How we used Electrical Signal Analysis to Reverse Engineer the various processes happening inside a smartphone?

Recently, one of our regular clients contacted us with a project which required a Reverse Engineering based infringement analysis of cutting edge tech. This article discusses how we went about the RE and helped monetize the patent portfolio.

A few months ago, we were contacted by Bob*, VP of IP Monetization at a Fortune 500 organization. Bob needed our help in monetizing a big chunk of their patent portfolio using Reverse Engineering based infringement analysis.

This portfolio was related to cutting edge tech. It had patents on various technologies, ranging from semiconductor fabrication techniques to complex communication systems, and transistor-level circuit analysis to system analyzing through signal analysis.

Bob shared that he ignored these patents as earlier standard or/and product literature-based searches lead to no conclusive evidence. We shared a few examples of how the shortcomings of online searches can be overcome using RE based infringement analysis.

Thereafter, we walked Bob through the previous reverse engineering infringement searches we performed for our other clients. Having a look at the portfolio and state of the art infringement laboratory partners of GreyB, Bob decided to bank on us and gave the few patents from the under-monetized portfolio another chance.

Today, in our brief time together, I would like to share how we proceeded with a RE of one of these patents.


We conducted a reverse engineering analysis to understand the various processes happening inside a smartphone. Here’s how we did it.

For starters, we did a signal analysis to reverse engineer the various processes happening inside a smartphone.

For this project, our objective was to identify the sequence of operation for various processes that are happening within a smartphone. Now, this type of information (related to specific signals) is generally not discussed in the product literature available online.

The claim element of the patent under focus – “activating the fingerprint sensor and subsequently, performing data communication from the fingerprint sensor”, was difficult to identify in the online available literature too. Teardown, and signal testing, thus, was the only way left to confirm this step in the functioning of the smartphone.

To analyze the fingerprint signals from the sensor, we had to first tear down the target smartphone to expose the various points on its motherboard. Exposing these points was required to enable the measurement from these points.

A caution point for these types of testing stipulates that at the end of the teardown process – the smartphone should remain in working condition. Next, after teardown, we had to figure what is what. For that, we referred the repair manuals for the specific phone model and identified all the components of interest.

Zoomed-In Image: Motherboard of Target Smartphone Showing the Identified Connector for Fingerprint Sensor

After identifying the connector on the motherboard of the smartphone to which the fingerprint sensor is connected, we soldered the jumper wires to the points of interest using micro-soldering process, so that we could connect them to the probes for taking the readings.

Zoomed-In Image: Motherboard of Target Smartphone Showing Soldered Jumper Wire on The Identified Connector for Fingerprint Sensor

We used a mixed-signal oscilloscope (MSO) for taking the readings. The reason for picking an MSO was to get the visual timing diagram for the various signals within the smartphone.

We were ready for taking the readings at this stage. But, this type of testing demands one more crucial step i.e. building-up an exhaustive list of testing scenarios. This exhaustive list not only should contain all the related scenarios, but it should contain all the possible scenarios including the completely random ones as well.

Having completed this step, and the next step of testing, it was time to make sense of the test results.

Elements to be shown – “activating the fingerprint sensor and subsequently, performing data communication from the fingerprint sensor”

Timing Diagram from the MSO

The timing diagram from the oscilloscope provided the piece of evidence that the fingerprint sensor is first activated, and then at a later stage, the data communication from the fingerprint sensor takes place. The various timing diagrams taken at different testing scenarios showed the same sequence. This further strengthened the case.

Using these pieces of evidence, we prepared claim charts proving infringement. Bob, as you might have guessed already, was ecstatic to find that he could monetize these gems that were sitting dormant for a long time.


Not all infringement analyses are created equal. Some analysis could be done using a detailed web search where one explores product manuals and other relevant literature. While in some, one might need to take the reverse engineering route to confirm infringement.

Further, RE doesn’t just involve screens of smartphones or OLED displays. These studies can also be performed on circuits to determine the flow of current, measurement, composition, etc. The whole idea is – if there is a product using your technology, you should try to find it out, and start new revenue streams from your patent portfolio.

Does your portfolio have patents that you feel are being infringed, but the past infringement search wasn’t successful? Rohit and I think that a RE based infringement search could unlock the monetization potential of those patents. If you want to discuss more, let’s hope on a no-obligation call. Let’s get connected.

Authored By: Swapnajeet Nayak, Senior Research Analyst, Infringement and Rohit Sood, Manager, Infringement

pingbacks / trackbacks

Leave a Comment

Contact Us

Got Questions! Queries! Send us an email.