`
`Exhibit I
`
`
`
`The Accused Instrumentalities include, but are not necessarilylimited to, Apple iPhone and Apple iPad compatible with Yale
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 2 of 232
`Sman Locks, and any Apple product or device that is substantially or reasonably similar to the functionality set forth below. The
`Accused Instrumentalities infringe the claims of the "705 Patent, as described below, either directly under 35 U.S.C. § 271 (a), or
`indirectly under 35 U.S.C. §§ 27 l(b}(c). The Accused Insirumentalities infringe the claims ofthe "705 Patent literally and, to the extent
`nm literally, under the doctrine ofequivalents.
`
`|. Asystem for providing|Te the extent that the preamble is deemed to be a limitation, the Accused Instrumentalities are
`SECUING GCCeSs LO a
`configured to use a system in accordance with thix claim.
`controlled ikem, the
`system comprising:
`
`augusl-and-yale-locks 1)
`
`More specifically, the controlled item is a locking mechanism of the door lock ofthe user's home. The
`Accused Instrumentalities are configured to provide secure access to the user's home via Yale Smart
`Locks when the user provides biometric signal to the Accused Instrumentalities via Touch 1D or Face
`ID.
`
`“When the “Secure Remote Access” feature is turned on,
`
`This further ensures that your door is only operated bythe right people at the time you intend
`
`for it.”
`(htps://us.yalehome.com/en/yale-news/blog,latest-blog-posts/introdwcing-biometric-verification-Lor-
`
`CPC Ex. 2005 — Page 006
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 3 of 232
`
`= Open
`
`Yale
`
`2%
`
`Introducing Biometric Verification for August and Yale Locks
`
`
`
`(https://us-yalehome.com/en/yale-news blog/latest-blog-posts/introducing-biometric-verilication-for-
`august-and-yale-locks 1!)
`
`CPC Ex. 2005 — Page 007
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`a :
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 4 of 232
`
`
`
`(https: www: apple.com’ shon/product/HPAR2Z2 MA yale-assure-lock-sl-louchsereen-deadbolt-black }
`
`CPC Ex. 2005 — Page 008
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`The Accused Instrumentalities compatible with Yale Smart Locks are shown below:
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 5 of 232
`
`Compatibility
`
`iPhone Models
`iPhone 12 Pro
`iPhone 12 Pro Max
`iPhone 12 mini
`iPhone 12
`iPhone 11 Pro
`iPhone 11 Pro Max
`iPhone 11
`
`iPad Models
`iPad Pro 12.9-inch
`(5th generation)
`iPad Pro 12.9-inch
`(4th generation]
`iPad Pro 12.9-inch
`(2rd generation)
`iPad Pro 12.9-inch
`{2nd generation)
`iPhone SE {2nd generation)~—jpad Pro 12.9-inch
`iPhone xS
`{ist generation)
`iPhone XS Max
`iPad Pro 11-inch
`iPhone XR
`{3rd generation)
`iPhone X
`iPad Pro 11-inch
`{2nd generation)
`iPhone &
`iPad Pro 11-inch
`iPhone 8 Pius
`{tst generation)
`iPhone 7
`iPad Pro 10.5-inch
`iPhone ? Plus
`iPad Pro $.7-inch
`iPhone 6s
`iPad Ait (4th generation}
`iPhone 6s Plus
`iPad Air (3rd generation}
`iPhone SE {1st generation)
`iPad Air 2
`iPad (8th generation)
`iPad (7th generation}
`iPad (Gth generation)
`iPad (5th generation}
`iPad mini (5th generation}
`iPad raini 4
`
`https://www.apple.com/shop/product/HPAR2ZM/A/yale-assure-lock-sl-touchscreen-deadbolt-black
`
`signatures;
`
`la. a memory comprising|The Accused Instrumentalities include a memory comprising a database of biometric signatures.
`a database of biometric
`
`4
`
`CPC Ex.2005 — Page 009
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`More specifically, the iPhone allows multiple biometric signatures to be entered into a database on the
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 6 of 232
`iPhone:
`
`Touch ID
`
`The iPhone allows the registration of multiple fingerprints:
`
`Fig. from https://support_apple.com/en-us/HT201371 under Manage Towch ID Settings. In the second
`bullet, it literally says:
`
`fingerprint data to identify a match and unlock your device. "
`
`“Register up to five fingerprints.”
`
`"Touch ID can read multiple fingerprints, and it can read fingerprints in 360-degrees of orientation. It
`then creates a mathematical representation of your fingerprint and compares this to your enrolled
`
`oP]
`
`CPC Ex. 2005 — Page 010
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`
`(https://supporLapple.com/en-us'HT20438 7)
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 7 of 232
`
`“Touch ID can read multiple fingerprints and recognize fingerprints at any orientation of the finger.
`Phe system then creates a mathematical represeniation of your fingerprint and compares it to the
`registered fingerprint data to determine a match and unlock your device.”
`(https: /supportapple.com en-us HT2043587)
`
`| Face ID
`
`The iPhone allows the registration of multiple faces:
`
`To register a face, the iPhone takes a series of pictures ofthe user in different poses whilecircling his
`| head. This is revealed in detail in hitps://suppor.apple.com/en-us/HT208 109 in the second section
`_| “Configure Face ID", there also the figureshownabove.
`
`’
`
`CPC Ex. 2005 — Page 011
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 8 of 232
`
`To register a second face, the iPhone offers a corresponding option inits settings. If the user selects the
`option "Set up an alternative appearance” as shownin the figure below (from How To Add A Second
`Face To Face ID - Macworld UK;https://Awww.macworld.co.uk/how-to/second-face-id-3803421/), a
`second face is registered by the iPhone in the same wayasthefirst face.
`
`"Set up Face [D or add another face.
`
`(https://support.apple.com/de-de/guide/iphone/iph6d 1 62927a/ios)
`
`e
`
`Select "Settings" > "Face ID & Code" > "Configure alternate appearance”if you want to
`configure another face to be recognized by Face ID."
`
`7
`
`CPC Ex. 2005 — Page 012
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 9 of 232
`
`RAAR
`
`The page How To Add A Second Face To Pace ID - Macworld UK
`
`| (hitps:/wwwomacword.co.uk/how-to/second-face-id-3803421/) literally states:
`
`| i
`
`Face ID is a fast and secure way to unlock your iPhone or iPad Pro, but you may not knowthat you
`| can actually set up more than one face to use the feature.
`
` ‘This secoml face could belong to a loved one, enabling your partner or child to access your phone
`
`
`without requiring your smiling mug to unlock it.”
`
`Tostore the biometric signatures ("template data") from the received biometric signals, the iPhone has
`|) a System on Chip (SOC) called a Secure Enclave. A Secure Enclave Processor provides the Secure
`_Enclavewith computing
`power:
`
`:
`
`CPC Ex. 2005 — Page 013
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`(Id., at 16.)
`
`Secure nonvolatile storage
`“The Secure Enclave is equipped with a dedicated secure nonvolatile storage device.
`The secure nonvolatile storage is connected to the Secure Enclave using a dedicated I2C bus, so that it
`can only be accessed by the Secure Enclave.”
`(id., at 15.)
`
`Adding or removing a Touch ID fingerprint or Face ID face".
`
`9
`
`CPC Ex. 2005 — Page 014
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`* °
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 10 of 232
`"The Secure Enctfave is a system on chip (SoC) that is included on all recent iPhone,... devices”
`(Ex. A, Apple Platform Security, at 7.)
`
`"The Secure Enclave is a dedicated secure subsystem integrated into Apple systems on chip (SoCs)."
`(id., at 9.)
`
`The Secure Enclave Processor provides the main computing power for the Secure Enclave."
`(id., at 10.)
`
`"During enrollment, the Secure Enclave processes, encrypts, and stores the corresponding Touch ID
`and Face ID template data."
`(Ud., at 19.)
`
`The Secure Enclave has access to a memory assigned to it and accessible only to it:
`
`This memory serves as a database for storing the biometric signatures:
`
`"The secure nonvolatile storage is used for all anti-replay services in the Secure Enclave. Anti-replay
`services on the Secure Enclave are used for revocation of data over events that mark anti-replay
`boundaries including, but not limited to, the following:
`
`
`
`
`
`
`This database is shownin the figure from Apple Platform Secutiry reproduced below:
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 11 of 232
`
`hin tn
`
`Dada
`
`Database 105
`(Ex. A, Apple Platform Security, at 9.)
`
`nM
`
`CPC Ex. 2005 — Page 015
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Ib.
`oa
`transmitter
`sub- | Assetforthin elements 161, [b2,and163below, the AccusedInstrumentalities include a
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 12 of 232
`| system comprising:
`fransmitter sub-system,
`The iPhone's Secure Enclave is a transmitter sub-system, It sends ephemerally re-encrypled file keys to
`the application processor with its file system driver ("Application Processor file-system driver") to
`read the files in the NANDFlash Storage.
`
`SelPeL beet nage
`
`DAL
`
`I |
`
`|
`
`facareLeeese
`Fepeae cay Pay,
`
`SearinSaleaanADs
`
`be het Dees ee
`
`| (Ex. A, Apple Platfonmn Security, at 9.)
`
`CPC Ex. 2005 — Page 016
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`)"sepOS can then use the ephemeral wrapping key to wrapfile keys for use by the Application
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 13 of 232
`Processor file-system driver. When the file-system driver reads or writes a file, it sends the
`wrapped key to the AES Engine, ™
`tfad.. at lay
`
`"AL wrapped file key handling occurs in the Secure Enclave; the file key is never directly exposed to
`the Application Prowessor,
`[...| When the Secure Enclave unwraps a file's keys, they're rewrapped with
`the ephemeral key and sent back to the Application Processor.”
`(fal., al 85.)
`
`The file system driver of the application processor is an NVME driver:
`
`Saag
`
`(Ex. B, Behind the Scenes with iOS Security, at 30.)
`
`i
`
`CPC Ex. 2005 — Page 017
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`
`lbi!. a biometric sensor|The Accused Instrumentalities include a biometric sensor configured to receive a biometric signal.
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 14 of 232
`configured to receive a
`biometric signal;
`
`Morespecifically, the iPhone has at least one biometric sensor for capturing a fingerprintor a face
`(Touch ID and/or Face ID), namely a Touch ID sensor and a camera system with image sensor,
`respectively.
`
`Touch ID
`
`"Apple devices with a Touch ID sensor can be unlocked using a fingerprint."
`(Ex. A, Apple Platform Security, at 19.)
`
`https://appleinsider.com/inside/touch-id
`
`"Touch ID is the fingerprint sensing system that makes secure access to supported Apple devices faster
`and easier. This technology reads fingerprint data from any angle and learns more about a user's
`fingerprint over time, with the sensor continuing to expand the fingerprint map as additional
`overlapping nodes are identified with each use."
`(id.)
`
`"When the fingerprint sensor detects the touch of a finger,it triggers the advanced imaging array to
`scan the finger and sends the scan to the Secure Enclave."
`(Id.
`
`The biometric sensor for Touch ID is located below the home button:
`
`"The Homebuttonis a stack of different materials, capped with a sapphire crystal lens. The
`surroundingstainless-steel ring works as a ground and detects the user's finger. This action activates a
`capacitive touch sensor installed underneath the cover: A CMOSchip with small capacitors.”
`
`13
`
`CPC Ex. 2005 — Page 018
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 15 of 232
`
`er ey
`
`|
`|
`
`|
`| SRGurnneta
`|EyRTRsormeTiray
`
`ee AE ey
`
`Biometric sensor 12]
`
`"Where is the Touch ID sensor located?
`
`
`
`
`
`
`
`
`
`The Toweh ID sensor ts located erther in the home button or = on the iPad Air (4th pemerstion) - in the top
`burthown.
`
`(https: supporlapple.com/en-us!H P2013 71)
`
`The image sensor caplures an 88-by-88-pixel, 500 PPI raster scan:
`
`“The S8-by-S8-pixel, 300-ppi raster scan is temporarily stored in-encrypted memory within the Secure
`Enclave while being vectorized for analysis, and thenit's discarded. Theanalysis utilizes subdermal
`ridge flow angle mapping, which1s a lossy process that discards minutia data that would be required to
`reconstruct the user's actual fingerprint. The resulting map of nodes is stored without any identity
`Information in an encrypted tormat that can only be read by the Secure Enclave, and is mever sent to
`
`Apple or backed up to iCloud or iTunes. ~
`
`i”
`
`CPC Ex. 2005 — Page 019
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`(Ex. C, iOS Security white paper, at 8.)
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 16 of 232
`
`Face ID
`
`The biometric sensor for facial biometrics is a camera system (""TrueDepth camera system") with an
`image sensor.
`
`"With a simple glance, Face ID securely unlocks supported Apple devices. It provides intuitive and
`secure authentication enabled by the TrueDepth camera system, which uses advanced technologies to
`accurately map the geometry of a user's face. ”
`(Ex. A, Apple Platform Security, at 20.)
`
`To receive a biometric signal, the camera system with image sensor reads over 30,000 infrared points
`to capture depth information along with a two-dimensional infrared image.
`
`perform facial biometrics:
`
`"After the TrueDepth camera confirms the presence of an attentive face, it projects and reads over
`30,000 infrared dots to form a depth map ofthe face along with a 2D infrared image. This datais
`used to create a sequence of 2D images and depth maps, which are digitally signed and sentto the
`Secure Enclave. To counter both digital and physical spoofs, the TrueDepth camera randomizes the
`sequence of 2D images and depth mapcaptures, and projects a device-specific random pattern. A
`portion of the Secure Neural Engine-protected within the Secure Enclave-transformsthis data into a
`mathematical representation and compares that representation to the enrolled facial data. This enrolled
`facial data is itself a mathematical representation of the user's face captured across a variety of poses."
`Ud.)
`
`The camera system includes a biometric image sensor, namely a "CMOSimage"sensor from Sony,to
`
`Is
`
`CPC Ex. 2005 — Page 020
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 17 of 232
`
`bantu Ud
`
`(htips://appleinsider.com/articles/17/09/09/inner-workings-of-apples-face-id-camera-detailed-in-
`report)
`
`The Accesed Instramentalities incinde a transmitter controller configured to emit a secure aecess
`signal! conveying information dependent upon said accessibility attribute.
`
`accessibility attribute; and Accused Instrumentalities
`
`More specifically, the iPhone's System on Chip (SOC), i.e. the Secure Enclave with its Secure Enclave
`Processor (SEP) or a Secure Neural Engine contained therein, is a means (103) to check a match of the
`biometric signal with elements of the biometne signature database.
`
`a transmitter sub-
`‘Th2,
`controller
`sysiem
`configured to match the
`biometric signal
`against
`members of the database of
`biometric
`signatures
`to
`thereby
`oulpul
`an
`
`“The Secure Enefave is a system on chip (SoC) that is included on all recent iPhone, ... devices”
`(Ex. A, Apple Plattorm Security, at 7.)
`
`CPC Ex. 2005 — Page 021
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`
`
`"During matching, the Secure Enclave compares incoming data from the biometric sensor against the
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 18 of 232
`stored templates to determine whether to unlock the device or respond that a match is valid (for
`
`Apple Pay, in-app, and other uses of Touch ID and Face ID). “
`
`(d., at 19.)
`
`
`The biometric signal received from the biometric sensor ("incoming data from the biometric sensor") is
`
`thus checked by the Secure Enclave and its SEP with the elements of the database of biometric
`signatures 105, i.e. the "stored templates", for the presence of a match.
`
`
`
`
`
`
`
`For Touch ID, the Secure Enclave match verification is performed as follows:
`
`
`"The Secure Enclave is responsible for processing fingerprint data from the Touch ID sensor,
`
`determiningif there is a match against registered fingerprints, and then enabling access or purchases on
`
`behalf of the user ..."
`
`(Ex. C, iOS Security white paper, at 7.)
`
`
`
`"During enrollment, the resulting map of nodes is stored in an encrypted format that can be read only
`
`by the Secure Enclave as a template to compare against for future matches..."
`(Ex. A, Apple Platform Security, at 19.)
`
`
`
`"Touch ID can read multiple fingerprints, and it can read fingerprints in 360-degrees of orientation. It
`
`then creates a mathematical representation of your fingerprint and comparesthis to your enrolled
`
`fingerprint data to identify a match and unlock your device. "
`
`(https://support.apple.com/en-us/HT204587)
`
`
`"Touch ID can read multiple fingerprints and recognize fingerprints at any orientation of the finger.
`
`The system then creates a mathematical representation of your fingerprint and comparesit to the
`
`registered fingerprint data to determine a match and unlock your device."
`
`(https://support.appie.com/de-de/HT204587)
`
`
`
`
`
`iM
`
`CPC Ex. 2005 — Page 022
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`For Face ID, the Secure Enclave has a neural network protected byit, i.e., a Secure Neural Engine,
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 19 of 232
`which ts used to verify the match:
`
`“Face ID uses neural networks for determining attention, matching, and antispoofing, so a user can
`unlock their phone with a glance."
`(Ex. A, Apple Platform Security, at 20.)
`
`"A portion of the Secure Neural Engine-protected within the Secure Enclave-transformsthis data into a
`mathematical representation and comparesthat representation to the enrolled facial data. This enroiled
`facial data is itself a mathematical representation ofthe user's face captured across a variety of poses."
`(/d.).
`
`(id. at 19.)
`
`"Facial matching security
`Facial matching is performed within the Secure Enclave using neural networkstrained specifically for
`that purpose... Face ID data, including mathematical representations of a user's face, is encrypted and
`available only to the Secure Enclave. This data never leaves the device."
`(id. at 23.)
`
`When the Secure Enclave, or more precisely the Touch ID or Face ID subsystem within the Secure
`Enclave, has determined that a match exists, an accessibility attribute is issued by the corresponding
`Touch ID or Face ID subsystem. This Touch ID or Face ID subsystem is also referred to as the SBIO.
`The accessibility attribute confirms that there is a match and that the iPhone ts to be unlocked ("...
`determine whether to unlock the device ...").
`
`This confirmation of the match is signaled by the SBIO by issuing a random secret to which only the
`Touch ID or Face ID subsystem within the Secure Enclave has access:
`
`"During matching, the Secure Enclave compares incoming data from the biometric sensor against the
`stored templates to determine whether to unlock the device[...]."
`
`18
`
`CPC Ex. 2005 — Page 023
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 20 of 232
`"Uses for Touch ID and Face ID
`Unlocking a device or user account
`[...] keys for the highest class of Data Protection-which are held in the Secure Enclave[...].
`
`(Id. at 24.)
`
`"The class key is protected with the hardware UID and, for some classes, the user's passcode."
`(id. at 85.)
`
`"Complete Protection
`
`(NSFileProtectionComplete): The class key is protected with a key derived from the user passcode or
`password and the device UID. Shortly after the user locks a device (10 seconds, if the Require
`Passwordsetting is Immediately), the decrypted class key is discarded, rendering all data in this
`class inaccessible until the user enters the passcode again or unlocks(logs in to) the device using
`Touch ID or Face ID."
`
`With Touch ID or Face ID enabled, the keys aren't discarded when the device or account locks;
`instead, they're wrapped with a key that's given to the Touch ID or Face ID subsystem inside the
`Secure Enclave. When a user attempts to unlock the device or account, if the device detects a
`successful match, it provides the key for unwrapping the Data Protection keys, and the device or
`accountis unlocked. This process provides additional protection by requiring cooperation between the
`Data Protection and Touch ID or Face ID subsystems to unlock the device."
`
`associated with the
`
`(id, at 86.)
`
`The Touch ID or Face ID subsystem within the Secure Enclave is the SBIO shown below. SBIO is an
`application that runs within the Secure Enclave on the SEP andis responsible for checking the match
`of biometric features. SBIO receives the corresponding biometric data from a biometric sensor, such as
`the Touch ID sensor, The random secret is stored in a memory
`("bi
`
`19
`
`CPC Ex. 2005 — Page 024
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`SERIO and is output from the bio memory upon maich, see step 3 in the ciagram below (°3) upon
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 21 of 232
`
`| sucessful match send random secret to SKS")
`
`(Ex. B, Behind the Scenes with iOS Security, at 34.)
`
`The class keys are ene rypted with a master key:
`
`a
`
`CPC Ex. 2005 — Page 025
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 22 of 232
`
`User Keybags
`
`keys generated for each user to protect their data at rest
`
`wrapped by master key derived from user passcode and SEP UID
`
`Different policy associated with each keybag key—Usage, a wa
`
`After 10 incorrect passcode entries, SEP will not process anyfurther attempts
`
`(fet, at 25.)
`
`The random seeret 16 issued to SKS. SKS is a Secure Rey Service application which is located within
`the Secure Enclave on the SEP and ts responsible for decrypting class keys, The random secret
`provided by SBIO is used to decrypt a master key ("4) decrypt master key"). The master key ts
`concatenated with the UID ofthe SEP and thus class keys are decrypted and added to the SKS keyring
`("5) decrypt class keys, add to keyring") for further use by the Secure Enclave. The decrypted class
`keys include,
`for example, the class key of class A
`
`Ib3, fooiransmutter|)Tie Accased fastramentalities include a transmitter configured fo emit a secure access signal
`
`contigured loemil a secure|convering information dependent upon said accessibility attribute.
`laccess
`signal
`conveying
`
`| information dependent|For example, the Secure Enclave emits a signal with ephemerally re-encryptedfile keys:
`}upon
`said
`accessibility
`} attribute; and
`
`“ses can then use the ephemeral wrapping key to wrap file keys for use by the Application
`Processor file-system driver. When the file-system driver reads or writes a file, it sends the wrapped
`| key to the ABS Engine.”
`
`|
`
`21
`
`CPC Ex. 2005 — Page 026
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`(Ex.
`A, Apple Platform Security, at 14.)
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 23 of 232
`
`“AL wrapped file key handling: occurs inthe Secure Enclave: the file kay Ss ney er directly exposed ta
`the Application Processor,
`|...) When the Secure Enclave unwraps a file's keys, they're rewrapped with
`the ephemeral key and sent back to the Application Processor."
`(fa, al 83.)
`
`The signal with the ephemeralls ret hery pled file keys iS i SECLUPE signal because it comes from the
`Secure Enclave and thus from a secure environment, Furthermore, the siemal is secure becausethe
`transmitted information is encrypted. The emitted file keys are encrypted with the ephemeral key:
`
`“Full wrapped tile key handling occurs in the Secure Enclave: the file key 6 never directly exposed lo
`| the Application Processor. At startup, the Secure Enclave negotiates an ephemeral key with the AES
`Engine. When the Secure Enclave unwraps a file's keys, they're rewrapped with the ephemeral key and
`sent back tothe Application Processor,”
`i fa)
`
`Filesystem Data Protection
`
`ea ee ARCs ceca ek Hemel Nene lal eee el ale) tsess ee Oe
`
`File blocks are encrypted using AES-ATS with 128-bit keys
`
`+4
`—
`
`CPC Ex. 2005 — Page 027
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`(Ex. B, Behind the Scenes with OS Security, at 24. }
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 24 of 232
`
`ieAa
`
`Ele BLLy
`
`itra] ret
`
`et
`
`Ritoti -
`
`(fa, at 30.)
`
`The information transmitted by the emitted signal, i.c., the ephemerally re-encrypted file keys, ts
`dependent on the availability attribute, i.c., the confirmation that a biometric “template match" exists.
`Chis confirmation is signaled by the issuance of the random seeret (cf. step 3): Only if thereis a
`confirmation of the mateh and the random secret is issued by the Touch [D or Face ID subsystem
`within the Secure Enclave, ic. SBIO, the class key is available for re-enerypting thefile keys
`
`The re-enerypted file keys are therefore information whichis emitted depending on the fact that the
`availability attribute has been emitted.
`
`CPC Ex. 2005 — Page 028
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`
`lc. a receiver sub-system|As setforth in elements Ici and Ic2 below, the Accused Instrumentalities include a receiver sub-
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 25 of 232
`comprising:
`system.
`
`from the Secure Enclave for this
`
`The receiver subsystem is the part of the system outside the Secure Enclave that is responsible for
`reading encrypted files from the NAND Flash Storage and receives ephemerally re-encrypted file keys
`
`24
`
`CPC Ex. 2005 — Page 029
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 26 of 232
`
`Accused Instrunmentalities
`
`TRREG
`
`Secure Enclave
`ALS Dreger
`
`&
`
`Encliva —ie Wamory Protection
`Proceacr
`Engine
`
`Secure Enclave
`
`Seyler On Chi
`
`iaecune Norglable Storage
`
`CPC Ex. 2005 — Page 030
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`| |
`
`|
`
`(Ex. A, Apple Platform Security, at 9.)
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 27 of 232
`lel. areeeiver sub-system|The Accessed fastramentalities include a receiver sub-system controller confipured ta: receive the
`
`} controller configured to:|franseitted secure access signal,
`receive
`the
`transmitted
`secure access signal; and
`
`An application processor (118) with file system driver, which receives the ephemerally re-enerypted
`file key,
`To read files from the NAND Flash storage, the application processor processes the recerved
`signal by creating a read command with the ephemerally wrapped file key ("IO command with
`ephemerally wrapped file kev") and sends it to the storage controller (10%) (NAD | lash controller
`with AES engine). This read command provides the storage controller with all the information required
`to read and decrypt the encrypted file from the NAND flash storage:
`
`ction
`
`res
`
`|
`
`|
`
`aege
`
`
`
`MVE Orphan Pala Sirs|ics
`
`bent|
`
`(Ex.
`
`BK, Behind the Scenes with 104s Security, al 30)
`
`om
`
`CPC Ex. 2005 — Page 031
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 28 of 232
`"sepOS can then use the ephemeral wrapping key to wrap file keys for use by the Application
`Processor file-system driver. When the file-system driver reads or writes a file, it sends the
`wrapped key to the AES Engine. ™
`(Ex. A, Apple Platform Security, at 14.)
`
`"All wrapped file key handling occurs in the Secure Enclave; the file key is never directly exposed to
`the Application Processor, [...] When the Secure Enclave unwraps a file's keys, they're rewrapped with
`the ephemeral key and sent back to the Application Processor."
`—
`(fd, at 85.)
`
`| le2. provide conditional|TheAccused Instramentalities include a receiversub-system configured to provide conditional
`access
`tO the controlled | access to the controlled item dependent upon said information.
`item dependent upon said |
`information:
`
`More specifically, the controlled itemis a locking mechanism of the door lock ofthe user's home. The
`Accused Instrumentalities are configured to provide secure access to the user's home via Yale Smart
`Locks when the user provides biometric signal to the Accused Instrumentalities via Touch [1D or Face
`ID.
`
`
`“When the “Secure Remote Access” feature is tumed on,
`
`
`
`This further ensures that your door is only operated by the right people at the time you intend
`for it.”
`(https://us,yalehome.com/en/yale-news/blog/latest-blog-posts/introducing-biometric-verification-for-
`august-and-vale-locks1/)
`
`
`on
`
`CPC Ex. 2005 — Page 032
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 29 of 232
`
`= Open
`
`Yale
`
`Qo.
`
`Introducing Biometric Verification for August and Yale Locks
`
`
`
`(https://us.yilehome.com/ en vale-news/blog' latest-bloe-posts/intraducing- biometric: ver fication-lor-
`aucust-and-vyale-locks 1)
`
`CPC Ex. 2005 — Page 033
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 30 of 232
`
`(https :/www.apple.com/shop/ product HPAR24M/A/yale-assure-lock-sl-touchsereen-deadbolt-black}
`
`CPC Ex. 2005 — Page 034
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Id. wherein the transmitter|The Accused Instrumentalities include a transmitter sub-system controller that is configured to be
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 31 of 232
`
`sub-system controller is|used as setforth in elements Idl, 1d2, and Id3 below.
`further configured to:
`
`Idl. receive a series of|The Accused Instrumentalities include a transmitter sub-system controller configured to receive a
`
`entries of the biometric|series of entries ofthe biometric signal, said series being characterized according to at least one of
`signal, said series being|the number ofsaid entries and a duration ofeach said entry.
`characterized according to
`at least one of the number|Morespecifically, the Secure Enclave of the iPhone with the Secure Enclave Processor forms the
`of
`said
`entries
`and
`a| means for receiving a series of entries of the biometric signal.
`duration of each said entry;
`
`Touch ID
`
`sensor will use Touch ID on iPhone.
`
`"Apple's biometric security architecture relies on a strict separation of responsibilities between the
`biometric sensor and the Secure Enclave, and a secure connection between the two. The sensor
`captures the biometric image and securely transmits it to the Secure Enclave.”
`(Ex. A, Apple Platform Security, at 19.)
`
`Whena finger is piaced on the biometric sensor, the finger is scanned and the corresponding biometric
`signal entry is received by the Secure Enclave.
`
`"Whenthe fingerprint sensor detects the touch ofa finger, it triggers the advanced imagingarray to
`scan the finger and sends the scan to the Secure Enclave.”
`(id.)
`
`To enroll a fingerprint in the database, the iPhone's fingerprint sensor records an entry of a biometric
`signal when the user places his finger on the sensor. This is done multiple times, resulting in a series of
`entries of such biometric signals.
`
`Receiving a series of entries of the biometric signal by repeatedly placing a finger on the Touch ID
`
`30
`
`CPC Ex. 2005 — Page 035
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-9 Filed 05/23/22 Page 32 of 232
`Setup Touch ID
`
`Before you can set up Touch ID, you must first create a code for your device,* then follow these steps:
`|. Make sure the Toweh ID sensor and your fingerare clean and dry-
`-
`lap Settings > Touch ID & Code, and then enter your code.
`Tap "Add fingerprint” and bold the device as you normally would when touching the Touch ID
`Sensor.
`
`is
`4
`
`A,
`
`Pouch the Touch ID sensor with one finger, but do not press. Keep your finger on the button until
`
`——
`
`Place Your Finger
`Se geea
`
`you feel a quick vibration or are promptedto lift your finger, oa
`
`5
`
`Continue by raising and slowly lowering your finger o