`
`Exhibit J
`
`
`
`The Accused Instrumentalities include, but are not necessarily limited to, Apple iPhone and Apple iPad compatible with Yale
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 2 of 109
`Smart Locks, and any Apple product or device that is substantially or reasonably similar to the functionality set forth below. The
`Accused Instrumentalities infringe the claims of the "208 Patent, as described below, cither directly under 35 U.S.C. § 271 (a), or
`indirectly under 35 U.S.C. $8 271(b)-(e). The Accused Instrumentalities infringe the claims of the "208 Patent literally and, to the
`extent not literally, under the doctrine of equivalents.
`
`Claim |
`
`|. Asystem for providing|Te fe extent that the preamble is deemed to be a limitation, the Accused Instrumentalities are
`SOCLINE dCCESS tO a
`configured to ose a system in accordance with thix clatws.
`controlled item, the
`system comprising:
`
`august-and-yale-locks|)
`
`More specifically, the controlled item is a locking mechanism ofthe door lock ofthe user's home. The
`Accused Instrumentalities are configured to provide secure access to the user's home via Yale Smart
`Locks when the user provides biometric signal to the Accused Instrumentalities via Touch ID or Face
`ID.
`
`“When the “Secure Remote Access” feature is tuned on,
`
`This further ensures that your door is only operated by the right people at the ime you intend
`
`for it.”
`(https:/us. yalchome.com/en‘yale-news/blog/latest-blog-postsintroducing-biometnc-verification-for-
`
`CPC Ex. 2005 — Page 238
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 3 of 109
`
`= Open
`
`Yale
`
`Q
`
`Introducing Biometric Verification for August and Yale Locks
`
`
`
`(hitps://us-yalehome.com/enyale-ne ws’ blog latest-bloe-posts/introducine-biometric-venfication-lor-
`august-and-yale-locks |)
`
`CPC Ex. 2005 — Page 239
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 4 of 109
`
`
`
`(https: www.apple.com/shop'product'HPARIAM/A/yale-assure-lock-sl-touchsereen-deadboll-black }
`
`CPC Ex. 2005 — Page 240
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`The Accused Instrumentalities compatible with Yale Smart Locks are shown below:
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 5 of 109
`
`Compatibility
`
`iPhone Models
`iPhone 12 Pro
`iPhone 12 Pro Max
`iPhone 12 mini
`iPRone 12
`iPhone 14 Pro
`iPhone 11 Pro Max
`iPhone 11
`
`Phone SE (2nd generation)
`iPhene XS
`IPhone X5 Max
`iPhone XR
`iPhone X
`Phone 8
`iPhone § Plus
`iPhone 7
`iPhone 7 Plus
`
`iPhone 6s
`IPhone 6s Plus
`iPhone SE (1st generation)
`
`signatures;
`
`iPad Medels
`iPad Pro 12.9-inch
`(6th generation}
`iPad Pro 12.9-inchn
`{4th generation)
`iPad Pro 12.9-inch
`(4rd generation)
`iPad Pro 42.9-inch
`(2nd generation}
`ipad Pre 42.9-inch
`(1st generation)
`iPad Pro 14-inch
`(ard generation)
`iPad Pro 71-inch
`{2nd generation}
`iPad Pro 14-inch
`(ist generation)
`iPad Pro 10.5-inch
`iPad Pro 97-inch
`iPad Air (4th generation)
`iPad Aie (3rd generation)
`iPad Air 2
`iPad (@th generation)
`iPad (7th generation)
`iPad (6th generation)
`Fad (th generation)
`iPad mini (Sth generation)
`iPad mini 4
`
`la. a database of biometric|The Accused Instrumentalities include a memory comprising a database of biometric signatures.
`
`hitps://www.apple.com/shop/product/HPAR2ZM/A/yale-assure-lock-sl-touchscreen-deadbolt-black
`
`CPC Ex. 2005 — Page 241
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`More specifically, the iPhone allows multiple biometric signatures to be entered into a database on the
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 6 of 109
`iPhone:
`
`| Toweh 1D
`
`The iPhone allows the registration of multiple fingerprints:
`
`Fig. from hitps://suppor.apple.com/en-us/HT20137) under Manage Touch (D Settings. In the second
`bullet, it literally says:
`
`“Register up to five fingerprints.”
`
`“Touch ID can read multiple fingerprints, and it can read fingerprints in 360-degrees oforventation. It
`then creates a mathematical representation of your fingerprint and compares this to your enrolled
`fingerprint data to identify a match and unlock your device. "
`
`CPC Ex. 2005 — Page 242
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`(https:/supportapple.com/en-us/HT204587)
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 7 of 109
`"Touch (ID can read multiple fingerprints and recognize fingerprints at any orientation ofthe finger
`The system then creates a mathematical representation of your fingerprint and compares it to the
`registered fingerprint data to determine a match and unlock your device.”
`(hittps://support.apple.com/en-us/HT204587)
`
`Face ID
`
`The iPhone allows the registration of multiple taces
`
`To register a face, the iPhonetakes a series of pictures of the user in different poses whilecircling his
`head, This is revealed in detail in https://support.apple.com/en-us/HT208109 in the second section
`_ "ConfigureFaceID", therealso the figureshownabove.
`
`CPC Ex. 2005 — Page 243
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 8 of 109
`To register a second face, the iPhone offers a corresponding option in its settings. If the user selects the
`option "Set up an alternative appearance" as shownin the figure below (from How To Add A Second
`Face To Face ID - Macworld UK; https://www.macworld.co.uk/how-to/second-face-id-3803421/), a
`second face is registered by the iPhone in the same wayasthefirst face.
`
`(https://support.apple.com/de-de/guide/iphone/iph6d162927a/ios)
`
`"Set up Face ID or add another face.
`
`«
`
`Select "Settings" > "Face ID & Code" > "Configure alternate appearance" if you wantto
`configure another face to be recognized by Face [D."
`
`CPC Ex. 2005 — Page 244
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`¢ te
`Face 10 8 Ponaceeie
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 9 of 109
`f —
`ae
`
`<
`PhoewUnie,
`
`1 Anh Swe|@
`
`< <
`
`ie
`
`at ie ae: rhea deerarane
`
`Genet leo EE]
`
`Haque MtientonforFace ED «
`
`The page How To Add A Second Face To Face ID - Macworld UR
`(httips.//www.macworld.co.uk/how-to/second-face-id-3803421/) literally states:
`
`“Face ID is a fast and secure way to unlock your iPhone or iPad Pro, but you may not knowthat you
`can actually set up more than one faee to use the feature.
`
`This second face could belong to a loved one, enabling your partner or child to access your phone
`without requiring your smiling mug to unlock at, ™
`
`To store the biometric signatures ("template data") from the received biometric signals, the iPhone has
`a System on Chip (SOC) called a Secure Enclave. A Secure Enclave Processor provides the Secure
`Enclave with computing power:
`
`CPC Ex. 2005 — Page 245
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`(d., at 16.)
`
`Secure nonvolatile storage
`“The Secure Enclave is equipped with a dedicated secure nonvolatile storage device.
`The secure nonvolatile storage is connected to the Secure Enclave using a dedicated I2C bus, so that it
`can only be accessed by the Secure Enclave.”
`(/d., at 15.)
`
`Adding or removing a Touch ID fingerprint or Face ID face”.
`
`CPC Ex. 2005 — Page 246
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`* °
`
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 10 of 109
`"The Secure Enclave is a system on chip (SoC)that is included on all recent iPhone, ... devices"
`(Ex. A, Apple Platform Security, at 7.)
`
`"The Secure Enclave is a dedicated secure subsystem integrated into Apple systems on chip (SoCs)."
`(/d., at 9.)
`
`The Secure Enclave Processor provides the main computing powerfor the Secure Enclave."
`(id., at 10.)
`
`"During enrollment, the Secure Enclave processes, encrypts, and stores the corresponding Touch ID
`and Face ID template data.”
`(id., at 19.)
`
`The Secure Enclave has access to a memory assignedto it and accessible only toit:
`
`This memory serves as a database for storing the biometric signatures:
`
`"The secure nonvolatile storage is used for all anti-replay services in the Secure Enclave. Anti-replay
`services on the Secure Enclave are used for revocation of data over events that mark anti-replay
`boundaries including, but not limited to, the following:
`
`
`
`This database is shown in the figure from Apple Platform Secutiry reproduced below:
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 11 of 109
`
`MataSSeer iar anger eLait
`
`peswzts
`
`Seca Lee
`Syeee on ua
`
`Database 105
`(Ex. A, Apple Platform Security, al 4.)
`As se_forth in elements [hd, (42, and [63 below, the Accused [nstrumentalities include a
`
`Ib.a transmitter sub-
`SVSIGM COMprising:
`
`fronsmiffer sub-system,
`
`CPC Ex. 2005 — Page 247
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`The iPhone's Secure Enclave ts a transmitter sub-system. It sends ephemerally re-encrypted file keys to
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 12 of 109
`the application processor withits file system driver (“Application Processor file-system driver”) to
`read the files in the NAND Flash Storage.
`aki Paruts eter aye
`
`TRAM
`
`[eeoeeeiee
`
`(Ex. A, Apple Platform Security, at 9.)
`
`“sepOS can then use the ephemeral wrapping key to wrap file keys for use by the Application
`Processor file-system driver. When the file-svstem driver reads or writes a file, it sends the
`wrapped key to the AES Engine, ”
`(fc, at 14.)
`
`CPC Ex. 2005 — Page 248
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 13 of 109
`‘All wrapped file key handling wocurs in the Secure Enclave; the file key 1s never directly exposed to
`the Application Processor. [...] When the Secure Enclave unwraps a file's keys, they're rewrapped with
`ihe ephemeral key and sent back to the Application Processor.”
`(fd, at 85.)
`
`Che file system driver of the application processor is an WWME driver
`
`ee Te Tg
`
`ela
`
`Pep ed
`
`Pe
`
`FilesystemData Prot
`
`ities|
`
`| (Ex. B, Behind the Scenes with 10S Security, at 30.)
`Ibl. for|The Accesed Jnstrumentatities include a biometric sensor configured to receive a biametric signal.a biometric sensor
`
`
`receiving a biometne
`signal:
`
`More specifically, the iPhone has at beast one biometric sensor for capturing a fingerprint or a face
`(Toweh [and/or Face 1D), namely a Touch 1D sensor and @ camera system wilh image sensor,
`| respectively
`
`CPC Ex. 2005 — Page 249
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 14 of 109
`Touch ID
`
`"Apple devices with a Touch ID sensor can be unlocked using a fingerprint.”
`(Ex. A, Apple Platform Security, at 19.)
`
`(https://appleinsider.com/inside/touch-id
`
`"Touch ID is the fingerprint sensing system that makes secure access to supported Apple devices faster
`and easier. This technology reads fingerprint data from any angle and learns more about a user's
`fingerprint over time, with the sensor continuing to expand the fingerprint map as additional
`overlapping nodesare identified with each use."
`(/d.)
`
`"When the fingerprint sensor detects the touch ofa finger, it triggers the advanced imagingarray to
`scan the finger and sends the scan to the Secure Enclave."
`id.)
`
`The biometric sensor for Touch ED is located below the home button:
`
`"The Home button is a stack of different materials, capped with a sapphire crystal lens. The
`surrounding stainless-steel ring works as a ground and detects the user's finger. This action activates a
`capacitive touch sensor installed underneath the cover: A CMOSchip with smail capacitors."
`
`CPC Ex. 2005 — Page 250
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 15 of 109
`
`| eRetLdenen
`
`pgogee ote ten
`
`is ea
`
`Usage Eu]
`
`Biometnec sensor 12]
`
`“Where is the Touch 1D sensor located?
`
`The Touch 1 sensor is located either in the hone button or - on the iPad Air (4th seneration) - in the top
`button
`
`(hitps:‘supporlapplecomven-us/TIT201 37 1)
`
`| [he image sensor captures an 88-by-88-pixel, S00 PPI raster scan:
`
`| “The &8-by-88-pixel, 500-ppi raster scan is temporanly stored in encrypted memory within the Secure
`Enclave while being vectorized for analysis, and thenit's discarded, The analysis utilizes subdermal
`| ridge flow angle mapping, which is a lossy process that discards minutia data that would be required to
`| reconstruct the user's actual fingerprint. The resulting map of nodes is stored without any identity
`| information in an enery pted format that can only be read by the Secure Enclave, and is never sent to
`
`Apple or backed up to (Cloud or Tunes. ”
`
`"
`
`CPC Ex. 2005 — Page 251
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`(Ex. C, iOS Security white paper, at 8.)
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 16 of 109
`
`Face ID
`
`The biometric sensor for facial biometrics is a camera system ("'TrueDepth camera system") with an
`image sensor.
`
`"With a simple glance, Face ID securely unlocks supported Apple devices. It provides intuitive and
`secure authentication enabled by the TrueDepth camera system, which uses advanced technologies to
`accurately map the geometry of a user's face. ”
`(Ex. A, Apple Platform Security, at 20.)
`
`To receive a biometric signal, the camera system with image sensor reads over 30,000 infrared points
`to capture depth information along with a two-dimensional infrared image.
`
`perform facial biometrics:
`
`"After the TrueDepth camera confirms the presence ofan attentive face, it projects and reads over
`30,000 infrared dots to form a depth mapofthe face along with a 2D infrared image. This data is
`used to create a sequence of 2D images and depth maps, which are digitally signed and sentto the
`Secure Enclave. To counter both digital and physical spoofs, the TrueDepth camera randomizes the
`sequence of 2D images and depth map captures, and projects a device-specific random pattern, A
`portion of the Secure Neural Engine-protected within the Secure Enclave-transformsthis data into a
`mathematical representation and compares that representation to the enrolled facial data. This enrolled
`facial datais itself a mathematical representation of the user's face captured across a variety of poses.”
`(fd)
`
`The camera system includes a biometric image sensor, namely a "CMOS image"sensor from Sony, to
`
`8
`
`CPC Ex. 2005 — Page 252
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 17 of 109
`
`Botivealiqneaeni
`
`altribute; aril Accused Instrumentalities
`
`More specifically, the iPhone's System on Chip (SOC), ie. the Secure Enclave with its Secure Enclave
`Processor (SEP) or a Secure Neural Engine contained therein, is a means (103) to check a match of the
`biometric signal with elements of the biometric signature database.
`
`(https://appleinsider.com/articles/17/09/09) inner-workings-ol-apples-face-id-camera-detailed-in-
`report)
`
`The Accused Instrumentalities include a transmitter controller configured to ecmif a secure access
`sieve convering information dependent ipon said accessihility anriiuge,
`
`1b2. means for matching
`the biometric signal
`against members of the
`database of biometric
`signatures to thereby
`output an accessibility
`
`“The Seewre Enelave is a system on chip (SoC) that is included on all recent iPhone, ... devices”
`(Ex. A, Apple Platform Security, at 7.)
`
`16
`
`CPC Ex. 2005 — Page 253
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`The biometric signal received from the biometric sensor ("Incoming data from the biometric sensor") is
`thus checked by the Secure Enclave and its SEP with the elements of the database of biometric
`signatures 105, i.e. the "stored templates", for the presence of a match.
`
`For Touch ID,the Secure Enclave match verification is performed as follows:
`
`"The Secure Enclave is responsible for processing fingerprint data from the Touch ID sensor,
`determining if there is a match againstregistered fingerprints, and then enabling access or purchases on
`behalf of the user...”
`(Ex. C, iOS Security white paper, at 7.)
`
`"During matching, the Secure Enclave compares incoming data from the biometric sensor against the
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 18 of 109
`stored templates to determine whether to unlock the device or respond that a match is valid (for
`Apple Pay, in-app, and other uses of Touch ID and Face ID). “
`(/d., at 19.)
`
`(https://support.apple.com/de-de/HT204587)
`
`"During enrollment, the resulting map of nodesis stored in an encrypted format that can be read only
`by the Secure Enclave as a template to compare against for future matches...."
`(Ex. A, Apple Platform Security, at 19.)
`
`"Touch ID can read multiple fingerprints, and it can read fingerprints in 360-degrees of orientation. It
`then creates a mathematical representation of your fingerprint and comparesthis to your enrolled
`fingerprint data to identify a match and unlock your device. ”
`(https://suppert.apple.com/en-us/HT204587)
`
`"Touch ID can read multiple fingerprints and recognize fingerprints at any orientation of the finger.
`The system then creates a mathematical representation of your fingerprint and comparesit to the
`registered fingerprint data to determine a match and unlock your device."
`
`CPC Ex. 2005 — Page 254
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`For Face ID, the Secure Enclave has a neural network protected byit, i.e., a Secure Neural Engine,
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 19 of 109
`which is used to verify the match:
`
`"Face ID uses neural networks for determining attention, matching, and antispoofing, so a user can
`unlock their phone with a glance."
`(Ex. A, Apple Platform Security, at 20.)
`
`"A portion of the Secure Neural Engine-protected within the Secure Enclave-transformsthis data into a
`mathematical representation and compares that representation to the enrolled facial data. This enrolled
`facial data is itself a mathematical representation of the user's face captured across a variety of poses."
`(id.).
`
`(id. at 19.)
`
`"Facial matching security
`Facial matching is performed within the Secure Enclave using neural networkstrained specifically for
`that purpose... Face ID data, including mathematical representations of a user's face, is encrypted and
`available only to the Secure Enclave. This data never leaves the device."
`(id. at 23.)
`
`When the Secure Enclave, or more precisely the Touch ID or Face ID subsystem within the Secure
`Enclave, has determined that a match exists, an accessibility attribute is issued by the corresponding
`Touch ID or Face ID subsystem. This Touch ID or Face ID subsystem is also referred to as the SBIO.
`The accessibility attribute confirms that there is a match and that the iPhoneis to be unlocked ("...
`determine whether to unlock the device...").
`
`This confirmation of the match is signaled by the SBIO by issuing a random secret to which only the
`Touch ID or Face ID subsystem within the Secure Enclave has access:
`
`“During matching, the Secure Enclave compares incoming data from the biometric sensor against the
`stored templates to determine whether to unlock the device[...]."
`
`CPC Ex. 2005 — Page 255
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`"Uses for Touch ID and Face ID
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 20 of 109
`Unlocking a device or user account
`
`[...] keys for the highest class of Data Protection-which are held in the Secure Enclave[...].
`
`(Id.at 24.)
`
`"The class key is protected with the hardware UID and, for someclasses, the user's passcode."
`(id. at 85.)
`
`With Touch ID or Face 1D enabled, the keys aren't discarded when the device or account locks;
`instead, they're wrapped with a key that's given to the Touch ID or Face ID subsystem inside the
`Secure Enclave. When a user attempts to unlock the device or account, if the device detects a
`successful match, it provides the key for unwrapping the Data Protection keys, and the device or
`account is unlocked. This process provides additional protection by requiring cooperation between the
`Data Protection and Touch ID or Face ID subsystems to unlock the device."
`
`associated with the
`
`"Complete Protection
`
`(NSFileProtectionComplete): The class key is protected with a key derived from the user passcode or
`password and the device UID. Shortly after the user locks a device (10 seconds, if the Require
`Passwordsetting is Immediately), the decrypted class key is discarded, rendering all data in this
`class inaccessible until the user enters the passcode again or unlocks (logs in to) the device using
`Touch ID or Face ID."
`
`(id. at 86.)
`
`The Touch ID or Face [ID subsystem within the Secure Enclave is the SBIO shown below. SBIO is an
`application that runs within the Secure Enclave on the SEP andis responsible for checking the match
`of biometric features. SBIO receives the corresponding biometric data from a biometric sensor, such as
`the Touch ID sensor. The random secret is stored in a memor
`i
`
`CPC Ex. 2005 — Page 256
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`SBIO and is output from the bia memory upon match, see step 3 in the diagram below ("3 upon
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 21 of 109
`
`sucesstul match send random secrel lo SKS"):
`
`(Ex. B, Behind the Scenes with WS Security, at 34.)
`
`5
`
`—
`a
`—
`| ire Chass key Ss Pe CnC v¥pled ui ith ih VGSLEE key
`
`:
`
`CPC Ex. 2005 — Page 257
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 22 of 109
`
`User Keybags
`
`ne)! aah a Le
`
`| ited for i Ta Fete eee eel tate cata al Lae]!
`
`Keys wrapped by master key derived from user passcode and SEP UID
`
`NC MON SMe iOhheee atl Cl se eeReece) a: mdi med ek
`
`Different policy associated with each keybag key—Usage,availability
`
`(fal, at 25,)
`
`The random secret is issued to SKS. SKS is a Secure Key Service application which ts tocated within
`the Secure Enclave on the SEP and is responsible for decrypting class keys. The random secret
`provided by SBIO is used to decrypt a master key ("4) decrypt master key"). The master key is
`concatenated with the UID of the SEP and thus class keys are decrypted and added to the SKS keyring
`("S) decryclass keys, add to keyring’) for further use by the Secure Enclave. The decrypted class
`kevs include, for example, the class key of class A.
`
`1b3. means for emitting a
`SOCUTE aCoCsS signal
`Conveying Inhonmnation
`dependent upon said
`accessibility attribute; and
`
`The Accased fnstramentalities include a fransmitter configured te emi a secure access signal
`conveying information dependent upon said accessibility attribute.
`
`| OF example, the Secure | nclave Cmils A areal with ephemerally re-encrypted tile kerws
`
`“sepOS can then use the ephemeral wrapping key to wrap file keys for use by the Application
`Processor file-system driver, Whenthe file-system driver reads or writes a file, it sends the wrapped
`key tothe AES Engine.”
`
`CPC Ex. 2005 — Page 258
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`(Ex. A, Apple Platfonm Security, at 14.)
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 23 of 109
`"All wrapped file key handling occurs in the Secure Enclave; the file key ts never directly exposed to
`the Application Processor,
`|...] When the Secure Enclave unwraps a file's keys, they're rewrapped with
`the ephemeral key and sent back to the Application Processor.”
`(fa, at 83.)
`
`The signal with the ephemerally re-encrypted file keys is a secure signal because it comes fromthe
`Secure Enclave and thus from a secure environment. Furthennore, the signal is secure because the
`transmitted information is encerypled, The emitted file keys are encrypted « ith the ephemeral key:
`
`“All wrapped file key handling occurs in the Secure Enclave; the file key is never directly exposed to
`the Application Processor, Al startup, the Secure Enclave negotiates an ephemeral key with the AES
`Engine. When the Secure Enclave unwraps a file's keys, they're rewrapped with the ephemeral key and
`sent back to the Application Processor."
`(fa.)
`
`Filesystem Data Protection
`
`Teak HORI eleeaeUSM Rice am el
`
`2
`
`CPC Ex. 2005 — Page 259
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`(Ex. 8, Behind the Scenes with rOS Security, at 29.)
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 24 of 109
`
`Mies)10aelec celta aa(e)e
`
`ae Cy eet
`
`rs
`
`|
`
`ARVPAIE Diner
`]|
`
`|
`
`mia Te |
`ma
`
`ies Biea
`J
`
`(fe. at 30.)
`
`Phe information transmitted by the emitted signal, i.c., the ephemerally re-eneryptedfile keys, is
`dependent on the availability attribute, ic,
`the confirmation that a biometric “template match™ exists
`This confirmation is signaled by the issuance of the randomsecret (ef. step 3): Only if there is a
`confirmation of the match and the random secret is issued by the Touch [D or Face ID subsystem
`within the Secure Enclave, ic. SHO, the class key is available for re-encrypting the file keys.
`
`The re-enerypled file keys are therefore information which is emitted depending on the fact that the
`availability attribute has been emitted.
`
`CPC Ex. 2005 — Page 260
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`lc. arecetver sub-system|As setforth in elements Icl and Ic2 below, the Accused Instrumentalities include a receiver sub-
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 25 of 109
`comprising:
`system,
`
`from the Secure Enclavefor this
`
`The receiver subsystem is the part of the system outside the Secure Enclavethat is responsible for
`reading encryptedfiles from the NAND Flash Storage and receives ephemerally re-encrypted file keys
`
`“4
`
`CPC Ex. 2005 — Page 261
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 26 of 109
`
`Accused [nstrumentalities
`
`THANG
`
`Secure Enclare
`40S Cregee
`
`PKA
`
`i
`
`Secune Entice
`Proceince
`
`g—p Memory Protection
`Eregine
`
`Secure Erclawe:
`
`Syilem en chip
`
`Secure Noweolatile Storage
`
`CPC Ex. 2005 — Page 262
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`(Ex. A, Apple Platform Security, at 9.)
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 27 of 109
`ld, means for reserving
`The Accused Inxtramentalities include a receiver sub-system controller configured to: receive the
`the transmitted secure
`froveunitted secure access signal
`access signal; and
`
`An application processor (118) with tile system dnver, which receives the ephemerally re-cnerypted
`file key. To read files from the NAND Flash storage, the application processor processes the received
`signal by creating a read command with the ephemerally wrapped file key ("10 command with
`ephemerally wrapped tile key") and sends if to the storage controller (10%) (NAD Flash controller
`with AES engine). This read command provides the storage controller with all the information required
`lo read and decrypt the encrypted file from the NAND flash storage:
`
`stemData Protection
`
`tL
`
`ue
`
`Sle lt
`
`pMipato
`
`(Ex. B, Behind the Scenes with iOS Security, at 30.)
`
`ath
`
`CPC Ex. 2005 — Page 263
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 28 of 109
`“sepOS can then use the ephemeral wrapping key to wrap file keys for use by the Application
`Processor file-system driver, When the file-svstem driver reads or writes a file, it sends the
`wrapped key to the AES Engine. ~
`(Ex. A, Apple Platform Security, at 14.)
`
`"All wrapped file key handling occurs in the Secure Enclave; the file keyis never directly exposed to
`the Application Processor.|...) When the Secure Enclave unwraps u file's keys, they're rewrapped with
`the ephemeral key and sent back to the Application Processor.”
`Ald,at 85.)
`=
`7
`The Accused Jnstrumentalities include means forproviding conditional access te the controlled item
`dependent upon said information,
`
`More specifically, the controlled item is a locking mechanism of the door lock of the user's home. The
`Accused Instrumentalities are configured to provide secure access to the user's home via Yale Smart
`Locks when the user provides biometric signal to the Accused Instrumentalities via Touch ID or Face
`ID,
`
`le. means for providing
`conditional gecess lo the
`controlled item dependent
`upon said information,
`
`august-and-yale-locks|)
`
`
`“When the “Secure Remote Access” feature ts turned on,
`
`
`
`This further ensures that your door is only operated bythe right people at the time vou intend
`
`for it.”
`(https://us,yalehome.com/en/yale-news/blog/latest-blog-posts/introducing-biometne-verification-for-
`
`CPC Ex. 2005 — Page 264
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 29 of 109
`
`= Open
`
`Yale
`
`oe
`
`Introducing Biometric Verification for August and Yale Locks
`
`
`
`(https://us. valehome.com/en/yale-news/blog/latest-blog-posts/introducing-biometnie-verfication-for-
`aupust-and-yale-locks |}
`
`-
`
`CPC Ex. 2005 — Page 265
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 30 of 109
`
`
`
`(https: www. apple.com shop product/HPAR JAM) A/yale-assurc-lock-s)-louchsereen-deadboll-black )
`
`
`
`| Lf. wherein the transmitter|Als setforth in elements ffT, 12, 18, and UF below, the Accused Insirumentafities include a
`sub-system further
`fransmitter sub-system comprising means for populating the data base of biometric signatures.
`comprises means for
`| populating the cata base of
`_biometriesignatures, the |
`
`29
`
`CPC Ex. 2005 — Page 266
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`
`
`
`
`
`
`population means
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 31 of 109
`comprising:
`
`
`The Accused Instrumentalities include a transmitter sub-system controller configured to receive a
`1f1. means for receiving a
`
`series ofentries ofthe biometric signal, said series heing characterized according to at least one of
`series of entries of the
`biometric signal, said
`the number ofsaid entries and a duration of each said entry.
`
`
`series being characterised
`
`
`More specifically, the Secure Enclave of the iPhone with the Secure Enclave Processor forms the
`accordingto at least one
`means for receiving a series of entries of the biometric signal.
`of the numberofsaid
`
`entries and a duration of
`
` "Apple's biometric security architecture relies on a strict separation of responsibilities between the
`
`each said entry;
`biometric sensor and the Secure Enclave, and a secure connection between the two, The sensor
`
`captures the biometric image and securely transmits it to the Secure Enclave."
`
`(Ex. A, Apple Platform Security, at 19.)
`
`
`
`Touch ID
`
`
`
`Whena fingeris placed on the biometric sensor, the finger is scanned and the corresponding biometric
`
`signal entry is received by the Secure Enclave.
`
`
`
`"When the fingerprint sensor detects the touch of a finger, it triggers the advanced imaging array to
`
`scan the finger and sends the scan to the Secure Enclave.”
`
`Ud.)
`
`
`
`To enroll a fingerprint in the database, the iPhone's fingerprint sensor records an entry of a biometric
`
`signal whenthe user places his finger on the sensor. This is done multiple times, resulting in a series of
`
`entries of such biometric signals.
`
`sensor will use Touch ID on iPhone.
`
`Receiving a series of entries of the biometric signal by repeatedly placing a finger on the Touch ID
`
`
`
`
`30
`
`CPC Ex. 2005 — Page 267
`ASSA ABLOYABv. CPC Patent Technologies Pty Ltd.
`IPR2022-01045
`
`
`
`Case 3:22-cv-00694-MPS Document 1-10 Filed 05/23/22 Page 32 of 109
`Set up Touch ID
`
`Before you can setup Touch 1D, you must first create a code for your deviee,* then follow these steps:
`|, Make sure the Touch [ID sensor and your finger are clean and diy.
`
`2.
`3.
`
`4.
`
`Tap Settings > Touch ID & Code, and then enter your code
`Tap “Add fingerprint” and hold the device as you normally would when touching the Touch ID
`SEN
`
`Touch the Touch 1D senser with one finger, bul cho not press. Keep your finger on the button until
`
`Ege cores once lege pe ay
`eer
`
`you feel a quick vibration or are prompted to lift your finger. Place Your Finger
`
`A Continue by raising and slowly lowering your finger over and over agam, changing thee positon
`
`
`"|
`
`CPC Ex. 2005 — Page 268
`ASSA ABLOYABv. CPC Patent T