Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 1 of 232
`
`Exhibit I
`
`
`
`Exhibit I
`
`
`
`The Accused Instrumentalities include, but are not necessarilylimited to, Apple iPhone and Apple iPad compatible with Yale
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 2 of 232
`Sman Locks, and any Apple product or device that is substantially or reasonably similar to the functionality set forth below. The
`Accused Instrumentalities infringe the claims of the "705 Patent, as described below, either directly under 35 U.S.C. § 271 (a), or
`indirectly under 35 U.S.C. §§ 27 l(b}(c). The Accused Insirumentalities infringe the claims ofthe "705 Patent literally and, to the extent
`nm literally, under the doctrine ofequivalents.
`
`|. Asystem for providing|Te the extent that the preamble is deemed to be a limitation, the Accused Instrumentalities are
`SECUING GCCeSs LO a
`configured to use a system in accordance with thix claim.
`controlled ikem, the
`system comprising:
`
`augusl-and-yale-locks 1)
`
`More specifically, the controlled item is a locking mechanism of the door lock ofthe user's home. The
`Accused Instrumentalities are configured to provide secure access to the user's home via Yale Smart
`Locks when the user provides biometric signal to the Accused Instrumentalities via Touch 1D or Face
`ID.
`
`“When the “Secure Remote Access” feature is turned on,
`
`This further ensures that your door is only operated bythe right people at the time you intend
`
`for it.”
`(htps://us.yalehome.com/en/yale-news/blog,latest-blog-posts/introdwcing-biometric-verification-Lor-
`
`CPC Ex. 2005 — Page 006
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 3 of 232
`
`= Open
`
`Yale
`
`2%
`
`Introducing Biometric Verification for August and Yale Locks
`
`
`
`(https://us-yalehome.com/en/yale-news blog/latest-blog-posts/introducing-biometric-verilication-for-
`august-and-yale-locks 1!)
`
`CPC Ex. 2005 — Page 007
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`a :
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 4 of 232
`
`
`
`(https: www: apple.com’ shon/product/HPAR2Z2 MA yale-assure-lock-sl-louchsereen-deadbolt-black }
`
`CPC Ex. 2005 — Page 008
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`The Accused Instrumentalities compatible with Yale Smart Locks are shown below:
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 5 of 232
`
`Compatibility
`
`iPhone Models
`iPhone 12 Pro
`iPhone 12 Pro Max
`iPhone 12 mini
`iPhone 12
`iPhone 11 Pro
`iPhone 11 Pro Max
`iPhone 11
`
`iPad Models
`iPad Pro 12.9-inch
`(5th generation)
`iPad Pro 12.9-inch
`(4th generation]
`iPad Pro 12.9-inch
`(2rd generation)
`iPad Pro 12.9-inch
`{2nd generation)
`iPhone SE {2nd generation)~—jpad Pro 12.9-inch
`iPhone xS
`{ist generation)
`iPhone XS Max
`iPad Pro 11-inch
`iPhone XR
`{3rd generation)
`iPhone X
`iPad Pro 11-inch
`{2nd generation)
`iPhone &
`iPad Pro 11-inch
`iPhone 8 Pius
`{tst generation)
`iPhone 7
`iPad Pro 10.5-inch
`iPhone ? Plus
`iPad Pro $.7-inch
`iPhone 6s
`iPad Ait (4th generation}
`iPhone 6s Plus
`iPad Air (3rd generation}
`iPhone SE {1st generation)
`iPad Air 2
`iPad (8th generation)
`iPad (7th generation}
`iPad (Gth generation)
`iPad (5th generation}
`iPad mini (5th generation}
`iPad raini 4
`
`https://www.apple.com/shop/product/HPAR2ZM/A/yale-assure-lock-sl-touchscreen-deadbolt-black
`
`signatures;
`
`la. a memory comprising|The Accused Instrumentalities include a memory comprising a database of biometric signatures.
`a database of biometric
`
`4
`
`CPC Ex.2005 — Page 009
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`More specifically, the iPhone allows multiple biometric signatures to be entered into a database on the
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 6 of 232
`iPhone:
`
`Touch ID
`
`The iPhone allows the registration of multiple fingerprints:
`
`Fig. from https://support_apple.com/en-us/HT201371 under Manage Towch ID Settings. In the second
`bullet, it literally says:
`
`fingerprint data to identify a match and unlock your device. "
`
`“Register up to five fingerprints.”
`
`"Touch ID can read multiple fingerprints, and it can read fingerprints in 360-degrees of orientation. It
`then creates a mathematical representation of your fingerprint and compares this to your enrolled
`
`oP]
`
`CPC Ex. 2005 — Page 010
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`
`(https://supporLapple.com/en-us'HT20438 7)
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 7 of 232
`
`“Touch ID can read multiple fingerprints and recognize fingerprints at any orientation of the finger.
`Phe system then creates a mathematical represeniation of your fingerprint and compares it to the
`registered fingerprint data to determine a match and unlock your device.”
`(https: /supportapple.com en-us HT2043587)
`
`| Face ID
`
`The iPhone allows the registration of multiple faces:
`
`To register a face, the iPhone takes a series of pictures ofthe user in different poses whilecircling his
`| head. This is revealed in detail in hitps://suppor.apple.com/en-us/HT208 109 in the second section
`_| “Configure Face ID", there also the figureshownabove.
`
`’
`
`CPC Ex. 2005 — Page 011
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 8 of 232
`
`To register a second face, the iPhone offers a corresponding option inits settings. If the user selects the
`option "Set up an alternative appearance” as shownin the figure below (from How To Add A Second
`Face To Face ID - Macworld UK;https://Awww.macworld.co.uk/how-to/second-face-id-3803421/), a
`second face is registered by the iPhone in the same wayasthefirst face.
`
`"Set up Face [D or add another face.
`
`(https://support.apple.com/de-de/guide/iphone/iph6d 1 62927a/ios)
`
`e
`
`Select "Settings" > "Face ID & Code" > "Configure alternate appearance”if you want to
`configure another face to be recognized by Face ID."
`
`7
`
`CPC Ex. 2005 — Page 012
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 9 of 232
`
`RAAR
`
`The page How To Add A Second Face To Pace ID - Macworld UK
`
`| (hitps:/wwwomacword.co.uk/how-to/second-face-id-3803421/) literally states:
`
`| i
`
`Face ID is a fast and secure way to unlock your iPhone or iPad Pro, but you may not knowthat you
`| can actually set up more than one face to use the feature.
`
` ‘This secoml face could belong to a loved one, enabling your partner or child to access your phone
`
`
`without requiring your smiling mug to unlock it.”
`
`Tostore the biometric signatures ("template data") from the received biometric signals, the iPhone has
`|) a System on Chip (SOC) called a Secure Enclave. A Secure Enclave Processor provides the Secure
`_Enclavewith computing
`power:
`
`:
`
`CPC Ex. 2005 — Page 013
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`(Id., at 16.)
`
`Secure nonvolatile storage
`“The Secure Enclave is equipped with a dedicated secure nonvolatile storage device.
`The secure nonvolatile storage is connected to the Secure Enclave using a dedicated I2C bus, so that it
`can only be accessed by the Secure Enclave.”
`(id., at 15.)
`
`Adding or removing a Touch ID fingerprint or Face ID face".
`
`9
`
`CPC Ex. 2005 — Page 014
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`* °
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 10 of 232
`"The Secure Enctfave is a system on chip (SoC) that is included on all recent iPhone,... devices”
`(Ex. A, Apple Platform Security, at 7.)
`
`"The Secure Enclave is a dedicated secure subsystem integrated into Apple systems on chip (SoCs)."
`(id., at 9.)
`
`The Secure Enclave Processor provides the main computing power for the Secure Enclave."
`(id., at 10.)
`
`"During enrollment, the Secure Enclave processes, encrypts, and stores the corresponding Touch ID
`and Face ID template data."
`(Ud., at 19.)
`
`The Secure Enclave has access to a memory assigned to it and accessible only to it:
`
`This memory serves as a database for storing the biometric signatures:
`
`"The secure nonvolatile storage is used for all anti-replay services in the Secure Enclave. Anti-replay
`services on the Secure Enclave are used for revocation of data over events that mark anti-replay
`boundaries including, but not limited to, the following:
`
`
`
`
`
`
`This database is shownin the figure from Apple Platform Secutiry reproduced below:
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 11 of 232
`
`hin tn
`
`Dada
`
`Database 105
`(Ex. A, Apple Platform Security, at 9.)
`
`nM
`
`CPC Ex. 2005 — Page 015
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Ib.
`oa
`transmitter
`sub- | Assetforthin elements 161, [b2,and163below, the AccusedInstrumentalities include a
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 12 of 232
`| system comprising:
`fransmitter sub-system,
`The iPhone's Secure Enclave is a transmitter sub-system, It sends ephemerally re-encrypled file keys to
`the application processor with its file system driver ("Application Processor file-system driver") to
`read the files in the NANDFlash Storage.
`
`SelPeL beet nage
`
`DAL
`
`I |
`
`|
`
`facareLeeese
`Fepeae cay Pay,
`
`SearinSaleaanADs
`
`be het Dees ee
`
`| (Ex. A, Apple Platfonmn Security, at 9.)
`
`CPC Ex. 2005 — Page 016
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`)"sepOS can then use the ephemeral wrapping key to wrapfile keys for use by the Application
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 13 of 232
`Processor file-system driver. When the file-system driver reads or writes a file, it sends the
`wrapped key to the AES Engine, ™
`tfad.. at lay
`
`"AL wrapped file key handling occurs in the Secure Enclave; the file key is never directly exposed to
`the Application Prowessor,
`[...| When the Secure Enclave unwraps a file's keys, they're rewrapped with
`the ephemeral key and sent back to the Application Processor.”
`(fal., al 85.)
`
`The file system driver of the application processor is an NVME driver:
`
`Saag
`
`(Ex. B, Behind the Scenes with iOS Security, at 30.)
`
`i
`
`CPC Ex. 2005 — Page 017
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`
`lbi!. a biometric sensor|The Accused Instrumentalities include a biometric sensor configured to receive a biometric signal.
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 14 of 232
`configured to receive a
`biometric signal;
`
`Morespecifically, the iPhone has at least one biometric sensor for capturing a fingerprintor a face
`(Touch ID and/or Face ID), namely a Touch ID sensor and a camera system with image sensor,
`respectively.
`
`Touch ID
`
`"Apple devices with a Touch ID sensor can be unlocked using a fingerprint."
`(Ex. A, Apple Platform Security, at 19.)
`
`https://appleinsider.com/inside/touch-id
`
`"Touch ID is the fingerprint sensing system that makes secure access to supported Apple devices faster
`and easier. This technology reads fingerprint data from any angle and learns more about a user's
`fingerprint over time, with the sensor continuing to expand the fingerprint map as additional
`overlapping nodes are identified with each use."
`(id.)
`
`"When the fingerprint sensor detects the touch of a finger,it triggers the advanced imaging array to
`scan the finger and sends the scan to the Secure Enclave."
`(Id.
`
`The biometric sensor for Touch ID is located below the home button:
`
`"The Homebuttonis a stack of different materials, capped with a sapphire crystal lens. The
`surroundingstainless-steel ring works as a ground and detects the user's finger. This action activates a
`capacitive touch sensor installed underneath the cover: A CMOSchip with small capacitors.”
`
`13
`
`CPC Ex. 2005 — Page 018
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 15 of 232
`
`er ey
`
`|
`|
`
`|
`| SRGurnneta
`|EyRTRsormeTiray
`
`ee AE ey
`
`Biometric sensor 12]
`
`"Where is the Touch ID sensor located?
`
`
`
`
`
`
`
`
`
`The Toweh ID sensor ts located erther in the home button or = on the iPad Air (4th pemerstion) - in the top
`burthown.
`
`(https: supporlapple.com/en-us!H P2013 71)
`
`The image sensor caplures an 88-by-88-pixel, 500 PPI raster scan:
`
`“The S8-by-S8-pixel, 300-ppi raster scan is temporarily stored in-encrypted memory within the Secure
`Enclave while being vectorized for analysis, and thenit's discarded. Theanalysis utilizes subdermal
`ridge flow angle mapping, which1s a lossy process that discards minutia data that would be required to
`reconstruct the user's actual fingerprint. The resulting map of nodes is stored without any identity
`Information in an encrypted tormat that can only be read by the Secure Enclave, and is mever sent to
`
`Apple or backed up to iCloud or iTunes. ~
`
`i”
`
`CPC Ex. 2005 — Page 019
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`(Ex. C, iOS Security white paper, at 8.)
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 16 of 232
`
`Face ID
`
`The biometric sensor for facial biometrics is a camera system (""TrueDepth camera system") with an
`image sensor.
`
`"With a simple glance, Face ID securely unlocks supported Apple devices. It provides intuitive and
`secure authentication enabled by the TrueDepth camera system, which uses advanced technologies to
`accurately map the geometry of a user's face. ”
`(Ex. A, Apple Platform Security, at 20.)
`
`To receive a biometric signal, the camera system with image sensor reads over 30,000 infrared points
`to capture depth information along with a two-dimensional infrared image.
`
`perform facial biometrics:
`
`"After the TrueDepth camera confirms the presence of an attentive face, it projects and reads over
`30,000 infrared dots to form a depth map ofthe face along with a 2D infrared image. This datais
`used to create a sequence of 2D images and depth maps, which are digitally signed and sentto the
`Secure Enclave. To counter both digital and physical spoofs, the TrueDepth camera randomizes the
`sequence of 2D images and depth mapcaptures, and projects a device-specific random pattern. A
`portion of the Secure Neural Engine-protected within the Secure Enclave-transformsthis data into a
`mathematical representation and compares that representation to the enrolled facial data. This enrolled
`facial data is itself a mathematical representation of the user's face captured across a variety of poses."
`Ud.)
`
`The camera system includes a biometric image sensor, namely a "CMOSimage"sensor from Sony,to
`
`Is
`
`CPC Ex. 2005 — Page 020
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 17 of 232
`
`bantu Ud
`
`(htips://appleinsider.com/articles/17/09/09/inner-workings-of-apples-face-id-camera-detailed-in-
`report)
`
`The Accesed Instramentalities incinde a transmitter controller configured to emit a secure aecess
`signal! conveying information dependent upon said accessibility attribute.
`
`accessibility attribute; and Accused Instrumentalities
`
`More specifically, the iPhone's System on Chip (SOC), i.e. the Secure Enclave with its Secure Enclave
`Processor (SEP) or a Secure Neural Engine contained therein, is a means (103) to check a match of the
`biometric signal with elements of the biometne signature database.
`
`a transmitter sub-
`‘Th2,
`controller
`sysiem
`configured to match the
`biometric signal
`against
`members of the database of
`biometric
`signatures
`to
`thereby
`oulpul
`an
`
`“The Secure Enefave is a system on chip (SoC) that is included on all recent iPhone, ... devices”
`(Ex. A, Apple Plattorm Security, at 7.)
`
`CPC Ex. 2005 — Page 021
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`
`
`"During matching, the Secure Enclave compares incoming data from the biometric sensor against the
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 18 of 232
`stored templates to determine whether to unlock the device or respond that a match is valid (for
`
`Apple Pay, in-app, and other uses of Touch ID and Face ID). “
`
`(d., at 19.)
`
`
`The biometric signal received from the biometric sensor ("incoming data from the biometric sensor") is
`
`thus checked by the Secure Enclave and its SEP with the elements of the database of biometric
`signatures 105, i.e. the "stored templates", for the presence of a match.
`
`
`
`
`
`
`
`For Touch ID, the Secure Enclave match verification is performed as follows:
`
`
`"The Secure Enclave is responsible for processing fingerprint data from the Touch ID sensor,
`
`determiningif there is a match against registered fingerprints, and then enabling access or purchases on
`
`behalf of the user ..."
`
`(Ex. C, iOS Security white paper, at 7.)
`
`
`
`"During enrollment, the resulting map of nodes is stored in an encrypted format that can be read only
`
`by the Secure Enclave as a template to compare against for future matches..."
`(Ex. A, Apple Platform Security, at 19.)
`
`
`
`"Touch ID can read multiple fingerprints, and it can read fingerprints in 360-degrees of orientation. It
`
`then creates a mathematical representation of your fingerprint and comparesthis to your enrolled
`
`fingerprint data to identify a match and unlock your device. "
`
`(https://support.apple.com/en-us/HT204587)
`
`
`"Touch ID can read multiple fingerprints and recognize fingerprints at any orientation of the finger.
`
`The system then creates a mathematical representation of your fingerprint and comparesit to the
`
`registered fingerprint data to determine a match and unlock your device."
`
`(https://support.appie.com/de-de/HT204587)
`
`
`
`
`
`iM
`
`CPC Ex. 2005 — Page 022
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`For Face ID, the Secure Enclave has a neural network protected byit, i.e., a Secure Neural Engine,
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 19 of 232
`which ts used to verify the match:
`
`“Face ID uses neural networks for determining attention, matching, and antispoofing, so a user can
`unlock their phone with a glance."
`(Ex. A, Apple Platform Security, at 20.)
`
`"A portion of the Secure Neural Engine-protected within the Secure Enclave-transformsthis data into a
`mathematical representation and comparesthat representation to the enrolled facial data. This enroiled
`facial data is itself a mathematical representation ofthe user's face captured across a variety of poses."
`(/d.).
`
`(id. at 19.)
`
`"Facial matching security
`Facial matching is performed within the Secure Enclave using neural networkstrained specifically for
`that purpose... Face ID data, including mathematical representations of a user's face, is encrypted and
`available only to the Secure Enclave. This data never leaves the device."
`(id. at 23.)
`
`When the Secure Enclave, or more precisely the Touch ID or Face ID subsystem within the Secure
`Enclave, has determined that a match exists, an accessibility attribute is issued by the corresponding
`Touch ID or Face ID subsystem. This Touch ID or Face ID subsystem is also referred to as the SBIO.
`The accessibility attribute confirms that there is a match and that the iPhone ts to be unlocked ("...
`determine whether to unlock the device ...").
`
`This confirmation of the match is signaled by the SBIO by issuing a random secret to which only the
`Touch ID or Face ID subsystem within the Secure Enclave has access:
`
`"During matching, the Secure Enclave compares incoming data from the biometric sensor against the
`stored templates to determine whether to unlock the device[...]."
`
`18
`
`CPC Ex. 2005 — Page 023
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 20 of 232
`"Uses for Touch ID and Face ID
`Unlocking a device or user account
`[...] keys for the highest class of Data Protection-which are held in the Secure Enclave[...].
`
`(Id. at 24.)
`
`"The class key is protected with the hardware UID and, for some classes, the user's passcode."
`(id. at 85.)
`
`"Complete Protection
`
`(NSFileProtectionComplete): The class key is protected with a key derived from the user passcode or
`password and the device UID. Shortly after the user locks a device (10 seconds, if the Require
`Passwordsetting is Immediately), the decrypted class key is discarded, rendering all data in this
`class inaccessible until the user enters the passcode again or unlocks(logs in to) the device using
`Touch ID or Face ID."
`
`With Touch ID or Face ID enabled, the keys aren't discarded when the device or account locks;
`instead, they're wrapped with a key that's given to the Touch ID or Face ID subsystem inside the
`Secure Enclave. When a user attempts to unlock the device or account, if the device detects a
`successful match, it provides the key for unwrapping the Data Protection keys, and the device or
`accountis unlocked. This process provides additional protection by requiring cooperation between the
`Data Protection and Touch ID or Face ID subsystems to unlock the device."
`
`associated with the
`
`(id, at 86.)
`
`The Touch ID or Face ID subsystem within the Secure Enclave is the SBIO shown below. SBIO is an
`application that runs within the Secure Enclave on the SEP andis responsible for checking the match
`of biometric features. SBIO receives the corresponding biometric data from a biometric sensor, such as
`the Touch ID sensor, The random secret is stored in a memory
`("bi
`
`19
`
`CPC Ex. 2005 — Page 024
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`SERIO and is output from the bio memory upon maich, see step 3 in the ciagram below (°3) upon
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 21 of 232
`
`| sucessful match send random secret to SKS")
`
`(Ex. B, Behind the Scenes with iOS Security, at 34.)
`
`The class keys are ene rypted with a master key:
`
`a
`
`CPC Ex. 2005 — Page 025
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 22 of 232
`
`User Keybags
`
`keys generated for each user to protect their data at rest
`
`wrapped by master key derived from user passcode and SEP UID
`
`Different policy associated with each keybag key—Usage, a wa
`
`After 10 incorrect passcode entries, SEP will not process anyfurther attempts
`
`(fet, at 25.)
`
`The random seeret 16 issued to SKS. SKS is a Secure Rey Service application which is located within
`the Secure Enclave on the SEP and ts responsible for decrypting class keys, The random secret
`provided by SBIO is used to decrypt a master key ("4) decrypt master key"). The master key ts
`concatenated with the UID ofthe SEP and thus class keys are decrypted and added to the SKS keyring
`("5) decrypt class keys, add to keyring") for further use by the Secure Enclave. The decrypted class
`keys include,
`for example, the class key of class A
`
`Ib3, fooiransmutter|)Tie Accased fastramentalities include a transmitter configured fo emit a secure access signal
`
`contigured loemil a secure|convering information dependent upon said accessibility attribute.
`laccess
`signal
`conveying
`
`| information dependent|For example, the Secure Enclave emits a signal with ephemerally re-encryptedfile keys:
`}upon
`said
`accessibility
`} attribute; and
`
`“ses can then use the ephemeral wrapping key to wrap file keys for use by the Application
`Processor file-system driver. When the file-system driver reads or writes a file, it sends the wrapped
`| key to the ABS Engine.”
`
`|
`
`21
`
`CPC Ex. 2005 — Page 026
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`(Ex.
`A, Apple Platform Security, at 14.)
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 23 of 232
`
`“AL wrapped file key handling: occurs inthe Secure Enclave: the file kay Ss ney er directly exposed ta
`the Application Processor,
`|...) When the Secure Enclave unwraps a file's keys, they're rewrapped with
`the ephemeral key and sent back to the Application Processor."
`(fa, al 83.)
`
`The signal with the ephemeralls ret hery pled file keys iS i SECLUPE signal because it comes from the
`Secure Enclave and thus from a secure environment, Furthermore, the siemal is secure becausethe
`transmitted information is encrypted. The emitted file keys are encrypted with the ephemeral key:
`
`“Full wrapped tile key handling occurs in the Secure Enclave: the file key 6 never directly exposed lo
`| the Application Processor. At startup, the Secure Enclave negotiates an ephemeral key with the AES
`Engine. When the Secure Enclave unwraps a file's keys, they're rewrapped with the ephemeral key and
`sent back tothe Application Processor,”
`i fa)
`
`Filesystem Data Protection
`
`ea ee ARCs ceca ek Hemel Nene lal eee el ale) tsess ee Oe
`
`File blocks are encrypted using AES-ATS with 128-bit keys
`
`+4
`—
`
`CPC Ex. 2005 — Page 027
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`(Ex. B, Behind the Scenes with OS Security, at 24. }
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 24 of 232
`
`ieAa
`
`Ele BLLy
`
`itra] ret
`
`et
`
`Ritoti -
`
`(fa, at 30.)
`
`The information transmitted by the emitted signal, i.c., the ephemerally re-encrypted file keys, ts
`dependent on the availability attribute, i.c., the confirmation that a biometric “template match" exists.
`Chis confirmation is signaled by the issuance of the random seeret (cf. step 3): Only if thereis a
`confirmation of the mateh and the random secret is issued by the Touch [D or Face ID subsystem
`within the Secure Enclave, ic. SBIO, the class key is available for re-enerypting thefile keys
`
`The re-enerypted file keys are therefore information whichis emitted depending on the fact that the
`availability attribute has been emitted.
`
`CPC Ex. 2005 — Page 028
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`
`lc. a receiver sub-system|As setforth in elements Ici and Ic2 below, the Accused Instrumentalities include a receiver sub-
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 25 of 232
`comprising:
`system.
`
`from the Secure Enclave for this
`
`The receiver subsystem is the part of the system outside the Secure Enclave that is responsible for
`reading encrypted files from the NAND Flash Storage and receives ephemerally re-encrypted file keys
`
`24
`
`CPC Ex. 2005 — Page 029
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 26 of 232
`
`Accused Instrunmentalities
`
`TRREG
`
`Secure Enclave
`ALS Dreger
`
`&
`
`Encliva —ie Wamory Protection
`Proceacr
`Engine
`
`Secure Enclave
`
`Seyler On Chi
`
`iaecune Norglable Storage
`
`CPC Ex. 2005 — Page 030
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`| |
`
`|
`
`(Ex. A, Apple Platform Security, at 9.)
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 27 of 232
`lel. areeeiver sub-system|The Accessed fastramentalities include a receiver sub-system controller confipured ta: receive the
`
`} controller configured to:|franseitted secure access signal,
`receive
`the
`transmitted
`secure access signal; and
`
`An application processor (118) with file system driver, which receives the ephemerally re-enerypted
`file key,
`To read files from the NAND Flash storage, the application processor processes the recerved
`signal by creating a read command with the ephemerally wrapped file key ("IO command with
`ephemerally wrapped file kev") and sends it to the storage controller (10%) (NAD | lash controller
`with AES engine). This read command provides the storage controller with all the information required
`to read and decrypt the encrypted file from the NAND flash storage:
`
`ction
`
`res
`
`|
`
`|
`
`aege
`
`
`
`MVE Orphan Pala Sirs|ics
`
`bent|
`
`(Ex.
`
`BK, Behind the Scenes with 104s Security, al 30)
`
`om
`
`CPC Ex. 2005 — Page 031
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 28 of 232
`"sepOS can then use the ephemeral wrapping key to wrap file keys for use by the Application
`Processor file-system driver. When the file-system driver reads or writes a file, it sends the
`wrapped key to the AES Engine. ™
`(Ex. A, Apple Platform Security, at 14.)
`
`"All wrapped file key handling occurs in the Secure Enclave; the file key is never directly exposed to
`the Application Processor, [...] When the Secure Enclave unwraps a file's keys, they're rewrapped with
`the ephemeral key and sent back to the Application Processor."
`—
`(fd, at 85.)
`
`| le2. provide conditional|TheAccused Instramentalities include a receiversub-system configured to provide conditional
`access
`tO the controlled | access to the controlled item dependent upon said information.
`item dependent upon said |
`information:
`
`More specifically, the controlled itemis a locking mechanism of the door lock ofthe user's home. The
`Accused Instrumentalities are configured to provide secure access to the user's home via Yale Smart
`Locks when the user provides biometric signal to the Accused Instrumentalities via Touch [1D or Face
`ID.
`
`
`“When the “Secure Remote Access” feature is tumed on,
`
`
`
`This further ensures that your door is only operated by the right people at the time you intend
`for it.”
`(https://us,yalehome.com/en/yale-news/blog/latest-blog-posts/introducing-biometric-verification-for-
`august-and-vale-locks1/)
`
`
`on
`
`CPC Ex. 2005 — Page 032
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 29 of 232
`
`= Open
`
`Yale
`
`Qo.
`
`Introducing Biometric Verification for August and Yale Locks
`
`
`
`(https://us.yilehome.com/ en vale-news/blog' latest-bloe-posts/intraducing- biometric: ver fication-lor-
`aucust-and-vyale-locks 1)
`
`CPC Ex. 2005 — Page 033
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 30 of 232
`
`(https :/www.apple.com/shop/ product HPAR24M/A/yale-assure-lock-sl-touchsereen-deadbolt-black}
`
`CPC Ex. 2005 — Page 034
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Id. wherein the transmitter|The Accused Instrumentalities include a transmitter sub-system controller that is configured to be
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 31 of 232
`
`sub-system controller is|used as setforth in elements Idl, 1d2, and Id3 below.
`further configured to:
`
`Idl. receive a series of|The Accused Instrumentalities include a transmitter sub-system controller configured to receive a
`
`entries of the biometric|series of entries ofthe biometric signal, said series being characterized according to at least one of
`signal, said series being|the number ofsaid entries and a duration ofeach said entry.
`characterized according to
`at least one of the number|Morespecifically, the Secure Enclave of the iPhone with the Secure Enclave Processor forms the
`of
`said
`entries
`and
`a| means for receiving a series of entries of the biometric signal.
`duration of each said entry;
`
`Touch ID
`
`sensor will use Touch ID on iPhone.
`
`"Apple's biometric security architecture relies on a strict separation of responsibilities between the
`biometric sensor and the Secure Enclave, and a secure connection between the two. The sensor
`captures the biometric image and securely transmits it to the Secure Enclave.”
`(Ex. A, Apple Platform Security, at 19.)
`
`Whena finger is piaced on the biometric sensor, the finger is scanned and the corresponding biometric
`signal entry is received by the Secure Enclave.
`
`"Whenthe fingerprint sensor detects the touch ofa finger, it triggers the advanced imagingarray to
`scan the finger and sends the scan to the Secure Enclave.”
`(id.)
`
`To enroll a fingerprint in the database, the iPhone's fingerprint sensor records an entry of a biometric
`signal when the user places his finger on the sensor. This is done multiple times, resulting in a series of
`entries of such biometric signals.
`
`Receiving a series of entries of the biometric signal by repeatedly placing a finger on the Touch ID
`
`30
`
`CPC Ex. 2005 — Page 035
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 32 of 232
`Setup Touch ID
`
`Before you can set up Touch ID, you must first create a code for your device,* then follow these steps:
`|. Make sure the Toweh ID sensor and your fingerare clean and dry-
`-
`lap Settings > Touch ID & Code, and then enter your code.
`Tap "Add fingerprint” and bold the device as you normally would when touching the Touch ID
`Sensor.
`
`is
`4
`
`A,
`
`Pouch the Touch ID sensor with one finger, but do not press. Keep your finger on the button until
`
`——
`
`Place Your Finger
`Se geea
`
`you feel a quick vibration or are promptedto lift your finger, oa
`
`5
`
`Continue by raising and slowly lowering your finger o
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
