PTO/SB/08a (03-09)
`Doc code: IDS
`Approved for use through 04/30/2008. OMB 0651-0031
`Doc description: Information Disclosure Statement (IDS) Filed
`ULS. Patent and Trademark Office; U.S. DEPARTMENT OF COMMERCE
`Underthe Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information unless it contains a valid OMB control number.
`
`
`Application Number
`
`12376360
`
`INFORMATION DISCLOSURE
`STATEMENT BY APPLICANT
`( Not for submission under 37 CFR 1.99)
`
`Filing Date
`Bruno CHARRAT
`First Named Inventor
`
`
`2009-02-04
`
`
`
`Art Unit
`
`Examiner Name
`
`2431
`
` Not Yet Assigned Attorney Docket Number
`
`
`
`10000-132US (100405US/W0)
`
`U.S.PATENTS
`
`
`Examiner) Cite
`Initial”
`No
`
`Patent Number
`
`Kind
`Code
`
`Issue Date
`
`Name of Patentee or Applicant
`of cited Document
`
`Pages,Ccolumns,Lines where
`Relevant Passages or Relevant
`Figures Appear
`
`
`
`Add
`lf you wish to add additional U.S. Patent citation information please click the Add button.
`[remove]SCS
`U.S.PATENT APPLICATION PUBLICATIONS
`
`Pages,Columns,Lines where
`
`Examiner] Cite Kind|Publication
`Name of Patentee or Applicant
`Initial*
`No
`Publication Number
`Relevant Passages or Relevant
`Code'| Date
`of cited Document
`Figures Appear
`
`
`
`
`
`NON-PATENTLITERATURE DOCUMENTS Examiner] Cite TS
`
`
`
`
`
`
`lf you wish to add additional U.S. Published Application citation information please click the Add button]Add|
`FOREIGN PATENT DOCUMENTS
`
`Pages,Columns, Lines
`Nameof Patentee or
`Kind
`Publication
`where Relevant
`Country
`Examiner] Cite|Foreign Document
`TS
`Code2 j
`Applicant of cited
`
`
`
`Initial* No|Number? Code4 Date
`Passages or Relevant
`Document
`Figures Appear
`
`
`
`
`
`If you wish to add additional Foreign Patent Documentcitation information please click the Add button
`
`Include name of the author (in CAPITAL LETTERS}, title of the article (when appropriate),title of the item
`(book, magazine, journal, serial, symposium, catalog, etc}, date, pages(s), volume-issue number(s},
`Initials*|No
`publisher, city and/or country where published.
`
`
`
`EFS Web 2.1.12
`
`Apple Ex. 1030, p. 1
`Apple Ex. 1030,p. 1
` Apple v. Fintiv
`Applev. Fintiv
`IPR2020-00019
` IPR2020-00019
`
`

`

`Examiner Name
`
`
`
`Not Yet Assigned
`
`
`
`
`
`
`Filing Date
`2009-02-04
`INFORMATION DISCLOSURE First Named Inventor|Bruno CHARRAT
`
`
`STATEMENT BY APPLICANT |
`ey
`( Not for submission under 37 CFR 1.99)
`
`Application Number
`
`12376360
`
`
`
`
`
`Attorney Docket Number
`
`10000-132US (100405US/WoO)
`
`
`
`"Identification cards - Integrated circuit(s) cards with contacts", International Standard ISO/IEC 7816-1, First Edition
`1
`(10/15/1998).
`
`
`2
`
`AFNOR,"Identification cards - Integrated circuit(s} cards with contacts", International Standard ISO/IEC 7816-1, First
`Edition (10/15/1998), Amendment 1 (11/15/2003).
`
`AFNOR,“Identification cards - Integrated circuit cards”, International Standard ISO/IEC 7816-2, First Edition
`3
`(03/01/1999), Amendment1 (06/01/2004).
`
`
`4
`
`5
`
`AFNOR,"Identification cards - Integrated circuit cards", International Standard ISO/IEC 7816-2, Second Edition
`(10/15/2007).
`
`AFNOR,"Identification cards - Integrated circuit cards”, International Standard ISO/IEC 7816-3, Third Edition
`(11/01/2006).
`
`Es
`
`
`"Information technology - Identification cards - Integrated circuit(s) cards with contacts", International Standard ISO/
`6
`IEC 7816-4, First Edition (09/01/1995), Amendment1 (12/15/1997).
`
`
`7
`
`AFNOR,"Identification cards - Integrated circuits cards", International Standard ISO/IEC 7816-4, Second Edition
`(01/15/2005).
`
`"Identification cards - Integrated circuit(s) cards with contacts", International Standard ISO/IEC 7816-5, First Edition
`8
`(06/15/1994), Amendment1 (12/15/1996).
`
`
`9
`
`AFNOR,“Identification cards - Integrated circuit cards”, International Standard ISO/IEC 7816-5, Second Edition
`(12/01/2004).
`
`10
`
`AFNOR,"Identification cards - Integrated circuit cards", International Standard ISO/IEC 7816-6, Second Edition
`(05/15/2004).
`
`11
`
`AFNOR, "Identification cards - Integrated circuit cards”, International Standard ISO/IEC 7816-6AC1, (06/15/2006).
`
`EFS Web 2.1.12
`
`Apple Ex. 1030, p. 2
`Apple Ex. 1030, p. 2
` Apple v. Fintiv
`Applev. Fintiv
`IPR2020-00019
` IPR2020-00019
`
`

`

`Filing Date
`2009-02-04
`INFORMATION DISCLOSURE
`
`First Named Inventor|Bruno CHARRAT
`STATEMENT BY APPLICANT
`( Not for submission under 37 CFR 1.99)
`
`
`12376360
`
`
`
`Art Unit
`
`2431
`
`Examiner Name
`
` Application Number
`
`
` ° Applicant is to place a check markhereif]
`
`
`
` Not Yet Assigned
`Attorney Docket Number 10000-132US (100405US/WoO)
`
`
`
`
`
`"Identification cards - Integrated circuit(s) cards with contacts", International Standard ISO/IEC 7816-7, First Edition
`(03/01/1999).
`
`
`12
`
`13
`
`"Identification cards - Integrated circuit(s) cards with contacts", International Standard ISO/IEC, FDIS, 7816-8, Final
`Draft (1998).
`
`AFNOR, “Identification cards - Integrated circuit(s} cards with contacts", International Standard ISO/IEC, FDIS, 7816-9,
`(12/21/1998).
`
`
`14
`
`15
`
`AFNOR,"Identification cards - Integrated circuit cards with contacts", International Standard ISO/IEC 7816-15/AC1,
`(07/01/2004).
`
`16
`
`17
`
`18
`
`AFNOR,"Identification cards - Integrated circuit cards with contacts", International Standard ISO/IEC 7816-15,First
`Edition, (01/15/2004).
`
`Es
`
`
`"Identification cards - Contactless integrated circuit(s) cards - Proximity cards", International Standard ISO/IEC
`14443-2, First Edition (07/01/2001).
`
`DIN, "Identification cards - Contactless integrated circuit(s} cards - Proximity cards”, International Standard ISO/IEC
`WD 14443-2, (01/26/2007).
`
`"Identification cards - Contactless integrated circuit(s) cards - Vicinity cards", International Standard ISO/IEC 15693-3,
`19
`First Edition (04/01/2001).
`
`
`
`If you wish to add additional non-patent literature documentcitation information please click the Add button
`EXAMINER SIGNATURE
`
`
`
`Examiner Signature Date Considered
`
`*EXAMINER: Initial if reference considered, whetheror not citation is in conformance with MPEP 609. Draw line through a
`
`citation if not in conformance and not considered. Include copy of this form with next communication to applicant.
`
`2 Enteroffice that issued the document, by the two-letter code (WIPO
`1 See Kind Codes of USPTO Patent Documents at www.USPTO.GOV or MPEP 801.04.
`Standard ST.3). 3 For Japanese patent documents,the indication of the year of the reign of the Emperor must precedethe serial number of the patent document.
`4 Kind of documentby the appropriate symbols as indicated on the document under WIPO Standard ST.16 if possible.
`English language translation is attached.
`
`EFS Web 2.1.12
`
`Apple Ex. 1030, p. 3
`Apple Ex. 1030, p. 3
` Apple v. Fintiv
`Applev. Fintiv
`IPR2020-00019
` IPR2020-00019
`
`

`

`Filing Date
`2009-02-04
`INFORMATION DISCLOSURE First Named Inventor|Bruno CHARRAT
`
`
`STATEMENTBY APPLICANT
`Art Unit
`ver
`( Not for submission under 37 CFR 1.99)
`
`
`
`Application Number
`
`12376360
`
`
`
`Examiner Name
`
`
`
`Not Yet Assigned
`
`Attorney Docket Number
`
`10000-132US (100405US/WoO)
`
`
`
`Please see 37 CFR 1.97 and 1.98 to make the appropriate selection(s}:
`
`CERTIFICATION STATEMENT
`
`[]
`
`That each item of information contained in the information disclosure statement wasfirst cited in any communication
`from a foreign patent office in a counterpart foreign application not more than three months prior to the filing of the
`information disclosure statement. See 37 CFR 1.97(e}(1).
`
`OR
`
`[-]
`
`That no item of information contained in the information disclosure statement was cited in a communication from a
`foreign patent office in a counterpart foreign application, and, to the knowledge of the person signing the certification
`after making reasonable inquiry, no item of information contained in the information disclosure statement was knownto
`any individual designated in 37 CFR 1.56(c) more than three months prior to thefiling of the information disclosure
`statement. See 37 CFR 1.97(e}(2).
`
`
`
`[|] See attached certification statement.
`|] Fee set forth in 37 CFR 1.17 (p) has been submitted herewith.
`[x] None
`
`SIGNATURE
`
`A signature of the applicant or representative is required in accordance with CFR 1.33, 10.18. Please see CFR 1.4(d)} for the
`form of the signature.
`
`
`Name/Print 52225 John D. Simmons Registration Number
`
`
`
`
`
`
`
`Signature
`
`‘John D. Simmons/
`
`Date (YYYY-MM-DD)
`
`
`
`
`
` 2009-04-06
`
`
`
`This collection of information is required by 37 CFR 1.97 and 1.98. The information is required to obtain or retain a benefit by the
`public whichis to file (and by the USPTOto process) an application. Confidentiality is governed by 35 U.S.C. 122 and 37 CFR
`1.14. This collection is estimated to take 1 hour to complete, including gathering, preparing and submitting the completed
`application form to the USPTO. Time will vary depending upon the individual case. Any comments on the amount of time you
`require to complete this form and/or suggestions for reducing this burden, should be sent to the Chief Information Officer, U.S.
`Patent and Trademark Office, U.S. Department of Commerce, P.O. Box 1450, Alexandria, VA 22313-1450. DO NOT SEND
`FEES OR COMPLETED FORMS TO THIS ADDRESS. SEND TO: Commissionerfor Patents, P.O. Box 1450, Alexandria,
`VA 22313-1450.
`
`EFS Web 2.1.12
`
`Apple Ex. 1030, p. 4
`Apple Ex. 1030, p. 4
` Apple v. Fintiv
`Applev. Fintiv
`IPR2020-00019
` IPR2020-00019
`
`

`

`Privacy Act Statement
`
`attached form related to a patent application or patent. Accordingly, pursuant to the requirements of the Act, please be advised
`that:
`(1) the general authority for the collection of this information is 35 U.S.C. 2(b)(2); (2) furnishing of the information solicited
`is voluntary; and (3) the principal purpose for which the information is used by the U.S. Patent and Trademark Office is to
`process and/or examine your submission related to a patent application or patent.
`If you do not furnish the requested
`information, the U.S. Patent and Trademark Office may not be able to process and/or examine your submission, which may
`result in termination of proceedings or abandonmentof the application or expiration of the patent.
`
`The information provided by youin this form will be subject to the following routine uses:
`
`1.
`
`2.
`
`3.
`
`4.
`
`5.
`
`6.
`
`7.
`
`The information on this form will be treated confidentially to the extent allowed under the Freedom of Information Act
`(5 U.S.C. 552} and the Privacy Act (5 U.S.C. 552a). Records from this system of records may be disclosed to the
`Departmentof Justice to determine whether the Freedom of Information Act requires disclosure of these record s.
`
`A record from this system of records may be disclosed, as a routine use, in the course of presenting evidence toa
`court, magistrate, or administrative tribunal, including disclosures to opposing counselin the course of settlement
`negotiations.
`
`A record in this system of records may be disclosed, as a routine use, to a Member of Congress submitting a
`requestinvolving an individual, to whom the record pertains, when the individual has requested assistance from the
`Member with respect to the subject matter of the record.
`
`A record in this system of records may be disclosed, as a routine use, to a contractor of the Agency having need for
`the information in order to perform a contract. Recipients of information shall be required to comply with the
`requirements of the Privacy Act of 1974, as amended, pursuant to 5 U.S.C. 552a(m).
`
`A record related to an International Application filed under the Patent Cooperation Treaty in this system of records
`maybe disclosed, as a routine use, to the International Bureau of the World Intellectual Property Organization, pursuant
`to the Patent Cooperation Treaty.
`
`A record in this system of records may be disclosed, as a routine use, to another federal agency for purposes of
`National Security review (35 U.S.C. 181) and for review pursuant to the Atomic Energy Act (42 U.S.C. 218(c)).
`
`A record from this system of records may be disclosed, as a routine use, to the Administrator, General Services, or
`his/her designee, during an inspection of records conducted by GSAaspart of that agency's responsibility to
`recommend improvementsin records managementpractices and programs, under authority of 44 U.S.C. 2904 and
`2906. Such disclosure shall be made in accordance with the GSA regulations governing inspection of records for this
`purpose, and any other relevant(i.e., GSA or Commerce) directive. Such disclosure shall not be used to make
`determinations about individuals.
`
` The Privacy Act of 1974 (P.L. 93-579) requires that you be given certain information in connection with your submission of the
`
`
`
`8.
`
`A record from this system of records may be disclosed, as a routine use, to the public after either publication of the
`application pursuant to 35 U.S.C. 122(b) or issuance of a patent pursuant to 35 U.S.C. 151. Further, a record may be
`disclosed, subject to the limitations of 37 CFR 1.14, as a routine use, to the public if the record wasfiled in an application
`which became abandonedor in which the proceedings were terminated and which application is referenced by either a
`published application, an application open to public inspections or an issued patent.
`
`9.
`
`A record from this system of records may be disclosed, as a routine use, to a Federal, State, or local law
`enforcement agency, if the USPTO becomes aware ofa violation or potential violation of law or regulation.
`
`EFS Web 2.1.12
`
`Apple Ex. 1030, p. 5
`Apple Ex. 1030, p. 5
` Apple v. Fintiv
`Applev. Fintiv
`IPR2020-00019
` IPR2020-00019
`
`

`

`STD-ISO ?81b-4-ENGL 19595 MM 4851903 074341? Ibe
`
`INTERNATIONAL
`STANDARD
`
`ISOAEC
`7816-4
`First edition
`1995-09-01
`AMENDMENT 1
`1997-12-15
`
`
`
`Information technology — Identification
`cards — Integrated circuit(s) cards with
`contacts —
`
`Part 4:
`Interindustry commandsfor interchange
`
`AMENDMENT1: Impact of secure messaging
`on the structures of APDU messages
`
`Technologies de l'information — Cartes d‘identification — Cartes a circuit(s)
`intégré{s) a contacts —
`
`Partie 4: Commandes intersectorielfes pour les échanges
`
`AMENDEMENT17: impact de la messagerie de sécurité sur les structures
`des messages APDU
`
`
`
`
`
`Reference number
`ISO/IEC 7816-4:1995/Amd.1:1997(E}
`
`COPYRIGHT 2060 International Organization for Standardization
`March 03, 2000
`11:21:01
`
`Information Handling Services,
`
`Apple Ex. 1030, p. 6
`Apple Ex. 1030, p. 6
` Apple v. Fintiv
`Applev. Fintiv
`IPR2020-00019
` IPR2020-00019
`
`

`

`STD-ISO 7A14-4-ENGL 1995 MM 4851903 06733618 479
`
`ISO/IEC 7816-4:1995/Amd.1:1997(E)
`
`Contents
`
`Page
`
`FOPOWOIG ooocee ne Ee EE OD DPD eSPE iii
`
`INTFOCUCTION ooo. cece cece cee ccc eke eee ee enn DEAE ECE Ren EERE REE DE EEE EEE DE
`
`iv
`
`Revision of table 19 ooo cc cece cece cece cca enneneeeae ener eeeeueuseeesaeee soap eeeeoressseeeeee
`
`Revision of table 21 ..ccccccccecscntseeceecceeeeeeceeenennereeeaasecesenenanensenensecseaaereersoreesceeees
`
`5.7
`
`impact of secure messaging on the structures of APDU messages......
`
`Annex F {informative} Use of secure MESSAGING ............ 0 cc eee ee steer eee
`
`1
`
`4
`
`2
`
`3
`
`© ISO/EC 1997
`this publication may be
`All
`rights reserved. Unless otherwise specified, no part of
`reproduced or utilized in any form or by any means, electronic or mechanical,
`including
`photocopying and microfilm, without permission in writing from the publisher.
`ISO/IEC Copyright Office » Case postale 56 « CH-1211 Geneve 20 « Switzerland
`Printed in Switzerland
`
`COPYRIGHT 2000 International Organization for Standardization
`March 03, 2000
`11:21:01
`
`Information Handling Services,
`
`Apple Ex. 1030, p. 7
`Apple Ex. 1030, p. 7
` Apple v. Fintiv
`Applev. Fintiv
`IPR2020-00019
` IPR2020-00019
`
`

`

`STD-ISO PALbL-Y-ENGL 1995 HM 4851903 0733419 735
`
`© ISO/IEC
`
`ISO/IEC 7816-4:1995/Amd.1:1997(E)
`
`Foreword
`
`ISO {the International Organization for Standardization} and |EC {the International
`Electrotechnical Commission)
`form the specialized system for worldwide
`standardization. National bodies that are members of ISO or IEC participate in the
`development
`of
`International Standards
`through
`technical
`committees
`established by the respective organization to deal with particular
`fields of
`technical activity.
`ISO and IEC technical cornmittees collaborate in fields of
`mutual
`interest. Other
`international organizations, governmental and non-
`governmental, in liaison with ISO and IEC, also take part in the work.
`
`[SO and i€C have established a joint
`In the field of information technology,
`technical committee,
`ISO/IEC JTC 1. Draft International Standards adopted by
`the joint
`technical committee are circulated to national bodies for voting.
`Publication as an International Standard requires approvai by at least 75 %of the
`national bodies casting a vote.
`
`to International Standard ISO/IEC 7816-4:1995 was prepared by
`Amendment 1
`Joint Technical Committee ISO/IEC JTC 1,
`information technology, Subcom-
`mittee SC 17, dentification cards and related devices.
`
`COPYRIGHT 2000 International Organization for Standardization
`12:21:01
`March 03, 2000
`
`Information Handling Services,
`
`Apple Ex. 1030, p. 8
`Apple Ex. 1030, p. 8
` Apple v. Fintiv
`Applev. Fintiv
`IPR2020-00019
` IPR2020-00019
`
`iit
`
`

`

`STD-IS0 ?81b-Y-ENGL 19455 Mme 4851903 O733b2e0 457
`
`ISO/IEC 7816-4:1995/Amd.1:1997(E)
`
`@ ISO/IEC
`
`Introduction
`
`The integrated circuit(s) cards with contacts are identification cards intended for
`information exchange negotiated between the outside and the integrated circuit
`in the card. As a result of an information exchange, the card delivers information
`(computation results, stored data), and/or modifies its content (data storage,
`event memorization).
`
`Part 4 of ISO/IEC 7816 is one of a series of standards describing the parameters
`for such cards and the use of such cardsfor international interchange.
`
`This amendment fixes the impact of secure messaging on the structures of
`APDU messages.
`
`COPYRIGHT 2000 International Organization for Standardization
`March 03, 2000
`11:21:01
`
`Information Handling Services,
`
`Apple Ex. 1030, p. 9
`Apple Ex. 1030, p. 9
` Apple v. Fintiv
`Applev. Fintiv
`IPR2020-00019
` IPR2020-00019
`
`

`

`STD-ISO PAlb-4Y-ENGLE 1995 MMP 44851903 07353621 393 mm
`
`© ISOAEC
`
`ISO/EC 7816-4:1995/Amd.1:1997(E)
`
`Information technology — Identification cards —
`Integrated circuit(s) cards with contacts —
`
`Part 4:
`Interindustry commandsfor interchange
`
`AMENDMENT1: Impact of secure messaging on the
`structures of APDU messages
`
`{n table 19, replace the last line by the following two lines.
`
`'97'
`96",
`‘93’
`
`— Value of L, in the unsecured command
`— Status information (e.g., SW1 SW2)
`
`In table 21, replace the value 'BA* by the following two values.
`
`‘AC’,
`
`'BC’
`
`COPYRIGHT 2000 International Organization for Standardization
`March 03, 2000
`12:21:01
`
`Information Handling Services,
`
`Apple Ex. 1030, p. 10
`Apple Ex. 1030, p. 10
` Apple v. Fintiv
`Applev. Fintiv
`IPR2020-00019
` IPR2020-00019
`
`

`

`STD.ISO ?PALG-4Y-ENGLE 1995 MM 4851903 0733b22? 22°T
`
`ISOAEC 7816-4:1995/Amd.1:1997(E)
`
`© ISO/IEC
`
`insert the foilawing subclause.
`
`5.7 Impact of secure messaging on the
`structures of APDU messages
`
`Similarly,
`follows.
`
`the response APDU shall be encapsulated as
`
`— if there is a data field, the L, data bytes shall be
`carried
`*either by a plain value data abject
`‘B2', ‘B3', see table 19),
`* or by a data object for confidentiality Grom ‘84'
`‘S7', see table 22).
`— |f needed, the response trailer shall be carried by a
`status information data object ((99", see table 19); the
`empty data object means SW1 SW2 = '9000'.
`
`('80',
`
`‘81’,
`
`to
`
`9
`Figure
`messages.
`
`shows
`
`the
`
`structures
`
`of
`
`secured APDU
`
`— Every new data field may carry additional SM data
`objects, e.g., a cryptographic checksum ('8E'} at the
`end. Annex F providesillustrative examples.
`— The new L, field gives the length of the new data
`field of the secured command APDU.
`
`— The new L,field shall be empty when no data field
`is
`expected
`in
`the
`secured
`response APDU;
`otherwise, it shall contain only zeroes.
`—— The new response trailer codes the status of the
`receiving entity after processing the secured com-
`mand. It may be encapsulated for protection.
`Command header
`Command bod
`(New L,field}
`{ [New data field] =
`{T L, Data bytes} [T 'O1' or ‘02° L})
`[New L,field]
`
`
`
`CLA* INS P1 P2
`(four bytes)
`
`Response body
`[New data field] =
`IT L, Data bytes] [T '02' New SW1 SW2]
`
`Responsetrailer
`New SW1 SW2
`{two bytes)
`
`Figure 3 — Structures of secured APDU messages
`
`NOTES
`
`The lengths from 1 to 127 are coded in the same way in BER-TLV
`1
`tength fields as in APDU length fields. The codings differ for 128 and
`more.
`
`As stated above, further or other SM data objects may be
`2
`present in the new data fields.
`3. When securing messages,it is not always apparent whether the
`data to be protected have a BER-TLV structure. Then the tags ‘80’, ’81’,
`‘86’ and '87' are recommended.
`
`The structures of APDU messages are specified in 5.3.
`According to 5.3.1,
`the command APDU consists of a
`mandatory command header of four bytes conditionally
`followed by a command body (see figures 3 and 4);
`the
`decoding of the command bedy is specified in 5.3.2 (see
`figure 5 and table 5). According to 5.3.3,
`the response
`APDU consists of a conditional response body followed by
`a mandatory response trailer of two bytes (see figure 6).
`Figure 8 shows the structures of APDU messages.
`
`Command header
`CLA INS P1 P2
`{four bytes)
`
`Command body
`{L, field]
`[Data field]
`[L,field]
`(Lbytes, denoted as B, to B,)
`
`Response bod
`{Data field]
`{L, data bytes}
`
`Response trailer
`SW SW2
`{two bytes)
`
`Figure 8 — Structures of APDU messages
`
`Clause 6 specifies APDU commands and responses for
`basic interindustry commands. Clause 7 specifies APDU
`commands
`and
`responses
`for
`transmisston-oriented
`interindustry commands. Clauses 6 and 7 do not describe
`the impact of
`secure messaging (see 5.6) on the
`structures
`of APDU messages. Consequently,
`the
`semantic meanings of
`length fields and data fields in
`clauses 6 and 7 may seem in contradiction with their
`syntactic meanings in 5.3.
`:
`
`This subclause specifies the impact of secure messaging
`as specified in 5.6 on the structures of APDU messages
`as specified in 5.3, so as to avoid the aforementioned
`possible misunderstanding.
`
`For securing an APDU command where CLA has an appro-
`priate value according to table 9, namely ‘OX’,
`'8x',
`'SX'
`or 'AX',
`the bit b4 in CLA shall be set to 1, which is
`indicated as CLA* in figure 9 and annex F;
`if present, the
`command body shall be decoded according to 5.3.2 and
`encapsulated as follows.
`— If there is a data field, the L. data bytes shall be
`carried
`eeither by a plain value data object (80',
`‘B2', ‘BS’, see table 19),
`® or by a data object for confidentiality (rom ‘84' to
`'87', see table 22).
`the value of L, shall be
`— If there is an L, field,
`carried by a L, data object {either
`‘96' or '97', see
`table 19); the value field codes an unsigned positive
`integer on one or two bytes; both the null value and
`the empty data object mean the maximum.
`
`‘831’,
`
`N
`
`COPYRIGHT 2000 International Organization for Standardization
`March 03, 2000
`11:21:01
`
`Information Handling Services,
`
`Apple Ex. 1030, p. 11
`Apple Ex. 1030, p. 11
` Apple v. Fintiv
`Applev. Fintiv
`IPR2020-00019
` IPR2020-00019
`
`

`

`STD-ISO 7ALb-4-ENGLE 1995 MP 48519023 0733423 LbLb a
`
`© ISO/IEC
`
`ISOAEC 7816-4:1995/Amd.1:1997(E)
`
`Replace the existing annex F (two pages) by the following revision (three pages).
`
`Annex F
`
`(informative)
`
`Use of secure messaging
`
`F.1 Abbreviations
`
`— Case 1.a — Status not to be protected
`
`the following abbrevia-
`
`
`
`cerNnQOaQQqa0m53OD283
`
`For the purposes of this annex,
`tions apply.
`cryptographic checksum
`cryptogram
`command header (CLA INS P1 P2}
`control reference
`file reference
`key reference
`length
`value of L, in the unsecured command (one or two
`bytes coding an unsigned positive integer; the null
`value means the maximum)
`padding bytes ('80' followed by 0 to k-1 times ‘00’
`where k is the block length)
`padding indicator byte
`Pl
`plain value
`PY
`RD response descriptor
`T
`tag
`ii
`concatenation
`
`PB
`
`F.2 Cryptographic checksum
`According to 5.7,
`the use of cryptographic checksums
`(see 5.6.3.1) is shown for the four cases defined in table
`4 and figure 4. In the examples, the value of Lec is four.
`CLA* indicates the use of secure messaging,
`|.e., the bit
`b4 is equal to 1 in CLA which is equal to ‘OX’, ‘8x’, ‘9X' or
`‘AX’ according to table 9.
`
`— Case 1 — Nodata, no data
`
`The unsecured command-response pair is as follows.
`Command header
`Command body
`CLA INS P1 P2
`Empty
`
`The secured command APDUis as follows.
`Command header
`Cammand body
`CLA* INS P1 P2
`New L, field {one byte = 06’) fl
`New data field
`{six bytes)
`
`New data field = One data object =
`Tec Wlee WCC
`
`Data covered by CC (b3=1 in CLA*) = One block =
`CHU PB
`
`The secured response APDU is as follows.
`Response bod
`
`Response trailer
`Rew Swi SW2
`
`— Case 1.b — Status to be protected
`
`The secured command APDU is as follows.
`Command header
`Command body
`New L, field (one byte =’06’) Il
`New data field
`(ix bytes)
`il
`New L, field
`{one byte = 00°)
`
`
`
`CLA* INS PT P2
`
`New data field = One data object =
`Toe i Lee OC
`
`Data covered by CC (b3=1 in CLA*) = One block =
`CHIPB
`
`The secured response APDU is as follows.
`Response body
`New data field
`
`Responsetrailer
`New SW1 SW2
`
`New data field = Two data objects =
`Tow (b1<1) I Lew IESW (= New SW1 SW/2) II
`Tee te Lee HCC
`
`Response body
`Empty
`
`Responsetrailer
`SW SW2
`
`Data covered by CC = One block =
`Tew (b1=1) B Lew li SW IE PB
`
`COPYRIGHT 2000 International Organization for Standardization
`March 03, 2000
`2:21:01
`
`Information Handling Services,
`
`Apple Ex. 1030, p. 12
`Apple Ex. 1030, p. 12
` Apple v. Fintiv
`Applev. Fintiv
`IPR2020-00019
` IPR2020-00019
`
`

`

`STD-IS0 ?SLb-4Y-ENGL 1995 MM 4851903 0733624 OT? Me
`
`ISONEC 7816-4:1995/Amd.1:1997(E)
`
`— Case 2 — No data, data
`
`The unsecured command-response pair is as follows.
`Command header
`Command body
`CLA INS P1 P2
`L, field
`Response body
`Data field
`
`Responsetrailer
`SW1 SW2
`
`The secured command APDU is as follows.
`Command header
`body
`CLA* INS P1 P2
`New L, field I| New data field
`New L, field (ene or two bytes = °00’)
`
`New data field = Two data objects =
`Tre (ot=1) Ly, ILE
`Tee flee HCC
`Data covered by CC =
`* One block if b3=6 in CLA*® =
`Tre (o1=1) Le ILLE HO PB
`* Two blocks if b3=1 in CLA* =
`CH IPB II
`Tie (61=1) WLILLE W PB
`
`The secured response APDU is as follows.
`Response bod
`New data field
`
`Responsetrailer
`New SWT SW2
`
`New data field = Three data objects =
`Tpy (b1=1) HT Lpy IE PV
`[Toy (b1=1} I Low i SW (= New SW SW2)) |]
`Tee tH Lee Ce
`Data covered by CC = One or more blocks =
`Toy (ot=1) He Lpy HPV WiTosy (o1=1) fl Low tH SWI II PB
`
`— Case 3 — Data, no data
`
`The unsecured command-response pair is as follows.
`Command header
`Command body
`CLA INS P1 P2
`L, field
`HU Data field
`Response body
`Response trailer
`Empty
`Swi SW2
`
`— Case 3.a — Status not to be protected
`The secured command APDU is as follows.
`Command header
`Command body
`CLA* INS P1 P2
`New L, field
`If New data field
`
`New data field = Two data objects =
`Tey (O1=1) WeLpy IE PV II
`Tec i Lee ECC
`Data covered by CC =
`« One or more blocks if b3=0 in CLA*
`Tey (b1=1} Il Lpy HPV PB
`* Two or more blocks if b3=1 in CLA*
`CH UPB Il
`Tpy th1=1) Il Ley H PV NPB
`
`Ml
`
`&
`
`The secured response APDUis as follows.
`Response body
`Empty
`
`Response trailer
`New SW1 SW2
`
`— Case 3.b — Status to be protected
`
`The secured command APDU is as follows.
`Command header
`Command body
`CLA* INS PT P2
`New L,. field
`|| New data fieid
`New L,field (one or two bytes = ‘00%
`
`New data eld = Two data objects =
`Tey (b1=1) Hl Lpy PV Hl
`Tee I Lee HCC
`
`Data covered by CC =
`* One or more biocks if b3=0 in CLA*
`Tpy (b1=1) Il Ley PV IPB
`* Two or more blocks if b3=1 in CLA*
`CH tt PB Ii
`Tpy (b1=1) Il Loy PV PB
`
`The secured response APDUis as follows.
`Response body
`New data field
`
`Responsetrailer
`New SW SW2
`
`New data field = Two data objects =
`Tew {b1=1) H Low SW (= New SW1 SW2} I
`Tee lt Lee IE CO
`Data covered by CC = One block =
`Toy (b1=1) Il Ley I SW it PB
`
`~~ Case 4 — Data, data
`
`The unsecured command-response pair is as follows.
`Command header
`Command bed
`
`Li. field
`CLA INS PT P2
`Response body
`Data field
`
`Data fieid It L, field
`Response trailer
`SW1 SW2
`
`The secured command APDUis as follows.
`Command header
`Command body
`CLA* INS P1 P2
`New L. field
`1 New data field
`New L,field (one or two bytes = ‘00°}
`
`New data field = Three data objects =
`Tpy (01=1) fF Ley IE PV Il
`Tie (b1=7) ILeH LEW
`Tec ll Lec "i cc
`
`Data covered by CC =
`* One or more blocks if b3=0 in CLA* =
`Tpy (b1=1) Loy H PVT), (b1=1) 1 L,I LE tt PB
`* Two or more blocks if b3=1 in CLA* =
`CHPBI
`Tey (64=1) Il Ley IEPV it Tle (>1=1) t Loe F LEPB
`
`COPYRIGHT 2000 International Organization for Standardization
`March 03, 2000
`11:21:01
`
`Information Handling Services,
`
`Apple Ex. 1030, p. 13
`Apple Ex. 1030, p. 13
` Apple v. Fintiv
`Applev. Fintiv
`IPR2020-00019
` IPR2020-00019
`
`

`

`STD-ISO ?83b-4-ENGLE 1995 MM 4851903 07335b¢c5 T3235
`
`@ ISO/IEC
`
`ISOAEC 7816-4:1995/Amd.1:1997(E)
`
`The secured response APDU is as follows.
`Responsesbod
`
`Response trailer
`
`F.4 Control references
`
`New data field = Three data objects =
`Tpy (b4=1) I Loy IE PV Hl
`[Tew (b1=1) Il Lew ll SW (= New SW1 SW2)) JI
`Tee W Lee il CC
`
`The use of controi references (see 5.6.5.1) is shown.
`
`Command data field =
`Ter Hi Leg CR
`where CR = Tep I Leg IE FR OW Tee I Lee HL KR
`
`Data covered by CC = One or more blocks =
`Tpy (64=1) WH Ley HPV Hl Tew (b1=1) Hl Ley HW SWIE PB
`
`F.5 Response descriptor
`
`F.3 Cryptograms
`
`The use of cryptograms with and without padding (see
`5.6.4) is shownin data fields {command APDU as well as
`response APDU). Instead of the plain value data objects
`in the previous examples, data objects for confidentiality
`shall be used as follows.
`
`— Case a — Plain data not coded in BER-TLV
`
`Data field =
`Tpres Ht Lpicg H PIN CG
`
`Data carried by CG = One or more blocks =
`Non BeR-TLv coded data
`and padding bytes according to PI
`
`— Case b — Plain data codedin BER-TLV
`
`Data field =
`Tog Hl Leg HCG
`
`Data carried by CG = String of concealed bytes =
`BER-TLV data objects (padding depending on the
`algorithm and its mode of operation)
`
`The use of response descriptors (see 5.6.5.2) is shown.
`
`Command data field =
`Tap Ii Lap 1 RD
`where RD = Tp, Il ‘00° If Tee Il ‘00°
`
`Response datafield =
`Tey Hh Ley Hf PY UW Toc He Lee HCC
`
`F.6 ENVELOPE command
`
`The use of the ENVELOPE command (see 7.2) is shown.
`
`Command data field =
`Try cog He Lepcg H PEI CG
`Data carried by CG =
`Command APDU(starting by CH)
`and padding bytes according to P!
`
`Response data fieid =
`To cg W Ler cg HE PEH CG
`Data carried by CG =
`Response APDU
`and padding bytes according to Pl
`
`COPYRIGHT 2000 International Organization for Standardization
`March 03, 2000
`12:21:01
`
`Information Handling Services,
`
`Apple Ex. 1030, p. 14
`Apple Ex. 1030, p. 14
` Apple v. Fintiv
`Applev. Fintiv
`IPR2020-00019
` IPR2020-00019
`
`

`

`STD-ISO 7@Lb-4-ENGL 1995 MMR 48519039 O735beb 375 Me
`
`
`
`ISOAEC 7816-4:1995/Amd.1:1997(E}
`
`© ISO/IEC
`
`
`
`—eell—E]lllLLE_—————SSSSSSSSSSSSESSSSS
`
`ICS 35.240.15
`Descriptors: data processing,
`Price based on 5 pages
`SSS——————_SEEEeEeEEEEEE—————
`
`information interchange,
`
`identification cards,
`
`iC cards, messages, security techniques, authentication.
`
`COPYRIGHT 2000 International Organization for Standardization
`March 03, 2000
`11:21:01
`
`Informaticn Handling Services
`
`Apple Ex. 1030, p. 15
`Apple Ex. 1030, p. 15
` Apple v. Fintiv
`Applev.Fintiv
`IPR2020-00019
` IPR2020-00019
`
`

`

`MH 4851903 Ob24082 TOS
`
`INTERNATIONAL
`STANDARD
`
`ISO/IEC
`7816-4
`First edition
`1995-09-01
`
`
`
`Information technology — Identification
`cards — Integrated circuit(s) cards with
`contacts —
`
`Part 4:
`Interindustry commandsfor interchange
`
`Technologies de l'information — Cartes d’identification — Cartes a
`circuit(s) intégré(s} a contacts —
`
`Partie 4: Commandesintersectorielles pour les échanges
`
`
`
`
`
`i156
`a
`
`Reference number
`ISOAEC 7816-4:1995(E)
`
`
`
`COPYRIGHT 2000 International Organization for Standardization
`March 03, 2000
`11:21:01
`
`Information Handling Services,
`
`Apple Ex. 1030, p. 16
`Apple Ex. 1030, p. 16
` Apple v. Fintiv
`Applev. Fintiv
`IPR2020-00019
` IPR2020-00019
`
`

`

`
`W™ 4851903 0628083 544 i
`
`ISO/IEC 7816-4: 1995 (E}
`
`Contents
`
`Page
`
`FOFEWOL ooo cecceccceneneee teen reece cee cece ete ee ee nen Ener EDE DEES ED ES LES SOpe repre Cfeneteneeceeieeeeeteee
`
`IARFOCUCLION .oecccccccec cece iene ce cena nnecen es auaneeeneaaenerececeeeenerenreeeeeauneeescsseuseeeeesetesinecerees
`
`Do SOO nnn ceec ccc c cece scare een eae etea cae tae ee nnn enone nese ceep ep steve gna peenteceneenenenes
`2 Normative references oor cett