, alphanumeric input device 2512, and UI navigation device 2514 may be a touch screen display. The machine 2500 may additionally include a mass storage device (e.g., drive unit) 2516, a signal generation device 2518 (e.g., a speaker), a network interface device 2520, and one or more sensors 2521, such as a Global Positioning System (GPS) sensor, compass, accelerometer, or another sensor. The machine 2500 may include an output controller 2528, such as a serial (e.g., universal serial bus (USB)), parallel, or other wired or wireless (e.g., infrared (IR), near field communication (NFC), etc.) connection to communicate with or control one or more peripheral devices (e.g., a printer, card reader, etc.).
The mass storage device 2516 may include a machine-readable medium 2522 on which is stored one or more sets of data structures or instructions 2524 (e.g., software) embodying or utilized by any one or more of the techniques or functions described herein. The instructions 2524 may also reside, completely or at least partially, within the main memory 2504, within the static memory 2506, within the hardware processor 2502, or within the SED 2503 during execution thereof by the machine 2500. In an example, one or any combination of the hardware processor 2502, the SED 2503, the main memory 2504, the static memory 2506, or the mass storage device 2516 may constitute machine-readable media.
While the machine-readable medium 2522 is illustrated as a single medium, the term “machine-readable medium” may include a single medium, or multiple media, (e.g., a centralized or distributed database, and/or associated caches and servers) configured to store the one or more instructions 2524.
The term “machine-readable medium” may include any medium that is capable of storing, encoding, or carrying instructions 2524 for execution by the machine 2500 and that cause the machine 2500 to perform any one or more of the techniques of the present disclosure, or that is capable of storing, encoding, or carrying data structures used by or associated with such instructions 2524. Non-limiting machine-readable medium examples may include solid-state memories, and optical and magnetic media. In an example, a massed machine-readable medium comprises a machine-readable medium 2522 with a plurality of particles having invariant (e.g., rest) mass. Accordingly, massed machine-readable media are not transitory propagating signals. Specific examples of massed machine-readable media may include non-volatile memory, such as semiconductor memory devices (e.g., Electrically Programmable Read-Only Memory (EPROM), Electrically Erasable Programmable Read-Only Memory (EEPROM)) and flash memory devices; magnetic disks, such as internal hard disks and removable disks; magneto-optical disks; and CD-ROM and DVD-ROM disks.
The instructions 2524 may further be transmitted or received over a communications network 2526 using a transmission medium via the network interface device 2520.
As used herein, the term “or” may be construed in either an inclusive or exclusive sense. Moreover, plural instances may be provided for resources, operations, or structures described herein as a single instance. Additionally, boundaries between various resources, operations, modules, engines, and data stores are somewhat arbitrary, and particular operations are illustrated in a context of specific illustrative configurations. Other allocations of functionality are envisioned and may fall within a scope of various embodiments of the present disclosure. In general, structures and functionality presented as separate resources in the example configurations may be implemented as a combined structure or resource. Similarly, structures and functionality presented as a single resource may be implemented as separate resources. These and other variations, modifications, additions, and improvements fall within a scope of embodiments of the present disclosure as represented by the appended claims. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense.
While the invention has been described in conjunction with a specific best mode, it is to be understood that many alternatives, modifications, and variations will be apparent to those skilled in the art in light of the foregoing description. Accordingly, it is intended to embrace all such alternatives, modifications, and variations that fall within the scope of the included claims. All matters set forth herein or shown in the accompanying drawings are to be interpreted in an illustrative and non-limiting sense.
This application is a continuation-in-part Application of U.S. patent application Ser. No. 16/103,979, entitled “Self-Encrypting Module with Embedded Wireless User Authentication,” filed on Aug. 16, 2018, which is a continuation-in-part of Application of U.S. patent application Ser. No. 14/987,749, entitled “Data Security System with Encryption,” filed on Jan. 4, 2016, which is a continuation-in-part of U.S. patent application Ser. No. 12/680,742 filed Mar. 29, 2010, which is the National Stage of International Application number PCT/US2008/077766, filed Sep. 26, 2008, which claims the benefit of U.S. Provisional Patent Application Ser. No. 60/975,814 filed Sep. 27, 2007, all of which are incorporated herein by reference in their entirety. The present application contains subject matter related to U.S. patent application Ser. No. 14/987,678, filed on Jan. 4, 2016, entitled “Data Security System with Encryption,” which is incorporated herein by reference.
Number | Name | Date | Kind |
---|---|---|---|
5942985 | Chin | Aug 1999 | A |
6085090 | Yee et al. | Jul 2000 | A |
6175922 | Wang | Jan 2001 | B1 |
6298441 | Bar-on et al. | Oct 2001 | B1 |
6480096 | Gutman et al. | Nov 2002 | B1 |
6490443 | Freeny, Jr. | Dec 2002 | B1 |
6529949 | Getsin | Mar 2003 | B1 |
6542071 | Ohtsubo et al. | Apr 2003 | B1 |
6760688 | Suzuki et al. | Jul 2004 | B2 |
6763252 | Itazawa | Jul 2004 | B2 |
6795421 | Heinonen | Sep 2004 | B1 |
6845398 | Galensky | Jan 2005 | B1 |
6954753 | Jeran | Oct 2005 | B1 |
6975202 | Rodriguez | Dec 2005 | B1 |
6985719 | Leppinen et al. | Jan 2006 | B2 |
7043643 | Doe et al. | May 2006 | B1 |
7069447 | Corder | Jun 2006 | B1 |
7089424 | Subbiah | Aug 2006 | B1 |
7120696 | Au et al. | Oct 2006 | B1 |
7269634 | Getsin et al. | Sep 2007 | B2 |
7377422 | Fujinaga | May 2008 | B2 |
7391319 | Walker | Jun 2008 | B1 |
7421735 | Kerstens | Sep 2008 | B2 |
7437145 | Hamada | Oct 2008 | B2 |
7498985 | Woo et al. | Mar 2009 | B1 |
7526934 | Conforti | May 2009 | B2 |
7600000 | Yao et al. | Oct 2009 | B2 |
7600130 | Ooi et al. | Oct 2009 | B2 |
7606558 | Despain | Oct 2009 | B2 |
7624265 | Slyva et al. | Nov 2009 | B1 |
7624280 | Oskari | Nov 2009 | B2 |
7685629 | White et al. | Mar 2010 | B1 |
7697920 | McClain | Apr 2010 | B1 |
7734293 | Zilliacus | Jun 2010 | B2 |
7801561 | Parikh et al. | Sep 2010 | B2 |
7925895 | Kanazawa et al. | Apr 2011 | B2 |
7941579 | Uno | May 2011 | B2 |
7979054 | Baysinger | Jul 2011 | B2 |
8051302 | Hatanaka et al. | Nov 2011 | B1 |
8058971 | Harkins | Nov 2011 | B2 |
8108904 | Chickering et al. | Jan 2012 | B1 |
8151116 | Van et al. | Apr 2012 | B2 |
8160567 | Opaluch | Apr 2012 | B2 |
8171303 | Bronstein et al. | May 2012 | B2 |
8229852 | Carlson | Jul 2012 | B2 |
8311517 | Brass | Nov 2012 | B2 |
8316226 | Kshirsagar et al. | Nov 2012 | B1 |
8332650 | Banes et al. | Dec 2012 | B2 |
8434133 | Kulkarni et al. | Apr 2013 | B2 |
8474028 | Kulkarni et al. | Jun 2013 | B2 |
8560457 | Macdonald et al. | Oct 2013 | B2 |
8639873 | Jevans | Jan 2014 | B1 |
8683550 | Hung | Mar 2014 | B2 |
8832440 | Johnson et al. | Sep 2014 | B2 |
8988187 | Wong et al. | Mar 2015 | B2 |
9002800 | Yueh | Apr 2015 | B1 |
9049010 | Jueneman et al. | Jun 2015 | B2 |
9075571 | Bolotin et al. | Jul 2015 | B2 |
9087246 | Chin et al. | Jul 2015 | B1 |
9208242 | Kindberg | Dec 2015 | B2 |
9262611 | Johnson et al. | Feb 2016 | B2 |
9591693 | Stroud | Mar 2017 | B2 |
9604651 | Amireddy et al. | Mar 2017 | B1 |
9811958 | Hall et al. | Nov 2017 | B1 |
9813416 | Bolotin et al. | Nov 2017 | B2 |
9893892 | Priebatsch | Feb 2018 | B2 |
9900305 | Levergood et al. | Feb 2018 | B2 |
9960916 | Corndorf | May 2018 | B2 |
10037525 | Neafsey | Jul 2018 | B2 |
10146706 | Bolotin et al. | Dec 2018 | B2 |
10181055 | Bolotin et al. | Jan 2019 | B2 |
10498399 | Kamkar et al. | Dec 2019 | B1 |
10754992 | Bolotin et al. | Aug 2020 | B2 |
10778417 | Bolotin et al. | Sep 2020 | B2 |
10783232 | Bolotin et al. | Sep 2020 | B2 |
10985909 | Bolotin et al. | Apr 2021 | B2 |
20010034714 | Terao et al. | Oct 2001 | A1 |
20010051996 | Cooper et al. | Dec 2001 | A1 |
20020023198 | Kokubun | Feb 2002 | A1 |
20020023215 | Wang et al. | Feb 2002 | A1 |
20020025803 | Park | Feb 2002 | A1 |
20020032039 | Kimata | Mar 2002 | A1 |
20020052193 | Chetty | May 2002 | A1 |
20020081995 | Leppinen | Jun 2002 | A1 |
20020082917 | Takano | Jun 2002 | A1 |
20020094777 | Cannon | Jul 2002 | A1 |
20020099661 | Kii | Jul 2002 | A1 |
20020136407 | Denning et al. | Sep 2002 | A1 |
20020147525 | Cayne | Oct 2002 | A1 |
20020156921 | Dutta | Oct 2002 | A1 |
20020169988 | Vandergeest et al. | Nov 2002 | A1 |
20020176385 | Huh | Nov 2002 | A1 |
20020178370 | Gurevich et al. | Nov 2002 | A1 |
20020178385 | Dent et al. | Nov 2002 | A1 |
20020179622 | Mase | Dec 2002 | A1 |
20020184652 | Cezeaux | Dec 2002 | A1 |
20020194470 | Grupe | Dec 2002 | A1 |
20020194476 | Lewis et al. | Dec 2002 | A1 |
20020194500 | Bajikar | Dec 2002 | A1 |
20030006879 | Kang et al. | Jan 2003 | A1 |
20030025589 | Koike | Feb 2003 | A1 |
20030046593 | Xie | Mar 2003 | A1 |
20030048174 | Stevens et al. | Mar 2003 | A1 |
20030093693 | Blight | May 2003 | A1 |
20030106935 | Burchette, Jr. | Jun 2003 | A1 |
20030108205 | Joyner et al. | Jun 2003 | A1 |
20030109218 | Pourkeramati et al. | Jun 2003 | A1 |
20030112977 | Ray | Jun 2003 | A1 |
20030128822 | Leivo et al. | Jul 2003 | A1 |
20030158891 | Lei et al. | Aug 2003 | A1 |
20030172269 | Newcombe | Sep 2003 | A1 |
20030176218 | Lemay et al. | Sep 2003 | A1 |
20030188207 | Schelling | Oct 2003 | A1 |
20030191955 | Wagner et al. | Oct 2003 | A1 |
20030212607 | Chu et al. | Nov 2003 | A1 |
20030226011 | Kuwano et al. | Dec 2003 | A1 |
20030226025 | Lin et al. | Dec 2003 | A1 |
20040009815 | Zotto et al. | Jan 2004 | A1 |
20040023642 | Tezuka | Feb 2004 | A1 |
20040044897 | Lim | Mar 2004 | A1 |
20040046017 | Sueyoshi | Mar 2004 | A1 |
20040073792 | Noble et al. | Apr 2004 | A1 |
20040073796 | Kang | Apr 2004 | A1 |
20040078568 | Pham | Apr 2004 | A1 |
20040081110 | Koskimies | Apr 2004 | A1 |
20040097217 | McClain | May 2004 | A1 |
20040103288 | Ziv | May 2004 | A1 |
20040103345 | Dunstan | May 2004 | A1 |
20040106433 | Ooki | Jun 2004 | A1 |
20040122907 | Chou | Jun 2004 | A1 |
20040139207 | De | Jul 2004 | A1 |
20040142709 | Coskun | Jul 2004 | A1 |
20040143730 | Wen | Jul 2004 | A1 |
20040162076 | Chowdry | Aug 2004 | A1 |
20040172538 | Satoh et al. | Sep 2004 | A1 |
20040198430 | Moriyama | Oct 2004 | A1 |
20040203602 | Karaoguz | Oct 2004 | A1 |
20040235514 | Bloch | Nov 2004 | A1 |
20040236918 | Okaue | Nov 2004 | A1 |
20040236919 | Okaue | Nov 2004 | A1 |
20040236939 | Watanabe | Nov 2004 | A1 |
20040240411 | Suzuki | Dec 2004 | A1 |
20040259545 | Morita | Dec 2004 | A1 |
20050021959 | Tsushima et al. | Jan 2005 | A1 |
20050036509 | Acharya | Feb 2005 | A1 |
20050044404 | Bhansali et al. | Feb 2005 | A1 |
20050060555 | Raghunath et al. | Mar 2005 | A1 |
20050080903 | Valenci | Apr 2005 | A1 |
20050097320 | Golan et al. | May 2005 | A1 |
20050114689 | Strom et al. | May 2005 | A1 |
20050138377 | First | Jun 2005 | A1 |
20050152305 | Ji | Jul 2005 | A1 |
20050184145 | Law | Aug 2005 | A1 |
20050206353 | Sengoku | Sep 2005 | A1 |
20050210271 | Chou | Sep 2005 | A1 |
20050210283 | Kato | Sep 2005 | A1 |
20050210380 | Kramer et al. | Sep 2005 | A1 |
20050219036 | Ueda et al. | Oct 2005 | A1 |
20050226423 | Li | Oct 2005 | A1 |
20050270139 | Park et al. | Dec 2005 | A1 |
20050273817 | Rodriguez et al. | Dec 2005 | A1 |
20050283614 | Hardt | Dec 2005 | A1 |
20050288060 | Kojima | Dec 2005 | A1 |
20060005023 | Homer | Jan 2006 | A1 |
20060007897 | Ishii | Jan 2006 | A1 |
20060026689 | Barker et al. | Feb 2006 | A1 |
20060041750 | Carter et al. | Feb 2006 | A1 |
20060047961 | Hashimoto et al. | Mar 2006 | A1 |
20060048236 | Multerer | Mar 2006 | A1 |
20060063590 | Abassi | Mar 2006 | A1 |
20060064757 | Poslinski | Mar 2006 | A1 |
20060069711 | Tsunekawa | Mar 2006 | A1 |
20060085644 | Isozaki et al. | Apr 2006 | A1 |
20060085847 | Ikeuchi | Apr 2006 | A1 |
20060105740 | Puranik | May 2006 | A1 |
20060105749 | Han et al. | May 2006 | A1 |
20060123056 | Darbha | Jun 2006 | A1 |
20060128305 | Delalat | Jun 2006 | A1 |
20060129829 | Aaron | Jun 2006 | A1 |
20060133606 | Eberwein et al. | Jun 2006 | A1 |
20060135065 | Lee et al. | Jun 2006 | A1 |
20060141986 | Shinozaki | Jun 2006 | A1 |
20060152374 | Singer et al. | Jul 2006 | A1 |
20060161749 | Chen et al. | Jul 2006 | A1 |
20060170533 | Chioiu | Aug 2006 | A1 |
20060176146 | Krishan | Aug 2006 | A1 |
20060179304 | Han | Aug 2006 | A1 |
20060190724 | Adams et al. | Aug 2006 | A1 |
20060052085 | Gregrio et al. | Sep 2006 | A1 |
20060200305 | Sheha et al. | Sep 2006 | A1 |
20060200681 | Kato | Sep 2006 | A1 |
20060206709 | Labrou | Sep 2006 | A1 |
20060206720 | Harada | Sep 2006 | A1 |
20060233374 | Adams et al. | Oct 2006 | A1 |
20060236105 | Brok | Oct 2006 | A1 |
20060236363 | Heard | Oct 2006 | A1 |
20060240806 | Demirbasa | Oct 2006 | A1 |
20060248599 | Sack et al. | Nov 2006 | A1 |
20060265605 | Ramezani | Nov 2006 | A1 |
20060267936 | Hoerl | Nov 2006 | A1 |
20060271789 | Satomura | Nov 2006 | A1 |
20060281441 | Okochi | Dec 2006 | A1 |
20070011724 | Gonzalez et al. | Jan 2007 | A1 |
20070015589 | Shimizu et al. | Jan 2007 | A1 |
20070016743 | Jevans | Jan 2007 | A1 |
20070050622 | Rager | Mar 2007 | A1 |
20070050643 | Negishi | Mar 2007 | A1 |
20070053308 | DuMas | Mar 2007 | A1 |
20070066280 | Arai | Mar 2007 | A1 |
20070073937 | Feinberg | Mar 2007 | A1 |
20070088521 | Shmueli et al. | Apr 2007 | A1 |
20070092082 | Rush | Apr 2007 | A1 |
20070098176 | Song | May 2007 | A1 |
20070100771 | Eckleder et al. | May 2007 | A1 |
20070113081 | Camp | May 2007 | A1 |
20070115091 | Bandaru | May 2007 | A1 |
20070143013 | Breen et al. | Jun 2007 | A1 |
20070149170 | Bloebaum | Jun 2007 | A1 |
20070162963 | Penet | Jul 2007 | A1 |
20070172063 | Biggs et al. | Jul 2007 | A1 |
20070191057 | Kamada | Aug 2007 | A1 |
20070192488 | Dacosta | Aug 2007 | A1 |
20070192601 | Spain et al. | Aug 2007 | A1 |
20070198856 | Lee et al. | Aug 2007 | A1 |
20070200671 | Kelley et al. | Aug 2007 | A1 |
20070203618 | McBride | Aug 2007 | A1 |
20070220255 | Igarashi | Sep 2007 | A1 |
20070229221 | Saotome | Oct 2007 | A1 |
20070239994 | Kulkarni et al. | Oct 2007 | A1 |
20070244822 | Hogan | Oct 2007 | A1 |
20070248232 | Driscoll et al. | Oct 2007 | A1 |
20070255962 | Lu et al. | Nov 2007 | A1 |
20070264965 | Taniguchi | Nov 2007 | A1 |
20070287418 | Reddy | Dec 2007 | A1 |
20070288386 | Adachi et al. | Dec 2007 | A1 |
20070290797 | Harkins | Dec 2007 | A1 |
20070290798 | Larson | Dec 2007 | A1 |
20070290799 | Harkins | Dec 2007 | A1 |
20070294746 | Sasakura | Dec 2007 | A1 |
20070300052 | Jevans | Dec 2007 | A1 |
20070300063 | Adams et al. | Dec 2007 | A1 |
20080005577 | Rager | Jan 2008 | A1 |
20080006685 | Rackley, III | Jan 2008 | A1 |
20080010190 | Rackley, III | Jan 2008 | A1 |
20080010191 | Rackley, III | Jan 2008 | A1 |
20080010192 | Rackley, III | Jan 2008 | A1 |
20080010193 | Rackley, III | Jan 2008 | A1 |
20080010196 | Rackley, III | Jan 2008 | A1 |
20080010204 | Rackley, III | Jan 2008 | A1 |
20080010215 | Rackley, III | Jan 2008 | A1 |
20080010465 | Shen | Jan 2008 | A1 |
20080011827 | Little et al. | Jan 2008 | A1 |
20080014869 | Demirbasa | Jan 2008 | A1 |
20080017711 | Adams | Jan 2008 | A1 |
20080022043 | Adams | Jan 2008 | A1 |
20080022090 | Kishimoto | Jan 2008 | A1 |
20080028120 | Mcleod | Jan 2008 | A1 |
20080030304 | Doan | Feb 2008 | A1 |
20080034019 | Cisler et al. | Feb 2008 | A1 |
20080034223 | Funahashi | Feb 2008 | A1 |
20080039134 | Hattori | Feb 2008 | A1 |
20080040265 | Rackley, III | Feb 2008 | A1 |
20080041936 | Vawter | Feb 2008 | A1 |
20080041943 | Radicella et al. | Feb 2008 | A1 |
20080041951 | Adams | Feb 2008 | A1 |
20080045177 | Wise | Feb 2008 | A1 |
20080048846 | Nagai et al. | Feb 2008 | A1 |
20080052439 | Young et al. | Feb 2008 | A1 |
20080052765 | Shinomiya et al. | Feb 2008 | A1 |
20080055041 | Takene | Mar 2008 | A1 |
20080070495 | Stricklen et al. | Mar 2008 | A1 |
20080070501 | Wyld | Mar 2008 | A1 |
20080086320 | Ballew et al. | Apr 2008 | A1 |
20080086323 | Petrie et al. | Apr 2008 | A1 |
20080086509 | Wallace | Apr 2008 | A1 |
20080086764 | Kulkarni et al. | Apr 2008 | A1 |
20080086767 | Kulkarni et al. | Apr 2008 | A1 |
20080086770 | Kulkarni et al. | Apr 2008 | A1 |
20080090612 | Glinka | Apr 2008 | A1 |
20080098134 | Van Acht | Apr 2008 | A1 |
20080098225 | Baysinger | Apr 2008 | A1 |
20080114855 | Welingkar | May 2008 | A1 |
20080115141 | Welingkar | May 2008 | A1 |
20080115152 | Welingkar | May 2008 | A1 |
20080115226 | Welingkar | May 2008 | A1 |
20080120726 | Tsunehiro | May 2008 | A1 |
20080120729 | Eren | May 2008 | A1 |
20080126145 | Rackley, III | May 2008 | A1 |
20080130575 | Jun et al. | Jun 2008 | A1 |
20080141041 | Molaro et al. | Jun 2008 | A1 |
20080141378 | Mclean | Jun 2008 | A1 |
20080144829 | Mitsuoka et al. | Jun 2008 | A1 |
20080148369 | Aaron | Jun 2008 | A1 |
20080151847 | Abujbara | Jun 2008 | A1 |
20080167002 | Kim | Jul 2008 | A1 |
20080168247 | Goodwill | Jul 2008 | A1 |
20080177860 | Khedouri | Jul 2008 | A1 |
20080195863 | Kennedy | Aug 2008 | A1 |
20080209553 | Lu et al. | Aug 2008 | A1 |
20080212771 | Hauser | Sep 2008 | A1 |
20080212783 | Oba | Sep 2008 | A1 |
20080214215 | Aaltonen | Sep 2008 | A1 |
20080215841 | Bolotin | Sep 2008 | A1 |
20080216153 | Aaltonen | Sep 2008 | A1 |
20080222734 | Redlich | Sep 2008 | A1 |
20080238669 | Linford | Oct 2008 | A1 |
20080252415 | Larson et al. | Oct 2008 | A1 |
20080261560 | Ruckart | Oct 2008 | A1 |
20080263363 | Jueneman et al. | Oct 2008 | A1 |
20080267404 | Budde et al. | Oct 2008 | A1 |
20080274718 | Roper | Nov 2008 | A1 |
20080287067 | Kawamura et al. | Nov 2008 | A1 |
20080303631 | Beekley et al. | Dec 2008 | A1 |
20080313082 | Bosch | Dec 2008 | A1 |
20080320600 | Pandiscia | Dec 2008 | A1 |
20090025435 | Popowski | Jan 2009 | A1 |
20090034731 | Oshima | Feb 2009 | A1 |
20090036164 | Rowley | Feb 2009 | A1 |
20090037748 | Kim et al. | Feb 2009 | A1 |
20090040028 | Price | Feb 2009 | A1 |
20090052393 | Sood | Feb 2009 | A1 |
20090054104 | Borean | Feb 2009 | A1 |
20090063802 | Johnson | Mar 2009 | A1 |
20090063851 | Nijdam | Mar 2009 | A1 |
20090070857 | Azuma | Mar 2009 | A1 |
20090083449 | Mashinsky | Mar 2009 | A1 |
20090097719 | Lim | Apr 2009 | A1 |
20090119754 | Schubert | May 2009 | A1 |
20090178144 | Redlich | Jul 2009 | A1 |
20090182931 | Gill | Jul 2009 | A1 |
20090187720 | Hong | Jul 2009 | A1 |
20090193517 | Machiyama | Jul 2009 | A1 |
20090232312 | Inoue et al. | Sep 2009 | A1 |
20090300710 | Chai et al. | Dec 2009 | A1 |
20090307489 | Endoh | Dec 2009 | A1 |
20100015942 | Huang | Jan 2010 | A1 |
20100031336 | Dumont | Feb 2010 | A1 |
20100135491 | Bhuyan | Jun 2010 | A1 |
20100138908 | Vennelakanti et al. | Jun 2010 | A1 |
20100159852 | Kakaire | Jun 2010 | A1 |
20100250937 | Blomquist | Sep 2010 | A1 |
20100251358 | Kobayashi | Sep 2010 | A1 |
20100253508 | Koen et al. | Oct 2010 | A1 |
20100274859 | Bucuk | Oct 2010 | A1 |
20100287373 | Johnson et al. | Nov 2010 | A1 |
20110035788 | White et al. | Feb 2011 | A1 |
20110060921 | Michael | Mar 2011 | A1 |
20110231911 | White et al. | Sep 2011 | A1 |
20110313922 | Ben Ayed | Dec 2011 | A1 |
20120226912 | King | Sep 2012 | A1 |
20120233681 | Adams et al. | Sep 2012 | A1 |
20120234058 | Neil et al. | Sep 2012 | A1 |
20120254602 | Bhansali et al. | Oct 2012 | A1 |
20130010962 | Buer et al. | Jan 2013 | A1 |
20130061315 | Jevans | Mar 2013 | A1 |
20130073406 | Gazdzinski | Mar 2013 | A1 |
20130214935 | Kim et al. | Aug 2013 | A1 |
20130237193 | Dumas et al. | Sep 2013 | A1 |
20130269026 | Deluca | Oct 2013 | A1 |
20130283049 | Brown | Oct 2013 | A1 |
20140109203 | Pemmaraju | Apr 2014 | A1 |
20140120905 | Kim | May 2014 | A1 |
20140265359 | Cheng et al. | Sep 2014 | A1 |
20140282877 | Mahaffey et al. | Sep 2014 | A1 |
20140372743 | Rogers et al. | Dec 2014 | A1 |
20150058624 | Borisov et al. | Feb 2015 | A1 |
20150102899 | Kim et al. | Apr 2015 | A1 |
20150199863 | Scoggins et al. | Jul 2015 | A1 |
20150278125 | Bolotin et al. | Oct 2015 | A1 |
20160035163 | Conrad et al. | Feb 2016 | A1 |
20160036594 | Conrad et al. | Feb 2016 | A1 |
20160036788 | Conrad et al. | Feb 2016 | A1 |
20160036814 | Conrad et al. | Feb 2016 | A1 |
20160042581 | Ku | Feb 2016 | A1 |
20160098874 | Handville et al. | Apr 2016 | A1 |
20160104334 | Handville et al. | Apr 2016 | A1 |
20160119339 | Bolotin et al. | Apr 2016 | A1 |
20160180618 | Ho et al. | Jun 2016 | A1 |
20160239001 | Chin et al. | Aug 2016 | A1 |
20160259736 | Bolotin et al. | Sep 2016 | A1 |
20160277439 | Rotter et al. | Sep 2016 | A1 |
20160337863 | Robinson et al. | Nov 2016 | A1 |
20160343181 | Cheng et al. | Nov 2016 | A1 |
20160343185 | Dumas | Nov 2016 | A1 |
20170017810 | Bolotin et al. | Jan 2017 | A1 |
20170032602 | Cheng et al. | Feb 2017 | A1 |
20170053467 | Meganck et al. | Feb 2017 | A1 |
20170070345 | Lee et al. | Mar 2017 | A9 |
20170075636 | Chang | Mar 2017 | A1 |
20170109952 | Johnson | Apr 2017 | A1 |
20170136990 | Tercero | May 2017 | A1 |
20170169679 | Johnson et al. | Jun 2017 | A1 |
20170191287 | Mittleman et al. | Jul 2017 | A1 |
20170214528 | Priebatsch | Jul 2017 | A1 |
20170243420 | Lien | Aug 2017 | A1 |
20170243425 | Meganck et al. | Aug 2017 | A1 |
20170352215 | Maiwand et al. | Dec 2017 | A1 |
20170372550 | Lin | Dec 2017 | A1 |
20180009416 | Maiwand et al. | Jan 2018 | A1 |
20180013815 | Gold | Jan 2018 | A1 |
20180096546 | Bartels | Apr 2018 | A1 |
20180114387 | Klink et al. | Apr 2018 | A1 |
20180114389 | Geiszler | Apr 2018 | A1 |
20180248704 | Coode et al. | Aug 2018 | A1 |
20180262336 | Fujiwara et al. | Sep 2018 | A1 |
20180268633 | Kwon et al. | Sep 2018 | A1 |
20180307869 | Bolotin et al. | Oct 2018 | A1 |
20180357406 | Bolotin et al. | Dec 2018 | A1 |
20190001925 | Arakawa et al. | Jan 2019 | A1 |
20190007203 | Bolotin et al. | Jan 2019 | A1 |
20190012860 | Lee et al. | Jan 2019 | A1 |
20190035189 | Miyamoto et al. | Jan 2019 | A1 |
20190066415 | Pang et al. | Feb 2019 | A1 |
20190073842 | Lee et al. | Mar 2019 | A1 |
20190130673 | Beck | May 2019 | A1 |
20190147676 | Madzhunkov et al. | May 2019 | A1 |
20190205818 | Sakurada et al. | Jul 2019 | A1 |
20190289553 | Kincaid et al. | Sep 2019 | A1 |
20190297134 | Gold | Sep 2019 | A1 |
20190304227 | Chen | Oct 2019 | A1 |
20190325677 | Lingala et al. | Oct 2019 | A1 |
20190385392 | Cho et al. | Dec 2019 | A1 |
20200013238 | Shimano | Jan 2020 | A1 |
20200043271 | Anderson et al. | Feb 2020 | A1 |
20200051351 | Shin | Feb 2020 | A1 |
20200052905 | Mathias et al. | Feb 2020 | A1 |
20200156591 | Arakawa et al. | May 2020 | A1 |
20200327211 | Bolotin et al. | Oct 2020 | A1 |
20200328880 | Bolotin et al. | Oct 2020 | A1 |
20200366470 | Bolotin et al. | Nov 2020 | A1 |
Number | Date | Country |
---|---|---|
1378667 | Nov 2002 | CN |
108604982 | Sep 2018 | CN |
108604982 | Sep 2020 | CN |
112054892 | Dec 2020 | CN |
2562923 | Feb 2020 | GB |
2580549 | Dec 2020 | GB |
2004326763 | Nov 2004 | JP |
2006139757 | Jun 2006 | JP |
2006251857 | Sep 2006 | JP |
2009524880 | Jul 2009 | JP |
2013515296 | May 2013 | JP |
2014530562 | Nov 2014 | JP |
2019511791 | Apr 2019 | JP |
6633228 | Dec 2019 | JP |
2020057412 | Apr 2020 | JP |
1020010106325 | Nov 2001 | KR |
1020050023050 | Mar 2005 | KR |
102054711 | Dec 2019 | KR |
102201093 | Jan 2021 | KR |
583568 | Apr 2004 | TW |
I252701 | Apr 2006 | TW |
200715801 | Apr 2007 | TW |
200915074 | Apr 2009 | TW |
201530338 | Aug 2015 | TW |
201546729 | Dec 2015 | TW |
537732 | Jun 2016 | TW |
201737151 | Oct 2017 | TW |
202016779 | May 2020 | TW |
I692704 | May 2020 | TW |
202029042 | Aug 2020 | TW |
WO-2006041569 | Apr 2006 | WO |
WO-2009042820 | Apr 2009 | WO |
WO-2017123433 | Jul 2017 | WO |
WO-2020037053 | Feb 2020 | WO |
Entry |
---|
“U.S. Appl. No. 16/987,834, Non Final Office Action dated Sep. 1, 2020”, 14 pgs. |
“Korean Application Serial No. 10-2019-7035893, Response filed Aug. 24, 2020 to Notice of Preliminary Rejection dated Jun. 24, 2020”, w/ English Claims, 29 pgs. |
“United Kingdom Application Serial No. 1919421.6, Intent to Grant Under Section 18(4) dated Oct. 9, 2020”, 2 pgs. |
“U.S. Appl. No. 16/987,834, Response filed Oct. 16, 2020 to Non Final Office Action dated Sep. 1, 2020”, 12 pgs. |
“U.S. Appl. No. 16/987,834, Final Office Action dated Nov. 5, 2020”, 18 pgs. |
“Taiwanese Application Serial No. 109109809, Office Action dated Oct. 8, 2020”, w/ English Translation, 36 pgs. |
“U.S. Appl. No. 12/680,742, Advisory Action dated Jan. 27, 2015”, 3 pgs. |
“U.S. Appl. No. 12/680,742, Advisory Action dated Dec. 19, 2013”, 3 pgs. |
“U.S. Appl. No. 12/680,742, Final Office Action dated Sep. 27, 2013”, 13 pgs. |
“U.S. Appl. No. 12/680,742, Final Office Action dated Oct. 28, 2014”, 16 pgs. |
“U.S. Appl. No. 12/680,742, Non Final Office Action dated Mar. 12, 2013”, 12 pgs. |
“U.S. Appl. No. 12/680,742, Non Final Office Action dated Mar. 27, 2015”, 15 pgs. |
“U.S. Appl. No. 12/680,742, Non Final Office Action dated Apr. 7, 2014”, 14 pgs. |
“U.S. Appl. No. 12/680,742, Notice of Allowance dated Oct. 1, 2015”, 8 pgs. |
“U.S. Appl. No. 12/680,742, Preliminary Amendment filed Jun. 5, 2012”, 2 pgs. |
“U.S. Appl. No. 12/680,742, Response filed Jun. 12, 2013 to Non Final Office Action dated Mar. 12, 2013”, 16 pgs. |
“U.S. Appl. No. 12/680,742, Response filed Jun. 29, 2015 to Non Final Office Action dated Mar. 27, 2015”, 14 pgs. |
“U.S. Appl. No. 12/680,742, Response filed Jul. 7, 2014 to Non Final Office Action dated Apr. 7, 2014”, 20 pgs. |
“U.S. Appl. No. 12/680,742, Response filed Nov. 27, 2013 to Final Office Action dated Sep. 27, 2013”, 15 pgs. |
“U.S. Appl. No. 12/680,742, Response filed Dec. 29, 2014 to Final Office Action dated Oct. 28, 2014”, 16 pgs. |
“U.S. Appl. No. 14/987,678, 312 Amendment filed Sep. 5, 2017”, 3 pgs. |
“U.S. Appl. No. 14/987,678, Non Final Office Action dated Feb. 10, 2017”, 11 pgs. |
“U.S. Appl. No. 14/987,678, Notice of Allowance dated Aug. 10, 2017”, 9 pgs. |
“U.S. Appl. No. 14/987,678, PTO Response to Rule 312 Communication dated Sep. 11, 2017”, 2 pgs. |
“Application Serial No. 14/987,678, Response filed Jun. 21, 2017 to Non Final Office Action dated Feb. 10, 2017”, 9 pgs. |
“U.S. Appl. No. 14/987,749, Examiner Interview Summary dated Sep. 10, 2018”, 2 pgs. |
“U.S. Appl. No. 14/987,749, Final Office Action dated Feb. 22, 2018”, 15 pgs. |
“U.S. Appl. No. 14/987,749, Non Final Office Action dated Jun. 7, 2018”, 11 pgs. |
“U.S. Appl. No. 14/987,749, Non Final Office Action dated Aug. 10, 2017”, 12 pgs. |
“U.S. Appl. No. 14/987,749, Notice of Allowance dated Sep. 27, 2018”, 14 pgs. |
“U.S. Appl. No. 14/987,749, Response filed May 4, 2018 to Final Office Action dated Feb. 22, 2018”, 21 pgs. |
“U.S. Appl. No. 14/987,749, Response filed Sep. 11, 2018 to Non Final Office Action dated Jun. 7, 2018”, 12 pgs. |
“U.S. Appl. No. 14/987,749, Response filed Nov. 10, 2017 to Non Final Office Action dated Aug. 10, 2017”, 14 pgs. |
“U.S. Appl. No. 16/021,547, Final Office Action dated Feb. 3, 2020”, 17 pgs. |
“U.S. Appl. No. 16/021,547, Non Final Office Action dated Aug. 7, 2019”, 16 pgs. |
“U.S. Appl. No. 16/021,547, Notice of Allowance dated Apr. 22, 2020”, 17 pgs. |
“U.S. Appl. No. 16/021,547, Response filed Mar. 31, 2020 to Final Office Action dated Feb. 3, 2020”, 17 pgs. |
“U.S. Appl. No. 16/021,547, Response filed Nov. 7, 2019 to Non Final Office Action dated Aug. 7, 2019”, 16 pgs. |
“U.S. Appl. No. 16/103,979, Final Office Action dated Feb. 28, 2020”, 12 pgs. |
“U.S. Appl. No. 16/103,979, Non Final Office Action dated Oct. 2, 2019”, 14 pgs. |
“U.S. Appl. No. 16/103,979, Notice of Allowance dated May 7, 2020”, 16 pgs. |
“U.S. Appl. No. 16/103,979, Response filed Apr. 28, 2020 to Final Office Action dated Feb. 28, 2020”, 8 pgs. |
“U.S. Appl. No. 16/103,979, Response filed Dec. 5, 2019 to Non Final Office Action dated Oct. 2, 2019”, 15 pgs. |
“U.S. Appl. No. 16/103,983, Final Office Action dated Mar. 10, 2020”, 11 pgs. |
“U.S. Appl. No. 16/103,983, Non Final Office Action dated Sep. 5, 2019”, 16 pgs. |
“U.S. Appl. No. 16/103,983, Notice of Allowance dated Jun. 2, 2020”, 15 pgs. |
“U.S. Appl. No. 16/103,983, Response filed Apr. 27, 2020 to Final Office Action dated Mar. 10, 2020”, 8 pgs. |
“U.S. Appl. No. 16/103,983, Response filed Dec. 3, 2019 to Non Final Office Action mailed”, 19 pgs. |
“Chinese Application Serial No. 201780005638.6, Office Action dated Feb. 3, 2020”, w/ English Translation, 8 pgs. |
“Chinese Application Serial No. 201780005638.6, Office Action dated Jul. 2, 2019”, w/ English Translation, 15 pgs. |
“Chinese Application Serial No. 201780005638.6, Response filed Apr. 2, 2020 to Office Action dated Feb. 3, 2020”, w/ English Claims, 31 pgs. |
“Chinese Application Serial No. 201780005638.6, Response filed Apr. 21, 2020 to Examiner Interview”, w/ English Claims, 12 pgs. |
“Chinese Application Serial No. 201780005638.6, Response filed Nov. 6, 2019 to Office Action dated Jul. 2, 2019”, w/ English Claims, 18 pgs. |
“Chinese Application Serial No. 201780005638.6, Voluntary Amendment filed Apr. 1, 2019”, w/ English Claims, 19 pgs. |
“International Application Serial No. PCT/US2008/077766, International Preliminary Report on Patentability dated Mar. 30, 2010”, 8 pgs. |
“International Application Serial No. PCT/US2008/077766, International Search Report dated Mar. 31, 2009”, 3 pgs. |
“International Application Serial No. PCT/US2008/077766, Written Opinion dated Mar. 31, 2009”, 7 pgs. |
“International Application Serial No. PCT/US2017/012060, International Preliminary Report on Patentability dated Jul. 19, 2018”, 8 pgs. |
“International Application Serial No. PCT/US2017/012060, International Search Report dated Mar. 27, 2017”, 2 pgs. |
“International Application Serial No. PCT/US2017/012060, Written Opinion dated Mar. 27, 2017”, 6 pgs. |
“International Application Serial No. PCT/US2019/046522, International Search Report dated Oct. 17, 2019”, 5 pgs. |
“International Application Serial No. PCT/US2019/046522, Written Opinion dated Oct. 17, 2019”, 7 pgs. |
“Japanese Application Serial No. 2018-553854, Notification of Reasons for Refusal dated Aug. 6, 2019”, w/ English Translation, 6 pgs. |
“Japanese Application Serial No. 2018-553854, Response filed Oct. 28, 2019 to Notification of Reasons for Refusal dated Aug. 6, 2019”, w/ English Claims, 12 pgs. |
“Korean Application Serial No. 10-2019-7035893, Notice of Preliminary Rejection dated Jun. 24, 2020”, w/ English Translation, 8 pgs. |
“Taiwanese Application Serial No. 106100149, First Office Action dated Sep. 20, 2019”, w/ English Translation, 7 pgs. |
“Taiwanese Application Serial No. 106100149, Response filed Dec. 18, 2019 to First Office Action dated Sep. 20, 2019”, w/ Amendment in English, 15 pgs. |
“Taiwanese Application Serial No. 106100149, Voluntary Amendment filed Aug. 6, 2019”, w/ English Claims, 26 pgs. |
“Taiwanese Application Serial No. 108129258, Voluntary Amendment filed Mar. 19, 2020”, w/ English Claims, 63 pgs. |
“United Kingdom Application Serial No. 1811137.7, Examination Report under Section 18(3) dated Aug. 12, 2019”, 2 pgs. |
“United Kingdom Application Serial No. 1811137.7, Response filed Oct. 14, 2019 to Examination Report under Section 18(3) dated Aug. 12, 2019”, 36 pgs. |
“United Kingdom Application Serial No. 1811137.7, Voluntary Amendment Filed May 15, 2019”, 14 pgs. |
“United Kingdom Application Serial No. 1811137.7, Voluntary Amendment Filed Jun. 25, 2019”, 13 pgs. |
“United Kingdom Application Serial No. 1919421.6, Response filed May 29, 2020 to Combined Search and Examination Report under Sections 17 and 18(3) dated May 11, 2020”, 23 pgs. |
“United Kingdom Application Serial No. 1919421.6, Response filed Jun. 17, 2020 to Subsequent Examination Report under Section 18(3) dated Jun. 2, 2020”, 10 pgs. |
“United Kingdom Application Serial No. 1919421.6, Subsequent Examination Report under Section 18(3) dated Jun. 2, 2020”, 3 pgs. |
“U.S. Appl. No. 16/987,834, Response filed Dec. 3, 2020 to Final Office Action dated Nov. 5, 2020”, 15 pgs. |
“U.S. Appl. No. 16/987,834, Notice of Allowance dated Dec. 24, 2020”, 16 pgs. |
“U.S. Appl. No. 16/915,641, Final Office Action dated May 24, 2021”, 18 pgs. |
“U.S. Appl. No. 16/915,641, Non Final Office Action dated Mar. 4, 2021”, 16 pgs. |
“U.S. Appl. No. 16/915,641, Response filed May 13, 2021 to Non Final Office Action dated Mar. 4, 2021”, 7 pgs. |
“U.S. Appl. No. 16/915,641, Response filed May 28, 2021 to Final Office Action dated May 24, 2021”, 3 pgs. |
“U.S. Appl. No. 16/915,664, Non Final Office Action dated Apr. 1, 2021”, 19 pgs. |
“International Application Serial No. PCT/US2019/046522, International Preliminary Report on Patentability dated Feb. 25, 2021”, 9 pgs. |
“Japanese Application Serial No. 2019-223413, Notification of Reasons for Refusal dated Mar. 2, 2021”, w/ English Translation, 8 pgs. |
“Taiwanese Application Serial No. 108129258, Office Action dated Feb. 3, 2021”, w/ English Translation, 15 pgs. |
“U.S. Appl. No. 16/915,641, Notice of Allowance dated Jun. 18, 2021”, 7 pgs. |
“U.S. Appl. No. 16/915,664, Response filed Jun. 24, 2021 to Non Final Office Action dated Apr. 1, 2021”, 15 pgs. |
Number | Date | Country | |
---|---|---|---|
20200296585 A1 | Sep 2020 | US |
Number | Date | Country | |
---|---|---|---|
60975814 | Sep 2007 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 16103979 | Aug 2018 | US |
Child | 16888230 | US | |
Parent | 14987749 | Jan 2016 | US |
Child | 16103979 | US | |
Parent | 12680742 | US | |
Child | 14987749 | US |