With Respect To U.S. Patent No. 6,411,941
`
`Ancora Technologies First Supplemental Infringement Contentions
`
`.EXHIBIT A
`
`Apple Inc. Exhibit 1026 Page 1
`
`

`
`EXHIBIT A
`
`2
`
`requesting the boot components used for the secure boot procedure. (ANCA 917, ii 0039,
`The "ticket retrieving module 217" first sends a "ticket request" to. the Apple Server
`
`(ANCA 917, ii 0042) (APL10102-10117)
`used to set-up the ''ticket". within the erasable, non-volatile memory area of the BIOS.
`server" ("Apple Server") as well as any other additional Apple software or hardware that is
`The agent, for example, includes a "ticket retrieving module 217," an Apple "authorization
`
`includes at least one license record,
`structure accommodating data that
`memory of the BIOS, the verification
`structure in the erasable, non-volatile
`using an agent to set up a verification
`
`(ANCA 875, ii 0082; ANCA 921, ii 0067; ANCA 952.) (APL10102-10117)
`system components to be loaded into [volatile RAM memory] memory from storage.".
`Kernel cache is loaded into volatile RAM memory and "causes a kernel and operating
`
`volatile memory,
`selecting a program residing in the
`
`iOS device. (ANCA916.) (APL10102-10117)
`(1) manufacture of an iOS device and (2) recovery, update and/or restore procedures of an
`(BIOS)."(ANCC 1027 i10080) The secure booting procedure is allegedly performed during:
`memory "may store firmware for the [iOS deviCe], such as a basic input/output system
`(See also, ANCA 756-787, 788-789, 880, 994, 926) The volatile memory and non-volatile
`memory {e.g.; ANCA 875, ii 0083; ANCA 921-9222, i10067 & ii 0068); (3) and a processor.
`0067); (2) non-volatile, erasable memory such as Read Only Memory (ROM), or flash
`are designed to include: (1) volatile RAM memory (e.g., ANCA 875, ii 0082; ANCA 921, ii
`Bootloader (LLB) and an iBoot. (ANCA 854-960.) Devices operating on the iOS platform
`902, 925, 937.) The secure boot procedure includes: a Secure Bootloader, a Low Level
`procedure that restricts non-verified programs from operating. (ANCA 421-422, 856, 879,
`For devices operating on the iOS platform ("iOS devices"), Apple uses a secure boot
`
`the method comprising the steps of:
`computer, and a volatile memory area;
`volatile memory area of a BIOS of the
`a computer including an erasable, non(cid:173)
`operation within a license for use with
`1. A method of restricting software
`
`I
`
`iOSDevices
`
`Claim Element of the '941 Patent
`
`With Respect To U.S. Patent No. 6,4ll,941
`
`Ancora Technologies First Supplemental Infringement Contentions
`
`Apple Inc. Exhibit 1026 Page 2
`
`

`
`EXHIBIT A
`
`3
`
`(APL10102-101l7)
`Apple has established an Apple Server for the iOS devices. (ANCA 903, 916-917.)
`
`Claim: 3
`
`bureau.
`establishing. a license authentication
`
`further comprising the steps of:
`2. A method according to claim 1,
`
`Claim: 2
`
`10117)
`under an alternative operating mode (e:g., DFU). (ANCA 854-855; 918-920.) (APL10102-
`is not verified, the program is determined to be invalid and the iOS device begins operation
`If the program's digest is verified, the program is allowed to operate. If the program's digest
`
`verification.
`acting on the program according to the
`
`BIOS. (ANCA 854-855; 918-920.} (APL10102-10117)
`verified against the "signed ticket" that is stored in the erasable, non-volatile memory area of
`During the boot procedure for the iOS device, the cryptographic digest of the program is
`
`BIOS, and
`erasable non-volatile memory of the
`the verification structure from the
`verifying the program using at least .
`
`memory of the BIOS. Id. (APL10102-10117)
`validated, the "signed ticket" is stored as a "local ticket" in the erasable, non-volatile
`the returned "signed ticket" matches the "ticket request" sent. (ANCA 918, ~ 0048) Once
`912, 916-923.) ·The "signed ticket" is returned to the iOS device and is "validated" to ensure
`identifiers" which are a license record used to verify the program. (ANCA 854-855, 904,
`for the iOS device. Each "sighed ticket" includes a cryptographic digest and "version
`0042) The Apple Server generates a "signed ticket" that operates as a verification structure
`l
`
`iOS Devices
`
`Claim Element of the '941 Patent
`
`With Respect To U.S. Patent No. 6,411,941
`
`Ancora Technologies First Supplemental Infringement Contentions
`
`Apple Inc. Exhibit 1026 Page 3
`
`

`
`EXHIBIT A
`
`4
`
`ii 0048) (APL10102-10117)
`The "signed ticket" is then transferred from the Apple server to the iOS device. (ANCA 918,
`
`record; and
`computer, the encrypted license(cid:173)
`transferring, from the bureau to the
`
`the Apple Server. (ANCA 918, ii 0046) (APL10102-10117)
`0044) Each "signed ticket" may further include a "signature cryptographically signed" by
`identified in the request. Each digest may be "a unique cryptographic value." (ANCA 918, ii
`signature that includes a "signed ticket" having a digest corresponding to each program
`The Apple Server validates the "ticket request" and transfers a signed personalized code
`
`identification as an encryption key;
`request-for-license using part of the
`the bureau by encrypting parts of the
`forming an encrypted license-record at.
`
`(ANCA 854-855, 904, 912, 916-923.) (APL7846-49) (APL10102-10117)
`identifier (i.e., UID, ECID or GID) that is a unique identification of a particular iOS device.
`include: (1) a cryptographic digest of each program, (2) a nonce value, and (3) a unique
`The iOS device transfer a "ticket request" or Plist file to the authorization center that may
`
`(APL10102-10117)
`communication link between the iOS device and the Apple Server. (ANCA 903, 916-917.)
`A "ticket retrieving module" located on the iOS device establishes a two~way data
`
`I
`
`iOS Devices
`
`selected program;
`the license-record's contents from the
`an identification of the computer and
`bureau, a request-for-license including
`transferring, from the computer to the
`
`communications linkage;
`and the bureau, a two-way data(cid:173)
`establishing, between the computer
`
`of:
`structure further comprising the steps
`wherein setting up a verification
`3. A method according to claim 2,
`
`Claim Element of the '941 Patent
`
`With Respect To U.S. Patent No. 6,411,941
`
`Ancora Technologies First Supplemental Infringement Contentions
`
`Apple Inc. Exhibit 1026 Page 4
`
`

`
`EXHIBIT A
`
`5
`
`951-952.) (APL 7846-49) (APL10102-10117)
`memory area, such as a "GID," "ECID," or "UID." (ANCA 854-855, 912, 916-923,
`The iOS devices establish or certify pseudo-unique keys stored in a non-volatile
`
`of:.
`verification structure includes the steps
`wherein using an agent to set up the
`7. A method according to claim 6
`
`Claiin: 7
`
`(APL10102-10117)
`establishing the contents of the. OS used to form the "signed ticket" (ANCA 952.)
`Loading the OS in volatile RAM (ANCA 875, ~ 0082; ANCA 921, ~ 0067) includes
`
`r
`
`~
`
`854-855, 912, 917, 951-952.) (APL 7846-49) (APL10102-10117)
`The iOS devices include unique keys, such as "UID," "ECID" and "GID" keys. (ANCA
`
`used to form the license-record.
`software-program
`includes contents
`computer wherein
`licensed-
`program in the volatile memory of the
`licensed-software-
`establishing
`
`said
`
`a
`
`the steps of:
`wherein selecting a program includes
`6. A method according to claim 1
`
`Claim: 6
`
`computer includes the unique key.
`wherein the identification of the
`5. A method according to claim 3
`
`Claim: 5
`
`of the BIOS.
`
`is stored as a ''local ticket" in the erasable, non.:. volatile memory of the BIOS. Id ..
`the iOS device. (ANCA 918, ~ 0048) (APL10102-10117)0nce validated, the "signed ticket"
`the erasable non-volatile memory area
`storing the encrypted license record in The "signed ticket is "validated" to verify it matches the "ticket request" originally sent by
`I
`
`I
`
`iOS Devices
`
`Claim Element of the '941 Patent
`
`With Respect To U.S. Patent No. 6,411,941
`
`Ancora Technologies First Supplemental Infringement Contentions
`
`Apple Inc. Exhibit 1026 Page 5
`
`

`
`EXHIBIT A
`
`6
`
`the erasable, non.:.volatile memory area of the BIOS. Id
`The "signed ticket" which includes the cryptographic digest is then stored or established in
`
`established license-record locations.
`record in one of the at least one
`establishing the encrypted license-
`
`contents, using the key; and
`record with other predetermined data
`of the contents used to form a license-
`forming a license-record by encrypting for a device." (ANCA 854-855, 912, 918.) (APLl 0102-10117)The "signed ticket". includes
`The "signed ticket" received from the Apple Server is encrypted using "a unique identifier
`
`cryptographic digests that are encrypted using "a unique identifier[.]" Id.
`
`..
`
`952.) (APL10102-10117)
`volatile BIOS, and is established by the iOS devices. (ANCA 854-855, 912, 916-923, 951-
`The "signed ticket," which includes cryptographic digests, is stored in the erasable, non-
`
`includes the steps of:
`wherein establishing a license-record
`8. A method according to claim 6
`
`Claim: 8
`
`volatile memory area of the BIOS.
`memory area or in the erasable, non-.
`location in the first nonvolatile
`establishing at least one license-record
`
`and
`volatile memory area of the computer; .
`of a pseudo-unique key in a first non-
`establishing or certifying the existence
`
`l
`~
`
`iOS Devices
`
`Claim Element of the '941 Patent
`
`With Respect To U.S. Patent No. 6,411,941
`
`Ancora Technologies First Supplemental Infringement Contentions
`
`Apple Inc. Exhibit 1026 Page 6
`
`

`
`EXHIBIT A
`
`7
`
`that is generated by the iOS device. Id. (APL10102-10117)
`it 0054) The decrypted digest from the "signed ticket" is compared against a program digest
`mode, a "kemelcache digest" is generated from the "kemelcache" component. (ANCA 919,
`retrieved from the "sign:ed ticket" and decrypted. Id. When the iOS device is in "autoboot"
`Cryptographic digests corresponding to a particular program (e.g., a kemalcache) are
`
`(APL10102-l0117)
`UID, ECID or GID).
`(APL7846-49)
`includes cryptographic digests that are decrypted using a key stored on the iOS device (e.g.,
`The "signed ticket" that is stored in the. erasable, non-volatile memory area of the BIOS
`
`(ANCA 854-855, 912, 916-923, 951-952.)
`
`Claim: 10
`
`the BIOS.
`erasable non-volatile memory area of
`the decrypted license-record in
`program's license-record contents with
`comparing the license-software(cid:173)
`memory area of the BIOS, or
`record in the erasable, non~volatile
`contents with the encrypted license(cid:173)
`software-program's license-record
`comparing the encrypted licenses(cid:173)
`
`using the pseudo-unique key; and
`volatile memory area bf the BIOS,
`the license-recordin the erasable, non".'
`the volatile memory area or decrypting
`program's license-record contents from
`encrypting the licensed-software(cid:173)
`
`includes the steps of:
`wherein verifying the program
`9. A method according to claim 7
`
`Claim: 9
`
`I
`
`iOS Devices
`
`Claim Element of the '941 Patent
`
`· With Respect To U.S. Patent No. 6,411,941
`
`Ancora Technologies First Supplemental Infringement Contentions
`
`Apple Inc. Exhibit 1026 Page 7
`
`

`
`EXHIBIT A
`
`8
`
`Claim: 14
`
`such as "UID," "ECID," "GID" or "trusted keys." (ANCA 854-855, 912, 917, 951-952.)
`· The iOS devices include keys stored in the erasable, non-volatile memory area of the BIOS,
`
`volatile memory area of the computer. · (APL7846-49) (APL10102-10117)
`unique key is stored in a first non-
`13. The method of claim 1, wherein a
`
`Claim: 13
`
`(APL7846-49) (APL10102-10117)
`such as "UID," "ECID," "GID" or "trusted keys." (ANCA 854-855, 912, 917, 951-952.)
`The iOS devices include keys stored in the erasable, non-volatile memory area of the BIOS,·
`
`non-volatile memory of the BIOS.
`pseudo-unique key is stored in the
`12. The method of claim 1, wherein a
`
`788-789, 857, 880, 926, 994.) (APL10102-10117)
`Every device running the iOS platform includes volatile RAM memory. (ANCA 756-787,
`
`boot operations or refuse operation of the program. Id.
`cryptographic digest of the program is determined to be invalid, the iOS device will stop
`corresponding cryptographic . digest stored ·within the "signed ticket." Id.
`If the
`(APL10102-10117) Cryptographic digests of each program are compared against the
`UID, ECID or GID).
`(APL7846-A9)
`includes cryptographic digests that are decrypted using a key stored on the iOS device (e.g.,
`The "signed ticket" that is stored in the erasable, non-volatile memory area of the BIOS
`
`(ANCA 854-855, 912,. 916-923, 951-952.)
`
`I
`
`iOS Devices
`
`Claim: 12
`
`RAM.
`wherein the volatile memory is a
`11. A method according to claim 1
`
`Claim: 11
`
`insufficiency.
`comparing yields non-unity or
`with predetermined limitations if the
`restricting the program's operation
`
`includes the step: .·
`wherein acting on the program
`10. A method according to claim 9
`
`Claim Element of the '941 Patent
`
`With Respect To U.S. Patent No. 6,411,941
`
`Ancora Technologies First Supplemental Infringement Contentions
`
`Apple Inc. Exhibit 1026 Page 8
`
`

`
`EXHIBIT A
`
`9
`
`(APL 7846-49) (~PL 10102-10117)
`through the same well-known hashing and encryption algorithms." (ANCA 1130, ii 45)
`The iOS device "derives another signature value from the code image according to the UID
`
`10117)
`through well-known hashing and encryption algorithms."Id (APL7846-49) (APL10102-
`includes "a signature value signed over the code image according to the UID of the device
`preset attribute in an attribute value pair inside the code image." Id. The header value
`(ANCA 1130, ii 45 & 58) (APL10102-10117) The header value is "extracted based on a
`The iOS device "may extract a header value from the code image" such as a "kemelcache"
`
`information; and
`to form second encrypted license
`volatile memory area of the computer
`unique key stored in the first non(cid:173)
`encrypting the license record using the
`
`software program;
`extracting the license record from the
`
`wherein the verification comprises:
`15. The method according to claim 14,
`
`·Claim: 15
`
`(APL10102-10117)
`the iOS device, such as the "UID," "ECID," or "GID." (ANCA 872.)
`(APL7846-49)
`key tag is wrapped using one of the keys stored in the erasable, non-volatile memory area of
`the BIOS; Id The program is encrypted using a key that may be stored in a "key tag." The
`program. Id The "signed ticket" is then stored in the erasable, non-volatile memory area of
`that are encrypted using "a unique identifier" and "version identifiers" corresponding to the
`854-855, 912, 918.) (APL10102-10117) The "signed ticket" includes cryptographic digests
`.. ticket." Id. The "signed ticket" is encrypted using "a unique identifier for a device." (ANCA
`923.) The Apple Server generates a "personalized code signature" that includes a "signed
`Apple "Ticket Authorization Server" ("Apple Server"). (ANCA 854-855, 904, 912, 916-
`The iOS .devices generate a "property list" (Plist) or "ticket request" that is transmitted to an
`
`program using at least the unique key.
`encrypting a license record data in the .
`including the license record, includes
`set up the verification record,
`wherein the step of using the agent to
`14: The method according claim 13,
`
`I
`I
`
`iOS Devices
`
`Claim Element of the '941 Patent
`
`With Respect To U.S. Patent No. 6,411,941
`
`Ancora Technologies First Supplemental Infringement Contentions
`
`Apple Inc. Exhibit 1026 Page 9
`
`

`
`EXHIBIT A
`
`10
`
`cryptographic digests that are also encrypted using "a unique identifier[.]" Id.
`for a device." (ANCA 854-855, 912, 918.) (APL10l02-10117) The "signed ticket" includes
`The "signed ticket" received from the Apple Server is encrypted "using a unique identifier
`
`(APL10102-10117)
`UID, ECID or GID). (ANCA 854-855, 912, 916-923, 951-952.) (APL7846-49)
`includes cryptographic digests that are decrypted using a key stored on the iOS device (e.g.,
`The "signed ticket" that is stored in the erasable, non-volatile memory area of the BIOS
`
`verify whether the code image is trusted." Id. (APL10102-10117)
`The iOS device "compare[s]the derived signature value and the extracted signature value to
`
`leastthe unique key.
`accommodated in the program using at
`encrypting the license record that is
`
`program includes
`wherein the step of verifying the
`1 7. The method according to claim 13, .
`
`Claim: 17
`
`using at least the unique key.
`non-volatile memory area of the BIOS ·
`accommodated in the erasable second
`decrypting the license record data
`
`program includes a
`wherein the step of verifying the
`16. The method according to claim 13,
`
`Claim: 16
`
`encrypted license information.
`of the computer with the second
`non-volatile memory area of the BIOS .
`information stored in the erasable,
`comparing the encrypted license
`
`I
`
`iOS Devices
`
`Claim Element of the '941 Patent
`
`With Respect To U.S. Patent No. 6,411,941
`
`Ancora Technologies First Supplemental Infringement Contentions
`
`Apple Inc. Exhibit 1026 Page 10