U.S. patent application number 14/695923 was filed with the patent office on 2016-10-27 for secure unattended network authentication.
The applicant listed for this patent is Hand Held Products, Inc.. Invention is credited to Jonathan D. Fletcher, Joseph J. Kubler, Arthur Millican.
Application Number | 20160314294 14/695923 |
Document ID | / |
Family ID | 57146833 |
Filed Date | 2016-10-27 |
United States Patent
Application |
20160314294 |
Kind Code |
A1 |
Kubler; Joseph J. ; et
al. |
October 27, 2016 |
SECURE UNATTENDED NETWORK AUTHENTICATION
Abstract
A system for secure network access by unattended devices is
described. The system describes how unattended devices that have
encrypted data at rest and/or require secure authentication to an
open network may procure the access credentials for authentication
and/or decryption. With these access credentials, then the
unattended devices may exchange information with and/or receive
updates from servers on the network.
Inventors: |
Kubler; Joseph J.;
(Lafayette, CO) ; Millican; Arthur; (Granite
Falls, WA) ; Fletcher; Jonathan D.; (Tekoa,
WA) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
Hand Held Products, Inc. |
Fort Mill |
SC |
US |
|
|
Family ID: |
57146833 |
Appl. No.: |
14/695923 |
Filed: |
April 24, 2015 |
Current U.S.
Class: |
1/1 |
Current CPC
Class: |
H04L 63/0853 20130101;
G06F 21/42 20130101; H04L 63/18 20130101; G06F 21/44 20130101 |
International
Class: |
G06F 21/44 20060101
G06F021/44; H04L 29/06 20060101 H04L029/06 |
Claims
1. A system, comprising: an unattended first device comprising: a
first communication interface; a first control system
communicatively coupled to the first communication interface and
comprising at least one first hardware processor and a first memory
storing program codes operable to: send a request to the second
device for access credentials; receive the access credentials; send
the access credentials to the fourth device; and if the access
credentials is validated, exchange information with the fourth
device. a second device comprising: a second communication
interface; a second secured storage element; a second control
system communicatively coupled to the second communication
interface and comprising at least one second hardware processor and
a second memory storing program codes operable to: receive a
request for the access credentials from the first device; send a
request for the access credentials to the third device; exchange
pairing credentials with the third device to authenticate with the
third device; if authenticated with the third device, receive the
access credentials; and send the access credentials to the first
device; a third device comprising: a third communication interface;
a third control system communicatively coupled to the third
communication interface and comprising at least one third hardware
processor and a third memory storing program codes operable to:
receive a request for the access credentials from the second
device; exchange pairing credentials with the second device to
authenticate with the second device; if authenticated with the
second device, send the access credentials to the second device;
and a fourth device comprising: a fourth communication interface; a
fourth control system communicatively coupled to the fourth
communication interface and comprising at least one fourth hardware
processor and a fourth memory storing program codes operable to:
receive access credentials from the first device; validate the
access credentials; and if validated, exchange information with the
first device.
2. The system of claim 1, wherein the second device is internal to
the first device.
3. The system of claim 1, further comprising the first device using
the access credentials to decrypt an encrypted file system.
4. The system of claim 1, wherein the information exchanged between
the fourth device and the first device comprises one of the group
consisting of: information to update software on the first device,
information to update firmware on the first device, information to
update applications on the first device, information to update
program codes on the first device, information to make
configuration setting changes on the first device, information to
update the operating system on the first device, and information
pertaining to customer data.
5. The system of claim 1, wherein the pairing credentials stored in
the second device are stored in a tamper resistant manner.
6. The system of claim 5, wherein the tamper resistant manner
comprises use of potted material which would destroy one or more
components of the second device upon removal.
7. The system of claim 1, wherein the pairing credentials stored in
the second device are stored in a manner to provide for tamper
detection.
8. The system of claim 7, wherein the manner to provide for tamper
detection comprises one of the group consisting of: detection of
ultraviolet fluorescent chemicals, detection of varying
temperature, detection of varying clocking information, detection
of varying voltage, and detection of varying electrical
signals.
9. The system of claim 7, wherein the second device, upon tamper
detection, is further operable to: report the detected tampering;
and disable one or more components of the second device.
10. The system of claim 1, wherein the pairing credentials are
stored according to National Institute of Standards and Technology
(NIST) standards.
11. The system of claim 1, wherein the pairing credentials
exchanged between the second and third device are exchanged by
out-of-band means.
12. The system of claim 11, wherein the out-of-band means comprises
one of the group consisting of: direct user input at the second and
third devices, use of a thumb drive at the second and third
devices, use of a universal serial bus (USB) cable between the
second and third device, or use of wired Ethernet cable between the
second and third device.
13. The system of claim 1, wherein the pairing credentials
exchanged between the second and third device are exchanged by use
of a wireless communication channel.
14. The system of claim 13, wherein the wireless communication
channel comprises one of the group consisting of: Bluetooth and a
near field communication (NFC).
15. The system of claim 14, wherein the wireless communication
channel is secured with an encryption algorithm.
16. The system of claim 1, wherein the second device is a dock for
the first device with at least one mechanism for providing user
level authentication, wherein the mechanism for providing user
level authentication is selected from the group consisting of: a
common access card (CAC) reader, a touchscreen, a keypad, and a
display for password entry.
17. The system of claim 1, wherein the access credentials comprise
one of a group consisting of: a one-time password, a symmetric key,
a public key along with its private key, and a public key
cryptography standard (PKCS) certificate.
18. The system of claim 1, wherein the second device is further
operable to: send a pairing request with initial credentials to the
third device; receive an acceptance of the pairing request form the
third device; and exchange pairing credentials with the third
device.
19. The system of claim 1, wherein the third device is further
operable to: receive a pairing request with initial credentials
from the second device; send an acceptance of the pairing request
to the second device; and exchange pairing credentials with the
second device.
20. The system of claim 1, wherein the second device is further
operable to: store the access credentials.
Description
FIELD OF THE INVENTION
[0001] The present invention relates to secure network access by
unattended client devices.
BACKGROUND
[0002] Technological advances have made possible an ever-increasing
number of different hardware electronic devices designed for all
kinds of tasks. Almost all of these client devices involve some
firmware, operating system software, and/or applications and/or
program codes that require occasional updates or configuration
changes. Some client devices may involve data collection and data
processing that requires an exchange of information with servers on
a network.
[0003] Depending upon the nature of the tasks involved, strong
security may be required for some client devices. Such strong
security may include encryption for the data on the client devices
(data at rest) and/or for the data exchanged by the client devices
(data in communication). The credentials for strong security on the
client devices typically require external information involving
users of the client devices, such as passwords, PINs, smartcards,
or biometrics. When client devices are unattended, the credentials
are not available and therefore prevent the client devices from
receiving updates and or exchanging information with servers on the
network. This is especially true in cases where the credentials for
network access are frequently changing, such as in high security
environments.
[0004] Current solutions to this problem are either labor intensive
or compromise security. For example, when smartcards are required
for authentication, such as in Department of Defense (DoD) or other
comparable government applications, client devices must be operated
by users in order to conduct the routine updates and or exchange of
information. This user involvement is costly and labor intensive.
Solutions where the credentials are stored on the client devices
are less labor intensive but defeat the purpose of the strong
security, unless some kind of tamper detection or tamper resistance
is employed.
[0005] Accordingly, there is a need for a system where unattended
client devices can securely procure the credentials for secure
network access.
SUMMARY
[0006] Accordingly, one embodiment of the present invention
discloses a system where an unattended first device sends a request
for access credentials to a second device; the second device then
sends a request for access credentials to a third device, exchanges
pairing credentials with the third device, and if authenticated,
receives access credentials from the third device, and sends the
access credentials to the first device; the first device then sends
the access credentials to a fourth device, and if validated,
exchanges information with the fourth device.
[0007] Another exemplary embodiment of the present invention
discloses a system where an unattended first device sends a request
for access credentials to a second device; the second device sends
the access credentials to the first device; the first device then
sends the access credentials to a third device, and if validated,
exchanges information with the third device.
[0008] The foregoing illustrative summary, as well as other
exemplary objectives and/or advantages of the invention, and the
manner in which the same are accomplished, are further explained
within the following detailed description and its accompanying
drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
[0009] FIG. 1A and FIG. 1B are block diagrams of the hardware
elements of the system in accordance embodiments of the disclosed
subject matter.
[0010] FIG. 2A and FIG. 2B are schematics outlining the initial
provisioning of pairing credentials in accordance with embodiments
of the disclosed subject matter.
[0011] FIG. 3A and FIG. 3B are schematics detailing the procurement
of access credentials by an unattended client device in accordance
with embodiments of the disclosed subject matter.
[0012] FIG. 4A and FIG. 4B are block diagrams of the hardware
elements of the system according to embodiments of the present
invention.
[0013] FIG. 5A and FIG. 5B are schematics outlining the procurement
of access credentials by an unattended client device according to
embodiments of the present invention.
DETAILED DESCRIPTION
[0014] The present invention embraces the concept of unattended
devices procuring access credentials for network access and/or data
encryption so that updates may be received from servers and/or
information exchanged with servers in a manner that does not
compromise security or increase labor overhead.
[0015] In the present disclosure, "unattended" refers to the fact
that the client device is not operated by a user who has
authenticated to the device (by password, PIN, smartcard,
biometric, etc.) at the time that the client device procures the
access credentials necessary to allow the device to exchange
information with and/or receive updates from servers on a network.
Unattended client devices may procure access credentials by timed
or triggered means that are well understood in the art, i.e. client
devices may procure the access credentials according to a regular
time schedule or in response to some triggering event, such as a
notification of new data to exchange or the availability of a new
update.
[0016] Also, in the present disclosure, "pairing credentials" refer
to those credentials which authenticate the client device to a
token server, and "access credentials" refer to those credentials
which authenticate the client device to a server and/or decrypt an
encrypted file system on the client device. The "access credential"
includes, but is not limited to, a one-time password, a symmetric
key, a public key along with its private key, for instance using
the public key cryptography standards (PKCS) certificate formats,
or the like.
[0017] Further, in the present disclosure, "authentication
credentials" refer to those credentials which authenticate the
client device and the secure credential device.
[0018] In the specification and/or figures, typical embodiments of
the invention have been disclosed. The present invention is not
limited to such exemplary embodiments. The use of the term "and/or"
includes any and all combinations of one or more of the associated
listed items. The figures are schematic representations and so are
not necessarily drawn to scale. Unless otherwise noted, specific
terms have been used in a generic and descriptive sense and not for
purposes of limitation.
[0019] FIG. 1A illustrates an exemplary system 100 for one
embodiment of the present invention. In general, the system 100
includes a client device (CD) 110, a secure credential device (SCD)
150, a token server (TS) 130, and a server (S) 140. The client
device 110, secure credential device 150, token server 130, and
server 140 may be implemented in any form of digital computer or
mobile device. Digital computers may include, but are not limited
to, laptops, desktops, workstations, fixed vehicle computers,
vehicle mount computers, hazardous environment computers, rugged
mobile computers, servers, blade servers, mainframes, other
appropriate computers. Mobile devices may include, but are not
limited to, cellular telephones, smart phones, personal digital
assistants, tablets, pagers, two-way radios, netbooks, barcode
scanners, radio frequency identification (RFID) readers,
intelligent sensors, tracking devices, and other similar computing
devices.
[0020] In some embodiments of the present invention, the client
device 110, secure credential device 150, token server 130, and
server 140 are connected via a network 170. The network 170 may be
any type of wide area network (WAN), such as the Internet, Local
Area Network (LAN), or the like, or any combination thereof, and
may include wired components, such as Ethernet, wireless
components, such as LTE, Wi-Fi, Bluetooth, or near field
communication (NFC), or both wired and wireless components,
collectively represented by the data links 172, 174, 176, and
178.
[0021] Note that while token server 130 and server 140 are
illustrated in FIG. 1A, FIG. 1B, FIG. 4A, and FIG. 4B as individual
single servers, each may alternatively be distributed across
multiple servers having the respective functionality of the token
server 130 and server 140. And still in other embodiments, the
token server 130 and server 140 may also be combined into one
single server or distributed across multiple servers having the
overall combined functionality of token server 130 and server
140.
[0022] In general, the server 140 includes at least one processor
142 and associated memory 144 and a communication interface 148,
such as wired Ethernet or wireless such as Wi-Fi, Bluetooth or NFC.
The server 140 may also include additional components such as a
storage component 146. The components of server 140 may be
interconnected using one or more buses 141 and may be mounted on a
motherboard (not shown) or some other appropriate
configuration.
[0023] Similarly, in general, the token server 130 includes at
least one processor 132 and associated memory 134 and a
communication interface 138, such as wired Ethernet or wireless
such as Wi-Fi, Bluetooth or NFC. The token server 130 may also
include additional components such as a storage component 136. The
components of token server 130 may be interconnected using one or
more buses 131 and may be mounted on a motherboard (not shown) or
some other appropriate configuration.
[0024] Further, in general, the secure credential device 150
includes at least one processor 152 and associated memory 154 and a
communication interface 158, such as wired Ethernet or wireless
such as Wi-Fi, Bluetooth or NFC. The secure credential device 150
may also include additional components such as a secure storage
element 160 and slots/ports 156. The components of the secure
credential device 150 may be interconnected using one or more buses
151 and may be mounted on a motherboard (not shown) or some other
appropriate configuration. The secured credential device 150 has a
wired communication channel 164 connecting it to the client device
110. The wired communication channel 164 may be USB, I.sup.2C, or
other computer bus. In one embodiment, the wired communication
channel 164 between the secure credential device 150 and the client
device 110 can be protected by authentication; in this embodiment,
the client device 110 stores the authentication credentials in the
secure storage element 160 during an initial provisioning process
that occurs while the client device 110 is still authenticated with
a user. The secure credential device is also fixed in location 162,
meaning that it is non-moveable.
[0025] The secure credential device 150 is built for tamper
detection, tamper resistance, or both. In some embodiments, just
specific components of the secure credential device 150 may be
built for tamper detection, tamper resistance, or both, such as the
secure storage element 160. Tamper detection methods include, but
are not limited to, detection of ultraviolet fluorescent chemicals,
detection of varying temperature, detection of varying clocking
information, detection of varying voltage, and detection of varying
electrical signals. Tamper resistance methods include, but are not
limited to, the use of a potted material which would destroy one or
more components of the secure credential device 150, such as the
secure storage element 160, upon removal. Other tamper detection
and tamper resistant methods are understood in the art and may be
employed herein. In some embodiments, the secure credential device
would report the detected tampering and might cause temporary or
permanent disablement of the secure credential device. In yet other
embodiments, where the secure storage element 160 of the secure
credential device 150 implements tamper control that is acceptable
and the communication interface 158 is wireless, the secure
credential device 150 may further be designed to meet FIPS-140-2 by
layering a protocol on top of the base wireless that uses validated
encryption algorithms such as Advanced Encryption Standard (AES).
In these embodiments, additional wireless encryption pairing
credentials would be required between the secure credential device
150 and token server 130 to derive a link key for the validated
encryption algorithm.
[0026] In one embodiment, the secure credential device 150 would be
a dock for the client device 110. The dock would have the ability
to cache access credentials and would include one or more
mechanisms for providing user level authentication, including but
not limited to: a common access card (CAC) reader, a touchscreen, a
keypad, and a display for password entry. The dock further provides
the recharging of the battery and ensures the essential constant
power supply to the client device 110 during critical software and
firmware updates.
[0027] In general, the client device 110 includes a processor 112
and associated memory 116 as well as a communication interface 122,
such as wired Ethernet or wireless such as Wi-Fi, Bluetooth, or
NFC. The client device 110 may include additional components such
as a storage component 118 such as a hard drive or solid state
drive, a location determination component 134 such as a Global
Positioning System (GPS) chip, audio input component 124 such as a
microphone, audio output component 128 such as a speaker, visual
input component 126 such as a camera or barcode reader, visual
output component 130 such as a display, and a user input component
120 such as a touchscreen, navigation shuttle, soft keys, or the
like, and slots/ports 132 which may be used for smart card readers
or for wired connections 164 with the secure credential device 150
over USB, I2C, or computer bus. The components of client device 110
may be interconnected using one or more buses 114 and may be
mounted on a motherboard (not shown) or some other appropriate
configuration.
[0028] FIG. 1B illustrates another embodiment of the present
invention. The embodiment in FIG. 1B is similar to FIG. 1A with the
exception that in FIG. 1B, the secure credential device 150 is
internal to the client device 110. While FIG. 1B illustrates
separate components for the client device 110 and secure credential
device 150, in an alternative embodiment, the comparable components
from the client device 110 and secure credential device 150 could
be the same, i.e. processor 112 and 152, memory 116 and 154,
communication interface 122 and 158, and communication link 172 and
178, and there may not be a need for slots/ports 132 and 156, since
bus 114 and 151 may be the same. In some embodiments, the storage
118 and secure storage element 160 could also be the same, provided
that the combination of the secure credential device 150 and client
device 110 still allow for tamper detection, tamper resistance, or
both.
[0029] FIG. 2A illustrates one embodiment of the present invention
where the token server pairing credentials are initially
provisioned on the secure credential device 150 using out of band
means. In Step 2A-1, the pairing credentials are provisioned on the
secure credential device 150 by a user who manually enters the
credentials, copies them from a thumb drive or flash drive, or
transfers them using NFC. In Step 2A-2, the secure credential
device 150 then securely stores the pairing credentials in the
secure storage element 160 for use in future sessions.
[0030] FIG. 2B illustrates an alternative embodiment of the present
invention where the token server pairing credentials are initially
provisioned on the secure credential device by pairing with the
token server 130. In step 2B-1, the secure credential device 150
sends a pairing request with initial credentials to the token
server 130. In step 2B-2, the token server 130 accepts the pairing
request, and in step 2B-3, the token server and secure credential
device exchange pairing credentials (i.e. the pairing key). In step
2B-4, the secure credential device then stores the pairing
credentials for use in future sessions.
[0031] FIG. 3A illustrates the communication flow between the
elements of system 100 of FIGS. 1A and 1B where the client device
110 procures access credentials from the token server 130 through
the secure credential device 150 for accessing server 140. In step
3A-1, the client device 110 sends a request for the access
credentials to the secure credential device 150. In step 3A-2, the
secure credential device 150 sends a request for the access
credentials to the token server 130. The secure credential device
150 and token sever 130 exchange pairing credentials to
authenticate (Step 3A-3), and if authenticated (Step 3A-4), the
token server 130 sends the access credentials to the secure
credential device 150. In step 3A-5, the secure credential device
150 then stores the access credentials for use in a future session.
In other embodiments, the secure credential device 150 does not
store the access credentials but obtains them from the token server
130 each time the client device 110 needs to access the server 140,
such as might be required in highly secure environments when the
access credentials may be changing with greater frequency. In step
3A-6, the secure credential device 150 then sends the access
credentials to the client device 110, which then sends them to the
server 140 (Step 3A-7). If the server validates the access
credentials (Step 3A-8), then the client device 110 and server 140
exchange information (Step 3A-9). The information exchanged
includes, but is not limited to, firmware updates, operating system
updates, application and/or program code updates, configuration
setting changes, and customer data exchange.
[0032] FIG. 3B illustrates another embodiment of the present
invention. The embodiment in FIG. 3B is similar to FIG. 3A with the
exception that in FIG. 3B, there is the added step 3B-9 where the
access credentials are used to unlock the local encrypted file
system on the client device 110 so that information may be
exchanged with server 140.
[0033] FIG. 4A illustrates yet another embodiment of the present
invention. In this embodiment, the secure credential device 150 is
external to the client device 110 but does not contain a
communication interface for communicating with the token server 130
as in FIG. 1A. Because the secure credential device cannot
communicate with the token server 130, it must be initially
provisioned with the access credentials, such as at the time of
manufacture where the access credentials would be included in the
operating system image installed on the secure credential
device.
[0034] FIG. 4B illustrates another embodiment of the present
invention. In this embodiment, the secure credential device 150 is
internal to the client device 110. While FIG. 4B illustrates
separate components for the client device 110 and secure credential
device 150, in an alternative embodiment, the comparable components
could be the same, i.e. processor 112 and 152, and memory 116 and
154, and there may not be a need for slots/ports 132 and 156, since
bus 114 and 151 may be the same. In some embodiments, the storage
118 and secure storage element 160 could also be the same, provided
that the combination of the secure credential device 150 and client
device 110 still allow for tamper detection, tamper resistance, or
both.
[0035] FIG. 5A illustrates the communication flow between the
elements of system 100 of FIGS. 4A and 4B where the client device
110 procures access credentials from the secure credential device
150 for accessing server 140. In step 5A-1, the client device 110
sends a request for access credentials to the secure credential
device 150. Because the secure credential device 150 has already
been provisioned with the access credentials at time of manufacture
(Step 5A-2), then the secure credential device 150 can just send
the access credentials to the client device 110 (Step 5A-3) which
then sends them to the server 140 (Step 5A-4). If the access
credentials are validated (Step 5A-5), then the client device 110
and server 140 exchange information (Step 5A-6). As before, the
information exchanged includes, but is not limited to, firmware
updates, operating system updates, application and/or program code
updates, configuration setting changes, and customer data exchange.
In some embodiments, the secure credential device 150 could be
equivalent to a smartcard that could be used to perform the
symmetric or private key encryption.
[0036] FIG. 5B illustrates another embodiment of the present
invention. The embodiment in FIG. 5B is similar to FIG. 5A with the
exception that in FIG. 5B, there is the added step 5B-6 where the
access credentials are used to unlock the local encrypted file
system on the client device 110 so that information may be
exchanged with server 140.
[0037] Several implementations have been described herein. However,
it will be understood that various modifications may be made
without departing from the spirit and scope of the invention.
[0038] Additionally, the communication flows in the schematics of
the figures do not require the particular order shown or sequential
order to achieve the specified results. Further, other steps may be
provided or eliminated from the schematics and other components may
be added to or removed from the described systems. These other
implementations are within the scope of the claims.
[0039] The following represent exemplary embodiments of the present
disclosure.
A1. A system, comprising:
[0040] an unattended first device comprising: [0041] a first
communication interface; [0042] a first control system
communicatively coupled to the first communication interface and
comprising at least one first hardware processor and a first memory
storing program codes operable to: [0043] send a request to the
second device for access credentials; [0044] receive the access
credentials; [0045] send the access credentials to the fourth
device; and [0046] if the access credentials is validated, exchange
information with the fourth device.
[0047] a second device comprising: [0048] a second communication
interface; [0049] a second secured storage element; [0050] a second
control system communicatively coupled to the second communication
interface and comprising at least one second hardware processor and
a second memory storing program codes operable to: [0051] receive a
request for the access credentials from the first device; [0052]
send a request for the access credentials to the third device;
[0053] exchange pairing credentials with the third device to
authenticate with the third device; [0054] if authenticated with
the third device, receive the access credentials; and [0055] send
the access credentials to the first device;
[0056] a third device comprising: [0057] a third communication
interface; [0058] a third control system communicatively coupled to
the third communication interface and comprising at least one third
hardware processor and a third memory storing program codes
operable to: [0059] receive a request for the access credentials
from the second device; [0060] exchange pairing credentials with
the second device to authenticate with the second device; [0061] if
authenticated with the second device, send the access credentials
to the second device; and
[0062] a fourth device comprising: [0063] a fourth communication
interface; [0064] a fourth control system communicatively coupled
to the fourth communication interface and comprising at least one
fourth hardware processor and a fourth memory storing program codes
operable to: [0065] receive access credentials from the first
device; [0066] validate the access credentials; and [0067] if
validated, exchange information with the first device.
[0068] A2. The system of embodiment A1, wherein the second device
is internal to the first device.
[0069] A3. The system of embodiment A1, further comprising the
first device using the access credentials to decrypt an encrypted
file system.
[0070] A4. The system of embodiment A1, wherein the information
exchanged between the fourth device and the first device comprises
one of the group consisting of: information to update software on
the first device, information to update firmware on the first
device, information to update applications on the first device,
information to update program codes on the first device,
information to make configuration setting changes on the first
device, information to update the operating system on the first
device, and information pertaining to customer data.
[0071] A5. The system of embodiment A1, wherein the pairing
credentials stored in the second device are stored in a tamper
resistant manner.
[0072] A6. The system of embodiment A5, wherein the tamper
resistant manner comprises use of potted material which would
destroy one or more components of the second device upon
removal.
[0073] A7. The system of embodiment A1, wherein the pairing
credentials stored in the second device are stored in a manner to
provide for tamper detection.
[0074] A8. The system of embodiment A7, wherein the manner to
provide for tamper detection comprises one of the group consisting
of: detection of ultraviolet fluorescent chemicals, detection of
varying temperature, detection of varying clocking information,
detection of varying voltage, and detection of varying electrical
signals.
[0075] A9. The system of embodiment A7, wherein the second device,
upon tamper detection, is further operable to: [0076] report the
detected tampering; and [0077] disable one or more components of
the second device.
[0078] A10. The system of embodiment A1, wherein the pairing
credentials are stored according to National Institute of Standards
and Technology (NIST) standards.
[0079] A11. The system of embodiment A1, wherein the pairing
credentials exchanged between the second and third device are
exchanged by out-of-band means.
[0080] A12. The system of embodiment A11, wherein the out-of-band
means comprises one of the group consisting of: direct user input
at the second and third devices, use of a thumb drive at the second
and third devices, use of a universal serial bus (USB) cable
between the second and third device, or use of wired Ethernet cable
between the second and third device.
[0081] A13. The system of embodiment A1, wherein the pairing
credentials exchanged between the second and third device are
exchanged by use of a wireless communication channel.
[0082] A14. The system of embodiment A13, wherein the wireless
communication channel comprises one of the group consisting of:
Bluetooth and a near field communication (NFC).
[0083] A15. The system of embodiment A14, wherein the wireless
communication channel is secured with an encryption algorithm.
[0084] A16. The system of embodiment A1, wherein the second device
is a dock for the first device with at least one mechanism for
providing user level authentication, wherein the mechanism for
providing user level authentication is selected from the group
consisting of: a common access card (CAC) reader, a touchscreen, a
keypad, and a display for password entry.
[0085] A17. The system of embodiment A1, wherein the access
credentials comprise one of a group consisting of: a one-time
password, a symmetric key, a public key along with its private key,
and a public key cryptography standard (PKCS) certificate.
[0086] A18. The system of embodiment A1, wherein the second device
is further operable to: [0087] send a pairing request with initial
credentials to the third device; [0088] receive an acceptance of
the pairing request form the third device; and [0089] exchange
pairing credentials with the third device.
[0090] A19. The system of embodiment A1, wherein the third device
is further operable to: [0091] receive a pairing request with
initial credentials from the second device; [0092] send an
acceptance of the pairing request to the second device; and [0093]
exchange pairing credentials with the second device.
[0094] A20. The system of embodiment A1, wherein the second device
is further operable to: [0095] store the access credentials.
[0096] A21. The system of embodiment A20, wherein the access
credentials are stored in a tamper resistant manner.
[0097] A22. The system of embodiment A21, wherein the tamper
resistant manner comprises use of potted material which would
destroy one or more components of the second device upon
removal.
[0098] A23. The system of embodiment A20, wherein the access
credentials are stored in a manner to provide for tamper
detection.
[0099] A24. The system of embodiment A23, wherein the manner to
provide for tamper detection comprises: detection of ultraviolet
fluorescent chemicals, detection of varying temperature, detection
of varying clocking information, detection of varying voltage, and
detection of varying electrical signals.
[0100] A25. The system of embodiment A23, wherein the second
device, upon tamper detection, is further operable to: [0101]
report the detected tampering; and [0102] disable one or more
components of the second device.
[0103] B26. A system, comprising:
[0104] an unattended first device comprising: [0105] a first
communication interface; [0106] a first control system
communicatively coupled to the first communication interface and
comprising at least one first hardware processor and a first memory
storing program codes operable to: [0107] send a request to the
second device for access credentials; [0108] receive the access
credentials; [0109] send the access credentials to the third
device; and [0110] if the access credentials are validated,
exchange information with the third device.
[0111] a second device comprising: [0112] a second communication
interface; [0113] a second secured storage element; [0114] a second
control system communicatively coupled to the second communication
interface and comprising at least one second hardware processor and
a second memory storing program codes operable to: [0115] receive a
request for the access credentials from the first device; and
[0116] send the access credentials to the first device; and
[0117] a third device comprising: [0118] a third communication
interface; [0119] a third control system communicatively coupled to
the third communication interface and comprising at least one third
hardware processor and a third memory storing program codes
operable to: [0120] receive the access credentials from the first
device; [0121] validate the access credentials; and [0122] if
validated, exchange information with the first device.
[0123] B27. The system of embodiment B26, wherein the second device
is internal to the first device.
[0124] B28. The system of embodiment B26, further comprising the
first device using the access credentials to decrypt an encrypted
file system.
[0125] B29. The system of embodiment B26, wherein the information
exchanged between the third device and the first device comprises
one of the group consisting of: information to update software on
the first device, information to update firmware on the first
device, information to update applications on the first device,
information to update program codes on the first device,
information to make configuration setting changes on the first
device, information to update the operating system on the first
device, and information pertaining to customer data.
[0126] B30. The system of embodiment B26, wherein the second device
stores the access credentials in a tamper resistant manner.
[0127] B31. The system of embodiment B30, wherein the tamper
resistant manner comprises use of potted material which would
destroy one or more components of the second device upon
removal.
[0128] B32. The system of embodiment B30, wherein the second device
stores the access credentials in a manner to provide for tamper
detection.
[0129] B33. The system of embodiment B32, wherein the manner to
provide for tamper detection comprises: detection of ultraviolet
fluorescent chemicals, detection of varying temperature, detection
of varying clocking information, detection of varying voltage, and
detection of varying electrical signals.
[0130] B34. The system of embodiment B32, wherein the second
device, upon tamper detection, is further operable to: [0131]
report the detected tampering; and [0132] disable one or more
components of the second device.
[0133] B35. The system of embodiment B26, wherein the second device
stores the access credentials according to NIST standards.
[0134] B36. The system of embodiment B26, wherein the access
credentials comprise one of a group consisting of: a one-time
password, a symmetric key, a public key along with its private key,
and a PKCS certificate format.
[0135] B37. The system of embodiment B26, wherein the second device
is initially provisioned with the access credentials.
[0136] B38. The system of embodiment 37, wherein the initial
provisioning comprises the inclusion of the access credentials in
the operating system image installed on the second device.
[0137] To supplement the present disclosure, this application
incorporates entirely by reference the following commonly assigned
patents, patent application publications, and patent applications:
[0138] U.S. Pat. No. 6,832,725; U.S. Pat. No. 7,128,266; [0139]
U.S. Pat. No. 7,159,783; U.S. Pat. No. 7,413,127; [0140] U.S. Pat.
No. 7,726,575; U.S. Pat. No. 8,294,969; [0141] U.S. Pat. No.
8,317,105; U.S. Pat. No. 8,322,622; [0142] U.S. Pat. No. 8,366,005;
U.S. Pat. No. 8,371,507; [0143] U.S. Pat. No. 8,376,233; U.S. Pat.
No. 8,381,979; [0144] U.S. Pat. No. 8,390,909; U.S. Pat. No.
8,408,464; [0145] U.S. Pat. No. 8,408,468; U.S. Pat. No. 8,408,469;
[0146] U.S. Pat. No. 8,424,768; U.S. Pat. No. 8,448,863; [0147]
U.S. Pat. No. 8,457,013; U.S. Pat. No. 8,459,557; [0148] U.S. Pat.
No. 8,469,272; U.S. Pat. No. 8,474,712; [0149] U.S. Pat. No.
8,479,992; U.S. Pat. No. 8,490,877; [0150] U.S. Pat. No. 8,517,271;
U.S. Pat. No. 8,523,076; [0151] U.S. Pat. No. 8,528,818; U.S. Pat.
No. 8,544,737; [0152] U.S. Pat. No. 8,548,242; U.S. Pat. No.
8,548,420; [0153] U.S. Pat. No. 8,550,335; U.S. Pat. No. 8,550,354;
[0154] U.S. Pat. No. 8,550,357; U.S. Pat. No. 8,556,174; [0155]
U.S. Pat. No. 8,556,176; U.S. Pat. No. 8,556,177; [0156] U.S. Pat.
No. 8,559,767; U.S. Pat. No. 8,599,957; [0157] U.S. Pat. No.
8,561,895; U.S. Pat. No. 8,561,903; [0158] U.S. Pat. No. 8,561,905;
U.S. Pat. No. 8,565,107; [0159] U.S. Pat. No. 8,571,307; U.S. Pat.
No. 8,579,200; [0160] U.S. Pat. No. 8,583,924; U.S. Pat. No.
8,584,945; [0161] U.S. Pat. No. 8,587,595; U.S. Pat. No. 8,587,697;
[0162] U.S. Pat. No. 8,588,869; U.S. Pat. No. 8,590,789; [0163]
U.S. Pat. No. 8,596,539; U.S. Pat. No. 8,596,542; [0164] U.S. Pat.
No. 8,596,543; U.S. Pat. No. 8,599,271; [0165] U.S. Pat. No.
8,599,957; U.S. Pat. No. 8,600,158; [0166] U.S. Pat. No. 8,600,167;
U.S. Pat. No. 8,602,309; [0167] U.S. Pat. No. 8,608,053; U.S. Pat.
No. 8,608,071; [0168] U.S. Pat. No. 8,611,309; U.S. Pat. No.
8,615,487; [0169] U.S. Pat. No. 8,616,454; U.S. Pat. No. 8,621,123;
[0170] U.S. Pat. No. 8,622,303; U.S. Pat. No. 8,628,013; [0171]
U.S. Pat. No. 8,628,015; U.S. Pat. No. 8,628,016; [0172] U.S. Pat.
No. 8,629,926; U.S. Pat. No. 8,630,491; [0173] U.S. Pat. No.
8,635,309; U.S. Pat. No. 8,636,200; [0174] U.S. Pat. No. 8,636,212;
U.S. Pat. No. 8,636,215; [0175] U.S. Pat. No. 8,636,224; U.S. Pat.
No. 8,638,806; [0176] U.S. Pat. No. 8,640,958; U.S. Pat. No.
8,640,960; [0177] U.S. Pat. No. 8,643,717; U.S. Pat. No. 8,646,692;
[0178] U.S. Pat. No. 8,646,694; U.S. Pat. No. 8,657,200; [0179]
U.S. Pat. No. 8,659,397; U.S. Pat. No. 8,668,149; [0180] U.S. Pat.
No. 8,678,285; U.S. Pat. No. 8,678,286; [0181] U.S. Pat. No.
8,682,077; U.S. Pat. No. 8,687,282; [0182] U.S. Pat. No. 8,692,927;
U.S. Pat. No. 8,695,880; [0183] U.S. Pat. No. 8,698,949; U.S. Pat.
No. 8,717,494; [0184] U.S. Pat. No. 8,717,494; U.S. Pat. No.
8,720,783; [0185] U.S. Pat. No. 8,723,804; U.S. Pat. No. 8,723,904;
[0186] U.S. Pat. No. 8,727,223; U.S. Pat. No. D702,237; [0187] U.S.
Pat. No. 8,740,082; U.S. Pat. No. 8,740,085; [0188] U.S. Pat. No.
8,746,563; U.S. Pat. No. 8,750,445; [0189] U.S. Pat. No. 8,752,766;
U.S. Pat. No. 8,756,059; [0190] U.S. Pat. No. 8,757,495; U.S. Pat.
No. 8,760,563; [0191] U.S. Pat. No. 8,763,909; U.S. Pat. No.
8,777,108; [0192] U.S. Pat. No. 8,777,109; U.S. Pat. No. 8,779,898;
[0193] U.S. Pat. No. 8,781,520; U.S. Pat. No. 8,783,573; [0194]
U.S. Pat. No. 8,789,757; U.S. Pat. No. 8,789,758; [0195] U.S. Pat.
No. 8,789,759; U.S. Pat. No. 8,794,520; [0196] U.S. Pat. No.
8,794,522; U.S. Pat. No. 8,794,526; [0197] U.S. Pat. No. 8,798,367;
U.S. Pat. No. 8,807,431; [0198] U.S. Pat. No. 8,807,432; U.S. Pat.
No. 8,820,630; [0199] International Publication No. 2013/163789;
[0200] International Publication No. 2013/173985; [0201]
International Publication No. 2014/019130; [0202] International
Publication No. 2014/110495; [0203] U.S. Patent Application
Publication No. 2008/0185432; [0204] U.S. Patent Application
Publication No. 2009/0134221; [0205] U.S. Patent Application
Publication No. 2010/0177080; [0206] U.S. Patent Application
Publication No. 2010/0177076; [0207] U.S. Patent Application
Publication No. 2010/0177707; [0208] U.S. Patent Application
Publication No. 2010/0177749; [0209] U.S. Patent Application
Publication No. 2011/0202554; [0210] U.S. Patent Application
Publication No. 2012/0111946; [0211] U.S. Patent Application
Publication No. 2012/0138685; [0212] U.S. Patent Application
Publication No. 2012/0168511; [0213] U.S. Patent Application
Publication No. 2012/0168512; [0214] U.S. Patent Application
Publication No. 2012/0193423; [0215] U.S. Patent Application
Publication No. 2012/0203647; [0216] U.S. Patent Application
Publication No. 2012/0223141; [0217] U.S. Patent Application
Publication No. 2012/0228382; [0218] U.S. Patent Application
Publication No. 2012/0248188; [0219] U.S. Patent Application
Publication No. 2013/0043312; [0220] U.S. Patent Application
Publication No. 2013/0056285; [0221] U.S. Patent Application
Publication No. 2013/0070322; [0222] U.S. Patent Application
Publication No. 2013/0075168; [0223] U.S. Patent Application
Publication No. 2013/0082104; [0224] U.S. Patent Application
Publication No. 2013/0175341; [0225] U.S. Patent Application
Publication No. 2013/0175343; [0226] U.S. Patent Application
Publication No. 2013/0200158; [0227] U.S. Patent Application
Publication No. 2013/0256418; [0228] U.S. Patent Application
Publication No. 2013/0257744; [0229] U.S. Patent Application
Publication No. 2013/0257759; [0230] U.S. Patent Application
Publication No. 2013/0270346; [0231] U.S. Patent Application
Publication No. 2013/0278425; [0232] U.S. Patent Application
Publication No. 2013/0287258; [0233] U.S. Patent Application
Publication No. 2013/0292475; [0234] U.S. Patent Application
Publication No. 2013/0292477; [0235] U.S. Patent Application
Publication No. 2013/0293539; [0236] U.S. Patent Application
Publication No. 2013/0293540; [0237] U.S. Patent Application
Publication No. 2013/0306728; [0238] U.S. Patent Application
Publication No. 2013/0306730; [0239] U.S. Patent Application
Publication No. 2013/0306731; [0240] U.S. Patent Application
Publication No. 2013/0307964; [0241] U.S. Patent Application
Publication No. 2013/0308625; [0242] U.S. Patent Application
Publication No. 2013/0313324; [0243] U.S. Patent Application
Publication No. 2013/0313325; [0244] U.S. Patent Application
Publication No. 2013/0341399; [0245] U.S. Patent Application
Publication No. 2013/0342717; [0246] U.S. Patent Application
Publication No. 2014/0001267; [0247] U.S. Patent Application
Publication No. 2014/0002828; [0248] U.S. Patent Application
Publication No. 2014/0008430; [0249] U.S. Patent Application
Publication No. 2014/0008439; [0250] U.S. Patent Application
Publication No. 2014/0025584; [0251] U.S. Patent Application
Publication No. 2014/0027518; [0252] U.S. Patent Application
Publication No. 2014/0034734; [0253] U.S. Patent Application
Publication No. 2014/0036848; [0254] U.S. Patent Application
Publication No. 2014/0039693; [0255] U.S. Patent Application
Publication No. 2014/0042814; [0256] U.S. Patent Application
Publication No. 2014/0049120; [0257] U.S. Patent Application
Publication No. 2014/0049635; [0258] U.S. Patent Application
Publication No. 2014/0061305; [0259] U.S. Patent Application
Publication No. 2014/0061306; [0260] U.S. Patent Application
Publication No. 2014/0063289; [0261] U.S. Patent Application
Publication No. 2014/0066136; [0262] U.S. Patent Application
Publication No. 2014/0067692; [0263] U.S. Patent Application
Publication No. 2014/0070005; [0264] U.S. Patent Application
Publication No. 2014/0071840; [0265] U.S. Patent Application
Publication No. 2014/0074746; [0266] U.S. Patent Application
Publication No. 2014/0075846; [0267] U.S. Patent Application
Publication No. 2014/0076974; [0268] U.S. Patent Application
Publication No. 2014/0078341; [0269] U.S. Patent Application
Publication No. 2014/0078342; [0270] U.S. Patent Application
Publication No. 2014/0078345; [0271] U.S. Patent Application
Publication No. 2014/0084068; [0272] U.S. Patent Application
Publication No. 2014/0097249; [0273] U.S. Patent Application
Publication No. 2014/0098792; [0274] U.S. Patent Application
Publication No. 2014/0100774; [0275] U.S. Patent Application
Publication No. 2014/0100813; [0276] U.S. Patent Application
Publication No. 2014/0103115; [0277] U.S. Patent Application
Publication No. 2014/0104413; [0278] U.S. Patent Application
Publication No. 2014/0104414; [0279] U.S. Patent Application
Publication No. 2014/0104416; [0280] U.S. Patent Application
Publication No. 2014/0104451; [0281] U.S. Patent Application
Publication No. 2014/0106594; [0282] U.S. Patent Application
Publication No. 2014/0106725; [0283] U.S. Patent Application
Publication No. 2014/0108010; [0284] U.S. Patent Application
Publication No. 2014/0108402; [0285] U.S. Patent Application
Publication No. 2014/0108682; [0286] U.S. Patent Application
Publication No. 2014/0110485; [0287] U.S. Patent Application
Publication No. 2014/0114530; [0288] U.S. Patent Application
Publication No. 2014/0124577; [0289] U.S. Patent Application
Publication No. 2014/0124579; [0290] U.S. Patent Application
Publication No. 2014/0125842; [0291] U.S. Patent Application
Publication No. 2014/0125853; [0292] U.S. Patent Application
Publication No. 2014/0125999; [0293] U.S. Patent Application
Publication No. 2014/0129378; [0294] U.S. Patent Application
Publication No. 2014/0131438; [0295] U.S. Patent Application
Publication No. 2014/0131441; [0296] U.S. Patent Application
Publication No. 2014/0131443; [0297] U.S. Patent Application
Publication No. 2014/0131444; [0298] U.S. Patent Application
Publication No. 2014/0131445; [0299] U.S. Patent Application
Publication No. 2014/0131448; [0300] U.S. Patent Application
Publication No. 2014/0133379; [0301] U.S. Patent Application
Publication No. 2014/0136208; [0302] U.S. Patent Application
Publication No. 2014/0140585; [0303] U.S. Patent Application
Publication No. 2014/0151453; [0304] U.S. Patent Application
Publication No. 2014/0152882; [0305] U.S. Patent Application
Publication No. 2014/0158770; [0306] U.S. Patent Application
Publication No. 2014/0159869; [0307] U.S. Patent Application
Publication No. 2014/0160329; [0308] U.S. Patent Application
Publication No. 2014/0166755; [0309] U.S. Patent Application
Publication No. 2014/0166757; [0310] U.S. Patent Application
Publication No. 2014/0166759; [0311] U.S. Patent Application
Publication No. 2014/0166760; [0312] U.S. Patent Application
Publication No. 2014/0166761; [0313] U.S. Patent Application
Publication No. 2014/0168787; [0314] U.S. Patent Application
Publication No. 2014/0175165; [0315] U.S. Patent Application
Publication No. 2014/0175169; [0316] U.S. Patent Application
Publication No. 2014/0175172; [0317] U.S. Patent Application
Publication No. 2014/0175174; [0318] U.S. Patent Application
Publication No. 2014/0191644; [0319] U.S. Patent Application
Publication No. 2014/0191913; [0320] U.S. Patent Application
Publication No. 2014/0197238; [0321] U.S. Patent Application
Publication No. 2014/0197239; [0322] U.S. Patent Application
Publication No. 2014/0197304; [0323] U.S. Patent Application
Publication No. 2014/0203087; [0324] U.S. Patent Application
Publication No. 2014/0204268; [0325] U.S. Patent Application
Publication No. 2014/0214631; [0326] U.S. Patent Application
Publication No. 2014/0217166; [0327] U.S. Patent Application
Publication No. 2014/0217180; [0328] U.S. patent application Ser.
No. 13/367,978 for a Laser Scanning Module Employing an Elastomeric
U-Hinge Based Laser Scanning Assembly, filed Feb. 7, 2012 (Feng et
al.); [0329] U.S. patent application Ser. No. 29/436,337 for an
Electronic Device, filed Nov. 5, 2012 (Fitch et al.); [0330] U.S.
patent application Ser. No. 13/771,508 for an Optical Redirection
Adapter, filed Feb. 20, 2013 (Anderson); [0331] U.S. patent
application Ser. No. 13/852,097 for a System and Method for
Capturing and Preserving Vehicle Event Data, filed Mar. 28, 2013
(Barker et al.); [0332] U.S. patent application Ser. No. 13/902,110
for a System and Method for Display of Information Using a
Vehicle-Mount Computer, filed May 24, 2013 (Hollifield); [0333]
U.S. patent application Ser. No. 13/902,144, for a System and
Method for Display of Information Using a Vehicle-Mount Computer,
filed May 24, 2013 (Chamberlin); [0334] U.S. patent application
Ser. No. 13/902,242 for a System For Providing A Continuous
Communication Link With A Symbol Reading Device, filed May 24, 2013
(Smith et al.); [0335] U.S. patent application Ser. No. 13/912,262
for a Method of Error Correction for 3D Imaging Device, filed Jun.
7, 2013 (Jovanovski et al.); [0336] U.S. patent application Ser.
No. 13/912,702 for a System and Method for Reading Code Symbols at
Long Range Using Source Power Control, filed Jun. 7, 2013 (Xian et
al.); [0337] U.S. patent application Ser. No. 29/458,405 for an
Electronic Device, filed Jun. 19, 2013 (Fitch et al.); [0338] U.S.
patent application Ser. No. 13/922,339 for a System and Method for
Reading Code Symbols Using a Variable Field of View, filed Jun. 20,
2013 (Xian et al.); [0339] U.S. patent application Ser. No.
13/927,398 for a Code Symbol Reading System Having Adaptive
Autofocus, filed Jun. 26, 2013 (Todeschini); [0340] U.S. patent
application Ser. No. 13/930,913 for a Mobile Device Having an
Improved User Interface for Reading Code Symbols, filed Jun. 28,
2013 (Gelay et al.); [0341] U.S. patent application Ser. No.
29/459,620 for an Electronic Device Enclosure, filed Jul. 2, 2013
(London et al.); [0342] U.S. patent application Ser. No. 29/459,681
for an Electronic Device Enclosure, filed Jul. 2, 2013 (Chaney et
al.); [0343] U.S. patent application Ser. No. 13/933,415 for an
Electronic Device Case, filed Jul. 2, 2013 (London et al.); [0344]
U.S. patent application Ser. No. 29/459,785 for a Scanner and
Charging Base, filed Jul. 3, 2013 (Fitch et al.); [0345] U.S.
patent application Ser. No. 29/459,823 for a Scanner, filed Jul. 3,
2013 (Zhou et al.); [0346] U.S. patent application Ser. No.
13/947,296 for a System and Method for Selectively Reading Code
Symbols, filed Jul. 22, 2013 (Rueblinger et al.); [0347] U.S.
patent application Ser. No. 13/950,544 for a Code Symbol Reading
System Having Adjustable Object Detection, filed Jul. 25, 2013
(Jiang); [0348] U.S. patent application Ser. No. 13/961,408 for a
Method for Manufacturing Laser Scanners, filed Aug. 7, 2013 (Saber
et al.); [0349] U.S. patent application Ser. No. 14/018,729 for a
Method for Operating a Laser Scanner, filed Sep. 5, 2013 (Feng et
al.); [0350] U.S. patent application Ser. No. 14/019,616 for a
Device Having Light Source to Reduce Surface Pathogens, filed Sep.
6, 2013 (Todeschini); [0351] U.S. patent application Ser. No.
14/023,762 for a Handheld Indicia Reader Having Locking Endcap,
filed Sep. 11, 2013 (Gannon); [0352] U.S. patent application Ser.
No. 14/035,474 for Augmented-Reality Signature Capture
, filed Sep. 24, 2013 (Todeschini); [0353] U.S. patent application
Ser. No. 29/468,118 for an Electronic Device Case, filed Sep. 26,
2013 (Oberpriller et al.); [0354] U.S. patent application Ser. No.
14/055,234 for Dimensioning System, filed Oct. 16, 2013 (Fletcher);
[0355] U.S. patent application Ser. No. 14/053,314 for Indicia
Reader, filed Oct. 14, 2013 (Huck); [0356] U.S. patent application
Ser. No. 14/065,768 for Hybrid System and Method for Reading
Indicia, filed Oct. 29, 2013 (Meier et al.); [0357] U.S. patent
application Ser. No. 14/074,746 for Self-Checkout Shopping System,
filed Nov. 8, 2013 (Hejl et al.); [0358] U.S. patent application
Ser. No. 14/074,787 for Method and System for Configuring Mobile
Devices via NFC Technology, filed Nov. 8, 2013 (Smith et al.);
[0359] U.S. patent application Ser. No. 14/087,190 for Optimal
Range Indicators for Bar Code Validation, filed Nov. 22, 2013
(Hejl); [0360] U.S. patent application Ser. No. 14/094,087 for
Method and System for Communicating Information in an Digital
Signal, filed Dec. 2, 2013 (Peake et al.); [0361] U.S. patent
application Ser. No. 14/101,965 for High Dynamic-Range Indicia
Reading System, filed Dec. 10, 2013 (Xian); [0362] U.S. patent
application Ser. No. 14/150,393 for Indicia-reader Having Unitary
Construction Scanner, filed Jan. 8, 2014 (Colavito et al.); [0363]
U.S. patent application Ser. No. 14/154,207 for Laser Barcode
Scanner, filed Jan. 14, 2014 (Hou et al.); [0364] U.S. patent
application Ser. No. 14/165,980 for System and Method for Measuring
Irregular Objects with a Single Camera filed Jan. 28, 2014 (Li et
al.); [0365] U.S. patent application Ser. No. 14/166,103 for
Indicia Reading Terminal Including Optical Filter filed Jan. 28,
2014 (Lu et al.); [0366] U.S. patent application Ser. No.
14/200,405 for Indicia Reader for Size-Limited Applications filed
Mar. 7, 2014 (Feng et al.); [0367] U.S. patent application Ser. No.
14/231,898 for Hand-Mounted Indicia-Reading Device with Finger
Motion Triggering filed Apr. 1, 2014 (Van Horn et al.); [0368] U.S.
patent application Ser. No. 14/250,923 for Reading Apparatus Having
Partial Frame Operating Mode filed Apr. 11, 2014, (Deng et al.);
[0369] U.S. patent application Ser. No. 14/257,174 for Imaging
Terminal Having Data Compression filed Apr. 21, 2014, (Barber et
al.); [0370] U.S. patent application Ser. No. 14/257,364 for
Docking System and Method Using Near Field Communication filed Apr.
21, 2014 (Showering); [0371] U.S. patent application Ser. No.
14/264,173 for Autofocus Lens System for Indicia Readers filed Apr.
29, 2014 (Ackley et al.); [0372] U.S. patent application Ser. No.
14/274,858 for Mobile Printer with Optional Battery Accessory filed
May 12, 2014 (Marty et al.); [0373] U.S. patent application Ser.
No. 14/277,337 for MULTIPURPOSE OPTICAL READER, filed May 14, 2014
(Jovanovski et al.); [0374] U.S. patent application Ser. No.
14/283,282 for TERMINAL HAVING ILLUMINATION AND FOCUS CONTROL filed
May 21, 2014 (Liu et al.); [0375] U.S. patent application Ser. No.
14/300,276 for METHOD AND SYSTEM FOR CONSIDERING INFORMATION ABOUT
AN EXPECTED RESPONSE WHEN PERFORMING SPEECH RECOGNITION, filed Jun.
10, 2014 (Braho et al.); [0376] U.S. patent application Ser. No.
14/305,153 for INDICIA READING SYSTEM EMPLOYING DIGITAL GAIN
CONTROL filed Jun. 16, 2014 (Xian et al.); [0377] U.S. patent
application Ser. No. 14/310,226 for AUTOFOCUSING OPTICAL IMAGING
DEVICE filed Jun. 20, 2014 (Koziol et al.); [0378] U.S. patent
application Ser. No. 14/327,722 for CUSTOMER FACING IMAGING SYSTEMS
AND METHODS FOR OBTAINING IMAGES filed Jul. 10, 2014 (Oberpriller
et al,); [0379] U.S. patent application Ser. No. 14/327,827 for a
MOBILE-PHONE ADAPTER FOR ELECTRONIC TRANSACTIONS, filed Jul. 10,
2014 (Hejl); [0380] U.S. patent application Ser. No. 14/329,303 for
CELL PHONE READING MODE USING IMAGE TIMER filed Jul. 11, 2014
(Coyle); [0381] U.S. patent application Ser. No. 14/333,588 for
SYMBOL READING SYSTEM WITH INTEGRATED SCALE BASE filed Jul. 17,
2014 (Barten); [0382] U.S. patent application Ser. No. 14/334,934
for a SYSTEM AND METHOD FOR INDICIA VERIFICATION, filed Jul. 18,
2014 (Hejl); [0383] U.S. patent application Ser. No. 14/336,188 for
METHOD OF AND SYSTEM FOR DETECTING OBJECT WEIGHING INTERFERENCES,
Filed Jul. 21, 2014 (Amundsen et al.); [0384] U.S. patent
application Ser. No. 14/339,708 for LASER SCANNING CODE SYMBOL
READING SYSTEM, filed Jul. 24, 2014 (Xian et al.); [0385] U.S.
patent application Ser. No. 14/340,627 for an AXIALLY REINFORCED
FLEXIBLE SCAN ELEMENT, filed Jul. 25, 2014 (Rueblinger et al.);
[0386] U.S. patent application Ser. No. 14/340,716 for an OPTICAL
IMAGER AND METHOD FOR CORRELATING A MEDICATION PACKAGE WITH A
PATIENT, filed Jul. 25, 2014 (Ellis); [0387] U.S. patent
application Ser. No. 14/342,544 for Imaging Based Barcode Scanner
Engine with Multiple Elements Supported on a Common Printed Circuit
Board filed Mar. 4, 2014 (Liu et al.); [0388] U.S. patent
application Ser. No. 14/345,735 for Optical Indicia Reading
Terminal with Combined Illumination filed Mar. 19, 2014 (Ouyang);
[0389] U.S. patent application Ser. No. 14/336,188 for METHOD OF
AND SYSTEM FOR DETECTING OBJECT WEIGHING INTERFERENCES, Filed Jul.
21, 2014 (Amundsen et al.); [0390] U.S. patent application Ser. No.
14/355,613 for Optical Indicia Reading Terminal with Color Image
Sensor filed May 1, 2014 (Lu et al.); [0391] U.S. patent
application Ser. No. 14/370,237 for WEB-BASED SCAN-TASK ENABLED
SYSTEM AND METHOD OF AND APPARATUS FOR DEVELOPING AND DEPLOYING THE
SAME ON A CLIENT-SERVER NETWORK filed Jul. 2, 2014 (Chen et al.);
[0392] U.S. patent application Ser. No. 14/370,267 for INDUSTRIAL
DESIGN FOR CONSUMER DEVICE BASED SCANNING AND MOBILITY, filed Jul.
2, 2014 (Ma et al.); [0393] U.S. patent application Ser. No.
14/376,472, for an ENCODED INFORMATION READING TERMINAL INCLUDING
HTTP SERVER, filed Aug. 4, 2014 (Lu); [0394] U.S. patent
application Ser. No. 14/379,057 for METHOD OF USING CAMERA SENSOR
INTERFACE TO TRANSFER MULTIPLE CHANNELS OF SCAN DATA USING AN IMAGE
FORMAT filed Aug. 15, 2014 (Wang et al.); [0395] U.S. patent
application Ser. No. 14/452,697 for INTERACTIVE INDICIA READER,
filed Aug. 6, 2014 (Todeschini); [0396] U.S. patent application
Ser. No. 14/453,019 for DIMENSIONING SYSTEM WITH GUIDED ALIGNMENT,
filed Aug. 6, 2014 (Li et al.); [0397] U.S. patent application Ser.
No. 14/460,387 for APPARATUS FOR DISPLAYING BAR CODES FROM LIGHT
EMITTING DISPLAY SURFACES filed Aug. 15, 2014 (Van Horn et al.);
[0398] U.S. patent application Ser. No. 14/460,829 for ENCODED
INFORMATION READING TERMINAL WITH WIRELESS PATH SELECTION
CAPABILITY, filed Aug. 15, 2014 (Wang et al.); [0399] U.S. patent
application Ser. No. 14/462,801 for MOBILE COMPUTING DEVICE WITH
DATA COGNITION SOFTWARE, filed on Aug. 19, 2014 (Todeschini et
al.); [0400] U.S. patent application Ser. No. 14/446,387 for
INDICIA READING TERMINAL PROCESSING PLURALITY OF FRAMES OF IMAGE
DATA RESPONSIVELY TO TRIGGER SIGNAL ACTIVATION filed Jul. 30, 2014
(Wang et al.); [0401] U.S. patent application Ser. No. 14/446,391
for MULTIFUNCTION POINT OF SALE APPARATUS WITH OPTICAL SIGNATURE
CAPTURE filed Jul. 30, 2014 (Good et al.); [0402] U.S. patent
application Ser. No. 29/486,759 for an Imaging Terminal, filed Apr.
2, 2014 (Oberpriller et al.); [0403] U.S. patent application Ser.
No. 29/492,903 for an INDICIA SCANNER, filed Jun. 4, 2014 (Zhou et
al.); and [0404] U.S. patent application Ser. No. 29/494,725 for an
IN-COUNTER BARCODE SCANNER, filed Jun. 24, 2014 (Oberpriller et
al.).
[0405] In the specification and/or figures, typical embodiments of
the invention have been disclosed. The present invention is not
limited to such exemplary embodiments. The use of the term "and/or"
includes any and all combinations of one or more of the associated
listed items. The figures are schematic representations and so are
not necessarily drawn to scale. Unless otherwise noted, specific
terms have been used in a generic and descriptive sense and not for
purposes of limitation.
* * * * *