Case 6:21-cv-00916-ADA Document 43-5 Filed 04/19/22 Page 1 of 13
`Case 6:21-cv-00916-ADA Document 43-5 Filed 04/19/22 Page 1 of 13
`
`EXHIBIT 5
`EXHIBIT 5
`
`

`

`Case 6:21-cv-00916-ADA Document 43-5 Filed 04/19/22 Page 2 of 13
`
`Wolfgang Rankl Wolfgang Effing
`
`Smart
`Card
`
`Hand
`
`ti
`
`Third Edition
`
`*WI LEY
`
`GOOG-1011
`GOOGLE LLC v. RFCYBER CORP. / Page 1 of 1123
`
`APL-RFC0916-PA-00005003
`
`

`

`Case 6:21-cv-00916-ADA Document 43-5 Filed 04/19/22 Page 3 of 13
`
`Smart Card
`Handbook
`Third Edition
`
`Wolfgang Rankl and Wolfgang Effing
`Giesecke & Devrient GmbH, Munich, Germany
`
`Translated by
`Kenneth Cox
`Kenneth Cox Technical Translations, Wassenaar, The Netherlands
`
`John Wiley & Sons, Ltd
`
`GOOG-1011
`GOOGLE LLC v. RFCYBER CORP. / Page 2 of 1123
`
`APL-RFC0916-PA-00005004
`
`

`

`Case 6:21-cv-00916-ADA Document 43-5 Filed 04/19/22 Page 4 of 13
`
`GOOG-1011
`GOOGLE LLC v. RFCYBER CORP. / Page 3 of 1123
`
`APL-RFC0916-PA-00005005
`
`

`

`Case 6:21-cv-00916-ADA Document 43-5 Filed 04/19/22 Page 5 of 13
`
`Smart Card
`Handbook
`
`Third Edition
`
`GOOG-1011
`GOOGLE LLC v. RFCYBER CORP. / Page 4 of 1123
`
`APL-RFC0916-PA-00005006
`
`

`

`Case 6:21-cv-00916-ADA Document 43-5 Filed 04/19/22 Page 6 of 13
`
`GOOG-1011
`GOOGLE LLC v. RFCYBER CORP. / Page 5 of 1123
`
`APL-RFC0916-PA-00005007
`
`

`

`Case 6:21-cv-00916-ADA Document 43-5 Filed 04/19/22 Page 7 of 13
`
`Smart Card
`Handbook
`Third Edition
`
`Wolfgang Rankl and Wolfgang Effing
`Giesecke & Devrient GmbH, Munich, Germany
`
`Translated by
`Kenneth Cox
`Kenneth Cox Technical Translations, Wassenaar, The Netherlands
`
`John Wiley & Sons, Ltd
`
`GOOG-1011
`GOOGLE LLC v. RFCYBER CORP. / Page 6 of 1123
`
`APL-RFC0916-PA-00005008
`
`

`

`Case 6:21-cv-00916-ADA Document 43-5 Filed 04/19/22 Page 8 of 13
`
`First published under the title Handbuch der Chipkanen by Carl Hanser Verlag
`© Carl Hansel. Verlag, Munich/FRG, 2002
`All rights reserved.
`Authorized translation from the 4th edition in the original German language
`published by Carl Hanser Verlag, Munich/FRG.
`
`Copyright © 2003 John Wiley & Sons Ltd, Baffins Lane, Chichester
`West Sussex, PO19 IUD, England
`
`National 01243 779777
`International (+44) 1243 779777
`
`Email (for orders and customer service enquiries): cs-books@wiley.co.uk
`Visit our Home Page on www.wileyeurope.com or www.wiley.com
`
`All Rights Reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any
`means, electronic, mechanical, photocopying, recording. scanning or otherwise, except under the terms of the Copyright, Designs
`and Patents Act 1988 or under the terms of a licence issued by the Copyright Licensing Agency Ltd, 90 Tottenham Court Road.
`London W IT 4LP, UK, without the permission in writing of the Publisher. Requests to the Publisher should be addressed to the
`Permissions Department.
`John Wiley & Sons Ltd, The Atrium, Southern Gate. Chichester, West Sussex PO19 8SQ, England, or emai led to
`permreq@wiley.co.uk. or faxed to (+44) 1243 770571.
`
`This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold on the
`understanding that the Publisher is not engaged in rendering professional services. If professional advice or other expert assistance is
`required. the services of a competent professional should be sought.
`
`Other Wiley Editorial Offices
`
`John Wiley & Sons Inc., 111 River Street, Hoboken, NJ 07030, USA
`
`Jossey-Bass, 989 Market Street. San Francisco, CA 94103-1741, USA
`
`Wiley-VCH Verlag GmbH, Boschstr. 12, D-69469 Weinheim, Germany
`
`John Wiley & Sons Australia Ltd, 33 Park Road. Milton, Queensland 4064, Australia
`
`John Wiley & Sons (Asia) Pte Ltd. 2 Clementi Loop #02-01, J in Xing Distripark, Singapore 129809
`
`John Wiley & Sons Canada Ltd, 22 Worcester Road, Etobicoke. Ontario. Canada M9W ILI
`
`Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic
`hooks.
`
`Library of Congress Cataloging-in-Publication Data
`Rankl, W. (Wolfgang)
`(Handbuch der Chipkarten. English)
`Smart card handbook / Wolfgang Rankl and Wolfgang Effing. — 3rd ed.
`p.
`cm.
`Includes bibliographical references and index.
`ISBN 0-470-85668-8 (alk. paper)
`1. Smart cards—Handbooks, manuals, etc. I. Effing, W. (Wolfgang) II. Title.
`TK7895.S62R3613 2003
`006 - dc22
`
`2003062750
`
`British Library Cataloguing in Publication Data
`
`A catalogue record for this book is available from the British Library
`
`ISBN 0.470-85668-8
`
`Typeset in 10/12pt Times by TechBooks. New Delhi, India
`Printed and bound in Great Britain by Antony Rowe Ltd. Chippenham Wiltshire
`This book is printed on acid-free paper responsibly manufactured from sustainable forestry
`in which at least two trees are planted for each one used for paper production.
`
`GOOG-1011
`GOOGLE LLC v. RFCYBER CORP. / Page 7 of 1123
`
`APL-RFC0916-PA-00005009
`
`

`

`Case 6:21-cv-00916-ADA Document 43-5 Filed 04/19/22 Page 9 of 13
`
`Contents
`
`Preface to the Third Edition
`Symbols and Notation
`Program Code Conventions
`Abbreviations
`
`1 Introduction
`1.1 The History of Smart Cards
`1.2 Application Areas
`1.2.1 Memory cards
`1.2.2 Microprocessor cards
`1.2.3 Contactless cards
`1.3 Standardization
`
`2 Types of Cards
`2.1 Embossed Cards
`2.2 Magnetic-stripe Cards
`2.3 Smart Cards
`2.3.1 Memory cards
`2.3.2 Microprocessor cards
`2.3.3 Contactless smart cards
`2.4 Optical Memory Cards
`
`3 Physical and Electrical Properties
`3.1 Physical Properties
`3.1.1 Card formats
`3.1.2 Card components and security features
`3.2 The Card Body
`3.2.1 Card materials
`3.2.2 Chip modules
`3.3 Electrical Properties
`3.3.1 Electrical connections
`3.3.2 Supply voltage
`
`xiii
`xv
`xvii
`xix
`
`1
`2
`5
`6
`6
`8
`9
`
`15
`15
`16
`18
`19
`20
`21
`23
`
`27
`27
`28
`31
`38
`40
`42
`52
`53
`55
`
`GOOG-1011
`GOOGLE LLC v. RFCYBER CORP. / Page 8 of 1123
`
`APL-RFC0916-PA-00005010
`
`

`

`Case 6:21-cv-00916-ADA Document 43-5 Filed 04/19/22 Page 10 of 13
`
`688
`
`Smart Cards in Payment Systems
`
`or services that are accepted by the user and paid using an electronic purse. The `acquirer' is
`responsible for establishing and managing the data links between the purse issuer and the ser-
`vice providers. He may also consolidate the individual transactions arriving from the payment
`facilities, so that the purse provider only receives collective certificates. The `load agent' is the
`counterpart of the service provider, since he can reload the electronic purse in exchange for a
`payment.
`These five parties need not all be real persons or firms; they may also be virtual. However,
`real technical components are allocated to each of them, classified according to their level
`of security. Components that are regarded as secure prevent any external manipulation of the
`data that are processed or stored within them. With components regarded as non-secure, such
`manipulation is at least theoretically possible. However, the system as a whole is designed
`such that the manipulation of any of the components identified as non-secure in Figure 12.8
`will not affect the overall security of the system.
`Here the abbreviation `IEP' stands for `inter-sector electronic purse' and refers to an in-
`tersector electronic purse application in a smart card. A purchase device is used to pay for
`received goods or services. It is a terminal with keypad and display, and it must also have a
`security module. The term `secure application module' (SAM) is used in the standard to refer
`to all types of security modules. A SAM contains all secret keys necessary for transactions
`between the IEP and the central computer of the purse provider. Naturally, the keys never leave
`
`central computer
`of the purse provider
`
`PPSAM
`
`LSAM
`
`load agent
`
`central computer
`of the acquirer
`
`multi-sector
`electronic purse
`
`purchase device
`
`PSAM
`
`Figure 12.8 Components and connections of electronic purse systems according to EN 1546. The
`components with a single outline are not secure, while those with a double outline are secure
`
`GOOG-1011
`GOOGLE LLC v. RFCYBER CORP. / Page 723 of 1123
`
`APL-RFC0916-PA-00005725
`
`

`

`Case 6:21-cv-00916-ADA Document 43-5 Filed 04/19/22 Page 11 of 13
`
`16
`Appendix
`
`16.1 GLOSSARY
`
`The following pages contain a list of terms typically used in the smart card world. Precise,
`comprehensive definitions of terms can also be found in the ISO/IEC 7816 family of standards.
`The equivalent standard in the area of electronic purses with regard to terminology is EN 1546,
`which comprehensively and concisely defines and explains all of the associated technical terms.
`The keywords in this glossary are listed as abbreviations or in full according to customary
`usage. An arrow symbol (—>) in front of a term refers to another entry in the glossary in which
`the term (set in italics) is explained.
`Larger collections of general terms used in informatics can be found in the DIN 44 300
`standard and numerous lexicons devoted to EDP terminology, such as [Pfaffenberger 97,
`Dictionary of Computing 91].
`
`AP card
`
`An alternate designation for —> microprocessor card.
`
`0-PIN
`
`A common, known PIN used for all newly issued -+ smart cards, which does not allow access
`to the actual user functions. It is thus a type of —> trivial PIN. The first time the card is used, the
`0-PIN must be changed to a user-selected PIN using the usual mechanisms (usually CHANGE
`CHV), with the value of the 0-PIN not being an allowed value for the new PIN. The purpose of
`a 0-PIN is to allow the user to unambiguously determine whether the card is still in its original
`issued state when he or she receives it or has been illicitly used while underway. The term
``0-PIN' comes from the fact that the value "0000" is often used for this type of PIN.
`
`Smart Card Handbook, Third Edition. W. Rank! and W. Effing
`O 2004 John Wiley & Sons, Ltd ISBN: 0-470-85668-8
`
`GOOG-1011
`GOOGLE LLC v. RFCYBER CORP. / Page 932 of 1123
`
`APL-RFC0916-PA-00005934
`
`

`

`Case 6:21-cv-00916-ADA Document 43-5 Filed 04/19/22 Page 12 of 13
`
`924
`
`Appendix
`
`EDC (error detection code)
`
`A data checksum. An EDC can be used to allow errors in the data to be detected with a certain
`probability. Typical examples of EDCs are the XOR and CRC checksums used in various data
`transmission protocols.
`
`EDGE (Enhanced Data Rates for GSM and TDMA Evolution)
`
`EDGE is intended to be the final evolutionary step for GSM networks. The EDGE specification
`allows a GSM mobile telephone to connect to a base station with a data rate of up to 384 kbit/s
`by using a different modulation scheme, without altering the existing network infrastructure.
`
`EEPROM (electrically erasable programmable read-only memory)
`
`A type of non-volatile memory, which is used in —> smart cards. An EEPROM is divided
`into `pages' of memory, with the page size being called its —> granularity. The content of a
`memory page can only be altered or erased as an entity, and there is a physically determined
`upper limit to the number of write or erase cycles.16 Data storage in an EEPROM cell is based
`on the Fowler—Nordheim effect, rather than hot electron injection as with —> Flash EEPROM.
`The typical write time for EEPROM is 3 ms per memory page.
`
`EF (elementary file)
`
`The actual data storage element in a smart card file tree. An EF has either the attribute `working'
`(for use by the terminal) or `internal' (for use by the smart card operating system), and an
`internal structure (transparent, linear fixed, linear variable, cyclic, etc.).'7
`
`Electronic check
`
`An —> electronic purse variant using fixed, non-divisible monetary amounts. This type of
`payment is often referred to as `pay before'.I8
`
`Electronic purse (e-purse)
`
`A card with a chip that must be loaded with an amount of money before it can be used for
`making payments. This type of payment is often called `pay before'. Some typical examples are
`the German Geldkarte, the Austrian Quick purse, Visa Cash, Proton and Mondex. Electronic
`purses may also support —> purse-to-purse transactions.19
`
`16 See also Section 3.4.2, `Memory types'
`11 See also Section 5.6.4, `EF file structures'
`18 See also Section 12.1.2, `Electronic money'
`18 See also Section 12.1.2. 'Electronic money'
`
`GOOG-1011
`GOOGLE LLC v. RFCYBER CORP. / Page 959 of 1123
`
`APL-RFC0916-PA-00005961
`
`

`

`Case 6:21-cv-00916-ADA Document 43-5 Filed 04/19/22 Page 13 of 13
`Case 6:21-cv-00916-ADA Document 43-5 Filed 04/19/22 Page 13 of 13
`
`
`
`16.1 Glossary 965
`
`the various stages of the > life cycle of a smart card. In the simplest case different security
`environments would be defined for the personalization and subsequent use of the card, so that
`different file —~ access conditions would be specified for the different stages of the smart card
`life cycle. Write access would be allowed to all files for personalization, but for normal use
`the access conditions would be specified according to the actual — application.
`
`Security module
`
`A componentthat is secured both mechanically and computationally and is used to store secret
`data and execute cryptographic algorithms. It is also known as a secure application module
`(SAM), hardware security module (HSM) or host security module (HSM).
`
`Security target
`
`In the context of an —> evaluation, security targets describe the mechanismsto be tested for the
`— target of evaluation. They thus represent a sort of requirements catalog for the evaluation.
`The security targets for specific types of targets of evaluation and specific application areas
`for targets of evaluation can be described using — protection profiles.
`
`Seed number(seed)
`
`A random number used as the initial value for a pseudorandom number generator.
`
`Sequence control
`
`A methodfor specifying a compulsory sequenceof activities. For example, the correct sequence
`of — commands for mutual authentication of a > smart card and a background system can
`be enforced using sequence control in the smart card. This is done by specifying the states
`and state transitions of a state machine in the — smart card operating system that defines the
`command sequence that must be followed.*’
`
`Serial data transmission
`
`A type of data transmission in which individual data bits are sent sequentially along a data
`line. (— parallel data transmission}
`
`Service provider
`
`In a smart card system, an entity offering services that are used and paid for by auser. In the
`case of an electronic purse system, a service provideris an entity that receives money fromthe
`electronic purse of a purse holder in exchange for goodsor services.
`
`47 See also Section 5.8, ‘Sequence Control’
`
`GOOG-1011
`GOOGLE LLC v. RFCYBER CORP. / Page 1000 of 1123
`
`APL-RFCO0916-PA-00006002
`
`