Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 1 of 113
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 1 of 113
`
`EXHIBIT D
`EXHIBIT D
`
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 2 of 113
`
`Appendix D – Claim Chart for US Patent No. 9,240,009 Against Accused Apple Products - CONFIDENTIAL
`
`Based on information presently available, RFCyber Corp. (“RFCyber”) contends that Defendant Apple Inc. (“Apple” or “Defendant”) infringes claims 1-17 (the “Asserted Claims”)
`of U.S. Patent No. 9,240,009 (the “’009 Patent”) through the Accused Products which are manufactured, sold, offered for sale, and/or used by Apple.
`
`The Accused Products include at least all iPhones and Apple watches running or containing Apple Wallet, Apple Pay and/or Apple Cash, and all supporting computer systems and/or
`servers providing functionality related thereto.
`
`For example, the Accused Products include, but are not limited to, the following Accused Devices: and all versions and variants of iPhone and Apple Watch made, sold, offered for
`sale, used, or imported in the United States since the launch of Apple Pay in October 2014, including at least all versions and variants of iPhone 6, iPhone 6 Plus, iPhone 6s, iPhone
`6s Plus, iPhone SE (1st generation), iPhone 7, iPhone 7 Plus, iPhone 8, iPhone 8 Plus, iPhone X, iPhone XR, iPhone XS, iPhone XS Max, iPhone 11, iPhone 11 Pro, iPhone 11 Pro
`Max, iPhone SE (2nd generation), iPhone 12 mini, iPhone 12, iPhone 12 Pro, iPhone 12 Pro Max, iPhone 13 mini, iPhone 13, iPhone 13 Pro, iPhone 13 Pro Max, Apple Watch (1st
`generation), Apple Watch Series 1, Apple Watch Series 2, Apple Watch Series 3, Apple Watch Series 4, Apple Watch Series 5, Apple Watch SE, Apple Watch Series 6, and Apple
`Watch Series 7. RFCyber reserves the right to amend this list of Accused Devices as discovery progresses.
`
`For example, the Accused Products include, but are not limited to, the following Accused Apps: Apple Wallet, Apple Pay and/or Apple Cash and all versions and variants thereof.
`
`Apple directly infringes each of the Asserted Claims by importing, using, selling, and/or offering to sell the Accused Products in violation of 35 U.S.C. § 271(a). Accused Devices
`are preloaded with apps required to use Accused Services.
`
`Apple indirectly infringes the Asserted Claims in violation of 35 U.S.C. § 271(b) by inducing third parties, including Apple customers and end-users, to directly infringe through
`their operation and use of the Accused Products. Apple has knowingly and intentionally induced this direct infringement by, inter alia, (i) selling, importing, or otherwise providing
`the Accused Products to third parties with the intent that the Accused Products will be operated and used in a manner that practices the Asserted Claims; and (ii) marketing and
`advertising the Accused Products. Apple’s marketing and promotional materials for the Accused Products are found, for example, on Apple’s website. For example, Apple’s website
`offers customers downloadable User Manuals for the Accused Products that instruct customers to, among other things, set up, personalize, and use Apple Pay and Apple Cash. Apple
`further provides tutorials with the Accused Products that instruct customers to, among other things, use the Accused Products in an infringing manner. Apple’s website also offers
`support to customers, including instruction to, among other things, use Apple Pay and Apple Cash to perform transactions. On information and belief, Apple knows that its actions
`will result in infringement of the Asserted Claims, or subjectively believes that there is a high probability that its actions will result in infringement of the Asserted Claims but has
`taken deliberate actions to avoid learning these facts.
`
`Apple also contributorily infringes each of the Asserted Claims in violation of 35 U.S.C. § 271(c) by selling, importing, and offering for sale the Accused Products which when used
`directly infringe the Asserted Claims. The Accused Products constitute a material part of the Asserted Claims.
`
`
`
`1
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 3 of 113
`
`The following chart identifies specifically where each limitation of each Asserted Claim is found within the Accused Products and, in particular, the corresponding elements that
`meet the limitation in the Apple iPhone 13 Pro installed with Apple Pay. On information and belief, the Apple iPhone 13 Pro is representative of all Accused Devices which practice
`the Asserted Claims in a manner consistent with the Apple iPhone 13 Pro.
`
`RFCyber does not concede that any claims of the ʼ009 Patent that are not listed below are not infringed by the identified Accused Products. Moreover, the citations to certain
`documents and other information below are intended to be exemplary only and in no way foreclose RFCyber from citing or relying on additional documents, information, source
`code, and/or testimony at a later time. These contentions are preliminary in nature, and an analysis of Apple’s products, internal documentation, source code, and/or testimony from
`relevant witnesses may more fully and accurately describe the infringing features of its Accused Products. Accordingly, RFCyber reserves the right to supplement, correct, modify,
`and/or amend these contentions once such additional information is made available to RFCyber. Furthermore, RFCyber reserves the right to supplement, correct, modify, and/or
`amend these contentions as discovery in this case progresses; in view of the Court’s claim construction order(s); in view of any positions taken by Apple including, but not limited
`to, positions on claim construction, invalidity, and/or non-infringement; and in connection with the preparation and exchange of expert reports.
`To the extent Apple contends that any element of the Accused Products is attributable to a third party, RFCyber contends that the activities are attributable to Apple such that they
`constitute direct infringement by Apple under 271(a). The acts may be attributable to Apple because Apple directs or controls the others’ performance, and because Apple and the
`other entity form a joint enterprise. Akamai Techs., Inc. v. Limelight Networks, Inc., 797 F.3d 1020, 1022 (Fed. Cir. 2015). Additionally, Apple is vicariously liable for the activities
`of these other entities. Centillion Data Sys., LLC v. Qwest Commc'ns Int'l, Inc., 631 F.3d 1279, 1286 (Fed. Cir. 2011). Further, the activities of these entities (including manufacturers,
`distributors, and users of the Accused Products consumers), are attributable to Apple because Apple (1) conditions participation in an activity or receipt of a benefit upon others’
`performance of one or more steps of a patented method, and (2) establishes the manner or timing of that performance. Eli Lilly & Co. v. Teva Parenteral Medicines, Inc., 845 F.3d
`1357, 1365 (Fed. Cir. 2017). These acts are also attributed to Apple because it initiated the activities of its end-users. SiRF Tech., Inc. v. Int'l Trade Comm'n, 601 F.3d 1319, 1330
`(Fed. Cir. 2010).
`
`
`Claim
`
`Apple Accused Products
`
`1. A mobile device for
`conducting a secured
`transaction over a network,
`the mobile device
`comprising:
`
`Every Accused Product comprises a mobile device for conducting a secured transaction over a network.
`
`For example, the Apple iPhone 13 Pro conducts secured transactions (such as contactless, online, in-app, and peer-to-peer transactions) over a network,
`such as the internet, using Apple Pay, Apple Wallet, and/or Apple Cash.
`
`
`
`2
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 4 of 113
`
`https://support.apple.com/en-us/HT203027
`
`1[a] a network interface;
`
`Every Accused Product comprises a network interface.
`
`
`
`
`3
`
`
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 5 of 113
`
`For example, the iPhone 13 Pro includes a network interface (such as an NFC interface, WIFI interface, WLAN interface, cellular network interface, or
`other network interface).
`
`https://www.techinsights.com/blog/teardown/apple-iphone-13-pro-teardown
`
`
`
`
`
`4
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 6 of 113
`
`https://www.techinsights.com/blog/teardown/apple-iphone-13-pro-teardown
`
`RFCyber may supplement these contentions, including once access to relevant documents and/or source code is provided.
`
`
`
`
`1[b] an interface to receive
`a secure element;
`
`Every Accused Product comprises an interface to receive a secure element.
`
`
`
`
`5
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 7 of 113
`
`For example, the iPhone 13 Pro includes an interface, such as a circuit board and/or circuit connections, to receive a secure element, such as the secure
`element included within the iPhone 13 Pro’s SN210 chip.1
`
`https://www.techinsights.com/blog/teardown/apple-iphone-13-pro-teardown
`
`For example, upon information and belief, the iPhone 13 pro further includes an interface, such as a circuit board and/or circuit connections, to receive a
`processor comprising a secure execution environment (e.g. a secure enclave).
`
`
`
`
`1 RFCyber uses publicly available documentation for the NXP PN80T and PN553 as representative of the components and functionality of NFC controllers and secure elements all
`the Accused Apple Mobile Devices. While other devices may use other components, they are substantially similar to the PN80T and PN553.
`
`
`
`6
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 8 of 113
`
`https://www.techinsights.com/blog/teardown/apple-iphone-13-pro-teardown
`See also:
`
`
`
`
`
`7
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 9 of 113
`
`technologies discussed in this document.
`
`Software
`
`ardware and
`Firmware
`
`Data Protection
`Class
`
`App Sandbox
`
`UserPartition
`(Encrypted)
`
`OS Partition
`
`File System
`
`Kernel
`
`Secure
`Enclave
`
`Secure
`Element
`
`Crypto Engine
`
`Device Key
`Group Key
`Apple RootCertificate
`
`Security architecture diagram of iOS
`provides a visual overviewof the different
`
`
`
`
`
`8
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 10 of 113
`
`iOS Security White Paper at 5; id. at 8-9, 47-50.
`RFCyber may supplement these contentions, including once access to relevant documents and/or source code is provided.
`
`Every Accused Product comprises a memory space for storing at least a module and an application downloaded from the network.
`
`For example, the Apple iPhone 13 Pro includes Flash and RAM, and/or additional memory such as RAM, ROM, and/or EEPROM, for storing at least a
`module (e.g. applets corresponding with credit, debit, loyalty, membership, and/or gift cards, and/or Apple Cash) and an application (e.g. Apple Pay, Apple
`Cash, Apple Wallet, PassKit, card manager applets, and/or an associated framework or daemon) downloaded from the network.
`
`1(c) a memory space for
`storing at least a module
`and an application
`downloaded from the
`network;
`
`https://www.techinsights.com/blog/teardown/apple-iphone-13-pro-teardown
`
`
`
`9
`
`
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 11 of 113
`
`https://www.yumpu.com/en/document/read/54554964/an-analysis-of-apple-pay at 6-7.
`
`
`
`
`
`10
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 12 of 113
`
`iOS Security White Paper at 47.
`
`
`
`
`
`11
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 13 of 113
`
`iOS Security White Paper at 48.
`
`
`
`
`
`12
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 14 of 113
`
`iOS Security White Paper at 48.
`
`
`
`
`
`
`13
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 15 of 113
`
`iOS Security White Paper at 49.
`
`
`
`14
`
`
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 16 of 113
`
`
`For example, log files and corresponding videos showing activity while adding a card or Apple Cash to Apple Pay further demonstrate that a memory space
`such as a secure element, RAM, and/or FLASH memory stores at least an application (e.g. Apple Pay, Apple Wallet, PassKit, a card manager applet and/or
`associated frameworks and daemons), and a module (e.g. an applet). See e.g.:
`• AP-Amex-Add.wmv and AP-Amex-Add.log;
`• AP-Apple-Cash-add.wmv and AP-Apple-Cash-Add.log
`• AP-Clipper-Add-and-Fund.wmv and AP-Clipper-Add-and-Fund.log
`
`
`RFCyber may supplement these contentions, including once access to relevant documents and/or source code is provided.
`Every Accused Product comprises a processor coupled to the memory space and configured to execute the module to perform operations.
`
`For example, the iPhone 13 Pro includes a processor, such as a A15 Bionic SoC and/or a microprocessor within an NXP SN210 chip, that is coupled to the
`memory space and executes the module (such as a payment card applet) to perform operations.
`
`1[d] a processor coupled to
`the memory space and
`configured to execute the
`module to perform
`operations including;
`
`
`
`15
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 17 of 113
`
`https://www.techinsights.com/blog/teardown/apple-iphone-13-pro-teardown
`
`
`
`
`
`16
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 18 of 113
`
`https://www.techinsights.com/blog/teardown/apple-iphone-13-pro-teardown
`
`For example, log files and corresponding videos showing activity while adding a card and/or carrying out a transaction show a module (e.g. an applet) being
`executed by a processor. See e.g.:
`• AP-Amex-Add.wmv and AP-Amex-Add.log;
`• AP-Apple-Cash-add.wmv and AP-Apple-Cash-Add.log
`• AP-Clipper-Add-and-Fund.wmv and AP-Clipper-Add-and-Fund.log
`• AP-Amex-Pay-Foodies.wmv and AP-Amex-Pay-Foodies.log
`• AP-Apple-Cash-Funding.wmv and AP-Apple-Cash-Funding.log
`• AP-Clipper-Add-and-Fund.wmv and AP-Clipper-Add-and-Fund.log
`
`
`
`
`
`
`
`17
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 19 of 113
`
`
`RFCyber may supplement these contentions, including once access to relevant documents and/or source code is provided.
`
`1[e] sending to a server via
`the network interface an
`identifier identifying the
`application together with
`device information of a
`secure element, wherein
`the application is
`downloaded from the
`network in the mobile
`device;
`
`Every Accused Apple Mobile Device comprises a processor configured to execute the module to perform sending to a server via the network interface an
`identifier identifying the application together with device information of a secure element, wherein the application is downloaded from the network in the
`mobile device.
`
`For example, the iPhone 13 Pro sends to a server (such as a Apple Pay server, or financial institution server) via the network interface (such as a WIFI
`interface, WLAN interface, cellular network interface, or other network interface), an identifier identifying the application (e.g. a payment card applet)
`together with device information of a secure element (e.g. an SEID).
`
`For example, at least the following log files show that a module (e.g. an applet) sends an SEID and an AID to an Apple Pay server (e.g. an Apple Pay
`application server, TSM server, and/or TSP server) while carrying out a transaction.
`Activity during NFC contactless purchase transaction (excerpted from AP-Amex-Pay-Foodies.log)
`
`
`
`18
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 20 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 20 of 113
`
`
`
`19
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 21 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 21 of 113
`
`
`
`20
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 22 of 113
`
`Activity during Web payment transaction (excerpted from AP-NYTimes-Amex-Subscribe.log):
`
`
`
`
`21
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 23 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 23 of 113
`
`
`
`22
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 24 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 24 of 113
`
`
`
`23
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 25 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 25 of 113
`
`
`
`24
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 26 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 26 of 113
`
`
`
`25
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 27 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 27 of 113
`
`
`
`26
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 28 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 28 of 113
`
`
`
`27
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 29 of 113
`
`
`Activity during a payment transaction to fund a Clipper card (excerpted from AP-Clipper-Add-and-Fund.log):
`
`
`
`
`28
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 30 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 30 of 113
`
`
`
`29
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 31 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 31 of 113
`
`
`
`30
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 32 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 32 of 113
`
`
`
`31
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 33 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 33 of 113
`
`
`
`32
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 34 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 34 of 113
`
`
`
`33
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 35 of 113
`
`For example, this functionality is further demonstrated by at least the following log files and corresponding videos:
`• AP-Amex-Pay-Foodies.wmv and AP-Amex-Pay-Foodies.log
`• AP-Apple-Cash-Funding.wmv and AP-Apple-Cash-Funding.log
`• AP-Clipper-Add-and-Fund.wmv and AP-Clipper-Add-and-Fund.log
`
`
`For example, the application (e.g. Apple Pay, Apple Wallet, Apple Cash, Passkit, and/or an associated daemon, framework, or card manager applet) is
`downlaoded from the network, such as from an Apple Pay server(e.g. from an Apple, TSM, and/or TSP server over the internet)
`
`
`
`
`34
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 36 of 113
`
`iOS Security White Paper at 47.
`
`
`
`
`
`35
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 37 of 113
`
`iOS Security White Paper at 48.
`
`
`
`
`
`36
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 38 of 113
`
`iOS Security White Paper at 48.
`
`
`
`
`
`
`37
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 39 of 113
`
`iOS Security White Paper at 49.
`
`
`
`38
`
`
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 40 of 113
`
`
`For example, Apple Pay and/or applets further generate operational keys when personalizing a payment card applet, such as a token that stands in for a
`customer’s actual card number and/or a cryptogram.
`RFCyber may supplement these contentions, including once access to relevant documents and/or source code is provided.
`
`1[f] establishing a secured
`channel between the secure
`element and the server
`using a key set installed on
`the secure element,
`wherein the server is
`configured to prepare data
`necessary for the
`application to function as
`designed on the mobile
`device; and
`
`Every Accused Product comprises a processor configured to execute the module to perform establishing a secured channel between the secure element and
`the server using a key set installed on the secure element, wherein the server is configured to prepare data necessary for the application to function as
`designed on the mobile device.
`For example, the iPhone 13 Pro establishes a secure channel, such as a security domain, between the secure element and the server (e.g. an Apple Pay
`application server, TSM server, and/or TSP server) using a key set installed on the secure element (e.g. an SEID, AID, device key or certificate, and/or
`generated keys). For example, the server is configured to prepare data necessary for the application (e.g. Apple Pay, Apple Wallet, Apple Cash, PassKit,
`and/or a card manager applet) to carry out personalization, provisioning, and payment operations.
`For example, Apple states that its secure elements host a “specially designed applet to manage Apple Pay.” As demonstrated by Apple’s iOS security
`document, and by the below documents and log files, the card manager applet utilizes data prepare dover the secured channel between the SE and the
`server.
`
`
`
`39
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 41 of 113
`
`iOS Security White Paper at 47.
`
`
`
`
`
`40
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 42 of 113
`
`iOS Security White Paper at 48.
`
`
`
`
`
`41
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 43 of 113
`
`iOS Security White Paper at 48.
`
`
`
`
`
`
`42
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 44 of 113
`
`iOS Security White Paper at 49.
`
`
`
`43
`
`
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 45 of 113
`
`For example, the iPhone 13 Pro performs a method of personalizing the e-purse applet (e.g. an applet corresponding with a credit card, debit card, transit
`card, loyalty card, Apple Cash, or other payment card) when provisioning a card to Apple Pay and/or Apple Wallet. For example the Accused Products read
`off data from the smart card, (e.g. by reading a device account number or secure element ID (aka “SEID”) off of a secure element, or other identifier or
`certificate off of the smart card), to generate one or more operation keys, such as an SSID, Virtual Card ID, Secure Element ID, Security Domain key,
`certificate, and/or a session key, that are subsequently used to establish a secured connection between the e-purse applet and an e-purse SAM external to the
`smart card (e.g. a hardware security module, vault, and/or software security module of an Apple Pay, TSM, TSP server, issuer server, and/or a web or
`application server connected thereto).
`
`
`
`
`44
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 46 of 113
`
`iOS Security White Paper at 48.
`
`
`
`
`
`45
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 47 of 113
`
`iOS Security White Paper at 49.
`
`
`
`
`
`46
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 48 of 113
`
`iOS Security White Paper at 49.
`
`
`
`
`
`47
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 49 of 113
`
`
`
`
`
`iOS Security White Paper at 49-50.
`See also:
`
`
`
`48
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 50 of 113
`
`iOS Security White Paper at 15.
`
`
`
`
`
`
`49
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 51 of 113
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed
`
`Enrolling a card — Step |
`
`Passbook
`
`Authentication
`YoaAsls
`
`and URL for the terms and conditions
`
`Send “card to authorise” details to apple
`Uses Secure Element Identifier and
`AppleToken for authentication
`https://nc-pod2-smp-device.apple.com/broker/v2/devices/———
`
`JSON of AID, card identifier, sanitized PAN
`
`
`
`
`
`50
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 52 of 113
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed
`
`Enrolling a card — Step 4
`
`Passbook
`
`Authentication
`NYoadcls
`
`Retreive the generated PasskKit pass
`
`Pealceteonleceeounilelcm—
`
`pe
`
`Zipped package containing:
`Images, JSON containing pass details and
`the signature
`
`
`
`
`
`51
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 53 of 113
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed
`
`o1@LUSINVZe
`
`Authentication
`Pever
`
`pocertificatessoe Ce
`
`OCSP response
`(check with openssl:
`
`Enrolling a card — Step 5
`
`: Openssl ocsp -respin <response> -text
`
`
`
`
`
`52
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 54 of 113
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed
`
`Enrolling a card — Step 6
`
`seld
`
`Authentication
`Server
`
`<seld>/get_pending.commands
`
`List of EMV Commands to execute on the
`
`c
`
`secure element.
`
`Retrieve commandsto run on the Secure
`Element, contains certificates, supported
`cards and secure element Id.
`
`
`
`
`
`
`
`53
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 55 of 113
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed
`
`Passbook
`
`Authentication
`Server
`
`Enrolling a card — Step 7
`
`e.g email, SMS or phone call
`
`Retrieve a list of the authentication methods
`supported
`
`atte
`pas
`
`s/paymentpass.com.apple/<providedURL>/activationMethods
`
`JSON of authentication method data.
`
`
`
`
`
`54
`
`€
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 56 of 113
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed
`
`Passbook
`
`Authentication
`Server
`
`Enrolling a card — Step 8
`
`Confirm Response
`
`Send selected method identifer
`
`c
`
`
`
`
`
`55
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 57 of 113
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed
`
`oie)
`
`Authentication
`Server
`
`Enrolling a card — Step 9
`
`Confirm Response
`
`Send results of EMV command execution
`from the secure element
`
`PeeryemaMeronitcinc
`
`c
`
`
`
`
`
`56
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 58 of 113
`
`https://www.yumpu.com/en/document/read/54554964/an-analysis-of-apple-pay at 13-25.
`See also:
`Activity during NFC contactless purchase transaction (excerpted from AP-Amex-Pay-Foodies.log)
`
`
`
`
`
`57
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 59 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 59 of 113
`
`
`
`58
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 60 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 60 of 113
`
`
`
`59
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 61 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 61 of 113
`
`
`
`60
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 62 of 113
`
`Activity during Web payment transaction (excerpted from AP-NYTimes-Amex-Subscribe.log):
`
`
`
`
`61
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 63 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 63 of 113
`
`
`
`62
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 64 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 64 of 113
`
`
`
`63
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 65 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 65 of 113
`
`
`
`64
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 66 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 66 of 113
`
`
`
`65
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 67 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 67 of 113
`
`
`
`66
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 68 of 113
`
`Activity during a payment transaction to fund a Clipper card (excerpted from AP-Clipper-Add-and-Fund.log):
`
`
`
`
`67
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 69 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 69 of 113
`
`
`
`68
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 70 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 70 of 113
`
`
`
`69
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 71 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 71 of 113
`
`
`
`70
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 72 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 72 of 113
`
`
`
`71
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 73 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 73 of 113
`
`
`
`72
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 74 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 74 of 113
`
`
`
`73
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 75 of 113
`
`
`See also:
`• AP-Amex-Add.wmv and AP-Amex-Add.log;
`• AP-Apple-Cash-add.wmv and AP-Apple-Cash-Add.log
`• AP-Clipper-Add-and-Fund.wmv and AP-Clipper-Add-and-Fund.log
`• AP-Amex-Pay-Foodies.wmv and AP-Amex-Pay-Foodies.log
`• AP-Apple-Cash-Funding.wmv and AP-Apple-Cash-Funding.log
`• AP-Clipper-Add-and-Fund.wmv and AP-Clipper-Add-and-Fund.log
`
`
`For example, the secure key(s) are subsequently used to establish a secured channel (e.g. a security domain, secured session, and/or other channel or session
`protected by keys) between the e-purse applet (e.g. payment card Applet) and an e-purse security authentication module external to the smart card, such as
`a SAM behind a payment server (e.g. an HSM, vault, or software-based security authentication module behind an Apple Pay, TSP, TSP, and/or issuer
`server, or application and/or web server(s) connected thereto).
`For example, card applets further comprise applications that are configured with data prepared over the secured channel.
`RFCyber may supplement these contentions, including once access to relevant documents and/or source code is provided.
`
`
`Every Accused Product comprises a processor configured to execute the module to perform receiving the data from the server to associate the application
`with the secure element, wherein the application subsequently functions in conjunction with the secure element.
`For example, the iPhone 13 Pro receives the data (for example, updated security keys, SEID, access rules, and applets) from the server to associate the
`application (such as Apple Pay, Apple Cash, Apple Wallet, a card manager applet and/or a card applet) with the secure element for example by
`personalizing and/or provisioning the applet, and/or preparing the applet with operations keys.
`For example, the Accused iPhone 13 Pro personalizes e-purse Applets (e.g. payment card Applets) with a method comprising establishing an initial security
`channel (such as a security domain) between the smart card, and the e-purse SAM on or behind such as a security module located behind a payment server
`or a Apple payment server (e.g. a SAM of an Apple Pay server, TSP server, TSM server, or application and/or web server(s) connected thereto), to install
`and personalize the payment card applet in the smart card. For example, upon information and belief, e-purse applets are personalized and installed in the
`smart card during provisioning, and/or dynamically installed in memory of the smart card when selected or activated through Apple Pay and/or Apple
`Wallet.
`See Activity while adding a card (excerpted from AP-AMEX-Add.log; see also AP-Apple-Cash-Add.log, AP-Clipper-Add-and-Fund.log):
`
`1[g] receiving the data
`from the server to associate
`the application with the
`secure element, wherein
`the application
`subsequently functions in
`conjunction with the secure
`element.
`
`
`
`74
`
`

`

`
`
`Adding Card
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 76 of 113
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed
`
`Adding to Wallet...
`
`
`
`75
`
`
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 77 of 113
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 77 of 113
`
`
`
`
`
`76
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 78 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 78 of 113
`
`
`
`77
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 79 of 113
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 79 of 113
`
`
`
`
`
`78
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 80 of 113
`
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 80 of 113
`
`
`
`79
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 81 of 113
`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 81 of 113
`
` See also:
`
`
`See also:
`
`
`
`80
`80
`
`

`

`Case 6:21-cv-00916-ADA-DTG Document 94-3 Filed 08/16/22 Page 82 of 113
`
`iOS Security White Paper at 8.
`
`
`