Access Denied – Federal Court Finds Apple Did Not Infringe Biometric Security Patents

CPC Patent Technologies Pty Ltd v Apple Pty Limited [2025] FCA 489

Introduction

Justice Burley of the Federal Court has delivered judgment in proceedings between CPC Patent Technologies Pty Ltd (CPC) and Apple Pty Limited and Apple Inc (collectively, Apple), concerning alleged patent infringement by Apple’s biometric security systems – Touch ID (fingerprint recognition) and Face ID (face recognition) – used for unlocking Apple devices such as iPhones, iPads and Macs (Apple Devices).  Apple cross-claimed seeking revocation of CPC’s patents on various grounds of invalidity.

The Court found that the Apple devices did not infringe any of the asserted claims, rejecting CPC’s construction of key claim integers that sought to impermissibly broaden their scope by reference to their functional characteristics.  Apple’s cross-claim, which was advanced defensively, was dependent on findings contrary to Apple’s primary non-infringement case, and so was mostly unsuccessful.

CPC has since appealed Justice Burley’s decision to the Full Court, with Apple filing a cross-appeal in response.  A hearing has been set down for 2 March 2026.

Background

The case concerns two Australian patents owned by CPC, AU2004301168 (‘168) and AU2009201293 (‘293), both entitled “Remote entry system” (together, the Patents).  The Patents relate to secure access systems using wireless transmission of security code information, and claim a priority date of 13 August 2003 based on Provisional Application AU2003904317.

The Patents address a security vulnerability in traditional access systems whereby a user enters a code or provides a fingerprint at a keypad/sensor, which sends a signal along a wire to a controller that checks the signal against a database and, if valid, sends a command to unlock the door or device.  The Patents identify that the wire connecting the keypad to the controller is a weak point, which can be physically tampered with by an attacker who could intercept, decipher and replay the signal to gain unauthorised entry.

The inventions the subject of the Patents seek to eliminate this weak point through two key features:

(i) By replacing the wire with encrypted wireless communication; and

(ii) Performing biometric authentication at the keypad/sensor itself, before any signal is sent.

In the patented system, when a user provides their fingerprint to a keypad, the keypad immediately checks it against stored biometric data.  If authenticated, the keypad then sends an encrypted wireless signal containing a “rolling code” (a code that changes each time to prevent replay attacks) to a receiver, which verifies the code and unlocks the controlled item or device.

CPC alleged that Apple infringed claims of both Patents through the use of Touch ID and Face ID for unlocking 70 different Apple Devices.  Apple advanced various invalidity grounds, including lack of novelty, inventive step, manner of manufacture, fair basis, sufficiency and clarity.

Key Issues

The dispute raised several construction issues, including the construction of the following key integers:

(a)   “controlled item” (all asserted claims);

(b)   “transmitter sub-system” and “receiver sub-system” (all asserted claims, although claims 27, 29 and 37 of the ‘293 patent do not refer to a receiver sub-system);

(c)   “accessibility attribute” (all asserted claims);

(d)   “secure access signal” (claims 5 and 6 of the 168 patent and all asserted claims of the ‘293 patent);

(e)   “means for receiving a series of entries of the biometric signal, said series being characterised according to at least one of the number of said entries and a duration of each said entry, means for mapping said series into an instruction and means for enrolling relevant signatures into the database according to the instruction” (all asserted claims of the ‘293 patent) (the Series Feature); and

(f)   “administrator signature” (claims 3 and 6 of the ‘168 patent).

The Court’s resolution of integers (a) and (b) above proved determinative of the infringement case.

By way of example, Claim 1 of the ‘168 Patent claims the following (with relevant integers described above underlined):

A system for providing secure access to a controlled item, the system comprising: a transmitter subsystem for enrolling biometric signatures into a database and for providing an accessibility attribute if a legitimate biometric signal is received; and a receiver sub-system for providing access to the controlled item dependent upon said accessibility attribute.

Consideration

‘Transmitter Sub-System’ and ‘Receiver Sub-System’

The primary dispute concerned whether Apple’s Touch ID and Face ID systems contained separate “transmitter sub-system” and “receiver sub-system” components as required by all asserted claims.

CPC advanced a functional construction, such that the sub-systems:

(i)    are defined purely by the functionality they perform;

(ii)   may comprise overlapping hardware and software components; and

(iii)  need only include “key” or “quintessential” components responsible for the required functionalities, excluding ancillary or incidental components.

Applied to the Apple Devices, CPC identified the following:

(i)    the transmitter sub-system as comprising certain components within the Secure Enclave Processor (the dedicated security processor component integrated in Apple Devices for the Secure Enclave subsystem to perform security functions such as biometric matching); and

(ii)   the receiver sub-system as comprising components within the Application Processor (the main processor unit that runs the OS for the Apple devices) which controls access to the device.

Apple submitted that the claims require two separate and distinct sub-systems that are functionally and physically separate, with identifiable boundaries between them.

Justice Burley accepted Apple’s construction, finding that the claim language and specification required separate and distinct sub-systems.  His Honour emphasised that to be a “transmitter” sub-system, components must be capable of transmitting information, such that the word “transmitter” must be given work to do.  Similarly, the receiver sub-system must be capable of receiving information.  Claims requiring that the receiver sub-system receive an accessibility attribute “from” the transmitter sub-system, or receive “the transmitted” secure access signal, made clear there must be a functional relationship with a flow of information from one sub-system to the other.  Justice Burley stated at [161]:

These claims make clear that there must be a functional relationship between the transmitter sub-system and the receiver sub-system within the overall system.  In my view, they support the proposition that each sub-system is separate and distinct. There would be no need to refer to each as a “sub-system” if the functions of the two could be merged.

His Honour also rejected CPC’s “quintessential components” approach as having no basis in the claims or specification.  Expert evidence demonstrated that a “sub-system” is a component of a larger system typically performing a specific function, and the Court found this required identifiable boundaries between sub-systems.

Applied to the Apple Devices, Justice Burley found CPC’s characterisation to be unsupported by evidence.  The biometric enrolment and matching processes engaged numerous components in both the Secure Enclave Processor and Application Processor.

CPC’s attempt to exclude 15 other components as “ancillary” gave an arbitrary character to the alleged sub-systems.  Notably, CPC included a key security component (SKS) in its construction of the transmitter sub-system but excluded it from the receiver sub-system, despite evidence it had roles in both encryption and decryption processes required for the system to function.

Justice Burley was particularly critical of the shifting evidence of CPC’s expert regarding what components comprised each sub-system, identifying at least four different variants during testimony, none of which corresponded to CPC’s final construction.  His Honour observed that this suggested “that the construction advanced by CPC is with an eye to the infringing article, an approach that has repeatedly been abhorred by the authorities”.[1]

Because the claims required separate and distinct sub-systems with identifiable boundaries, and the Apple Devices integrated all functionality across both processors, Justice Burley concluded that CPC “failed to identify a coherent basis upon which it may be concluded that there exists any separate transmitter sub-system or receiver sub-system within the Apple Devices”.

This finding alone proved fatal to CPC’s infringement case as all asserted claims include a transmitter sub-system, and a majority also include a receiver sub-system.

Accessibility Attribute

The integer “accessibility attribute” appeared in all asserted claims.  The specification defined it as establishing “whether and under which conditions access to the controlled item should be granted to a user”.  The specification explained that the accessibility attribute could comprise various attributes, such as:

• an access attribute (granting unconditional access);
• a duress attribute (granting access but activating an alert);
• an alert attribute (sounding a chime); and
• a telemetry attribute (communicating system state information such as low battery).

CPC submitted that where a user identifies the specific condition of access sought (for example, by pressing a button to unlock a car trunk rather than the doors), the biometric match itself constitutes provision of an accessibility attribute because it establishes whether and under which conditions access should be granted.

Apple submitted that an accessibility attribute must be produced by authentication of biometric matching and must establish conditions in response to matching which cause the receiver sub-system to respond in different ways, not merely to determine whether preconditions to access are met.

Justice Burley rejected CPC’s construction.  The claim language made clear an accessibility attribute is produced only after a legitimate biometric signal is received or matching is authenticated.  The claims require the transmitter sub-system to “provide” or “output” an accessibility attribute, which tells against a construction whereby confirmation of a biometric match itself constitutes the attribute.  His Honour found the “attribute” must be an output, separate from the match, that establishes whether and under which conditions access is granted.

Applied to the Apple Devices, CPC argued that the accessibility attribute was produced following a positive biometric match, contending that cumulatively across three scenarios (accessing the home screen, accessing restricted applications, and accessing Apple Wallet), these represented different conditions of access to the device as a whole.

Justice Burley rejected this argument on two grounds.  First, it depended on the “controlled item” being the entire Apple Device, whereas his Honour found the “controlled item” when accessing the home screen is the home screen itself – not the device as a whole.  Obtaining access to restricted applications or Apple Wallet requires further and separate authentication to different controlled items, not conditions imposed by the initial biometric match to the home screen.

Second, examining the Apple Devices’ mechanics, the Court found they undertake a binary assessment determining whether there is a positive biometric match: match and unlock, or no match and remain locked.  The claims required an accessibility attribute establishing both whether to grant access and under which conditions (such as granting access with a duress alert, or sound a chime…etc).  The Apple Devices made no such conditional determination – they simply assessed whether the biometric matched and either granted or denied access to the home screen accordingly.

So, Justice Burley concluded that CPC had not established the Apple Devices contain an “accessibility attribute” within the meaning of the asserted claims.

Other Construction Issues

Justice Burley also found against CPC on the construction of the “series feature” and the “administrator signature”.

All asserted claims of the ‘293 patent required what became known as the “series feature” – a specific mechanism for enrolling biometric signatures into the database.  This feature required the system to:

(1)   receive a series of biometric entries characterised by their number and/or durations;

(2)   map that series onto a pre-existing instruction; and

(3)   enrol signatures according to that instruction.

The specification provided an example whereby an administrator could enrol a new user by pressing their finger on the sensor in a particular pattern (by duration or quantity of presses), which the system would recognise as the instruction to enrol a new user.  This provided a way to communicate commands to a system that had no other user interface (such as a keypad without a screen for unlocking a door).

CPC contended the Series Feature was simply designed to ensure a quality biometric signature by requiring multiple scans of sufficient duration (as most people have experienced when first setting up Touch ID or Face ID on Apple devices, as well as similar systems on non-Apple devices).  On this construction, any system that captured multiple fingerprint images (or face scans) during enrolment would satisfy the requirement.

Justice Burley rejected this construction, noting that the claim language specifically required mapping a series of entries onto an instruction, and the specification’s example showed this instruction must pre-exist in the system (like a stored command).  The Series Feature was not about ensuring quality imaging or scanning of biometric data, but was about using patterns of biometric entries to communicate instructions (such as enrolment itself).  While the Apple Devices captured sequential imaging and scanning during the enrolment phase for quality biometric signature, it did not map the sequential biometric entry to any stored commands.

Additionally, some claims required an “administrator signature” – a biometric signature stored in a database that would be recognised by the system as conferring administrator privileges, enabling functions like enrolling new users or deleting existing signatures.

CPC argued it was sufficient that a person has the ability to perform administrative functions.  For example, the first user to enrol their biometric authentication on an Apple Device had to set a manual passcode, and that person could later use their biometric authentication with the passcode to enrol or delete other users, and was therefore an “administrator” according to CPC.

However, Justice Burley found it insufficient that a person has the ability to perform administrative functions by virtue of being in possession of an enrolled signature and a passcode.  Rather, the signature itself must be recognised by the system as an administrator signature.  The Apple Devices did not tag signatures as conferring administrator privileges and always required passcode entry (not biometric authentication) to exercise administrative functions like enrolling or deleting users.  Stated simply, a user of an Apple Device cannot exercise administrative privileges simply by presenting a biometric signature.

Validity – Deferred Priority Date

Apple contended that the asserted claims were not entitled to claim priority from the provisional specification filed 13 August 2003, such that the deferred priority date of 13 August 2004 applied.

Justice Burley found the provisional specification did not meet the test for external fair basis, requiring real and reasonably clear disclosure of claimed subject matter.  Notably, there was a dispute as to whether the provisional specification sufficiently disclosed an “accessibility attribute” as claimed, which required that the transmitter sub-system provide or output an accessibility attribute that establishes whether access should be granted and under which conditions.

The provisional specification contained a ‘Tom Smith’ example which posited that the biometric sensor can authenticate a user, and after authentication, can check other access privileges against the user, such as whether ‘Tom Smith’ is able to use the door on weekends, but did not disclose the output of the authentication signal as also establishing whether and under which conditions access to the controlled item should be granted.  So, Justice Burley held that the provisional specification did not include a real and reasonably clear disclosure of an accessibility attribute.

His Honour also found insufficient disclosure of the “administrator signature” feature and Series Feature in the provisional specification.  Accordingly, the asserted claims could only claim the deferred priority date of 13 August 2004, bringing additional prior art into consideration.

Validity – Novelty

Apple’s novelty ground relied on six prior art items.  Much of the case was dependent on accepting CPC’s construction of contested integers.  Given Justice Burley’s rejection of CPC’s construction, most of Apple’s novelty case fell away.  Nevertheless, his Honour considered the novelty analysis on the assumption that CPC’s construction was correct.

The most notable finding concerned US patent 6,164,403 (Wuidart), which disclosed a portable biometric device for vehicle access.  In one embodiment, the unlock signal included a user number (1, 2, 3, 4, or 5) that identified which authorised user’s biometric signature had been recognised.  By transmitting this code, selected convenience functions in the vehicle could be activated, such as adjusting seat positions, mirrors, thermostat temperature and radio station according to that user’s predefined preferences.

Justice Burley found that Wuidart disclosed an “accessibility attribute” on both his Honour’s construction as well as CPC’s construction.  The unlock signal in combination with the user number established both whether access was granted and imposed conditions applicable to the access granted (by adjusting various settings).  His Honour rejected CPC’s submission that these settings were not relevant to ‘access’ per se, stating at [643]:

I see no difference in principle between a condition of access that sounds a chime indicating that a person of a certain type has entered and a condition that would turn on the lights or another feature of the building.

Accordingly, had the Court accepted CPC’s broader construction, significant validity concerns would have emerged from the prior art.  Justice Burley also found that further prior art references anticipated various other claim features on CPC’s construction.

Outcome and Implications

The Court dismissed CPC’s infringement case, finding CPC failed to establish that any Apple Devices fell within any of the asserted claims.  Apple’s cross-claim succeeded in part, with Justice Burley finding that none of the asserted claims were entitled to claim priority from the provisional specification.  However, most other invalidity grounds fell away, given his Honour’s findings on construction in favour of Apple.

Justice Burley’s decision reinforces that functional claim language does not permit purely functional constructions.  Where claims use terms entailing structural relationships (such as distinct ‘sub-systems’), the Court will construe the claims in light of those structural requirements and reject attempts to satisfy claim integers by selecting only key components while excluding others as merely ancillary.  Further, claim constructions advanced to capture allegedly infringing products may simultaneously expose patents to invalidity challenges from prior art.

[1] See CCOM Pty Ltd v Jiejing Pty Ltd [1994] FCA 396; (1994) 51 FCR 260 at 267–268 (Spender, Gummow and Heerey JJ); Hanwha Solutions Corporation v REC Solar Pte Ltd [2023] FCA 1017; (2023) 180 IPR 315 at [92] (Burley J).

About Pearce IP

Pearce IP is a specialist firm offering intellectual property specialist lawyers and attorneys with a focus on the life sciences industries.  Pearce IP and its leaders are ranked in every notable legal directory for legal, patent and trade mark excellence, including: Chambers & Partners, Legal 500, IAM Patent 1000, IAM Strategy 300, MIP IP Stars, Doyles Guide, WTR 1000, Best Lawyers, WIPR Leaders, 5 Star IP Lawyers, among others.

In 2025, Pearce IP was recognised by Australasian Lawyer and New Zealand Lawyer’s 5 Star Employer of Choice, and is the “Standout Winner” for inclusion and culture for firms with less than 100 employees. Pearce IP was awarded “IP Team of the Year” by Lawyers Weekly at the 2021 Australian Law Awards. Pearce IP is recognised by Managing IP as the only leading ANZ IP firm with a female founder, and is certified by WEConnect International as women owned.