Samsung Ex. 1008, Page 1 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`Smart Card
`Handbook
`Third Edition
`
`Wolfgang Rankl and Wolfgang Effing
`Giesecke & Devrient GmbH, Munich, Germany
`
`Translated by
`Kenneth Cox
`Kenneth Cox Technical Translations, Wassenaar, The Netherlands
`
`Samsung Ex. 1008, Page 2 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`Samsung Ex. 1008, Page 3 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`Smart Card
`Handbook
`
`Third Edition
`
`Samsung Ex. 1008, Page 4 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`Samsung Ex. 1008, Page 5 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`Smart Card
`Handbook
`Third Edition
`
`Wolfgang Rankl and Wolfgang Effing
`Giesecke & Devrient GmbH, Munich, Germany
`
`Translated by
`Kenneth Cox
`Kenneth Cox Technical Translations, Wassenaar, The Netherlands
`
`Samsung Ex. 1008, Page 6 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`First published under the title Handbuch der Chipkarten by Carl Hanser Verlag
`C(cid:1) Carl Hanser Verlag, Munich/FRG, 2002
`All rights reserved.
`Authorized translation from the 4th edition in the original German language
`published by Carl Hanser Verlag, Munich/FRG.
`Copyright C(cid:1) 2003 John Wiley & Sons Ltd, Baffins Lane, Chichester
`West Sussex, PO19 1UD, England
`
`National 01243 779777
`International
`(+44) 1243 779777
`
`Email (for orders and customer service enquiries): cs-books@wiley.co.uk
`Visit our Home Page on www.wileyeurope.com or www.wiley.com
`
`All Rights Reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any
`means, electronic, mechanical, photocopying, recording, scanning or otherwise, except under the terms of the Copyright, Designs
`and Patents Act 1988 or under the terms of a licence issued by the Copyright Licensing Agency Ltd, 90 Tottenham Court Road,
`London W1T 4LP, UK, without the permission in writing of the Publisher. Requests to the Publisher should be addressed to the
`Permissions Department,
`John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex PO19 8SQ, England, or emailed to
`permreq@wiley.co.uk, or faxed to (+44) 1243 770571.
`
`This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold on the
`understanding that the Publisher is not engaged in rendering professional services. If professional advice or other expert assistance is
`required, the services of a competent professional should be sought.
`
`Other Wiley Editorial Offices
`
`John Wiley & Sons Inc., 111 River Street, Hoboken, NJ 07030, USA
`
`Jossey-Bass, 989 Market Street, San Francisco, CA 94103-1741, USA
`
`Wiley-VCH Verlag GmbH, Boschstr. 12, D-69469 Weinheim, Germany
`
`John Wiley & Sons Australia Ltd, 33 Park Road, Milton, Queensland 4064, Australia
`
`John Wiley & Sons (Asia) Pte Ltd, 2 Clementi Loop #02-01, Jin Xing Distripark, Singapore 129809
`
`John Wiley & Sons Canada Ltd, 22 Worcester Road, Etobicoke, Ontario, Canada M9W 1L1
`
`Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic
`books.
`
`Library of Congress Cataloging-in-Publication Data
`Rankl, W. (Wolfgang)
`[Handbuch der Chipkarten. English]
`Smart card handbook / Wolfgang Rankl and Wolfgang Effing. – 3rd ed.
`p.
`cm.
`Includes bibliographical references and index.
`ISBN 0-470-85668-8 (alk. paper)
`1. Smart cards–Handbooks, manuals, etc.
`TK7895.S62R3613 2003
`006 – dc22
`
`I. Effing, W. (Wolfgang)
`
`II. Title.
`
`2003062750
`
`British Library Cataloguing in Publication Data
`
`A catalogue record for this book is available from the British Library
`
`ISBN 0-470-85668-8
`
`Typeset in 10/12pt Times by TechBooks, New Delhi, India
`Printed and bound in Great Britain by Antony Rowe Ltd, Chippenham Wiltshire
`This book is printed on acid-free paper responsibly manufactured from sustainable forestry
`in which at least two trees are planted for each one used for paper production.
`
`Samsung Ex. 1008, Page 7 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`Contents
`
`Preface to the Third Edition
`Symbols and Notation
`Program Code Conventions
`Abbreviations
`
`1 Introduction
`1.1 The History of Smart Cards
`1.2 Application Areas
`1.2.1 Memory cards
`1.2.2 Microprocessor cards
`1.2.3 Contactless cards
`1.3 Standardization
`
`2 Types of Cards
`2.1 Embossed Cards
`2.2 Magnetic-stripe Cards
`2.3 Smart Cards
`2.3.1 Memory cards
`2.3.2 Microprocessor cards
`2.3.3 Contactless smart cards
`2.4 Optical Memory Cards
`
`3 Physical and Electrical Properties
`3.1 Physical Properties
`3.1.1 Card formats
`3.1.2 Card components and security features
`3.2 The Card Body
`3.2.1 Card materials
`3.2.2 Chip modules
`3.3 Electrical Properties
`3.3.1 Electrical connections
`3.3.2 Supply voltage
`
`xiii
`xv
`xvii
`xix
`
`1
`2
`5
`6
`6
`8
`9
`
`15
`15
`16
`18
`19
`20
`21
`23
`
`27
`27
`28
`31
`38
`40
`42
`52
`53
`55
`
`Samsung Ex. 1008, Page 8 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`vi
`
`Contents
`
`3.3.3 Supply current
`3.3.4 External clock
`3.3.5 Data transmission
`3.3.6 Activation and deactivation sequences
`3.4 Smart Card Microcontrollers
`3.4.1 Processor types
`3.4.2 Memory types
`3.4.3 Supplementary hardware
`3.5 Contact-type Cards
`3.6 Contactless Cards
`3.6.1 Close-coupling cards: ISO/IEC 10536
`3.6.2 Remote-coupling cards
`3.6.3 Proximity integrated circuit(s) cards: ISO/IEC 14 443
`3.6.4 Vicinity integrated circuits cards (ISO/IEC 15 693)
`3.6.5 Test methods for contactless smart cards
`
`4 Informatic Foundations
`4.1 Structuring Data
`4.2 Coding Alphanumeric Data
`4.2.1 7-bit code
`4.2.2 8-bit code
`4.2.3 16-bit code (Unicode)
`4.2.4 32-bit code (UCS)
`4.3 SDL Notation
`4.4 State Machines
`4.4.1 Basic theory of state machines
`4.4.2 Practical applications
`4.5 Error Detection and Correction Codes
`4.5.1 XOR checksums
`4.5.2 CRC checksums
`4.5.3 Reed–Solomon codes
`4.5.4 Error correction
`4.6 Data Compression
`4.7 Cryptology
`4.7.1 Symmetric cryptographic algorithms
`4.7.2 Asymmetric cryptographic algorithms
`4.7.3 Padding
`4.7.4 Message authentication code and cryptographic checksum
`4.8 Key Management
`4.8.1 Derived keys
`4.8.2 Key diversification
`4.8.3 Key versions
`4.8.4 Dynamic keys
`4.8.5 Key parameters
`4.8.6 Key management example
`4.9 Hash Functions
`
`58
`60
`60
`61
`62
`66
`70
`80
`91
`93
`101
`107
`108
`153
`153
`
`155
`156
`161
`161
`161
`163
`163
`164
`165
`166
`166
`169
`171
`172
`174
`174
`176
`177
`182
`189
`199
`201
`202
`202
`203
`203
`203
`204
`206
`208
`
`Samsung Ex. 1008, Page 9 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`4.10 Random Numbers
`4.10.1 Generating random numbers
`4.10.2 Testing random numbers
`4.11 Authentication
`4.11.1 Symmetric unilateral authentication
`4.11.2 Symmetric mutual authentication
`4.11.3 Static asymmetric authentication
`4.11.4 Dynamic asymmetric authentication
`4.12 Digital Signatures
`4.13 Certificates
`
`5 Smart Card Operating Systems
`5.1 Historical Evolution of Smart Card
`Operating Systems
`5.2 Fundamentals
`5.3 Design and Implementation Principles
`5.4 Completion
`5.5 Memory Organization
`5.6 Smart Card Files
`5.6.1 File types
`5.6.2 File names
`5.6.3 File selection
`5.6.4 EF file structures
`5.6.5 File access conditions
`5.6.6 File attributes
`5.7 File Management
`5.8 Sequential Control
`5.9 Access to Resources in Accordance with
`ISO/IEC 7816-9
`5.10 Atomic Operations
`5.11 Open Platform
`5.12 Downloadable Program Code
`5.13 Executable Native Code
`5.14 Open Platforms
`5.14.1 Java Card
`5.14.2 Multos
`5.14.3 Basic Card
`5.14.4 Windows for Smart Cards
`5.14.5 Linux
`5.15 The Small-OS Smart Card Operating System
`
`6 Smart Card Data Transmission
`6.1 The Physical Transmission Layer
`6.2 Answer to Reset (ATR)
`6.2.1 ATR characters
`6.2.2 Practical examples of ATRs
`
`Contents
`
`vii
`
`210
`211
`213
`216
`218
`219
`222
`223
`225
`229
`
`233
`
`234
`237
`242
`245
`249
`252
`254
`257
`261
`263
`267
`270
`271
`279
`
`280
`288
`290
`293
`296
`302
`303
`322
`323
`323
`324
`326
`
`371
`373
`377
`379
`389
`
`Samsung Ex. 1008, Page 10 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`viii
`
`Contents
`
`6.3 Protocol Parameter Selection (PPS)
`6.4 Data Transmission Protocols
`6.4.1 Synchronous data transmission
`6.4.2 The T = 0 transmission protocol
`6.4.3 The T = 1 transmission protocol
`6.4.4 The T = 14 transmission protocol (Germany)
`6.4.5 The USB transmission protocol
`6.4.6 Comparison of asynchronous transmission protocols
`6.5 Message Structure: APDUs
`6.5.1 Structure of the command APDU
`6.5.2 Structure of the response APDU
`6.6 Securing Data Transmissions
`6.6.1 The authentic mode procedure
`6.6.2 The combined mode procedure
`6.6.3 Send sequence counter
`6.7 Logical Channels
`
`7 Smart Card Commands
`7.1 File Selection Commands
`7.2 Read and Write Commands
`7.3 Search Commands
`7.4 File Manipulation Commands
`7.5 Identification Commands
`7.6 Authentication Commands
`7.7 Commands for Cryptographic Algorithms
`7.8 File Management Commands
`7.9 Commands for Managing Applets
`7.10 Commands for Completing the Operating System
`7.11 Commands for Hardware Testing
`7.12 Commands for Data Transmission Protocols
`7.13 Database Commands: SCQL
`7.14 Commands for Electronic Purses
`7.15 Commands for Credit and Debit Cards
`7.16 Application-Specific Commands
`
`8 Security Techniques
`8.1 User Identification
`8.1.1 Testing a secret number
`8.1.2 Biometric methods
`8.2 Smart Card Security
`8.2.1 A classification of attacks and attackers
`8.2.2 Attacks and defensive measures during development
`8.2.3 Attacks and defensive measures during production
`8.2.4 Attacks and defense measures while the card is in use
`
`9 Quality Assurance and Testing
`9.1 Card Body Tests
`
`392
`396
`397
`403
`409
`419
`420
`421
`421
`422
`424
`425
`429
`430
`432
`434
`
`435
`439
`442
`450
`452
`453
`457
`462
`468
`474
`474
`477
`481
`482
`486
`489
`490
`
`491
`491
`493
`498
`510
`511
`517
`520
`521
`
`565
`566
`
`Samsung Ex. 1008, Page 11 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`9.2 Microcontroller Hardware Tests
`9.3 Evaluating and Testing Software
`9.3.1 Evaluation
`9.3.2 Test methods for software
`9.3.3 Dynamic testing of operating systems and applications
`
`10 The Smart Card Life Cycle
`10.1 The Five Phases of the Smart Card Life Cycle
`10.2 Phase 1 of the Life Cycle in Detail
`10.2.1 Generating the operating system and producing the chip
`10.2.2 Producing card bodies without integrated coils
`10.2.3 Producing card bodies containing integrated coils
`10.2.4 Combining the card body and the chip
`10.3 Phase 2 of the Life Cycle in Detail
`10.4 Phase 3 of the Life Cycle in Detail
`10.5 Phase 4 of the Life Cycle in Detail
`10.6 Phase 5 of the Life Cycle in Detail
`
`11 Smart Card Terminals
`11.1 Mechanical Properties
`11.2 Electrical Properties
`11.3 Security Technology
`11.4 Connecting Terminals to Higher-Level Systems
`11.4.1 PC/SC
`11.4.2 OCF
`11.4.3 MKT
`11.4.4 MUSCLE
`
`12 Smart Cards in Payment Systems
`12.1 Payment Transactions using Cards
`12.1.1 Electronic payments with smart cards
`12.1.2 Electronic money
`12.1.3 Basic system architecture options
`12.2 Prepaid Memory Cards
`12.3 Electronic Purses
`12.3.1 The CEN EN 1546 standard
`12.3.2 Common Electronic Purse Specifications (CEPS)
`12.3.3 Proton
`12.3.4 The Mondex system
`12.4 The EMV Application
`12.5 The Eurocheque System in Germany
`
`13 Smart Cards in Telecommunications
`13.1 Survey of Mobile Telecommunication Systems
`13.1.1 Multiple-access methods
`13.1.2 Cellular technology
`
`Contents
`
`ix
`
`573
`574
`575
`581
`589
`
`597
`598
`600
`600
`612
`621
`628
`630
`638
`650
`652
`
`655
`660
`663
`665
`667
`667
`671
`672
`672
`
`673
`674
`674
`679
`681
`684
`685
`685
`701
`702
`703
`708
`714
`
`723
`727
`727
`730
`
`Samsung Ex. 1008, Page 12 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`x
`
`Contents
`
`13.1.3 Cell types
`13.1.4 Bearer services
`13.2 The GSM System
`13.2.1 Specifications
`13.2.2 System architecture and components
`13.2.3 Important data elements
`13.2.4 The subscriber identity module (SIM)
`13.2.5 General Packet Radio System (GPRS)
`13.2.6 Future developments
`13.3 The UMTS System
`13.4 Microbrowsers
`13.5 The Wireless Identification Module (WIM)
`13.6 Public Card Phones in Germany
`
`14 Sample Applications
`14.1 Contactless Memory Cards for Air Travel
`14.2 Health Insurance Cards
`14.3 Electronic Toll Systems
`14.4 Digital Signatures
`14.5 The PKCS #15 Signature Application
`14.6 The FINEID Personal Identification Card
`14.7 Tachosmart
`
`15 Application Design
`15.1 General Information and Characteristic Data
`15.1.1 Microcontrollers
`15.1.2 Applications
`15.1.3 System considerations
`15.1.4 Compliance with standards
`15.2 Formulas for Estimating Processing Times
`15.3 Timing Formulas for Typical Smart Card Commands
`15.4 Typical Command Processing Times
`15.5 Application Development Tools
`15.6 Analyzing an Unknown Smart Card
`15.7 Life-Cycle Models and Process Maturity
`15.7.1 Life-cycle models
`15.7.2 Process maturity
`15.8 The Course of a Smart Card Project
`15.9 Design Examples for Smart Card Applications
`15.9.1 An electronic purse system for arcade games
`15.9.2 Access control system
`15.9.3 Testing the genuineness of a terminal
`
`16 Appendix
`16.1 Glossary
`16.2 Related Reading
`
`732
`733
`735
`737
`740
`741
`745
`786
`787
`789
`794
`802
`804
`
`811
`811
`814
`819
`822
`833
`840
`840
`
`843
`843
`843
`846
`848
`850
`850
`858
`860
`864
`868
`870
`874
`882
`885
`886
`888
`890
`894
`
`897
`897
`985
`
`Samsung Ex. 1008, Page 13 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`Contents
`
`xi
`
`16.3 Literature
`16.4 Annotated Directory of Standards and Specifications
`16.5 Coding of Data Objects
`16.5.1 Data objects compliant with ISO/IEC 7816-4
`16.5.2 Data objects compliant with ISO/IEC 7816-6
`16.5.3 Data objects for chip manufacturers as specified by ISO/IEC 7816-6
`16.6 Registration Authorities for RIDs
`16.7 Selected RIDs
`16.8 Trade Fairs, Conferences and Conventions
`16.9 World Wide Web Addresses
`16.10 Characteristic Data and Tables
`16.10.1 ATR interval
`16.10.2 ATR parameter conversion tables
`16.10.3 Determining the data transmission rate
`16.10.4 Sampling times for serial data
`16.10.5 The most important smart card commands
`16.10.6 Summary of utilized instruction bytes
`16.10.7 Smart card command coding
`16.10.8 Smart card return codes
`16.10.9 Selected chips for memory cards
`16.10.10 Selected microcontrollers for smart cards
`
`Index
`
`985
`994
`1030
`1030
`1031
`1032
`1032
`1032
`1033
`1034
`1044
`1044
`1044
`1046
`1046
`1047
`1051
`1053
`1056
`1058
`1060
`
`1067
`
`Samsung Ex. 1008, Page 14 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`Samsung Ex. 1008, Page 15 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`Preface to the Third Edition
`
`The English version of the Smart Card Handbook has now reached its third edition. In com-
`parison with the previous edition, it has been considerably expanded and thoroughly updated
`to represent the current state of the technology. In this book, we attempt to cover all aspects
`of smart card technology, with the term ‘technology’ intentionally being understood in a very
`broad sense.
`As in previous editions, we have remained true to our motto, ‘better one sentence too many
`than one word too few’. We have described this ever-expanding subject in as much detail as
`possible. Even more examples, drawings and photographs have been added to make it easier
`to understand complicated relationships. The glossary has been enlarged to include many new
`terms covering all essential concepts related to smart cards, and it has been enhanced with
`cross-references. In many cases, it can provide a quick introduction to a particular subject.
`Altogether, these additions, extensions and improvements have resulted in a book that is more
`than three times as large as the first edition.
`Here we can make a small comparison. Modern smart card operating systems currently
`comprise 120,000 lines of source code, which roughly corresponds to two books the size of
`the present edition. Even if you are not familiar with programming, you can readily appreciate
`how sophisticated these operating systems have become.
`These small, colorful plastic cards with their semiconductor chips continue to spread from
`their original countries, Germany and France, throughout the world. In the coming years, this
`technology can be expected to outstrip all others, especially since it is still in its infancy and
`there is no end or consolidation in sight.
`Smart card technology progresses in leaps and bounds, and we attempt to keep pace by
`publishing a new edition of the Smart Card Handbook every two to three years. The Smart
`Card Handbook represents the present state of technical knowledge, and in areas that are
`presently undergoing rapid change, we indicate possible paths of evolution. If certain things
`come to be seen differently at a later date, we can only remark that no one knows what the
`future will bring. Despite this, or perhaps just because of this, we welcome all comments,
`suggestions and proposed improvements, so that this book can continue to cover the subject of
`smart cards as completely as possible. Here we would like to explicitly thank the many attentive
`and interested readers who have pointed out unclear or ambiguous passages and errors. Once
`again, an errata list for this edition will be made available at www.wiley.co.uk/commstech/.
`We would also like to thank our many friends and colleagues who have repeatedly offered
`valuable (and occasionally somewhat uncomfortable) suggestions for making this book better
`
`Samsung Ex. 1008, Page 16 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`xiv
`
`Preface
`
`and more complete. We would particularly like to thank Hermann Altsch¨afl, Peter van Elst,
`Klaus Finkenzeller, Thomas Graßl, Michael Schnellinger, Harald Vater and Dieter Weiß, as
`well as Kathryn Sharples at Wiley for her helpful support and Kenneth Cox for the translation.
`
`Munich, June 2002
`
`Wolfgang Rankl
`[Rankl@gmx.net], [www.wiley.co.uk/commstech/]
`
`Wolfgang Effing
`[WEffing@gmx.net]
`
`Samsung Ex. 1008, Page 17 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`Symbols and Notation
`
`General
`
`r In accordance with ISO standards, the least-significant bit is always designated 1, rather
`than 0.
`
`r In accordance with common usage, the term ‘byte’ refers to a sequence of eight bits and is
`equivalent to the term ‘octet’, which is often used in international standards.
`
`r Length specifications for data, objects and all countable quantities are shown in decimal
`form, in agreement with the usual practice in smart card standards. All other values are
`usually shown as hexadecimal numbers and identified as such.
`r The prefixes ‘kilo’ and ‘mega’ have the values of 1024 (210) and 1,048,576 (220), respectively,
`as is customary in the field of information technology.
`
`r Depending on the context, binary values may not be explicitly identified as such.
`
`r Commands used with smart cards are printed in upper-case characters (for example: SELECT
`FILE).
`
`Representation of characters and numbers
`
`◦
`
`42
`'00'
`◦
`◦
`◦
`1
`0
`,
`''ABC''
`Bn
`bn
`Dn
`
`decimal value
`hexadecimal value
`binary values
`ASCII value
`byte number n (for example: B1)
`bit number n (for example: b2)
`digit number n (for example: D3)
`
`Logical functions
`||
`⊕
`
`concatenation (of data elements or objects)
`logical XOR operation
`
`Samsung Ex. 1008, Page 18 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`Symbols and Notation
`
`xvi
`∧
`∨
`a ∈ M
`a /∈ M
`{a, b, c}
`
`logical AND operation
`logical OR operation
`a is an element of the set M
`a is not an element of the set M
`the set of elements a, b, c
`
`Cryptographic functions
`
`enc Xn (K; D)
`
`dec Xn (K; D)
`S := sign Xn (K; D)
`
`R := verify Xn (K; S)
`Result = OK/NOK
`
`References
`
`See: ‘. . . ’
`See also: ‘. . . ’
`
`[. . . ]
`
`[X Y]
`
`encryption using the algorithm X and an n-bit key, with the key
`K and the data D [for example: enc DES56 ('1 . . . 0'; 42)]
`decryption using the algorithm X and an n-bit key, with the key
`K and the data D [for example: dec IDEA128 ('1 . . . 0'; 42)]
`generating the signature S using the algorithm X and an n -bit key,
`with the key K and the data D [for example: sign RSA512 ('1 . . . 0';
`''Wolf'')]
`verifying the signature S using the algorithm X and an n-bit key,
`with the key K [for example: verify RSA512 ('1 . . . 9'; 42)]
`
`This is a cross-reference to another location in the book.
`This is a cross-reference to another location in the book where
`more information on the subject can be found.
`This is a reference to a World Wide Web site listed in the
`Appendix.
`This is a cross-reference to additional literature or standards listed
`in the Appendix. The format is:
`X ∈ {surname of the first-named author}
`Y ∈ {last two digits of the year of publication}
`
`Samsung Ex. 1008, Page 19 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`Program Code Conventions
`
`The syntax and semantics of the program code used in this book are based on the standard
`dialects of Basic. However, the use of explanations in natural language within a program
`listing is allowed, in order to promote the understandability of the code. Naturally, although
`this makes it easier for the reader to understand the code, it means that it is not possible
`to automatically convert the code into machine code. This compromise is justified by the
`significant improvement in readability that it provides.
`:=
`::=
`=, !=, <, <=, >,=>
`+, −, ×, /
`NOT
`AND
`OR
`||
`
`assignment operator
`definition operator
`comparison operators
`arithmetic operators
`logical not
`logical and
`logical or
`concatenation operator (e.g., coupling two byte strings)
`end-of-line marker for multiline instructions
`comment
`variable (printed in italics)
`jump or call location (printed in bold)
`jump
`function call (subroutine call)
`return from a function (subroutine)
`decision, type 1
`decision, type 2
`search in a list; search string in parentheses
`query the result of a previously executed function call
`terminate a process
`calculate the length
`test for presence (for example: an object or data element)
`starts the definition of a variable or object as a reference
`ends the definition of a variable or object as a reference
`
`// . . .
`IO Buffer
`Label:
`GOTO . . .
`CALL . . .
`RETURN
`IF . . . THEN . . .
`IF . . . THEN . . . ELSE . . .
`SEARCH (. . . )
`STATUS
`STOP
`LENGTH (. . . )
`EXIST
`WITH . . .
`END WITH
`
`Samsung Ex. 1008, Page 20 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`Samsung Ex. 1008, Page 21 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`Abbreviations
`
`3DES
`3GPP
`3GPP2
`
`A3, A5, A8
`AAM
`ABA
`ABS
`AC
`ACD
`ACK
`ACM
`ADF
`ADN
`AES
`AFI
`AFNOR
`AGE
`AGE
`AID
`AM
`Amd.
`AMPS
`AND
`ANSI
`AoC
`AODF
`APACS
`APDU
`A-PET
`API
`AR
`ARM
`
`triple DES (see glossary)
`Third Generation Partnership Project (see glossary)
`Third Generation Partnership Project 2 (see glossary)
`
`GSM algorithm 3, 5, 8 (see glossary)
`application abstract machine
`American Bankers’ Association
`acrylonitrile butadiene styrene
`access conditions (see glossary)
`access control descriptor
`acknowledge
`accumulated call meter
`application dedicated file
`abbreviated dialing number
`Advanced Encryption Standard (see glossary)
`application family identifier
`Association Franc¸aise de Normalisation (see glossary)
`Autobahngeb¨uhrenerfassung [motorway toll collection]
`automatische Geb¨uhrenerfassung [automatic toll collection]
`application identifier (see glossary)
`access mode
`Amendment
`Advanced Mobile Phone Service (see glossary)
`logical AND operation
`American National Standards Institute (see glossary)
`Advice of Charge
`authentication object directory file
`Association for Payment Clearing Services
`application protocol data unit (see glossary)
`amorphous polyethylene terephthalate
`application programming interface (see glossary)
`access rules
`advanced RISC machine
`
`Samsung Ex. 1008, Page 22 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`xx
`
`ARR
`ASC
`ASCII
`ASIC
`ASK
`ASN.1
`AT
`ATM
`ATQA
`ATQB
`ATR
`ATS
`ATTRIB
`AUX
`
`B2A
`B2B
`B2C
`Basic
`BCD
`Bellcore
`BER
`BER-TLV
`BEZ
`
`BGT
`BIN
`bit
`BPF
`BPSK
`BS
`BWT
`
`CA
`CAD
`CAFE
`CAMEL
`CAP
`C-APDU
`CAPI
`CASCADE
`
`CASE
`CAT
`CAVE
`CBC
`
`Abbreviations
`
`access rule reference
`application-specific command
`American Standard Code for Information Interchange
`application-specific integrated circuit
`amplitude shift keying (see glossary)
`Abstract Syntax Notation 1 (see glossary)
`attention
`automated teller machine
`answer to request, type A
`answer to request, type B
`answer to reset (see glossary)
`answer to select
`PICC selection command, type B
`auxiliary
`
`business-to-administration (see glossary)
`business-to-business (see glossary)
`business-to-consumer (see glossary)
`Beginners All Purpose Symbolic Instruction Code
`binary-coded digit
`Bell Communications Research Laboratories
`Basic Encoding Rules (see glossary)
`Basic Encoding Rules – tag, length, value
`B¨orsenevidenzzentrale [electronic purse clearing center for
`Geldkarte]
`block guard time
`bank identification number
`binary digit
`basic processor functions
`binary phase-shift keying (see glossary)
`base station
`block waiting time
`
`certification authority (see glossary)
`chip accepting device (see glossary)
`Conditional Access for Europe (EU project)
`Customized Applications for Mobile Enhanced Logic
`card application (see glossary)
`command APDU (see glossary)
`crypto API (application programming interface)
`Chip Architecture for Smart Card and Portable Intelligent
`Devices
`
`computer-aided software engineering
`card application toolkit
`Cellular Authentication, Voice Privacy and Encryption
`cipher block chaining
`
`Samsung Ex. 1008, Page 23 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`Abbreviations
`
`CC
`CCD
`CCD
`CCITT
`
`CCR
`CCS
`CD
`CDF
`CDM
`CDMA
`CEN
`CENELEC
`
`CEPS
`
`CEPT
`
`CFB
`CGI
`CHV
`CICC
`CID
`CISC
`CLA
`CLK
`CLn
`CMM
`CMOS
`CMS
`COS
`COT
`CRC
`CRCF
`CRT
`CRT
`Cryptoki
`CSD
`C-SET
`CT
`CT
`CT
`CT
`CT-API
`CTDE
`CTI
`
`xxi
`
`Common Criteria (see glossary)
`card-coupling device
`charge-coupled device
`Comit´e Consultatif International T´el´egraphique et T´el´ephonique
`(now ITU) (see glossary)
`chip-card reader
`cryptographic checksum (see glossary)
`committee draft
`certificate directory file
`card-dispensing machine
`code division multiple access (see glossary)
`Comit´e Europ´een de Normalisation (see glossary)
`Comit´e Europ´een de Normalisation El´ectrotechnique [European
`Committee for Electronics Standardization]
`Common Electronic Purse Specifications, (previously: Common
`European Purse System) (see glossary)
`Conf´erence Europ´eenne des Postes et T´el´ecommunications (see
`glossary)
`cipher feedback
`common gateway interface
`cardholder verification
`contactless integrated circuit card
`card identifier
`complex instruction set computer
`class
`clock
`cascade level n, type A
`capability maturity model (see glossary)
`complementary metal-oxide semiconductor
`card management system
`chip operating system (see glossary)
`chip-on-tape (see glossary)
`cyclic redundancy check (see glossary)
`clock rate conversion factor
`Chinese remainder theorem
`control reference template
`cryptographic token interface
`circuit-switched data
`Chip-SET (secure electronic transaction)
`chipcard terminal
`card terminal
`cascade tag, type A
`cordless telephone
`chipcard terminal (CT) API (see glossary)
`cryptographic token data element
`cryptographic token information
`
`Samsung Ex. 1008, Page 24 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`xxii
`
`CTIO
`CVM
`CWT
`
`D
`DAD
`DAM
`DAM
`D-AMPS
`DAP
`DB
`DBF
`DBMS
`DC/SC
`DCODF
`DCS
`DEA
`DECT
`
`DER
`DES
`DF
`DFA
`DF ¨U
`DIL
`DIN
`DIS
`DLL
`DMA
`DO
`DoD
`DOM
`DOV
`DPA
`dpi
`DR
`DRAM
`DRI
`DS
`DSA
`DSI
`DTAUS
`DTD
`DTMF
`DVD
`DVS
`
`Abbreviations
`
`cryptographic token information object
`cardholder verification method
`character waiting time
`
`divisor
`destination address
`DECT authentication module (see glossary)
`draft amendment
`Digital Advanced Mobile Phone Service (see glossary)
`data authentication pattern
`database
`database file
`database management system
`Digital Certificates on Smart Cards
`data container object directory file
`digital cellular system
`data encryption algorithm (see glossary)
`Digital Enhanced Cordless Telecommunications (previously:
`Digital European Cordless Telecommunications) (see glossary)
`Distinguished Encoding rules (see glossary)
`Data Encryption Standard (see glossary)
`dedicated file (also often: directory file) (see glossary)
`differential fault analysis (see glossary)
`Datenfern¨ubertragung [data telecommunications]
`dual in-line
`Deutsche Industrienorm [German industrial standard]
`draft international standard
`dynamic link library
`direct memory access
`data object
`US Department of Defense
`document object model
`data over voice
`differential power analysis (see glossary)
`dots per inch
`divisor receive (PCD to PICC)
`dynamic random-access memory (see glossary)
`divisor receive integer (PCD to PICC)
`divisor send (PICC to PCD)
`digital signature algorithm
`divisor send integer (PICC to PCD)
`Datentr¨ageraustausch [data storage medium exchange]
`document type definition
`dual-tone multiple-frequency
`digital versatile disc
`Dateiverwaltungssystem [file management system]
`
`Samsung Ex. 1008, Page 25 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`Abbreviations
`
`xxiii
`
`E
`EBCDIC
`EC
`ec
`ECB
`ECBS
`ECC
`ECC
`ECDSA
`ECML
`ECTEL
`EDC
`EDGE
`
`EDI
`EDIFACT
`
`EEPROM, E2PROM
`
`EF
`EFF
`EFI
`EFTPOS
`EFW
`EGT
`EMV
`EOF
`EPROM
`ESD
`ESPRIT
`
`ETS
`ETSI
`etu
`
`f
`FAR
`FAT
`FBZ
`
`fC
`FCB
`FCC
`FCFS
`FCI
`FCOS
`
`end of communication, type A
`extended binary-coded decimal interchange code
`elliptic curve
`Eurocheque
`electronic codebook
`European Committee for Banking Standards (see glossary)
`elliptic curve cryptosystems (see glossary)
`error correction code (see glossary)
`elliptic curve DSA
`Electronic Commerce Modeling Language
`European Telecom Equipment and Systems Industry
`error detection code (see glossary)
`Enhanced Data Rates for GSM and TDMA Evolution (see glos-
`sary)
`electronic data interchange
`electronic data interchange for administration, commerce and
`transport
`electrically erasable programmable read-only memory (see glos-
`sary)
`elementary file (see glossary)
`Electronic Frontier Foundation
`EF internal
`electronic fund transfer at point of sale
`EF working
`extra guard time, type B
`Europay, MasterCard, Visa (see glossary)
`end of frame, type B
`erasable programmable read-only memory (see glossary)
`electrostatic discharge
`European Strategic Programme of Research and Development in
`Information Technology (EU project)
`European Telecommunication Standard (see glossary)
`European Telecommunications Standards Institute (see glossary)
`elementary time unit (see glossary)
`
`following page
`false acceptance rate
`file allocation table (see glossary)
`Fehlbedienungsz¨ahler [error counter, key fault presentation
`counter, retry counter] (see glossary)
`frequency of operating field (carrier frequency)
`file control block
`Federal Communications Commission
`first-come, first-serve
`file control information
`flip chip on substrate
`
`Samsung Ex. 1008, Page 26 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`xxiv
`
`FCP
`FD/CDMA
`FDMA
`FDN
`FDT
`FEAL
`FET
`ff
`FID
`FIFO
`FINEID
`FIPS
`FMD
`FO
`FPGA
`FPLMTS
`
`FRAM
`FRR
`FS
`fS
`FSC
`FSCI
`FSD
`FSDI
`FSK
`FTAM
`FWI
`FWT
`FWTTEMP
`
`gcd
`GF
`GGSN
`GND
`GP
`GPL
`GPRS
`GPS
`GSM
`
`GTS
`GUI
`
`HAL
`HBCI
`HiCo
`
`Abbreviations
`
`file control parameters
`frequency division / code division multiple access (see glossary)
`frequency division multiple access (see glossary)
`fixed dialing number
`frame delay time, type A
`fast data encipherment algorithm
`field-effect transistor
`following pages
`file identifier (see glossary)
`first in, first out
`Finnish Electronic Identification Card
`Federal Information Processing Standard (see glossary)
`file management data
`frame option
`field-programmable gate array (see glossary)
`Future Public Land Mobile Telecommunication Service (see glos-
`sary)
`ferroelectric random-access memory (see glossary)
`false rejection rate
`file system
`frequency of subcarrier modulation
`frame size for proximity card
`frame size for proximity card integer
`frame size for coupling device
`frame size for coupling device integer
`frequency-shift keying
`file transfer, access and management
`frame waiting time integer
`frame waiting time
`temporary frame waiting time
`
`greatest common denominator
`Galois fields
`gateway GPRS support node
`ground
`Global Platform (see glossary)
`GNU public license
`General Packet Radio System (see glossary)
`Global Positioning System
`Global System for Mobile Communications (previously: Groupe
`Sp´ecial Mobile) (see glossary)
`GSM Technical Specification
`graphical user interface
`
`hardware abstraction layer (see glossary)
`Home Banking Computer Interface (see glossary)
`high coercivity
`
`Samsung Ex. 1008, Page 27 of 1123
`Samsung Electronics America, Inc. v. RFCyber Corp.
`IPR2021-00981
`
`

`

`Abbreviations
`
`xxv
`
`HLTA
`HLTB
`HSCSD
`HSM
`HSM
`HSM
`HTML
`HTTP
`HV
`HW
`
`I/O
`I2C
`IATA
`IBAN
`I-block
`ICC
`ID
`IDEA
`IEC
`IEEE
`IEP
`IFD
`IFS
`IFSC
`IFSD
`IIC
`IMEI
`IMSI
`IMT-2000
`IN
`INF
`INS
`INTAMIC
`IP
`IPES
`IrDA
`