`Comparison of U.S. Patent No. 9,665,705 and U.S. Patent Application Publication No. 2004/0123113
`(“Mathiassen”)
`
`As described in the following claim chart, asserted claims 1, 10, 11, and 15-17 of U.S. Patent No. 9,665,705 (“’705 patent”) are invalid
`in view of U.S. Patent Application Publication No. 2004/0123113 (“Mathiassen”), alone or in combination with one or more prior art
`references and other arguments identified in HMD’s Invalidity Contentions, including, without limitation, as set forth below.1
`
`Mathiassen was filed on December 18, 2002 and published on June 24, 2004. Mathiassen is accordingly prior art to the ’705 patent
`under at least pre-AIA § 102(e). Mathiassen anticipates or renders obvious, alone or in combination with other prior art references, each
`of the Asserted Claims of the ’705 patent as described in the chart below and in the main Invalidity Contentions document to which this
`chart is annexed.
`
`Nothing in these claim charts should be construed as an admission regarding infringement, either literally or under the doctrine of
`equivalents, or as an admission regarding HMD’s understanding of the proper scope of the Asserted Claims. Given the ambiguities in
`Plaintiff’s infringement contentions, the exemplary citations herein necessarily account for a variety of possible infringement arguments
`and claim constructions, including the claim constructions and interpretations apparently advanced by Plaintiff.
`
`To the extent Plaintiff contends that Mathiassen fails to disclose, teach, or suggest one or more of the claim elements set forth below, it
`would be obvious to combine Mathiassen with one or more of the prior art references listed in HMD’s Invalidity Contentions, described
`element-by-element in Exhibit C, and with the knowledge of a person of ordinary skill in the art, to render the asserted claims obvious.
`As included in the following claim chart, it would be obvious to combine Mathiassen with at least the following references, either alone
`or in combination with each other:
`
`• U.S. Patent No. 6,877,097 (“Hamid”)
`• U.S. Patent No. 7,404,486 (“Sands”)
`• U.S. Patent No. 7,697,729 (“Howell”)
`• U.S. Patent Pub. No. 2002/0063154 (“Hoyos”)
`• U.S. Patent No. 6,766,456 (“McKeeth”)
`• U.S. Patent No. 6,983,061 (“Ikegami”)
`
`1 CPC has indicated that it has dropped previously asserted claims and is now asserting only claims 1, 10, 11, and 15-17 of the ’705 patent. See Response to
`Defendant’s Interrogatory No. 21, served February 24, 2022.
`
`156162342.2
`
`CPC EXHIBIT 2002
`Apple Inc. v. CPC Patent Technologies PTY Ltd.
`IPR2022-00602
`
`Page 1 of 78
`
`
`
`
`
`• U.S. Patent No. 5,933,515 (“Pu”)
`• PCT Pub. No. WO 2005/043451 (“Steinar”)
`• U.S. Patent No. 6,509,847 (“Anderson”)
`• U.S. Patent No. 6,088,585 (“Schmitt”)
`• U.S. Patent No. 6,219,793 (“Li”)
`
`Exhibit B-15 to HMD Invalidity Contentions
`(Mathiassen)
`
`
`This claim chart is a part of HMD’s Invalidity Contentions and supports the arguments therein. This claim chart should be read in
`combination with the arguments provided in HMD’s Invalidity Contentions.
`
`Citations to particular supporting evidence are merely exemplary of where each limitation of each asserted claim of the ’705 patent is
`disclosed or taught by Mathiassen and/or other prior art. HMD reserves the right to rely on other evidence providing comparable
`evidence of how Mathiassen alone or in combination with other prior art renders the ’705 patent invalid.
`
`
` Claim Element
`1. A system for providing
`secure access to a controlled
`item,
`the
`system
`comprising:
`
`
`Invalidity Claim Chart - U.S. Pat. No. 9,665,705
`Mathiassen
`To the extent the preamble is limiting, Mathiassen discloses a system for providing secure access to a
`controlled item explicitly, inherently, or as a matter of common sense, or it would have been obvious
`to add missing aspects of the limitation.
`
`For example, see the following passages and/or figures, as well as all related disclosures:
`
`
`
`156162342.2
`
`- 2 -
`
`Page 2 of 78
`
`
`
`
`
` Claim Element
`
`Exhibit B-15 to HMD Invalidity Contentions
`(Mathiassen)
`
`Invalidity Claim Chart - U.S. Pat. No. 9,665,705
`Mathiassen
`
`Mathiassen at Fig. 2a
`
`
`
`
`156162342.2
`
`- 3 -
`
`Page 3 of 78
`
`
`
`
`
` Claim Element
`
`Exhibit B-15 to HMD Invalidity Contentions
`(Mathiassen)
`
`Invalidity Claim Chart - U.S. Pat. No. 9,665,705
`Mathiassen
`
`Mathiassen at Fig. 2b
`
`
`
`
`156162342.2
`
`- 4 -
`
`Page 4 of 78
`
`
`
`
`
` Claim Element
`
`Exhibit B-15 to HMD Invalidity Contentions
`(Mathiassen)
`
`Invalidity Claim Chart - U.S. Pat. No. 9,665,705
`Mathiassen
`
`
`
`Mathiassen at Fig. 8
`
`“A portable or embedded access device is provided for being coupled to, and for allowing only
`authorized users access to, an access-limited apparatus, device, network or system, e.g. a computer
`terminal, an internet bank or a corporate or government intranet. The access device comprises an
`integrated circuit (IC) (1) providing increased security by bridging the functionality of biometrics
`input from a user and, upon positive authentication of the user's fingerprint locally to provide secure
`communication with the said access-limited apparatus, device, network or system, whether local or
`remote.
`A corresponding method of using the portable device or the embedded device is disclosed for
`providing a bridge from biometrics input to a computer locally, into secure communication protocol
`responses to a non-biometrics network.
`
`156162342.2
`
`- 5 -
`
`Page 5 of 78
`
`
`
`
`
` Claim Element
`
`Exhibit B-15 to HMD Invalidity Contentions
`(Mathiassen)
`
`Invalidity Claim Chart - U.S. Pat. No. 9,665,705
`Mathiassen
`An embedded access control and user input device or apparatus for being a built-in part of stand alone
`appliances with some form of access control, e.g. hotel safes, medicine cabinet or the like, and for
`providing increased security, is also provided.
`Further, a method of providing secured access control and user input in stand-alone appliances having
`an embedded access control or user input device according to the invention is also explained.”
`Mathiassen at ABSTRACT
`
`“[0016] It is one object of the present invention to overcome the above limitations by providing a
`portable access device for being coupled to, and for allowing only authorized users access to, an
`access-limited apparatus, device, network or system, e.g. a computer terminal, an internet bank or a
`corporate or government intranet comprising a device interface, being electronic or mechanical or
`both, for coupling the device to the access-limited unit, e.g. a computer terminal port.”
`Mathiassen at [0016]
`
`“[0047]In an access-limited apparatus, device, network or system (N), e.g. a computer terminal, an
`internet bank or a corporate or government intranet, a portable access device for allowing only
`authorized users access is preferably arranged as shown schematically in FIG. 1B. A biometrics
`processor (F 1) may be integrated with the sensor (B), or alternatively mounted as a separate
`integrated circuit (F2) next to or closely coupled to the sensor (B), or alternatively be embedded in a
`PC or its peripherals (F3). The sensor (B) and the biometrics processor (F; referring to F1, F2, or F3)
`may work in a stand-alone mode (e.g. in a hotel safe without connection to a network) or be may be
`connected to another device (C) and optionally networked (E). The biometrics processor as an
`integrated circuit is exemplified in FIGS. 2A and 2B. The advantages of this configuration are
`multiple. As the biometrics processor (F) is directly connected to he sensor (B) the biometrics
`processor (F) can be tailored to optimize the interaction between the sensor (B) and the biometrics
`processor (F). Such tailoring of the biometrics processor (F) to the sensor (B) combined with is direct
`connection to the sensor (B), or integration therein, enables inclusion of methods and procedures that
`severely constrains interception of the signals between the sensor (B) and the biometrics processor
`(F). It further significantly reduces the network traffic between the sensor (B)/biometrics processor (F)
`and the other networked processors (C and N). The major advantage is, however, that the biometrics
`processor can transform the biometrics from the sensor (B) to general communication security
`
`156162342.2
`
`- 6 -
`
`Page 6 of 78
`
`
`
`
`
` Claim Element
`
`Exhibit B-15 to HMD Invalidity Contentions
`(Mathiassen)
`
`Invalidity Claim Chart - U.S. Pat. No. 9,665,705
`Mathiassen
`measures in a network, such as including Secure Key Generation (SKG) as basis for encryption into
`the biometrics processor (F). By this method biometrics sensors (B) may be connected to a network
`(C and N) in a secure manner according to existing infrastructure, without requiring that the supplier
`of the network system architecture makes any decision on which biometrics standard will evolve in
`the future as the winning standard. By this method the biometrics processor (F) becomes a bridge
`between biometrics sensors (B) and current infrastructure of networks (E).
`[0048] A biometrics sensor in the form of a fingerprint sensor ( 5) is coupled with a biometrics
`processor in the form of an integrated circuit—IC (1) that is the core device of the invention. Two
`versions of the IC are shown in FIGS. 2A and 2B. The details of the ICs will now be explained.
`[0049] The sensor ( 5) is connected to a fingerprint sensor signal capturing and pre-processing block
`(5C) via a first interface block (5A) as well as a wake-up circuit (5B), the function of the latter being
`to power up all other blocks of the IC (1). When a finger is detected on the sensor (5) surface, the
`output signals from the sensor (5) will raise beyond a pre-set threshold, triggering the wake-up circuit
`(5B) to power up the rest of the IC (1) in a pre-set sequence. The first blocks to be powered up are the
`Image Capture and Pre-processing block (5C) as well as the high-speed bus (3) and the volatile
`memory (6 or 6C), all of which are connected to the high-speed bus (3). The pre-processing block is
`designed to perform the initial, heavy-duty processing of the captured raw images from the sensor (5).
`The intermediate results are stored in the volatile memory (6A or 6C) that is interfaced via the high
`speed bus (3) to a first memory interface block (6B or 6D). The volatile memory (6A or 6C) thus
`provides working memory that is available to other modules on the IC (1).
`[0050] Meanwhile the remaining blocks of the IC ( 1) are powered up in a pre-set sequence, starting
`with the central processor (2) being a powerful processor, such as ARM 9, or equivalent. The
`processor unit (2) is also connected to the high-speed bus (3) for allowing communication with the
`other on-chip components or modules. When the pre-processing block (5C) has crunched the captured
`raw images to an intermediate stage of significantly compressed information, i.e. a dataset of reduced
`size, denoted intermediate fingerprint data. The intermediate fingerprint data are fed to the central
`processor (2) for final reduction of the captured fingerprint image to compact fingerprint
`representations, called minutiae. Such minutiae are distinct points where fingerprint lines (ridges)
`starts or stops, or locations of bifurcation of the ridges and may be described by at least a vector
`comprising X and Y coordinates, and direction of the individual minutiae, stored as an alphanumeric
`string in non-volatile memory (7, 7A or 7C). The non-volatile memory (7, 7A or 7E) being coupled to
`
`156162342.2
`
`- 7 -
`
`Page 7 of 78
`
`
`
`
`
` Claim Element
`
`Exhibit B-15 to HMD Invalidity Contentions
`(Mathiassen)
`
`Invalidity Claim Chart - U.S. Pat. No. 9,665,705
`Mathiassen
`the high-speed bus (3) via a second memory interface block (7B or 7D), is typically used for storing
`program code, e.g. administrative software, tailored security output responses, secret information like
`seed and key number(s) for the encryption, electronic certificates and fingerprint representations in the
`form of so-called minutiae. These fingerprint representations (master minutiae) are compared by the
`central processor (2) with master fingerprint representations stored in non-volatile memory (7, 7A or
`7C). If a positive match is established, the chip may proceed with generating a secure key (SKG)
`either processed by a special algorithm on the central processor (2) based on a seed pre-stored in the
`non-volatile memory (7, 7A or 7C), or alternatively embedded in hardware block (8A). If the same
`SKG algorithm is run on two separate computers (e.g. a server (30) and the central processor (2) on
`the IC (1)) it will yield the same key, or password, when the identical algorithm on both of the two
`separate computers is fed with the identical seed. While the algorithms normally are assumed known,
`and may be the same for all computers in a network (N), or for a user sub-set, the seed is individual
`and secret and only known by the system administrator and the user. The SKG algorithm may be
`constructed to produce a pseudo-random identical key on both computers (2 and 30) that is either
`valid for a time frame, or alternatively changes for each transaction. This may require that the present
`key number as well as the past key number is stored in the non-volatile memory (7, 7A or 7C). Secret
`information such as seed, key numbers, IP address, etc. may either be scrambled by block (8) and
`stored on a regular Flash memory (7), or securely stored in SmartCard environments (7A or 7C).
`When a key is generated, as per above, the administrative software, stored in the non-volatile memory
`(7, 7A or 7C) and run on the central processor (2) may then combine information to be part of a
`secure communication between the IC (1) and the network server (30). The information to be
`encrypted may comprise User ID, password and other info. Encryption is performed in hardware
`blocks (8 or 8B or 8C). The rules of secure communication enforced on the prevailing network (N) are
`embedded in the administrative software executed on the central processor (2), and may be adapted to
`include PKI biometrics verification and hand-shake sequences. The encryption blocks (8, 8B or 8C)
`may also be used to encrypt general information transactions between the IC (1) and the network
`server (30), if desirable. Access to such extended encryption will be given to the user pending a
`positive match of his fingerprint with an authorized fingerprint representation by compact minutiae
`tables, pre-stored in the non-volatile memory (7, 7A or 7C). The IC (1) also comprises hardware
`and/or software required to supply output signals to a number of second interface blocks (9A, 9B, 9C
`or 9D) for transferring data to other devices and networks (N) external to the IC (1). In the present
`
`156162342.2
`
`- 8 -
`
`Page 8 of 78
`
`
`
`
`
` Claim Element
`
`Exhibit B-15 to HMD Invalidity Contentions
`(Mathiassen)
`
`Invalidity Claim Chart - U.S. Pat. No. 9,665,705
`Mathiassen
`invention the IC (1) is adapted to provide data to the external access-limited apparatus, device or
`system. This second interface block may comprise hardware and software for supporting a USB (9A),
`Ethernet (9B), GPIO (9C), PCMCIA/UART (9D) and/or SmartCard (7C) interface. Except from the
`USB and the Ethernet interfaces, the second interface blocks are serviced by a bus (4) with lower
`bandwidth and capacity than the high-speed bus (3). The two buses (3 and 4) are connected by a bus
`bridge (11C). The hardware blocks that are not dependent on high speed are connected to the slower
`bus (4). The hardware blocks of the IC (1) are designed to perform their respective tasks in a
`minimum of time, and to interact with each other with a minimum of delays and queuing. In addition
`to the hardware blocks the central processor (2) executing the administrative software renders a high
`degree of flexibility in adapting the programming to secure communication with external devices and
`networks (N).
`[0051] Thereby the IC ( 1) is designed as a multi-purpose tool that can service a fingerprint sensor (5)
`in a stand-alone mode, but it can also communicate with external devices and networks (N) by
`bridging the biometrics from the sensor (5) to a non-biometrics representation into the network (N)
`and onto its server(s) (30). The IC (1) transforms the fingerprint, under prevailing secure
`communication rules, to a regular representation by e.g. password and User ID on a server (30).”
`Mathiassen at [0047]-[0051]
`
`“[0053] The utilization of the IC ( 1) for authentication of an authorized user to access an intranet
`comprising a server (30) in a network (N) will first be explained for the alternative where the IC (1) is
`a portable device to be plugged into a terminal (31) of the network, either as USB dongle, as
`illustrated in FIGS. 3A and 3B, or as a PCMCIA card, as illustrated in FIGS. 4A and 4B.
`[0054] In one embodiment of the invention, the portable device has an IC ( 1) being mounted on a
`small printed circuit board PCB (12B) also carrying a fingerprint sensor (5). The PCB (12B) is
`connected to at least one of a USB interface (12C) or a PCMCIA mechanical interface (13B).
`Electronic surface components to support at least one of the USB mechanical interface (12C) and the
`PCMCIA mechanical interface (13B) are mounted on the PCB (12B). An SDRAM chip (6), typically
`at least with 4 MB capacity, is also mounted on the same PCB (12B). Further a non-volatile serial
`Flash chip (7), typically with at least 256 Kbytes capacity, is also mounted on the same PCB (12B). In
`this embodiment all preceding components and chips are protected inside a housing (12A or 13C).”
`Mathiassen at [0053]-[0054]
`
`156162342.2
`
`- 9 -
`
`Page 9 of 78
`
`
`
`
`
` Claim Element
`
`Exhibit B-15 to HMD Invalidity Contentions
`(Mathiassen)
`
`Invalidity Claim Chart - U.S. Pat. No. 9,665,705
`Mathiassen
`
`
`“[0108] Yet another aspect of the invention is related to stand-alone applications, or applications
`within a local network e.g. within a car. Examples of such applications are;”
`Mathiassen at [0108]
`
`“[0119] The hotel safe stand-alone application will be explained with reference to FIG. 6. The hotel
`safe ( 50) of this example is not connected to any network, and has only a power supply from the
`mains (not shown). The safe is equipped with a hinged door (51) with locking bolts (52). At the front
`of the hinged door (51) there is a cover (53) accommodating the user interfaces comprising a
`fingerprint sensor (5) and a socket for connection of a service unit (not shown). The service unit may
`be a PDA that may be used to re-set the settings of the safe's administrative software, downloading
`event tables, and download fingerprints from unsuccessful opening attempts. The fingerprint sensor
`(5) is connected by a cable (15B) to the printed circuit board PCB (15). The PCB (15A)
`accommodates the integrated circuit (1), external volatile memory (6), external non-volatile memory
`(7) and optionally a connector (15C) to another printed circuit board (54) containing the control
`system for the safe, including a connection to the service unit (not shown). The two printed circuit
`boards (15 and 54) are mounted on the inside of the hinged door (51) on the “safe side”, while the
`sensor (5) is mounted on the outside, in the cover (53).”
`Mathiassen at [0119]
`
`“[0122] Medicine cabinets will have a different set-up than the above safe versions. The main purpose
`of a biometrics medicine cabinet is to prevent theft of narcotics and prescription drugs. Considering
`consequences from any emergency situations, the main purpose of the biometrics medicine cabinet is
`not to block access to the cabinet, but to log all accesses for subsequent review if inventory
`discrepancies are discovered at say each change of shifts. Further, this requires that the biometrics
`medicine cabinet fails to open mode, in case of a power cut, etc. Accordingly, the principles of the
`invention will be the same, but the flexibility of the invention will be utilized to accommodate these
`user interface principles. The functioning of the biometrics medicine cabinet will be made by
`reference to FIG. 7, and FIGS. 2 a and 2 b.
`[0123]The biometrics medicine cabinet will be made in two versions; a networked cabinet for clinics
`and hospitals, and a stand-alone version e.g. for private homes. The networked version will have an
`
`156162342.2
`
`- 10 -
`
`Page 10 of 78
`
`
`
`
`
` Claim Element
`
`Exhibit B-15 to HMD Invalidity Contentions
`(Mathiassen)
`
`Invalidity Claim Chart - U.S. Pat. No. 9,665,705
`Mathiassen
`external terminal ( 42) for administration and printing of access logs, while the stand-alone cabinet
`version will have a front cover (62) only. The description will first be made for the networked cabinet,
`and thereafter for the stand-alone cabinet.”
`Mathiassen at [0122]-[0123]
`
`“[0145] Application of the invention to car systems for the automotive industry will be explained by
`two different preferable versions of hardware; for key to the doors of the car (central locking system)
`and for ignition control (ignition blocking). Although these are preferred placements of the devices
`according to the invention it will be understood that the same device could be embedded in any part of
`car that a user operates, but that it is particularly suitable to the parts where additional access
`limitation is useful. A key issue of application of the invention to car systems is the security issue, to
`prevent theft or non-authorized use of the car. Thereby this application is fundamentally different
`from the network version of the biometrics medicine cabinet, where the main intention was not to
`prevent access, but to guarantee access but leaving an audit trail by fingerprints of who has accessed
`the networked medicine cabinet. The automotive industry is emphasizing secure access by blocking
`non-authorized users access to the car. These two different applications of the invention demonstrate
`its versatility and flexibility, as the very same principles are applied, though with different settings of
`the administrative software.
`[0146] The automotive application of the invention will be explained by reference to FIGS. 2B, 8 and
`9.
`[0147] The door control (central locking system) is outlined in FIG. 8. The door control, being a
`portable device ( 20), comprises an external housing (20) which contains a fingerprint sensor (5)
`coupled to a miniature printed circuit board (21) on which is mounted the IC (1). The remote control
`(20) further comprises a battery (25) for power supply retained in the housing (20) by a removable lid
`(26). The battery (25) is connected to the PCB (21) by wires. The remote control is also equipped with
`a wireless 2-way transceiver (27), and all the active components are connected to the IC (1) by cables
`(23) via the PCB (21). This remote control for the car doors can be made very compact, where the size
`of the housing (20) is determined by the size of the battery (25). Thereby the physical size of the
`housing may be compressed to the size of a key-ring holder.”
`Mathiassen at [0145]-[0147]
`
`
`156162342.2
`
`- 11 -
`
`Page 11 of 78
`
`
`
`
`
` Claim Element
`
`Exhibit B-15 to HMD Invalidity Contentions
`(Mathiassen)
`
`Invalidity Claim Chart - U.S. Pat. No. 9,665,705
`Mathiassen
`“[0149] These two elements; the portable remote door control ( 20) and the embedded ignition control
`(15) are both connected to a central computer in the car. The connection of the portable remote door
`control (20) is by 2-way wireless transceiver (27), while hard wires to the central computer (not
`shown) of the car connect the embedded ignition control (15).”
`Mathiassen at [0149]
`
`“[0167] This password will then be fed to the encryption block ( 8B or 8C) of the IC (1) at the
`portable door control (20), initiating encryption of the master minutiae tables of the “owner's”
`finger(s). The encrypted message will be transmitted wirelessly from the portable door control (20) by
`means of two-way wireless transceiver (27) via the door locks to the central computer of the car. Note
`that such enrolment is the only event when encrypted minutiae tables are transmitted from the
`portable door unit (20). At normal opening of the door matching minutiae will only be used to-
`authorize encryption and transmission of straight commands, such as “open door” or “lock door”.
`[0168] If the central computer of the car is capable of successfully decrypting the message from the
`portable door control ( 20) it will forward the encrypted message to the embedded ignition control
`(15). Failure by the central computer of the car to decrypt the message (e.g. by non-matching
`temporary pseudo-random password) will terminate the communication procedure.”
`Mathiassen at [0167]-[0168]
`
`“[0186] The encrypted “open door” command will then be wirelessly transmitted by the transceiver (
`27) from the portable door control (20) to the embedded ignition control (15) via the transceivers of
`the door locks and the central car computer.
`[0187] The encrypted message will be decrypted by the embedded ignition control ( 15) by its
`processor (2) on its resident IC (1) fetching the seed from the non-volatile memory (7A). The seed
`will be entered into the SKG block (8A) to generate the identical, and temporary password fed on to
`the encryption block (8B or 8C). If the decrypted message confirms a valid and authenticated “open
`door” command, a similar encrypted command will be relayed to the door locks by the car computer.
`[0188] Alternatively the decryption and authentication algorithms may be performed on the central
`car computer instead of on the embedded ignition control.”
`Mathiassen at [0186]-[0188]
`
`
`156162342.2
`
`- 12 -
`
`Page 12 of 78
`
`
`
`
`
` Claim Element
`1a. a memory comprising a
`database
`of
`biometric
`signatures;
`
`Exhibit B-15 to HMD Invalidity Contentions
`(Mathiassen)
`
`Invalidity Claim Chart - U.S. Pat. No. 9,665,705
`Mathiassen
`Mathiassen discloses a memory comprising a database of biometric signatures explicitly, inherently,
`or as a matter of common sense, or it would have been obvious to add missing aspects of the
`limitation.
`
`For example, see the following passages and/or figures, as well as all related disclosures:
`
`
`Mathiassen at Fig. 2b
`
`
`156162342.2
`
`- 13 -
`
`
`
`Page 13 of 78
`
`
`
`
`
` Claim Element
`
`Exhibit B-15 to HMD Invalidity Contentions
`(Mathiassen)
`
`Invalidity Claim Chart - U.S. Pat. No. 9,665,705
`Mathiassen
`“[0005] An alternative identification method is by something you are, meaning some sort of secure
`identification by biometrics, such as fingerprints. Although biometrics is gaining ground, this happens
`slowly and is not employed in a greater scale. There are several reasons for this slow growth in
`biometrics identification for access to networks and servers;”
`Mathiassen at [0005]
`
`“[0049] The sensor ( 5) is connected to a fingerprint sensor signal capturing and pre-processing block
`(5C) via a first interface block (5A) as well as a wake-up circuit (5B), the function of the latter being
`to power up all other blocks of the IC (1). When a finger is detected on the sensor (5) surface, the
`output signals from the sensor (5) will raise beyond a pre-set threshold, triggering the wake-up circuit
`(5B) to power up the rest of the IC (1) in a pre-set sequence. The first blocks to be powered up are the
`Image Capture and Pre-processing block (5C) as well as the high-speed bus (3) and the volatile
`memory (6 or 6C), all of which are connected to the high-speed bus (3). The pre-processing block is
`designed to perform the initial, heavy-duty processing of the captured raw images from the sensor (5).
`The intermediate results are stored in the volatile memory (6A or 6C) that is interfaced via the high
`speed bus (3) to a first memory interface block (6B or 6D). The volatile memory (6A or 6C) thus
`provides working memory that is available to other modules on the IC (1).
`[0050] Meanwhile the remaining blocks of the IC ( 1) are powered up in a pre-set sequence, starting
`with the central processor (2) being a powerful processor, such as ARM 9, or equivalent. The
`processor unit (2) is also connected to the high-speed bus (3) for allowing communication with the
`other on-chip components or modules. When the pre-processing block (5C) has crunched the captured
`raw images to an intermediate stage of significantly compressed information, i.e. a dataset of reduced
`size, denoted intermediate fingerprint data. The intermediate fingerprint data are fed to the central
`processor (2) for final reduction of the captured fingerprint image to compact fingerprint
`representations, called minutiae. Such minutiae are distinct points where fingerprint lines (ridges)
`starts or stops, or locations of bifurcation of the ridges and may be described by at least a vector
`comprising X and Y coordinates, and direction of the individual minutiae, stored as an alphanumeric
`string in non-volatile memory (7, 7A or 7C). The non-volatile memory (7, 7A or 7E) being coupled to
`the high-speed bus (3) via a second memory interface block (7B or 7D), is typically used for storing
`program code, e.g. administrative software, tailored security output responses, secret information like
`seed and key number(s) for the encryption, electronic certificates and fingerprint representations in the
`
`156162342.2
`
`- 14 -
`
`Page 14 of 78
`
`
`
`
`
` Claim Element
`
`Exhibit B-15 to HMD Invalidity Contentions
`(Mathiassen)
`
`Invalidity Claim Chart - U.S. Pat. No. 9,665,705
`Mathiassen
`form of so-called minutiae. These fingerprint representations (master minutiae) are compared by the
`central processor (2) with master fingerprint representations stored in non-volatile memory (7, 7A or
`7C). If a positive match is established, the chip may proceed with generating a secure key (SKG)
`either processed by a special algorithm on the central processor (2) based on a seed pre-stored in the
`non-volatile memory (7, 7A or 7C), or alternatively embedded in hardware block (8A). If the same
`SKG algorithm is run on two separate computers (e.g. a server (30) and the central processor (2) on
`the IC (1)) it will yield the same key, or password, when the identical algorithm on both of the two
`separate computers is fed with the identical seed. While the algorithms normally are assumed known,
`and may be the same for all computers in a network (N), or for a user sub-set, the seed is individual
`and secret and only known by the system administrator and the user. The SKG algorithm may be
`constructed to produce a pseudo-random identical key on both computers (2 and 30) that is either
`valid for a time frame, or alternatively changes for each transaction. This may require that the present
`key number as well as the past key number is stored in the non-volatile memory (7, 7A or 7C). Secret
`information such as seed, key numbers, IP address, etc. may either be scrambled by block (8) and
`stored on a regular Flash memory (7), or securely stored in SmartCard environments (7A or 7C).
`When a key is generated, as per above, the administrative software, stored in the non-volatile memory
`(7, 7A or 7C) and run on the central processor (2) may then combine information to be part of a
`secure communication between the IC (1) and the network server (30). The information to be
`encrypted may comprise User ID, password and other info. Encryption is performed in hardware
`blocks (8 or 8B or 8C). The rules of secure communication enforced on the prevailing network (N) are
`embedded in the administrative software executed on the central processor (2), and may be adapted to
`include PKI biometrics verification and hand-shake sequences. The encryption blocks (8, 8B or 8C)
`may also be used to encrypt general information transactions between the IC (1) and the network
`server (30), if desirable. Access to such extended encryption will be given to the user pending a
`positive match of his fingerprint with an authorized fingerprint representation by compact minutiae
`tables, pre-stored in the non-volatile memory (7, 7A or 7C). The IC (1) also comprises hardware
`and/or software required to supply output signals to a number of second interface blocks (9A, 9B, 9C
`or 9D) for transferring data to other devices and networks (N) external to the IC (1). In the present
`invention the IC (1) is adapted to provide data to the external access-limited apparatus, device or
`system. This second interface block may comprise hardware and software for supporting a USB (9A)