IPR2016-00497, No. 2026-17 Exhibit - Exhibit 2026 (P.T.A.B. Oct. 25, 2016)

IBM
`
`Smart Cards: A Case Study
`
`Jorge Ferrari Robert Mackinnon
`Susan Poh Lakshman Yatawara
`
`International Technical Support Organization
`
`http://www.redbooks.ibm.com
`
`This book was printed at 240 dpi (dots per inch). The final production redbook with the RED cover will
`be printed at 1200 dpi and will provide superior graphics resolution. Please see “How to Get ITSO
`Redbooks” at the back of this book for ordering instructions.
`
`PROTECTIVE ORDER MATERIAL
`
`SG24-5239-00
`
`IRIS
`EXHIBIT 2026 PAGE 1
`DOJ v. IRIS
`IPR 2016-00497
`
`

`PROTECTIVE ORDER MATERIAL
`
`IRIS
`EXHIBIT 2026 PAGE 2
`DOJ v. IRIS
`IPR 2016-00497
`
`

`IBM
`
`International Technical Support Organization
`
`SG24-5239-00
`
`Smart Cards: A Case Study
`
`October 1998
`
`PROTECTIVE ORDER MATERIAL
`
`IRIS
`EXHIBIT 2026 PAGE 3
`DOJ v. IRIS
`IPR 2016-00497
`
`

`Take Note!
`
`Before using this information and the product it supports, be sure to read the general information in
`Appendix G, “Special Notices” on page 201.
`
`First Edition (October 1998)
`
`Comments may be addressed to:
`IBM Corporation, International Technical Support Organization
`Dept. HZ8 Building 678
`P.O. Box 12195
`Research Triangle Park, NC 27709-2195
`
`When you send information to IBM, you grant IBM a non-exclusive right to use or distribute the information in any
`way it believes appropriate without incurring any obligation to you.
`
`© Copyright International Business Machines Corporation 1998. All rights reserved.
`Note to U.S. Government Users — Documentation related to restricted rights — Use, duplication or disclosure is
`subject to restrictions set forth in GSA ADP Schedule Contract with IBM Corp.
`
`PROTECTIVE ORDER MATERIAL
`
`IRIS
`EXHIBIT 2026 PAGE 4
`DOJ v. IRIS
`IPR 2016-00497
`
`

`Contents
`
`Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
`
`Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`Preface
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
`About This Book
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`The Team That Wrote This Redbook
`Comments Welcome
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`ix
`
`xi
`
`xiii
` xiii
` xiii
`xiv
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
`Chapter 1.
`1.1 Smart Card History
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`1.2 Smart Card Operating System .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`1.2.1 Smart Card Operating Systems on the Market
`1.3 Smart Card Types
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`1.4 Smart Card Standards
`1.5 Smart Card Security
`.
`.
`.
`.
`.
`.
`1.6 Smart Card Terminals/Readers
`1.7 Smart Card Development Toolkits
`1.8 Smart Card Solution
`.
`.
`.
`.
`.
`.
`.
`1.9 Smart Card Card Management
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`1.10 Some Examples of Smart Card Applications and Projects
`1.11 Future of the Smart Cards
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`1
` 2
` 2
` 2
` 3
` 3
` 4
` 4
` 5
` 5
` 6
` 7
` 8
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`Chapter 2. Smart Card Security
`. 11
`. 11
`2.1 Magnetic Stripe Card Security
`. 12
`2.2 Smart Card Security Features
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 12
`2.2.1 Human Readable Security Features of Smart Cards
`. 13
`2.2.2 Security Features of the Smart Card Chip
`.
`.
`.
`.
`.
`. 14
`2.2.3 Security Features of the Card Operating System .
`. 14
`2.2.4 Security Features of the Network
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`2.3 Security Principles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
`2.3.1 Privacy
` . . . . . . . . . . . . . . . . . . . . . . . . . 15
`2.3.2 Symmetrical Cryptography
`2.3.3 Asymmetrical Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . 17
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
`2.4 Integrity
`. 19
`2.4.1 Message Authentication Code
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`2.5 Non-Repudiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
`2.5.1 Digital Signature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
`2.6 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
`2.6.1 Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
`2.7 Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
`2.7.1 PIN Codes
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
`2.7.2 Biometrics
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
`2.7.3 Mutual Authentication
`2.8 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
`
`Chapter 3. Standards, Specifications and Recommendations
`. 27
`.
`.
`.
`.
`.
`.
`.
`.
`.
`3.1 ISO 7816 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
`3.2 CEN726 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
`3.3 GSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
`3.4 EMV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
`
`© Copyright IBM Corp. 1998
`
`PROTECTIVE ORDER MATERIAL
`
`iii
`
`IRIS
`EXHIBIT 2026 PAGE 5
`DOJ v. IRIS
`IPR 2016-00497
`
`

`3.5 PC/SC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
`. 33
`3.5.1 PC/SC Migration Interface
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`3.6 OpenCard Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
`. 36
`3.7 IATA Resolution 791
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`3.8 SEIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
`3.9 Cryptoki
`3.10 CDSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
`. 37
`3.11 Co-operative and Competitive Standards
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`3.12 Standards Overlaps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
`. 39
`3.13 Smart Card Organizations
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`Chapter 4. Card Selection Process .
`. 41
`. 41
`4.1 Card Selection Considerations
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`4.2 Card Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
`4.2.1 Memory Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
`4.2.2 Microprocessor Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
`4.3 Interface Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
`4.3.1 Contact Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
`4.3.2 Contactless Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
`4.3.3 Hybrid Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
`. 46
`4.3.4 Combi Cards/Dual Interface Cards
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
`4.3.5 Optical Cards
`. 47
`4.4 Storage Capacity (EEPROM)
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 47
`4.5 Card Operating System Functions
`.
`.
`.
`.
`.
`. 48
`4.5.1 Interpretative Card Operating Systems
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
`4.6 Standards
`4.7 Compatibility Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
`. 49
`4.7.1 Card Communication Protocol (T=0, T=1)
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 49
`4.7.2 Voltage Supply (5V, 3V)
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`4.8 Security Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
`4.9 Manufacturers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
`4.9.1 Chip Manufacturers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
`4.9.2 Card Manufacturers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
`. 51
`4.9.3 Card Operating System Suppliers
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 51
`4.10 Card Reliability and Life Expectancy
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`4.10.1 Card Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
`4.11 Card Material
`. 52
`4.12 Card Quantity and Cost
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 53
`4.12.1 Reducing Card Cost
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`Chapter 5. Card Reader Selection Process
`. 55
`. 55
`5.1 Smart Card Reader Types and Use
`.
`. 56
`5.1.1 Low-Cost Readers
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
`5.1.2 Balance Readers
`. 57
`5.1.3 PC Attached/Integrated Readers
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 57
`5.1.4 Stand-Alone General-Purpose Readers
`. 58
`5.1.5 Electronic Purse Readers
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 59
`5.1.6 EFTPOS (Electronic Fund Transfer and Point of Sale) Readers
`.
`.
`.
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
`5.1.7 Building Blocks
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
`5.1.8 Hybrid Readers
`5.1.9 Contactless Readers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
`. 61
`5.2 Smart Card Reader Features
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`5.2.1 Hardware Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
`. 63
`5.2.2 Terminal Microcode
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`5.2.3 Software Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`iv
`
`Smart Cards: A Case Study
`
`PROTECTIVE ORDER MATERIAL
`
`IRIS
`EXHIBIT 2026 PAGE 6
`DOJ v. IRIS
`IPR 2016-00497
`
`

`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`5.2.4 Platform Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
`5.2.5 Other Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
`. 64
`5.3 Card Reader Suppliers
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 65
`5.4 Card Reader Standards
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 65
`5.4.1 Reader Standards, Compatibility Issues
`. 66
`5.5 Card Terminal Security
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 66
`5.6 Card Acceptance Points
`.
`.
`.
`. 67
`5.7 Smart Card Reader Evaluation
`.
`.
`.
`.
`.
`. 67
`5.7.1 Microsoft Windows-compatible logo
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`Chapter 6. Case Study . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
`. 69
`6.1 A Profile of GTT .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`6.1.1 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
`6.1.2 Digital Signature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
`6.1.3 Network Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
`. 72
`6.2 Summary of Requirements
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`6.3 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
` . . . . . . . . . . . . . . . . . . . . . . . . . . 72
`6.3.1 Mandatory Requirements
`6.3.2 Optional Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
`
`Chapter 7. Analysis of the Case Study Solution
`. 75
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
`7.1 Card Selection
`7.2 Reader Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
`7.3 Existing Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
`7.4 Facilities Access
`. 78
`7.5 Cafeteria Services and Vending Machines
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`7.5.1 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
`7.6 Digital Signature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
`7.7 Network Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
`7.8 Health Alerts
`. 84
`7.9 Biometric Access to Restricted Areas
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 84
`7.10 Time and Attendance
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`7.11 Travel Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`Chapter 8. Card Layout Design
`. 87
`. 87
`8.1 Purpose of a Card Layout
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`8.1.1 File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
`. 91
`8.1.2 Smart Card Profiles
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
`8.1.3 Data Structures
`. 92
`8.1.4 File System Security
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`8.1.5 Security Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
`. 95
`8.2 Card Design Process
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 96
`8.2.1 Consideration for Card Design
`. 96
`8.3 Card Design Checklist
`.
`.
`.
`.
`.
`.
`.
`. 96
`8.3.1 Answer to Reset (ATR)
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`8.3.2 Application Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
`8.3.3 Key Management
`8.3.4 Personalization Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
`8.3.5 Derived Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
`. 99
`8.3.6 Accessing Smart Card Data
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 99
`8.3.7 Card Layout for Contactless, Memory and JavaCards
` 100
`8.4 Compliance with International Standards
`.
`.
`.
`.
`.
`.
`.
`.
`.
` 100
`8.4.1 Defining the Special Elementary Files
` 101
`8.5 Tools and Techniques
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` 101
`8.5.1 The IBM Smart Card ToolKit
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`PROTECTIVE ORDER MATERIAL
`
`v
`
`Contents
`
`IRIS
`EXHIBIT 2026 PAGE 7
`DOJ v. IRIS
`IPR 2016-00497
`
`

` 103
`8.5.2 Designing a Card Layout with the ToolKit
` 103
`8.5.3 Creating Layouts for Non-IBM Cards
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`8.6 Skills Required . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
`8.7 Case Study
` 107
`8.7.1 Sample Memory Requirements
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` 109
`8.8 Case Study Sample Card Layout
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`Chapter 9. Smart Card Production
` 111
`.
`.
`.
`.
`.
`.
` 111
`9.1 Initialization and Personalization Scenario
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`9.2 Card Issuance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
` 113
`9.2.1 The Initialization and Personalization Files
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` 116
`9.3 Card Production Security
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`Chapter 10. Smart Card Programming
` 119
` 119
`10.1 The Card Instructions
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` 121
`10.2 A Better Approach to Coding Smart Card Applications
` 121
`10.2.1 Card Operating System Dependencies
`.
`.
`.
`.
`.
`.
` 122
`10.2.2 Card Terminal Dependencies
`.
`.
`.
`.
` 122
`10.2.3 Card Issuer Dependencies
`.
`.
`.
`.
`.
`.
`.
` 123
`10.2.4 Solution to the Programming Problems
` 123
`10.3 The IBM Smart Card ToolKit
`.
`.
`.
`.
`.
`.
`.
`.
` 123
`10.3.1 The Smart Card Agent
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
`10.3.2 Script Processor
` 129
`10.3.3 The Smart Card Agency
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` 131
`10.4 PC/SC (Personal Computer/Smart Card) Interface
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
`10.5 OpenCard Framework
` . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
`10.6 Programming JavaCards
` 135
`10.7 JavaCard versus OpenCard Framework
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` 135
`10.8 Smart Card Simulators and Testing Tools
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
`10.9 Programming Languages
` 136
`10.10 Positioning of Smart Card Programming Methods
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` 136
`10.11 Smart Card Programming Information
`.
`.
`.
`.
`.
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`Chapter 11. Project Management . . . . . . . . . . . . . . . . . . . . . . . . . . 139
`11.1 Business Case . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
`11.2 Executive Sponsorship . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
`11.3 Requirements Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
`11.4 Resource Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
` 141
`11.5 Phased Implementation Plan
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` 142
`11.6 Detailed Tasks Breakdown
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
`11.6.1 Pilot Implementation
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
`11.6.2 Rollout
` 143
`11.7 Feedback Survey and Installation and Deployment
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`Chapter 12. Card Management
` . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
` 145
`12.1 Magnetic Stripe Card Management
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` 146
`12.2 Smart Card Management
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`12.3 Card Issuance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
` 153
`12.4 Loading Application Data into the Card
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`12.4.1 Digital Signature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
`12.4.2 Cafeteria Purse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
`12.4.3 Health Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
`12.4.4 Biometrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
`12.5 Card Replacement
`12.6 New Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
`
`vi
`
`Smart Cards: A Case Study
`
`PROTECTIVE ORDER MATERIAL
`
`IRIS
`EXHIBIT 2026 PAGE 8
`DOJ v. IRIS
`IPR 2016-00497
`
`

`12.7 Card Revocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
`
`Chapter 13. System Integration and Testing
` 157
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`13.1 Component Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
` 158
`13.1.1 Smart Card Testing
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` 158
`13.1.2 Terminals/Readers and Scanners Testing .
` 158
`13.1.3 Card Production and Issuance Process
`.
`.
` 159
`13.1.4 Digital Photo Data Capturing and Processing
` 159
`13.1.5 Employee Database Enhancements
`.
`.
`.
`.
` 159
`13.1.6 Fingerprint Data Capturing and Processing
` 159
`13.1.7 Fingerprint Door Access System
`.
`.
`.
`.
`.
` 159
`13.1.8 Health Alert Data Entry and Processing
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`13.1.9 Digital Signature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
` 160
`13.2 Pilot System Integration Testing
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` 160
`13.2.1 Functional Integration Test
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
`13.2.2 Performance Testing
`13.2.3 Usability Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
` 161
`13.3 Rollout System Integration Testing .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`Chapter 14. Export and Import
` 163
`.
`.
`.
`.
` 163
`14.1 Strong versus Weak Encryption .
` 163
`14.2 Cases Subject to Export Control
`.
` 164
`14.3 Cases Not Subject to Export Control
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
`14.3.1 IBM Agreement
` 164
`14.3.2 Symmetrical Encryption Examples
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` 165
`14.3.3 Asymmetrical Encryption Examples
`.
`.
` 166
`14.4 Digital Signatures, Netscape and Smart Cards
` 167
`14.5 Smart Card Toolkits
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`14.6 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
`14.7 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
`
`.
`
`.
`
`.
`
`.
`
`.
`
`Appendix A. Sample Smart Card Layout for the Case Study
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
` 169
`
`Appendix B. JavaCard Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 179
` 179
`B.1 Introduction to JavaCard
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`B.1.1 JavaCard Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
` 181
`B.2 When to Use JavaCard?
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` 181
`B.2.1 Securely Downloading Applications
` 181
`B.2.2 Examples of JavaCard Applications
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`B.2.3 JavaCard Forum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`Appendix C. Sample JavaCard Applet
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
` 183
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`Appendix D. Overview of OpenCard Framework
` 185
` 186
`D.1 Architecture Overview .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`D.2 Card Terminals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
`D.3 Card Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
` 189
`D.3.1 File System Card Service
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` 190
`D.3.2 Signature Card Service
`.
`.
`.
`.
`.
`.
`.
`.
` 190
`D.3.3 Application Management Card Service
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`Appendix E. Sample OCF Code - GTTEmployeeCard.java.
`
`Appendix F. Electronic Purse Schemes
`F.1.1 What is an Electronic Purse
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
` 191
`
` 195
` 195
`
`PROTECTIVE ORDER MATERIAL
`
`vii
`
`Contents
`
`IRIS
`EXHIBIT 2026 PAGE 9
`DOJ v. IRIS
`IPR 2016-00497
`
`

`F.2 Disposable Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
`F.2.1 Danmønt
`F.2.2 Proton . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
`F.3 Re-loadable Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
`F.3.1 GeldKarte . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
`. 198
`F.3.2 Chipper
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`F.4 Electronic Cash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
`F.4.1 Mondex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
`
`Appendix G. Special Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
`
`Appendix H. Related Publications . . . . . . . . . . . . . . . . . . . . . . . . . 203
` 203
`H.1 International Technical Support Organization Publications
`.
`.
`.
`.
`.
`.
`.
`.
` 203
`H.2 Redbooks on CD-ROMs
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`H.3 Other Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`How to Get ITSO Redbooks
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`How IBM Employees Can Get ITSO Redbooks
`How Customers Can Get ITSO Redbooks
`.
`.
`IBM Redbook Order Form .
`.
`.
`.
`.
`.
`.
`.
`
`.
`
`.
`
`.
`
` 205
` 205
` 206
` 207
`
` 209
`
`List of Abbreviations
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
`
`ITSO Redbook Evaluation
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
` 213
`
`viii
`
`Smart Cards: A Case Study
`
`PROTECTIVE ORDER MATERIAL
`
`IRIS
`EXHIBIT 2026 PAGE 10
`DOJ v. IRIS
`IPR 2016-00497
`
`

`Figures
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`6
` 1. Smart Card Solution Components . . . . . . . . . . . . . . . . . . . . . . .
` 2. Symmetric Encryption using Single DES . . . . . . . . . . . . . . . . . . . 16
` 3. Symmetric Encryption using Triple DES . . . . . . . . . . . . . . . . . . . . 17
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
` 4. Asymmetric Encryption
` 5. Digital Signature Signing and Verification . . . . . . . . . . . . . . . . . . 20
`ISO 7816-2 Dimensions and Contact Location . . . . . . . . . . . . . . . . 28
` 6.
` 7. Derived Smart Card Sizes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
` 8. PC/SC vs PC/SC Migration Interfaces . . . . . . . . . . . . . . . . . . . . . 34
` 9. Card Selection Considerations . . . . . . . . . . . . . . . . . . . . . . . . . 41
`. 43
`10.
`Smart Card Internal Architecture
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 56
`11. GCR410 Reader from Gemplus
`.
`. 56
`12.
`Pocket Balance Reader
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 57
`13. Readers from Gemplus and Verifone (Mobile, PCMCIA, PDA)
`.
`.
`.
`.
`.
`14. Gemplus GCR500 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
`. 58
`15.
`Electronic Purse from Verifone
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 59
`16. Cash Loading Device .
`.
`.
`.
`.
`. 60
`17. Door Lock Reader
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 60
`18. Contactless Reader from RACOM .
`. 61
`19.
`Smart Card Reader Features
`.
`.
`.
`.
`. 89
`20.
`Smart Card File System .
`.
`. 89
`21.
`Smart Card File Types
`.
`.
`. 90
`22.
`EF Data Storage
`.
`.
`.
`. 91
`23.
`TLV Data Structures
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`Security Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
`24.
` 103
`25.
`Specifying a Card Layout
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` 106
`26. Using the Layout Compiler
`.
`.
`.
`.
`.
`.
` 106
`27. Card Layout (Case Study Applications)
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` 113
`28. Card Issuance Process Using the IBM Smart Card ToolKit
`.
`.
`.
`.
`.
`.
`.
` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
`29.
`Script Processor
` 116
`30. Card Production Process Using the IBM Smart Card ToolKit Scripts
`.
` 119
`31. Reading Data from a Smart Card
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` 120
`32.
`Sample APDU Commands from the Application to Smart Card .
` 120
`33.
`Sample Response from the Smart Card.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` 121
`34.
`Sample Commands to the Card Terminal
` 124
`35.
`The Smart Card Agent Architecture
`.
`.
` 125
`36.
`Sample of Agent Commands
`.
`.
`.
` 127
`37.
`The Script Processing Tool
` 129
`38.
`Smart Card Agency
`.
`.
`.
`.
` 130
`39.
`Sample Agency Repository
`.
`. 132
`40.
`PC/SC Architecture
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` 147
`41. Card Management System Components
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`42. Card Production . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
` 150
`43. GTT Card Personalization Structure
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
` 152
`44. GTT Network for Card Personalization
` 154
`45. Digital Signature Personalization
`.
`.
` 164
`46.
`Example of Internal Authentication
` 165
`47.
`Example of External Authentication
`.
`.
`.
` 166
`48.
`Example of Generating a Digital Signature
` 166
`49.
`Example of Verifying a Digital Signature
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`JavaCard structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
`50.
` 186
`51. OpenCard Framework Architecture
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`© Copyright IBM Corp. 1998
`
`PROTECTIVE ORDER MATERIAL
`
`ix
`
`IRIS
`EXHIBIT 2026 PAGE 11
`DOJ v. IRIS
`IPR 2016-00497
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`

`52. Classes of the CardTerminal Package
`53.
`Events of the CardTerminal Component
`.
`.
`.
`.
`.
`.
`.
`

This document is available on Docket Alarm but you must sign up to view it.

Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

Up-to-date information for this case.
Email alerts whenever there is an update.
Full text search for other cases.
Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.

Access Government Site

We are redirecting you
to a mobile optimized page.

Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket

Supplemental Search

Search for PTAB Motions

PTAB Analytics

TTAB Analytics

Basic Search

Filters

Party Search

Advanced

Selected Courts

Recently Selected Courts

Find PTAB Decisions

PTAB Analytics

Special PTAB Alerts

Orange Book

Directly Search Federal Courts

Search Trademark ...

This document is available on Docket Alarm but you must sign up to view it.

Accessing this document will incur an additional charge of $.

Still Working On It

A few More Minutes ... Still Working

This document could not be displayed.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

One Moment Please

Your document is on its way!

Sealed Document

We are redirecting youto a mobile optimized page.

Document Unreadable or Corrupt

We are unable to display this document.

STEP 2 of 2

Choose your membership type

Flat-Fee

Pay-As-You-Go

Add your payment information

Login or Join

Enter your corporate Email

Thousands of your peers are saving time and gaining a competitive advantage with Docket Alarm.

Join Docket Alarm to perform smarter legal research.

Download this document and millions of others instantly with a Docket Alarm membership.

Join Docket Alarm and start performing smarter legal research.

Start tracking this docket instantly with a Docket Alarm membership.

Join thousands of your peers and start performing smarter legal research.

STEP 1 of 2

Millions of Documents | 15 Seconds to Signup

Hi !

Welcome to Docket Alarm

Welcome to Docket Alarm!

Explore Litigation Insights andManage Your Cases

Reset Password

What is PACER?

Why do I need it?

What will I be charged?

Do other courts have fees?

Basic Free Access

Welcome

Thank you

Check Firm Account

We are redirecting you
to a mobile optimized page.

Explore Litigation Insights and
Manage Your Cases