EXHIBIT A
`EXHIBIT A
`
`Petitioner's Exhibit 1016, Page 1
`
`

`

`
`
`UNITED STATES DISTRICT COURT
`FOR THE WESTERN DISTRICT OF TEXAS
`
`
`PROXENSE, LLC,
`
`Plaintiffs,
`
`v.
`
`SAMSUNG ELECTRONICS, CO., LTD. and
`SAMSUNG ELECTRONICS AMERICA, INC,
`
`Defendants.
`
`
`
`
`
`Civil Action No. 6:21-cv-00210-ADA
`
`
`
`
`
`INFRINGEMENT CONTENTIONS FOR US PATENT NO. 8,352,730
`
`Petitioner's Exhibit 1016, Page 2
`
`

`

`U.S. Patent Number 8,352,730 – Preliminary Infringement Contentions1
`
`
`
`Assignee:
`Title:
`Filing Date:
`Publication Date:
`Inventor:
`
`
`
`Proxense, LLC
`Biometric personal data key (PDK) authentication
`2005-12-20
`2013-01-08
`Giobbi, John J.
`
`‘730 Patent Claim2
`1
` A method for verifying a user during authentication of an
`integrated device, comprising the steps of4:
` persistently storing biometric data of the user and a
`plurality of codes and other data values comprising a
`device ID code uniquely identifying the integrated device
`and a secret decryption value in a tamper proof format
`written to a storage element on the integrated device that
`is unable to be subsequently altered;
`
`Accused Instrumentality And Where Each Claim Element Is Found3
`Samsung Pay preloaded5 smartphones carry out the claimed method, literally or by
`the doctrine of equivalents, for at least the reasons set forth below:
`persistently storing biometric data of the user … in a tamper proof format written
`to a storage element on the integrated device that is unable to be subsequently
`altered
`
`
`Utilizing the Android operating system, Samsung Pay preload smartphones
`persistently store biometric data of the user in a tamper proof format written
`
`
`1 The Preliminary Infringement Contentions (PICS) provided herein are based on information obtained to date and may not be exhaustive. Plaintiff’s investigation of Defendants’
`infringement is ongoing. Plaintiff reserves the right to supplement and/or amend these PICS to identify additional instrumentalities and to further identify where each element of
`each claim is found in each accused instrumentality, including on the basis of discovery obtained from Defendants, and from third-parties during the course of this litigation,
`pursuant to ¶2 of the Order Governing Proceedings – Patent Cases under Hon. Alan D. Albright.
`
` 2
`
` All PICS set forth herein for any independent patent claims are hereby incorporated by reference into the PICS alleged for any dependent patent claims that depend on such
`independent claims, as if fully set forth therein.
`
` 3
`
` The Accused Instrumentalities and associated exhibits discussed and/or cited for any claim herein are representative in all material respects of all other accused instrumentalities
`identified for that claim (e.g., a specified Samsung Galaxy phone may be used as a representative example in these charts since the other accused instrumentalities have immaterial
`differences in their hardware and/or software configuration, the cited references are believed to be illustrative of all such accused devices).
`
` 4
`
` Plaintiff’s inclusion of any claim preamble in this claim chart should not be interpreted as an admission that the preamble is limiting. Plaintiff reserves the right to take the
`position that the claim preambles are limiting or not limiting on a claim-by-claim basis.
`
` 5
`
` For the avoidance of doubt, "preloaded" includes devices that ship with Samsung Pay pre-installed or upon which Samsung Pay is otherwise installed by Defendants (e.g.,
`through operating system upgrades).
`
`
`1
`
`Petitioner's Exhibit 1016, Page 3
`
`

`

`‘730 Patent Claim2
`
`Accused Instrumentality And Where Each Claim Element Is Found3
`to a storage element on the integrated device that is unable to be
`subsequently altered.
`
`Starting with the Galaxy S6 and S6 Edge, Samsung sold mobile phones
`preloaded with Samsung Pay.
`Samsung Newsroom, Samsung’s Unpacked Event to Set the Pace for
`Mobile World Congress (2015), http://news.samsung.com/global/samsungs-
`unpacked-event-to-set-the-pace-for-mobile-world-congress (“The Galaxy
`S6 and S6 edge will come with Samsung Pay, a highly secure and
`universally accepted mobile payment system that will work with most
`credit cards, debit cards and NFC.”); Cho Jin-young, Samsung to Pre-install
`Samsung Pay in Its All Smartphone Starting from Next Year (2016),
`http://www.businesskorea.co.kr/news/articleView
`.html?idxno=16767 (“An official from Samsung Electronics said on
`December 14, ‘We have decided to pre-install Samsung Pay in Samsung
`Electronic’s smartphone to be released from next year.’”).
`
`Samsung’s devices persistently store user biometric data, which can be used
`in connection with Samsung Pay. “To add an extra layer of security to [a
`user’s] Samsung Pay account, [users] can turn on biometric security, like
`Fingerprint or Iris Verification.” Set up Samsung Pay on your phone,
`https://www.samsung.com/us/support/answer/ANS00045081 The persistent
`storage of user biometric data on Samsung devices must include, e.g., a
`fingerprint or iris template of the user, to verify a scan of a user’s
`fingerprint or iris against.
`
`Samsung Pay preloaded smartphones utilize the Android OS. Protecting
`biometric data, Android’s implementation guidelines require tamper-proof
`“raw fingerprint data or derivatives (for example, templates) [that] must
`never be accessible from outside the sensor driver or TEE” (trusted
`execution environment) and “fingerprint acquisition, enrollment, and
`recognition must occur inside the TEE”. Android Open-Source Project:
`Fingerprint HIDL,
`https://source.android.com/secruity/authentication/fingerprint-hal.
`Requiring acquisition and recognition to occur inside the TEE, when
`
`
`
`2
`
`Petitioner's Exhibit 1016, Page 4
`
`

`

`‘730 Patent Claim2
`
`Accused Instrumentality And Where Each Claim Element Is Found3
`following the implementation guidelines, fingerprint data never leaves the
`TEE. Android’s TEE, called Trusty, “uses ARM’s TrustzoneTM to
`virtualize the main processor and create a secure trusted exaction
`environment” isolated from the rest of the system. Android Open-Source
`Project: Trusty TEE, https://source.android.com/security/trusty.
`Accordingly, fingerprint data, which never leaves the TEE, also never
`leaves the Trustzone housing, Trusty. Keeping biometric data within the
`Trustzone, Android phones, including Samsung devices utilizing Samsung
`Pay, can persistently store biometric data in a tamper proof format.
`
`Samsung Pay admittedly adheres to Android’s implementation guidelines.
`Specifically, Samsung Pay utilizes Samsung Knox. “With Samsung Pay …
`Samsung Knox and tokenization add extra layers of security.” Samsung
`Pay, https://www.samsung.com/us/samsung-pay. On Samsung devices
`utilizing Knox, “the authentication software doesn’t share or distribute the
`biometric measurements of any user.” Knox Platform for Enterprise,
`Version 1.3.1 (2020), page 41. “The measurements are stored in a format
`that can’t be used to reproduce the original biometric, and can only be
`accessed and decoded within the specific part of the TrustZone that has
`access to the biometric hardware.” Id. Ensuring biometrics only accessible
`within a specific part of the Trustzone can access to the biometric hardware,
`Samsung Knox keeps biometric information within the Trustzone, adhering
`to Android’s implementation guidelines.
`
`On Android devices (like the Samsung devices preloaded with Samsung
`Pay), access to the biometric hardware is controlled by Fingerprint HIDL.
`“Android uses Fingerprint Hardware Interface Definition Language (HIDL)
`to connect to a vendor-specific library and fingerprint hardware (for
`example, a fingerprint sensor).” Android Open Source Project: Fingerprint
`HIDL, https://source.android.com/secruity/authentication/fingerprint-hal.
`Only permitting access to biometric information to elements having access
`to biometric hardware, Samsung Pay preloaded smartphones utilizing Knox
`must limit access to fingerprint biometric data to that permitted by
`Fingerprint HIDL. The methods enabled by the Fingerprint HIDL do not
`permit altering biometric data. Id. (providing a listing of methods, none of
`
`
`
`3
`
`Petitioner's Exhibit 1016, Page 5
`
`

`

`Accused Instrumentality And Where Each Claim Element Is Found3
`which allowing for the alternation of biometric data.). Keeping fingerprint
`and other biometric data within a portion of the Trustzone only accessible
`by Fingerprint HIDL, which lacks a method for altering biometric data,
`Samsung Pay preloaded smartphones persistently store biometric data of the
`user in a tamper proof format written to a storage element on the integrated
`device that is unable to be subsequently altered.
`
`
`persistently storing … a device ID code uniquely identifying the integrated device
`… in a tamper proof format written to a storage element on the integrated device
`that is unable to be subsequently altered
`
`
`Safeguarding credit card information with EMV payment tokens, Samsung
`Pay preloaded smartphones persistently store a device ID code uniquely
`identifying the smartphone in a tamper proof format written to a storage
`element on the integrated device that is unable to be subsequently altered.
`“Samsung [was] among the first to implement EMV payment tokens in
`digital wallets that hold credentials for several payments use cases.” EMV
`Payment Tokenization Primer and Lessons Learned, U.S. Payments Forum
`(2019), page 12. “EMV payment tokens are open-loop tokens provisioned
`by a TSP and, like other tokens, are used to replace the actual payment
`credential (e.g., PAN) with another numeric value.” Id., at 8. Payment
`tokens, accordingly, are issued (“provisioned”) to Samsung Pay preload
`smartphones in exchange for a credit card number by a token service
`provider (TSP), such as Visa, MasterCard, Discover, and American
`Express. Id., at 23 (Figure 5 – identifying Visa, MasterCard, American
`Express and Discover as Token Service Providers). “Payment tokens may
`vary depending on implementation, but typically there is a unique token for
`each device, which bears no resemblance to the PAN (e.g., the final four
`digits do not match).” Id., at 8 (emphasis added). EMV Payment tokens,
`which are device-specific, are stored by Samsung Pay preloaded
`smartphones as “device ID codes.”
`
` A
`
` device ID is defined in the Specification as a “value that uniquely
`identifies” a device, which may be “provided during enrollment.” U.S.
`Patent No. 8,886,954, Col. 5, ll. 37-44 (“[I]n one embodiment the code is a
`
`‘730 Patent Claim2
`
`
`
`4
`
`Petitioner's Exhibit 1016, Page 6
`
`

`

`‘730 Patent Claim2
`
`Accused Instrumentality And Where Each Claim Element Is Found3
`device ID or other value that uniquely identifies biometric key 100… In
`other embodiments, the code is provided during enrollment and/or the
`biometric data are provided during manufacturing.”). EMV payment tokens
`uniquely identifies devices, as no two devices will have the same payment
`token. Replacing a provided credit card number during provisioning, EMV
`token are assigned during enrollment of the credit card number on a
`particular device. Accordingly, EMV payment tokens are values uniquely
`identifying Samsung Pay preloaded smartphones provided during card
`enrollment, and therefore an identified embodiment of device ID codes.
`
`After receiving device ID codes / EMV payment tokens, Samsung Pay
`preloaded smartphones store tokens on a secure element. The EMV
`Payment Tokenisation Specification – Technical Framework v2.2 (2020)
`lists in Table 5.1, pages 41-42, three locations a smartphone may store a
`payment token – one them being a “secure element / ICC”. The initial
`Samsung Pay preloaded smartphones, the Galaxy S6 and S6 Edge, included
`the Infineon SLE 97 ICC. Infineon Supplies Embedded Secure Element
`Chip for new Samsung Galaxy S6 and S6 edge Smartphone, Infineon
`Technologies (2015), http://www.infineon.com/cms/en/about-
`infineon/press/market-news/2015/INFCCS201503-040.html (“We are
`proud that the SLE 97 has been selected by our customer Oberthur
`Technologies to secure Samsung’s new flagship smartphones Galaxy S6
`and S6 Edge.”). “Infineon’s SLE 97 is a SOLID FLASHTM-based eSE chip
`which can safeguard … transactions where user’s sensitive data such as
`payment credentials are concerned.” Id. Subsequent Samsung Pay preload
`smartphones continued to use ICC secure elements. See e.g. EMVCo Letter
`of Approval – EMV Contactless Level 1 Mobile Product, Approval No.
`MTA_LOA_SAEL_01032 (Identifying the “Execution Environment” as
`UICC and HCE). Secure elements are recognized as “a dynamic
`environment to store data securely, process data securely and perform
`communication with external entities securely,” that “will not allow
`unauthorized access.” EMV Payment Tokenization Primer and Lessons
`Learned, U.S. Payments Forum (2019), page 41. Securely storing EMV
`payment tokens on an element not allowing unauthorized access, Samsung
`Pay preloaded smartphones therefore persistently store a device ID code
`
`
`
`5
`
`Petitioner's Exhibit 1016, Page 7
`
`

`

`‘730 Patent Claim2
`
`Accused Instrumentality And Where Each Claim Element Is Found3
`uniquely identifying the smartphone in a tamper proof format, written to a
`storage element on the integrated device, that is unable to be subsequently
`altered.
`
`
`persistently storing … a secret decryption value in a tamper proof format written to
`a storage element on the integrated device that is unable to be subsequently altered
`
`Samsung Pay preloaded smartphones utilize the Android OS. Android’s
`implementation guidelines protect biometric data by requiring “fingerprint
`templates must be signed with a private, device-specific key.” Android
`Open Source Project: Fingerprint HIDL,
`https://source.android.com/secruity/authentication/fingerprint-hal. As
`detailed above, Samsung Pay preloaded smartphones must adhere to these
`guidelines.
`
`Samsung Pay preloaded smartphones contain a private key. Private key
`operations include singing and decrypting. Android Open-Source Project:
`Keymaster Functions,
`https://source.android.com/security/keystore/implementer-ref (“Private key
`operations (KeyPurpose::DECYPT and KeyPurpose::SIGN)”.). The private
`key utilized to sign a fingerprint template is a secret decryption value.
`
`Within the Android OS, “Keystore API and Keymaster components
`provide hardware-backed cryptography for secure key storage in a secure
`environment, such as the Trusted Execution Environment (TEE).” Android
`Open-Source Project: Fingerprint HIDL,
`https://source.android.com/secruity/authentication/fingerprint-hal. In
`addition to Android’s native security features, “with Samsung Pay …
`Samsung Knox and tokenization add extra layers of security.” Samsung
`Pay, https://www.samsung.com/us/samsung-pay/. Knox “builds upon the
`Android Keystore by providing a tamper-proof, detection-based lock-down
`of cryptographic keys.” Knox Platform for Enterprise, Version 1.3.1
`(2020), page 29. With Knox protection built on the Keystore, Samsung Pay
`preloaded smartphones persistently store a secret decryption value in a
`
`
`
`6
`
`Petitioner's Exhibit 1016, Page 8
`
`

`

`‘730 Patent Claim2
`
`Accused Instrumentality And Where Each Claim Element Is Found3
`tamper proof format written to a storage element on the integrated device
`that is unable to be subsequently altered.
`
` wherein the biometric data is selected from a group
`consisting of a palm print, a retinal scan, an iris scan, a
`hand geometry, a facial recognition, a signature
`recognition and a voice recognition;
`
`“Samsung Pay uses three levels of security to enable secure payments:
`fingerprint or iris-scanning authentication, tokenization and Samsung Knox,
`Samsung’s defense-grade mobile security platform.” Samsung Pay Reaches One
`Year Anniversary in the United States, Samsung Newsroom (2016),
`http://news.samsung.com/global/samsung-pay-reaches-one-year-anniversary-in-
`
` responsive to receiving a request for a biometric
`verification of the user, receiving scan data from a
`biometric scan;
`
`the-united-states.
`
`Samsung Pay preloaded smartphones request biometric verification before
`providing payment credentials when shopping online, through merchant apps, and
`in brick-and-mortar stores. The location of the purchase determines how the
`request is initiated.
`
`(1) When shopping online at a merchant’s website, Samsung Pay preloaded
`smartphones receive a push notification requesting biometric verification. On the
`website, a “user can select ‘Samsung pay’ option to pay, and then payment
`requesting push message will be arrived to user’s device and the payment can be
`confirmed by user authentication.” Samsung Pay Web checkout Integration guide,
`Document version 1.4 (2018), page 7. When the user clicks on the push
`notification received on their Samsung Pay preload smartphone, a “Payment Sheet
`is opened [and] User authentication is performed” giving the user the option to
`“pay with fingerprint”. Id., at 6. Receiving a push notification prompting the user
`to authenticate by paying with their fingerprint, Samsung Pay preloaded
`smartphones therefore receive a request for biometric verification.
`
`7
`
`Petitioner's Exhibit 1016, Page 9
`
`

`

`‘730 Patent Claim2
`
`Accused Instrumentality And Where Each Claim Element Is Found3
`(2) Samsung Pay preloaded smartphone also receive a request for biometric
`verification when shopping with merchant apps installed on the smartphone. The
`request, however, is passed internally. Samsung details how Samsung Pay is
`integrated with merchant apps in the Samsung Pay Developers Onboarding and
`Project Integration Guide: In-App Payments for Merchants, Doc Rev 3.1-US
`(2017). Within the Guide, a figure depicting the “general use case” is presented on
`page 18. As depicted in the Figure, the merchant app installed on the smartphone
`communicates with preloaded Samsung Pay app through an API (application
`programming interface).
`
`In order to be paid the merchant app calls the startIn-AppPay function of the API,
`which “initiates payment request with Samsung Pay.” Id, at 26. As shown in the
`in figure on page 18, when the merchant app calls startIn-AppPay, Samsung Pay
`responds by presenting the user “with a payment sheet, which includes card
`selection and shipping address confirmation.” Id., at 17. After being presented the
`payment sheet, “the user then authenticates the payment method, amount, and
`delivery address with a fingerprint.” Id., at 17. Presenting the user with a payment
`sheet to authenticate payment with a fingerprint, Samsung Pay preloaded
`smartphones therefore receive a request for biometric verification from merchant
`apps installed on the phone.
`
`(3) “Combining NFC with Samsung’s proprietary MST technologies, Samsung Pay
`provides consumers a way to pay almost anywhere you can swipe or tap a card at
`millions of merchant locations.” Samsung Pay Reaches One Year Anniversary in
`the United States, Samsung Newsroom (2016),
`http://news.samsung.com/global/samsung-pay-reaches-one-year-anniversary-in-
`the-united-states. Samsung Pay preloaded smartphones utilize the Android OS,
`as noted supra. “Android 4.4 introduce[d a] new platform support for secure NFC-
`based transactions through Host Card Emulation (HCE), for payments, loyalty
`programs, card access, transit passes, and other custom services.” Android KitKat,
`https://developer.android.com/about/versions/kitkat#44-hce. When a user taps a
`phone to a payment terminal, “Android uses Application Identifiers (AIDs) as
`defined in ISO/IEC 7816-4 as the basis for routing transactions to the correct
`Android applications”, such as the preloaded Samsung Pay. Id. When paying with
`Samsung Pay instore, “the app reads the transaction data and can use any local or
`
`
`
`8
`
`Petitioner's Exhibit 1016, Page 10
`
`

`

`‘730 Patent Claim2
`
` comparing the scan data to the biometric data to
`determine whether the scan data matches the biometric
`data;
`
`Accused Instrumentality And Where Each Claim Element Is Found3
`network-based services to verify and then complete the transaction.” Id. When
`opened in response to AID routing, Samsung Pay permits a user “to make a
`payment with [their] Favorite Cards, [by] swip[ing] up from the bottom of the
`screen. Then swip[ing] through and select[ing their] preferred card.” After
`selecting the card, the user “tap[s] PIN or IRIS … [or] simply place[s their] finger
`on [their] phone’s fingerprint scanner”. Make an in-store payment with Samsung
`Pay, http://www.samsung.com/us/support/answer/ANS0004512/. Requiring the
`user to place their finger on the Samsung Pay preloaded smartphone’s fingerprint
`reader, Samsung Pay preloaded smartphones therefore receive a request for
`biometric verification from the app itself.
`
`
`Whether through AID routing, functions call between apps, or push notifications,
`regardless of where a user is shopping Samsung Pay preloaded smartphones
`receive a request for biometric verification to authorize payment.
`
`As noted supra, Samsung Pay preloaded smartphone utilize the Android OS. On
`Android devices, “the fingerprint sensor of [the] device is generally”, but “in
`response to a call to authenticate … the fingerprint sensor listens for a touch”.
`Android Open Source Project: Fingerprint HIDL,
`https://source.android.com/security/authentication/fingerprint-hal. After the user
`places their fingerprint on the sensor, a “vendor-specific library determines if there
`is a fingerprint match in the current set of enrolled fingerprint templates.” Id.
`Determining whether there is a fingerprint match necessarily requires the vendor-
`specific library on the Samsung Pay preloaded smartphones to receive scan data
`from the biometric (fingerprint) scan.
`
`As noted supra, Samsung Pay preloaded smartphone utilize the Android OS. On
`Android devices, “the fingerprint sensor of [the] device is generally idle”, but “in
`response to a call to authenticate … the fingerprint sensor listens for a touch”.
`Android Open Source Project: Fingerprint HIDL,
`https://source.android.com/security/authentication/fingerprint-hal. After the user
`places their fingerprint on the sensor, a “vendor-specific library determines if there
`is a fingerprint match in the current set of enrolled fingerprint templates.” Id.
`Determining if there is a fingerprint match, requires the vendor-specific library on
`
`
`
`9
`
`Petitioner's Exhibit 1016, Page 11
`
`

`

`‘730 Patent Claim2
`
` responsive to a determination that the scan data matches
`the biometric data, wirelessly sending one or more codes
`from the plurality of codes and the other data values for
`authentication by an agent that is a third-party trusted
`authority possessing a list of device ID codes uniquely
`identifying legitimate integrated devices, wherein the one
`or more codes and other data values includes the device
`ID code; and
`
`Accused Instrumentality And Where Each Claim Element Is Found3
`the Samsung Pay preloaded smartphones compare scan data from the sensor to
`biometric data to determine whether the scan data matches the biometric data.
`
`responsive to a determination that the scan data matches the biometric data,
`wirelessly sending one or more codes from the plurality of codes and the other data
`values
`
`
`After authenticating payment, Samsung Pay preloaded smartphones
`wirelessly send one or modes codes, including device ID codes, regardless
`of where the user is shopping. To enhance security, “Samsung Pay uses
`three levels of security to enable secure payments: fingerprint or iris-
`scanning authentication, tokenization and Samsung Knox, Samsung’s
`defense-grade mobile security platform.” Samsung Pay Reaches One
`Year Anniversary in the United States, Samsung Newsroom (2016),
`http://news.samsung.com/global/samsung-pay-reaches-one-year-
`anniversary-in-the-united-states. “Samsung [was] among the first to
`implement EMV payment tokens in digital wallets that hold credentials for
`several payments use cases.” EMV Payment Tokenization Primer and
`Lessons Learned, U.S. Payments Forum (2019), page 12. Accordingly,
`Samsung Pay enabled smartphones contain payment tokens. EMV payment
`tokens, which, as detailed supra, are values uniquely identifying Samsung
`Pay preloaded smartphones provided during card enrollment, and thus are
`an identified embodiment of device ID codes.
`
`Using the EMV tokens to provide payment to merchants, Samsung Pay
`preloaded smartphones wirelessly transmit the token to merchants. When
`shopping online at a website, Samsung Pay preloaded smartphones receive
`a push notification requesting authorization by the user, as detailed supra.
`“After user authenticates payment data is encrypted with partner’s public
`key in user device, and will be sent it to Samsung server” and made
`available to the merchant’s website. Samsung Pay Web checkout
`Integration guide, Document version 1.4 (2018), page 7. Sending payment
`data to a server to be made available to the merchant’s website, Samsung
`Pay preloaded smartphone facilitate web payments by wirelessly
`transmitting data.
`
`
`
`10
`
`Petitioner's Exhibit 1016, Page 12
`
`

`

`‘730 Patent Claim2
`
`Accused Instrumentality And Where Each Claim Element Is Found3
`
`Similarly, when providing payment for in-app purchases, Samsung Pay
`preloaded smartphones wirelessly transmit EMV tokens to merchants as
`payment. Specifically, “Encrypted payment information is passed form the
`Samsung Pay to the PG [(Payment Gateway)] through the merchant app”.
`Samsung Pay Developers Onboarding and Project Integration Guide: In-
`App Payments for Merchants, Doc Rev 3.1-US (2017), page 17.
`
`In addition to providing payment information via virtual terminals,
`Samsung Pay preloaded smartphones utilize “combin[e] NFC with
`Samsung’s proprietary MST technologies [to provide] consumers a way to
`pay almost anywhere you can swipe or tap a card at millions of merchant
`locations.” Samsung Pay Reaches One Year Anniversary in the United
`States, Samsung Newsroom (2016),
`http://news.samsung.com/global/samsung-pay-reaches-one-year-
`anniversary-in-the-united-states. Tapping a credit card is an example of
`contactless payment. “In a contactless payment transaction, the
`consumer holds the contactless card, device, or mobile phone in close
`proximity (less than 2-4 inches) to the terminal and the payment account
`information is communicated wirelessly (via radio frequency [RF]) or
`NFC.” EMV Payment Tokenization Primer and Lessons Learned, U.S.
`Payments Forum (2019), page 39. Thus, by utilizing NFC, Samsung Pay
`preloaded smartphones wirelessly transmit payment information to in-store
`terminals.
`
`Transmitting payment information to servers, payment gateways, and NFC
`equipped in-store terminals, Samsung Pay preloaded smartphones therefore
`wirelessly transmit payment information regardless of where the user shops.
`
`
`wherein the one or more codes and other data values includes the device ID code
`
`Regardless of location, the merchant requires payment. But first, the
`merchant must seeks authorization for payment. The series of requests and
`responses permitting the merchant to get, as summarized in Figure 10.1 of
`the EMV Payment Tokenisation Specification: Technical Framework, v2.2
`
`
`
`11
`
`Petitioner's Exhibit 1016, Page 13
`
`

`

`‘730 Patent Claim2
`
`Accused Instrumentality And Where Each Claim Element Is Found3
`(2020), begins with the merchant submitting a Token Payment Request for
`transaction routing. The data included within the Token Payment Request,
`as detailed in Table 10.1 of EMV Payment Tokenisation Specification:
`Technical Framework, v2.2 (2020), is required to contain the payment
`token.
`
`During transaction routing within the payment network, the Token Payment
`Request is transformed to a Token Authorization Request, as detailed in
`Figure 10.1 of the EMV Payment Tokenisation Specification: Technical
`Framework, v2.2 (2020). As detailed in Table 10.3 of the EMV Payment
`Tokenisation Specification: Technical Framework, v2.2 (2020), a required
`field of the Token Authorization Request generated by the during routing
`the payment network is payment token. Accordingly, the payment token
`sent in the Token Payment Request from the merchant continues to persist
`during the token authorization request process. EMV payment tokens, as
`detailed supra, are values uniquely identifying Samsung Pay preloaded
`smartphones provided during card enrollment, and thus are an identified
`embodiment of device ID codes. Accordingly, an embodiment of device ID
`codes are included within the one or more codes and other data wireless
`sent.
`
`
`for authentication by an agent that is a third-party trusted authority possessing a list
`of device ID codes uniquely identifying legitimate integrated devices
`
`“The Token Authorisation request process continues until De-Tokenisation
`has been completed.” EMV Payment Tokenisation Specification: Technical
`Framework, v2.2 (2020), page 86. De-Tokenisation is performed by the
`token service provider. Visa, MasterCard, American Express and Discover
`each take on the role as token service providers. EMV Payment
`Tokenization Primer and Lessons Learned, U.S. Payments Forum (2019),
`page 23 (Figure 5 – identifying Visa, MasterCard, American Express and
`Discover as Token Service Providers). “Token Service Providers are
`responsible for a number of discrete functions which may include, but are
`not limited to: Maintenance and operation of a Token Vault … [and] De-
`
`
`
`12
`
`Petitioner's Exhibit 1016, Page 14
`
`

`

`‘730 Patent Claim2
`
`Accused Instrumentality And Where Each Claim Element Is Found3
`Tokenisation”. EMV Payment Tokenisation Specification: Technical
`Framework, v2.2 (2020), page 19.
`
`Maintaining the token vault and providing de-tokenisation, token service
`providers keep a list of device ID codes uniquely identifying legitimate
`integrated devices. The token vault maintained by Visa, MasterCard, and
`other token service providers is a “repository that maintains the established
`Payment Token / Token Expiry Date mapping to the underlying PAN /
`PAN Expiry Date and includes Payment Token related data”. Maintaining
`the mapping between payment tokens and underlying primary account
`numbers (PAN), the token vault represents a list of legitimate tokens. EMV
`payment tokens, as detailed supra, are values uniquely identifying Samsung
`Pay preloaded smartphones provided during card enrollment, and thus are
`an identified embodiment of device ID codes. As tokens are embodiments
`of device ID codes, the listing of legitimate payment tokens maintained by
`token service providers as part of the token vault is an identified
`embodiment of a list of device ID codes uniquely identifying legitimate
`integrated devices. Being responsible for maintaining such as listing as a
`token vault, token service providers are one embodiment of a third-party
`trusted authority possessing a list of device ID codes uniquely identifying
`legitimate integrated devices.
`
`Opening the token vault to perform de-tokenisation occurs in response to
`receiving the token authorization request containing the payment token.
`De-Tokenisation is “the process of converting a Payment Token and Token
`Expiry Date to its underlying PAN and PAN Expiry Date based on the
`Payment Token / Token Expiry Date mapping to the underlying PAN /
`PAN Expiry Date stored in the Token Vault.” Id, at 6. “The Payment
`Token SHALL be de-tokenised to the underlying PAN in the incoming
`Token Authorisation prior to sending the PAN Authorisation to the Card
`Issuer.” Id., at 91. Detokenizing in response to an incoming token
`authorization requests requires the token service provider be sent the token
`authorization. As noted supra, the token authorization sent to the token
`service provider contains the payment token wirelessly sent from a
`Samsung Pay preloaded smartphone after successful biometric
`
`
`
`13
`
`Petitioner's Exhibit 1016, Page 15
`
`

`

`‘730 Patent Claim2
`
` responsive to authentication of the one or more codes and
`the other data values by the agent, receiving an access
`message from the agent allowing the user access to an
`application, wherein the application is selected from a
`group consisting of a casino machine, a keyless lock, a
`garage door opener, an ATM machine, a hard drive,
`computer software, a web site and a file.
`
`
`
`Accused Instrumentality And Where Each Claim Element Is Found3
`authentication. Authenticating a user via biometrics, as noted above, entails
`a