Case 6:21-cv-00916-ADA-DTG Document 94-1 Filed 08/16/22 Page 1 of 98
`Case 6:21-cv-00916-ADA-DTG Document 94-1 Filed 08/16/22 Page 1 of 98
`
`EXHIBIT B
`EXHIBIT B
`
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-1 Filed 08/16/22 Page 2 of 98
`
`Appendix B – Claim Chart for US Patent No. 8,448,855 Against Accused Apple Products - CONFIDENTIAL
`
`Based on information presently available, RFCyber Corp. (“RFCyber”) contends that Defendant Apple Inc. (“Apple” or “Defendant”) infringes claims 1-17 (the “Asserted Claims”)
`of U.S. Patent No. 8,448,855 (the “’855 Patent”) through the Accused Products which are manufactured, sold, offered for sale, and/or used by Apple.
`
`The Accused Products include at least all devices running or containing Apple Wallet, Apple Pay and/or Apple Cash, and all supporting computer systems and/or servers providing
`functionality related thereto.
`
`For example, the Accused Products include, but are not limited to, the following Accused Devices: and all versions and variants of iPhone, iPad, Apple Watch, Macs with Touch ID
`or Apple silicon, made, sold, offered for sale, used, or imported in the United States since the launch of Apple Pay in October 2014, including at least all versions and variants of
`iPhone 6, iPhone 6 Plus, iPhone 6s, iPhone 6s Plus, iPhone SE (1st generation), iPhone 7, iPhone 7 Plus, iPhone 8, iPhone 8 Plus, iPhone X, iPhone XR, iPhone XS, iPhone XS Max,
`iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max, iPhone SE (2nd generation), iPhone 12 mini, iPhone 12, iPhone 12 Pro, iPhone 12 Pro Max, iPhone 13 mini, iPhone 13, iPhone 13
`Pro, iPhone 13 Pro Max, Apple Watch (1st generation), Apple Watch Series 1, Apple Watch Series 2, Apple Watch Series 3, Apple Watch Series 4, Apple Watch Series 5, Apple
`Watch SE, Apple Watch Series 6, Apple Watch Series 7, iPad (4th generation), iPad (5th generation), iPad (6th generation), iPad (7th generation), iPad (8th generation), iPad (9th
`generation), iPad mini 2, iPad mini 3, iPad mini 4, iPad mini (5th generation), iPad mini (6th generation), iPad Air 2, iPad Air (3rd generation), iPad Air (4th generation), iPad Pro
`(12.9-inch), iPad Pro (9.7-inch), iPad Pro (12.9-inch) (2nd generation), iPad Pro (10.5-inch), iPad Pro (11-inch), iPad Pro (12.9-inch) (3rd generation), iPad Pro (11-inch) (2nd
`generation), iPad Pro (12.9-inch) (4th generation), MacBook Air (Retina, 13-inch, 2018), MacBook Air (Retina, 13-inch, 2019), MacBook Air (Retina, 13-inch, 2020), MacBook
`Air (M1, 2020), MacBook Pro (13-inch, 2016, Four Thunderbolt 3 ports), MacBook Pro (15-inch, 2016), MacBook Pro (13-inch, 2017, Four Thunderbolt 3 ports), MacBook Pro
`(15-inch, 2017), MacBook Pro (13-inch, 2018, Four Thunderbolt 3 ports), MacBook Pro (15-inch, 2018), MacBook Pro (13-inch, 2019, Four Thunderbolt 3 ports), MacBook Pro
`(15-inch, 2019), MacBook Pro (16-inch, 2019), MacBook Pro (13-inch, 2020, Four Thunderbolt 3 ports), MacBook Pro (13-inch, M1, 2020), Mac mini (M1, 2020), iMac (24-inch,
`M1, 2021), MacBook Pro (16-inch, 2021), and MacBook Pro (14-inch, 2021). RFCyber reserves the right to amend this list of Accused Devices as discovery progresses.
`
`For example, the Accused Products include, but are not limited to, the following Accused Apps: Apple Wallet, Apple Pay and/or Apple Cash and all versions and variants thereof.
`
`Apple directly infringes each of the Asserted Claims by importing, using, selling, and/or offering to sell the Accused Products in violation of 35 U.S.C. § 271(a). Accused Devices
`are preloaded with apps required to use Accused Services.
`
`Apple indirectly infringes the Asserted Claims in violation of 35 U.S.C. § 271(b) by inducing third parties, including Apple customers and end-users, to directly infringe through
`their operation and use of the Accused Products. Apple has knowingly and intentionally induced this direct infringement by, inter alia, (i) selling, importing, or otherwise providing
`the Accused Products to third parties with the intent that the Accused Products will be operated and used in a manner that practices the Asserted Claims; and (ii) marketing and
`advertising the Accused Products. Apple’s marketing and promotional materials for the Accused Products are found, for example, on Apple’s website. For example, Apple’s website
`offers customers downloadable User Manuals for the Accused Products that instruct customers to, among other things, set up, personalize, and use Apple Pay and Apple Cash. Apple
`further provides tutorials with the Accused Products that instruct customers to, among other things, use the Accused Products in an infringing manner. Apple’s website also offers
`support to customers, including instruction to, among other things, use Apple Pay and Apple Cash to perform transactions. On information and belief, Apple knows that its actions
`
`
`
`1
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-1 Filed 08/16/22 Page 3 of 98
`
`will result in infringement of the Asserted Claims, or subjectively believes that there is a high probability that its actions will result in infringement of the Asserted Claims but has
`taken deliberate actions to avoid learning these facts.
`
`Apple also contributorily infringes each of the Asserted Claims in violation of 35 U.S.C. § 271(c) by selling, importing, and offering for sale the Accused Products which when used
`directly infringe the Asserted Claims. The Accused Products constitute a material part of the Asserted Claims.
`
`The following chart identifies specifically where each limitation of each Asserted Claim is found within the Accused Products and, in particular, the corresponding elements that
`meet the limitation in the Apple iPhone 13 Pro installed with Apple Pay. On information and belief, the Apple iPhone 13 Pro is representative of all Accused Devices which practice
`the Asserted Claims in a manner consistent with the Apple iPhone 13 Pro.
`
`RFCyber does not concede that any claims of the ʼ855 Patent that are not listed below are not infringed by the identified Accused Products. Moreover, the citations to certain
`documents and other information below are intended to be exemplary only and in no way foreclose RFCyber from citing or relying on additional documents, information, source
`code, and/or testimony at a later time. These contentions are preliminary in nature, and an analysis of Apple’s products, internal documentation, source code, and/or testimony from
`relevant witnesses may more fully and accurately describe the infringing features of its Accused Products. Accordingly, RFCyber reserves the right to supplement, correct, modify,
`and/or amend these contentions once such additional information is made available to RFCyber. Furthermore, RFCyber reserves the right to supplement, correct, modify, and/or
`amend these contentions as discovery in this case progresses; in view of the Court’s claim construction order(s); in view of any positions taken by Apple including, but not limited
`to, positions on claim construction, invalidity, and/or non-infringement; and in connection with the preparation and exchange of expert reports.
`To the extent Apple contends that any element of the Accused Products is attributable to a third party, RFCyber contends that the activities are attributable to Apple such that they
`constitute direct infringement by Apple under 271(a). The acts may be attributable to Apple because Apple directs or controls the others’ performance, and because Apple and the
`other entity form a joint enterprise. Akamai Techs., Inc. v. Limelight Networks, Inc., 797 F.3d 1020, 1022 (Fed. Cir. 2015). Additionally, Apple is vicariously liable for the activities
`of these other entities. Centillion Data Sys., LLC v. Qwest Commc'ns Int'l, Inc., 631 F.3d 1279, 1286 (Fed. Cir. 2011). Further, the activities of these entities (including manufacturers,
`distributors, and users of the Accused Products consumers), are attributable to Apple because Apple (1) conditions participation in an activity or receipt of a benefit upon others’
`performance of one or more steps of a patented method, and (2) establishes the manner or timing of that performance. Eli Lilly & Co. v. Teva Parenteral Medicines, Inc., 845 F.3d
`1357, 1365 (Fed. Cir. 2017). These acts are also attributed to Apple because it initiated the activities of its end-users. SiRF Tech., Inc. v. Int'l Trade Comm'n, 601 F.3d 1319, 1330
`(Fed. Cir. 2010).
`
`
`
`2
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-1 Filed 08/16/22 Page 4 of 98
`
`Claim
`
`1[p]. A method for funding
`an e-purse, the method
`comprising:
`
`Apple Accused Products
`
`Every iPhone and Apple Watch performs a method for funding an e-purse as claimed in claim 1.
`For example, every Accused Product performs a method for funding Apple Pay and/or Apple Wallet.
`For example, every Accused Product funds Apple Pay and/or Apple Wallet during provisioning, replenishment, repersonalization, and transaction
`operations associated with credit, debit, loyalty, membership, and other payment cards.
`For example, every Accused Product funds Apple Pay and/or Apple Wallet during loading, provisioning, replenishment, repersonalization, and transaction
`operations associated with stored value cards such as gift cards, loyalty cards, membership cards, and Apple Cash.
`
`
`
`3
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-1 Filed 08/16/22 Page 5 of 98
`
`1[a] receiving a PIN from a
`user of a portable device,
`wherein the portable
`device is a near field
`communication (NFC)
`enabled device that
`includes a card module;
`
`Every accused smartphone and smartwatch product performs the step of receiving a PIN from a user of a portable device, wherein the portable device is a
`near field communication (NFC) enabled device that includes a card module.
`Every iPhone and Apple Watch is a near field communication (NFC) enabled device that includes a card module.
`For example, the Apple iPhone 13 Pro is a portable device that is NFC enabled.
`
`
`
`
`https://www.techinsights.com/blog/teardown/apple-iphone-13-pro-teardown
`
`For example, the iPhone 13 Pro receives a PIN (e.g. a passcode or biometric information) from the user of the device, such as during contactless, online,
`and/or peer-to-peer transactions.
`
`
`
`
`
`4
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-1 Filed 08/16/22 Page 6 of 98
`
`
`
`
`iOS Security White Paper at 10; see also id. at 10-14.
`
`
`
`5
`
`
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-1 Filed 08/16/22 Page 7 of 98
`
`iOS Security White Paper at 50.
`
`
`
`
`
`6
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-1 Filed 08/16/22 Page 8 of 98
`
`iOS Security White Paper at 51.
`The Accused Products literally and equivalently satisfy this limitation by requiring a pattern, password, fingerprint, face scan, retina scan, facial recognition,
`other biometric data, and/or smart unlock. For example, in addition to literally satisfying this limitation, Accused Products with those features equivalently
`
`
`
`
`
`7
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-1 Filed 08/16/22 Page 9 of 98
`
`1[b] initiating a request
`from a midlet embedded in
`the portable device after
`the PIN is verified,
`wherein the midlet sends
`the request to an e-purse
`applet;
`
`satisfy this limitation because they achieve the same function (e.g. requiring a personal identifier to initiate a request), in the same way (e.g. inputting the
`personal identifier into a mobile device), with the same result (e.g. verifying the identity of a user before allowing a transaction to be initiated).
`Using the PIN, passcode, fingerprint, face scan, or iris scan to access the Apple Pay app to make a purchase or payment initiates a request from the e-purse
`(e.g. the Apple Pay and/or Apple Wallet application).
`RFCyber may supplement these contentions, including once access to relevant documents and/or source code is provided.
`
`
`Every Accused Product performs the step of initiating a request from a midlet embedded in the portable device after the PIN is verified, wherein the midlet
`sends the request to an e-purse applet.
`For example, Using the PIN, fingerprint, or iris scan to access the Apple Pay app to make a purchase or payment initiates a request from the midlet (such as
`a software component associated with PassKit or Apple Pay, e.g. a framework, daemon, driver, or associated API) after the PIN is verified, such as a
`request to authorize payment, and the midlet sends that request. For example, the midlet comprising Apple Pay may further comprise NFC middleware
`and/or an Android API configured to facilitate communication between a card applet and a Apple payment server.
`For example, the midlet (such as the Apple Pay app) is required to send a request to the e-purse applet to retrieve a token, which is generated or stored in the
`e-purse applet.
`See support for claim 9[e].
`RFCyber may supplement these contentions, including once access to relevant documents and/or source code is provided.
`
`
`1[c] causing the e-purse
`applet to compose a
`response to the request
`
`Every Accused Product performs the step of causing the e-purse applet to compose a response to the request.
`See support for claim 9[e].
`RFCyber may supplement these contentions, including once access to relevant documents and/or source code is provided.
`
`
`
`8
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-1 Filed 08/16/22 Page 10 of 98
`
`1(d) sending the response
`by the e-purse applet over
`a wireless network to a
`server administrating the e-
`purse, the server
`configured to verify the
`response against an
`account in a financial
`institution across a
`network, a fund transfer
`request is initiated by the
`server to the financial
`institution when the
`response is successfully
`verified;
`
`1[e] receiving commands
`from the server in
`responding to the fund
`transfer request; and
`
`Every Accused Product performs the step of sending the response by the e-purse applet over a wireless network to a server administrating the e-purse, the
`server configured to verify the response against an account in a financial institution across a network, a fund transfer request is initiated by the server to the
`financial institution when the response is successfully verified.
`
`For example, upon information and belief, the iPhone 13 Pro sends the response from the e-purse applet (e.g. the card applet selected for a given transaction
`with Apple Pay) to a server administrating the e-purse which is configured to verify the response against an account in a financial institution across a
`network (e.g. a payment gateway server of an admin agent, TSM, Apple, merchant, vendor and/or card-issuer network server).
`For example, upon information and belief, the server initiates a fund transfer request (e.g. to fund a given transaction, and/or to add a balance to a card
`applet) when the message from the applet is successfully verified, such as by authenticating an application identifier, a tokenized card number, cryptogram,
`SSID, Virtual Card ID, Secure Element ID, Security Domain key, session key, and/or other secure objects (e.g. symmetric key, ECC key, RSA key, or
`HMAC key).
`For example, the iPhone 13 Pro sends responses to a server administrating the e-purse over a wireless network such as a cellular network, Wireless WAN,
`Wireless MAN, Wireless PAN, Wireless LAN, and/or a Global Area Network.
`
`
`The server is configured to verify the response against an amount in a financial institution across a network, a fund transfer request is initiated by the server
`to the financial institution when the response is successfully verified.
`RFCyber may supplement these contentions, including once access to relevant documents and/or source code is provided.
`
`Every Accused Product performs the step receiving commands from the server in responding to the fund transfer request.
`See support for claim 9[d].
`RFCyber may supplement these contentions, including once access to relevant documents and/or source code is provided.
`
`
`
`9
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-1 Filed 08/16/22 Page 11 of 98
`
`Every Accused Product performs the step of causing an emulator in the portable device to update a transaction log after an authenticity of the commands is
`verified by the e-purse applet wherein the e-purse in the portable device has been personalized.
`See support for claims 9[d]-[f].
`RFCyber may supplement these contentions, including once access to relevant documents and/or source code is provided.
`
`Every Accused Product performs a method of establishing an initial security channel between the card module and an e-purse security authentication
`module (SAM) external to the card module to install and personalize the e-purse applet in the card module.
`See support for claim 9[g].
`RFCyber may supplement these contentions, including once access to relevant documents and/or source code is provided.
`
`For example, every Accused Product performs a method creating a security channel on top of the initial security channel to protect subsequent operations of
`the card module with the e-purse SAM, wherein any subsequent transactions with the e-purse are conducted over the security channel.
`See support for claim 9[h].
`RFCyber may supplement these contentions, including once access to relevant documents and/or source code is provided.
`
`10
`
`1[f] causing an emulator in
`the portable device to
`update a transaction log
`after an authenticity of the
`commands is verified by
`the e-purse applet wherein
`the e-purse in the portable
`device has been
`personalized by operations
`including:
`
`1[g] establishing an initial
`security channel between
`the card module and an e-
`purse security
`authentication module
`(SAM) external to the card
`module to install and
`personalize the e-purse
`applet in the card module,
`and
`
`1[h] creating a security
`channel on top of the initial
`security channel to protect
`subsequent operations of
`the card module with the e-
`purse SAM, wherein any
`subsequent transactions
`with the e-purse are
`conducted over the security
`channel.
`
`
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-1 Filed 08/16/22 Page 12 of 98
`
`2. The method as recited
`in claim 1, wherein the
`card module is a SmartMX
`(SMX) module pre-loaded
`with the emulator for
`storing secured values.
`
`Every Accused Product performs the method of claim 1wherein the card module is a SmartMX (SMX) module pre-loaded with the emulator for storing
`secured values.
`
`For example, upon information and belief the iPhone 13 Pro’s SN210 includes a SmartMX module pre-loaded with an emulator (such as a MIFARE
`emulator) for storing secured values.
`
`
`
`
`
`
`11
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-1 Filed 08/16/22 Page 13 of 98
`
`
`RFCyber may supplement these contentions, including once access to relevant documents and/or source code is provided.
`
`
`
`12
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-1 Filed 08/16/22 Page 14 of 98
`
`3. The method as recited
`in claim 1, wherein the e-
`purse is built on top of a
`global platform and
`implemented as the e-purse
`applet, the global platform
`provides a security to
`personalize the card
`module, wherein both e-
`purse keys and card access
`keys are personalized into
`a tag.
`
`Every Accused Product performs the method as recited in claim 1, wherein the e-purse is built on top of a global platform and implemented as the e-purse
`applet, the global platform provides a security to personalize the card module, wherein both e-purse keys and card access keys are personalized into a tag.
`For example, the iPhone 13 Pro comprises a device where the e-purse is built on top of a global platform able to access MIFARE data structures with an
`appropriate transformed password based on the keys in the emulator, such as the SmartMX platform. For example, the iPhone 13 Pro e-purse is built on top
`of a GlobalPlatform complaint Card Manager, and GlobalPlatform is a cross-industry membership organization created to advance standards for smart card
`growth.
`For example, upon information and belief a card manager (e.g. a GlobalPlatform compliant card manager within an NFC module (e.g. a SmartMX module),
`the Apple Pay app establishes an initial security channel (e.g. a Global Platform application security domain of associated with a card issuer) between the
`smart card (e.g. a secure element, NFC controller, and/or NFC module) and the e-purse security authentication module.
`For example, upon information and belief, the Accused Products include and utilize security domain file control information to wrap communications in a
`security channel, such as a security domain,
`See support for claims 9[f]-[h].
`RFCyber may supplement these contentions, including once access to relevant documents and/or source code is provided.
`
`4. The method as recited
`in claim 3, wherein the
`security is realized via a
`card manager to update
`security keys to establish
`appropriate channels for
`interactions between the
`server and the e-purse
`applet, wherein the e-purse
`applet acts as a gatekeeper
`to regulate or control data
`exchange between the
`server and the portable
`device for funding the e-
`purse therein.
`
`Every Accused Product performs the method as recited in claim 3, wherein the security is realized via a card manager to update security keys to establish
`appropriate channels for interactions between the server and the e-purse applet, wherein the e-purse applet acts as a gatekeeper to regulate or control data
`exchange between the server and the portable device for funding the e-purse therein.
`For example, the security is realized via a card manager (e.g. a Global Platform compliant card manager) to update security keys, such as an issuer security
`domain and/or application security domain component of a Card Manager, to establish appropriate channels for interactions between the server and e-purse
`applet (e.g. security domains.
`For example, the e-purse applet (e.g. card applet) acts as a gatekeeper to regulate data exchange between the server and the portable device for funding the
`e-purse, such as by providing cryptographic keys to handle an APDU exchange.
`For example, upon information and belief, the each card applet has a Card Manager (e.g. an issuer security domain or application security domain
`component) which allows the card to be personalized by reading a cryptographic key from the smart card (e.g. the secure element) to establish a secure
`channel between a card applet and a security authentication module (e.g. a security domain).
`For example, Apple Pay further generates operational keys when personalizing a payment card applet, such as a token that stands in for a customer’s actual
`payment card number and/or a cryptogram.
`RFCyber may supplement these contentions, including once access to relevant documents and/or source code is provided.
`
`
`
`13
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-1 Filed 08/16/22 Page 15 of 98
`
`5. The method as recited
`in claim 2, wherein the e-
`purse is implemented in
`the emulator.
`
`6. The method as recited
`in claim 5, further
`comprising: accessing by
`the e-purse applet the
`emulator with appropriate
`transformed passwords
`based on access keys.
`
`Every Accused Product performs the method as recited in claim 2, wherein the e-purse is implemented in the emulator.
`For example, upon information and belief, the all e-purse applets are stored in memory associated with the emulator.
`RFCyber may supplement these contentions, including once access to relevant documents and/or source code is provided.
`
`Every Accused Product performs the method as recited in claim 5, further comprising: accessing by the e-purse applet the emulator with appropriate
`transformed passwords based on access keys.
`For example, upon information and belief, e-purse applets (e.g. card applets) are accessed by the emulator with transformed passwords based on access
`keys, such as MiFare passwords based on a tag ID, and/or other passwords generated by transforming an identifier (e.g. a tokenized card number,
`cryptogram, SSID, Virtual Card ID, Secure Element ID, Security Domain key, session key, and/or other secure objects (e.g. symmetric key, ECC key, RSA
`key, or HMAC key).
`For example, as discussed at claim 9[f]-[g], upon information and belief, at least a session key or security domain key is utilized to establish a first security
`channel between an e-purse applet and a payment server, and at least an identifier (e.g. a tag ID, tokenized card number, Virtual Card ID, and/or Secure
`Element ID) is used to establish a second secure channel with a SAM (e.g. a SAM behind a Apple or issuer server). For example, upon information and
`belief, the second security channel is further based on transform keys generated from an identifier.
`For example, the e-purse applet is establish a second secured channel so that various data (e.g. transaction values) is exchanged between the e-purse applet
`and the e-purse SAM originally used to issue the e-purse as well as between the emulator and the existing SAM, such as during an NFC, online, or app
`based transaction. For example, the e-purse applet establishes a second secured channel with the e-purse SAM originally used to issue the e-purse (e.g. a
`SAM associated with a card-issuer server) as well as between the emulator and the existing SAM (e.g. a SAM associated with a network server processing
`the transaction such as an admin agent, TSM, Apple, merchant, vendor and/or card-issuer network server.
`For example, upon information and belief, a secure channel with a card-issuer, TSM, admin agent, and or Apple network server verifies the authenticity of
`APDU format messages sent between the e-purse and the server, such as by verifying a key or other identifier (e.g. tokenized card number, cryptogram,
`SSID, Virtual Card ID, Secure Element ID, Security Domain key, session key, and/or other secure objects (e.g. symmetric key, ECC key, RSA key, or
`HMAC key).
`For example, upon information and belief, the card applet exchanges messages in APDU format with both SAMs, such as to authenticate the card applet.
`RFCyber may supplement these contentions, including once access to relevant documents and/or source code is provided.
`
`
`
`14
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-1 Filed 08/16/22 Page 16 of 98
`
`Every Accused Product performs a method as recited in claim 1, wherein the commands are network messages including Application Protocol Data Unit
`(APDU) commands, and said receiving commands from the payment server comprises: extracting the APDU commands from the network messages.
`For example, upon information and belief, the e-purse applets in the iPhone 13 Pro communicate using APDU commands. The commands must be
`extracted from network messages before the applet can receive them.
`See:
`Activity During Apple Cash Funding (extracted from AP-Apple-Cash-Funding.log)
`
`7. The method as recited
`in claim 1, wherein the
`commands are network
`messages including
`Application Protocol Data
`Unit (APDU) commands,
`and said receiving
`commands from the
`payment server comprises:
`extracting the APDU
`commands from the
`network messages.
`
`
`
`15
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-1 Filed 08/16/22 Page 17 of 98
`
`See also claim 1[e].
`RFCyber may supplement these contentions, including once access to relevant documents and/or source code is provided.
`
`8. The method as recited
`in claim 7, wherein the
`commands include a
`response from the financial
`institution transported to
`the server.
`
`Every Accused Product performs a method as recited in claim 7 wherein the commands include a response from the financial institution transported to the
`server.
`For example, upon information and belief, the commands (e.g. APDU commands sent by a payment server) further include a response from the financial
`institution transported to the server, e.g. a response indicating that an account associated with a card applet has sufficient funds for a transaction, and/or a
`response from a financial institution via a TSP server, TSM server, admin agent server, issuer server, merchant or vendor server, and/or web or application
`server(s)), or application and/or web server(s) connected thereto, further authenticating the request.
`RFCyber may supplement these contentions, including once access to relevant documents and/or source code is provided.
`
`RFCyber may supplement these contentions, including once access to relevant documents and/or source code is provided.
`
`
`
`16
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-1 Filed 08/16/22 Page 18 of 98
`
`9. A method for funding an
`e-purse, the method
`comprising:
`
`Every Accused Product performs a method of for funding an e-purse.
`For example, every Accused Product performs a method for funding Apple Pay and/or Apple Wallet.
`For example, every Accused Product funds Apple Pay and/or Apple Wallet during provisioning, replenishment, repersonalization, and transaction
`operations associated with credit, debit, loyalty, membership, and other payment cards.
`For example, every Accused Product funds Apple Pay and/or Apple Wallet during loading, provisioning, replenishment, repersonalization, and transaction
`operations associated with stored value cards such as gift cards, loyalty cards, membership cards, and Apple Cash.
`RFCyber may supplement these contentions, including once access to relevant documents and/or source code is provided.
`
`
`
`17
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-1 Filed 08/16/22 Page 19 of 98
`
`9[a] receiving a request
`from a portable device;
`
`Every Accused Product performs a method of receiving a request from a portable device.
`For example, a server associated with Apple Pay (e.g. Apple Pay application server, TSM server, and/or TSP server) receive a request from a portable
`device (e.g. a laptop, tablet, phone, or smartwatch) when Apple Pay and/or Apple Wallet is used in an in-app and/or online transaction.
`For example, upon information and belief, a server associated with Apple Pay receives a request upon actuation of a payment and/or verification button
`associated with an in-app, online, or stored value (e.g. Apple Cash or gift card) loading operation.
`
`See also:
`
`
`
`
`
`18
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-1 Filed 08/16/22 Page 20 of 98
`
`Activity During Apple Cash Funding Transaction (excerpted from AP-Apple-Cash-Funding.log
`
`
`
`19
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-1 Filed 08/16/22 Page 21 of 98
`
`RFCyber may supplement these contentions, including once access to relevant documents and/or source code is provided.
`
`
`
`20
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-1 Filed 08/16/22 Page 22 of 98
`
`9[b] verifying the request
`with an account in a bank
`across a network;
`
`Every Accused Product performs a method of verifying the request with an account in a bank across a network.
`For example, a server associated with Apple Pay (e.g. an Apple Pay application server, TSM server, and/or TSP server) verifies the request from the
`portable device, such as by authenticating a card holder with a card issuer and/or an associated token service provider.
`
`iOS Security White Paper at 47.
`
`
`
`
`
`21
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-1 Filed 08/16/22 Page 23 of 98
`
`Paying with credit and debit cards within apps
`Apple Pay can also be used to make payments within iOS apps and Apple Watch
`apps. Whenusers pay within apps using Apple Pay, Apple receives encrypted
`transaction information andre-encrypts it with a developer-specific key before
`it’s sent to the developer or merchant. Apple Pay retains anonymoustransaction
`information such as approximate purchase amount. This information can't be
`tied to the user and never includes what the useris buying.
`
`Whenanappinitiates an Apple Pay payment transaction, the Apple Pay Servers
`receive the encryptedtransaction from the device prior to the merchant
`receivingit. The Apple Pay Servers then re-encryptit with a merchant-specific
`key before relaying the transaction to the merchant.
`
`Whenan app requests a payment, it calls an AP! to determineif the device
`supports Apple Pay andif the user has credit or debit cards that can make
`payments on a payment network accepted by the merchant. The app requests
`any pieces of information it needs to proc:
`andfulfill the transaction, such
`as the billing and shipping address, and contact information. The app then
`asks iOS to present the Apple Pay sheet, which requests informationfor the
`app, as well as other necessary information, such as the cardto use.
`
`At this time, the app is presentedwith city, state, and zip code information
`to calculate the final shipping