|European Case Law Identifier:||ECLI:EP:BA:2009:T001106.20090310|
|Date of decision:||10 March 2009|
|Case number:||T 0011/06|
|IPC class:||G06F 1/00|
|Language of proceedings:||EN|
|Download and more information:||
|Title of application:||Method and agent for the protection against the unauthorised use of computer resources|
|Applicant name:||Computer Associates Think, Inc.|
|Relevant legal provisions:||
|Keywords:||Lack of clarity / lack of support (all requests)
Oral proceedings held in the absence of appellant
Summary of Facts and Submissions
I. This is an appeal against the decision of the examining division to refuse the European patent application No. 99 906 428.0 published as No. 1 068 566. The impugned decision was announced in oral proceedings held on 20 April 2005 and the written reasons were dispatched on 24 May 2005.
II. The decision under appeal was based on a set of claims 1-6 filed with a telefax dated 18 March 2005.
The examining division found, inter alia, that the amendments to claim 1 did not comply with the requirements of Article 123(2) EPC. It was additionally stated in the decision that the subject-matter of claim 1 lacked inventive step in the light of the following prior art documents:
D1: EP 0 561 509 A;
D2: GB 2 312 767 A.
It was further stated that the application did not comply with the requirements of Article 83 EPC in respect of claim 4.
III. A new main request and three auxiliary requests were submitted with the statement setting out the grounds of appeal. The appellant also made a precautionary request for oral proceedings.
IV. In a communication accompanying a summons to oral proceedings to be held on 10 March 2009 the board set out its preliminary opinion concerning the appeal and referred to the following further prior art documents which it introduced into the proceedings of its own motion:
D3: EP 0 570 123 A;
D4: A.S. Tanenbaum: "Modern Operating Systems", First Edition, 1992, Prentice-Hall Inc, ISBN 0-13-595752-4, Chapter 1, p.1-26;
D5: Raphael A. Finkel: "An Operating Systems Vade Mecum", Second Edition, 1988, Prentice-Hall Inc, ISBN 0-13-637760-2, Chapter 1, p.1-27 & Glossary, p.353-379.
D3 is a European patent application cited in the search report of D2 issued by the UK Patent Office. D4 and D5 are extracts from textbooks relating to operating systems.
V. In said communication, the board gave its preliminary opinion that none of the applicant's requests were allowable. In particular, deficiencies were noted under Article 84 EPC. The board also indicated that it had reservations concerning compliance with the requirements of Article 83 EPC. It was additionally noted that, insofar as the claimed subject-matter had been understood, each of the documents D2 and D3 appeared to be prejudicial to the novelty or at least the inventive step thereof.
VI. In a telefax dated 23 February 2009, the appellant's representative notified the board that the appellant would not be represented at the scheduled oral proceedings. The appellant did not submit any substantive response to the issues raised by the board in its communication.
VII. The appellant has requested that the decision under appeal be set aside and that a patent be granted on the basis of one of the following requests:
Main request: claims 1-6 of "Claims A" submitted with the written statement setting out the grounds of appeal;
First auxiliary request: claims 1-3 of "Claims B" submitted with the written statement setting out the grounds of appeal;
Second auxiliary request: claims 1-4 of the main request;
Third auxiliary request: claims 1-2 of the first auxiliary request.
The further documents on which the appeal is based, i.e. the text of the description and the drawings, are as follows:
1, 2, 4-9 as published;
3 as submitted with letter of 19 September 2000.
1/3 - 3/3 as originally published.
VIII. Claim 1 of the main request reads as follows:
"A method for preventing hostile use of computer resources by an application running on a workstation, comprising the steps of:
a) providing a list of services that are not allowed for access by unspecified applications;
b) when such unspecified application runs on the workstation, preventing said application from accessing any resource directly;
c) analyzing any direct request for access to specific services, to determine whether such request is allowable according to the list defined under a) above;
d) if the request is allowable, allowing the workstation to process it; and
e) if the request is not allowable, preventing the unspecified application from accessing the requested services;
wherein said resource may be any local or remote resource, including, but not limited to, memory allocation, files, directories, operations with files and directories, such as copy, delete or compress, or any other operation leading to a permanent change in the workstation or its periphery, and wherein unspecified applications are applications that are not specifically detailed in a pre-set list of applications."
Claim 3 of the main request reads as follows:
"An agent for protecting a workstation against the hostile use of computer resources by an unspecified application running on said workstation, comprising:
a) means for detecting an unspecified application running on the workstation;
b) means for determining the requests for services to be used by said unspecified application;
c) means for determining whether requests made directly by said unspecified application are allowable;
d) means for preventing said request from being processed, if it is determined that the request is not allowable;
wherein the means for determining whether requests made directly by said unspecified application are allowable comprise a look-up table including a list of services that are not allowed for access by unspecified applications, and wherein unspecified applications are applications that are not listed in a pre-set list of applications."
Claim 1 of all the auxiliary requests is identical to claim 1 of the main request. The only independent claim of the first and third auxiliary requests is claim 1. Independent claim 3 of the second auxiliary request is identical to independent claim 3 of the main request.
IX. At the end of the oral proceedings the chairman announced the board's decision.
Reasons for the Decision
1. Procedural matters
1.1 In the present case, the board judged that it was appropriate to proceed by holding the oral proceedings as scheduled in the absence of the appellant, (cf. Rule 115(2) EPC), particularly in view of the fact that the appellant had not withdrawn the precautionary request for oral proceedings but had merely notified the board of its intention not to attend the scheduled proceedings.
1.2 The appellant could reasonably have expected that during the oral proceedings the board would consider the objections and issues raised in the communication annexed to the summons to oral proceedings, (cf. point V. above). In deciding not to attend the oral proceedings, the appellant effectively chose not to avail of the opportunity to present its observations and counter-arguments orally but instead to rely on its written case, (cf. Article 15(3) RPBA).
1.3 It is further noted that the appellant did not submit any substantive written response to the issues raised by the board in its communication. Therefore, the appellant's written case corresponds to that presented in the statement setting out the grounds of appeal.
1.4 In view of the foregoing, the board concludes that the appellant had an opportunity to present comments on the grounds and evidence on which the board's decision, arrived at during oral proceedings, is based. The right to be heard under Article 113(1) EPC has thus been satisfied despite the appellant's non-attendance at the oral proceedings.
2. Preliminary observations
2.1 The appellant has, inter alia, disputed the interpretation applied to the term "service" in the decision under appeal, (cf. statement of grounds, § 3., p.3 et seq.). The examining division took the view that the terms "resources" and "services" were indistinguishable and interpreted them as referring to the same concept, (cf. impugned decision, § 3.3, p.6).
2.2 The appellant submitted that the terms "ActiveX" and "DLLs" which are mentioned in the section relating to the background art on p.2 of the published application, are specific to the Microsoft Windows environment and argued, on this basis, the skilled person reading the application "should have clearly understood that the whole content of the application should be interpreted in conjunction with Microsoft Windows environment", (cf. statement of grounds, § 3.1). The appellant further submitted that a skilled reader should have immediately noticed that the term "services" as used in the context of the present application was intended to denote the "system services" of Microsoft Windows operating system environments, (cf. statement of grounds, § 3.1, p.4 l.1-15).
2.3 The board notes that the acronym "DLL" denotes a "dynamic link library" or "dynamically linked library". Although DLLs are indeed used in various operating systems provided by Microsoft this does not necessarily imply that the term is platform-specific. According to the board's understanding, DLLs can and have been used in other environments, e.g. the OS/2 operating system and various UNIX environments which support dynamic linking.
The board further notes that although the term "ActiveX" refers to an approach promoted by Microsoft for developing network executables in binary form, it does not imply an association with a specific operating system.
Likewise, the Java language referred to on p.1-2 of the application is intended to provide platform-independent network executables and does not imply an association with a specific operating system.
It is further noted that the application as filed makes no identifiable reference to any specific operating system.
In view of the foregoing, the board cannot concur with the appellant's submissions to the effect that that the various terms mentioned in the section of the description relating to the background art are sufficient to establish that the content of the application should be read as relating specifically to Microsoft Windows operating system environments.
2.4 In the given context, the term "service" is to be understood as a generic one which, contrary to the appellant's assertions, does not have any platform-specific connotations. This interpretation is based on the following considerations.
In the field of operating systems the term "service call" is a recognised term of art which is synonymous with "system call" and denotes the invocation by a user program of a procedure to request an operating system service, (cf. D4: section 1.3, introductory paragraph, p.12, and sub-section 1.3.3, p.16-17; D5: section 5.3, p.18-20 and Glossary, p.374).
Application programs executing in a conventional multiprogramming operating system environment, such as disclosed in the cited passages of D4 and D5, are not allowed to control system resources directly but must do so via the operating system. In general, application programs executing in such an environment must use service calls to access system resources via operating system services, (cf. D4: section 1.1, p.3-5; D5: sections 3.5 and 3.6, in particular p.11 l.7-14).
When reading the passages of the description on p.7-8 which accompany Figs. 1 and 2 the skilled person would, in the board's judgement, recognise that the intention is to describe a generic, multiprogramming operating system environment in which application programs are not allowed to control system resources directly but can only do so via service calls submitted to the operating system.
2.5 The board thus concludes that the term "service" as used in the claims is a generic one intended to denote an operating system service, i.e. a service provided to application programs by an operating system kernel as illustrated, for example in Fig. 1-8 of D4 or Figs. 1.5 and 1.6 of D5. The skilled person could be expected to arrive at this interpretation of the term on the basis of his general technical knowledge as evidenced by D4 and D5.
3. Main request - Article 84 EPC
3.1 The wording of step (b) of claim 1, viz. "when such unspecified application runs on the workstation, preventing said application from accessing any resource directly" implies that some specific action is to be taken in order to prevent an unspecified application from accessing a resource directly.
As may be inferred from 2.4 above, the application is considered to relate to a conventional multiprogramming operating system environment in which a user program can only access resources via service calls submitted to the kernel. It is an inherent characteristic of such an environment that no application executing in user mode, irrespective of whether it is "specified" or "unspecified", can access system resources directly.
There is no disclosure of specific action being taken to prevent an application from accessing a resource directly contrary to what is implied by the wording of the claim.
Hence, the wording used in step (b) of the claim is not supported by the description.
3.2 The wording of step (c) of claim 1, viz. "analyzing any direct request for access to specific services, to determine whether such request is allowable according to the list defined under a) above", in particular the expression "any direct request", is unclear. It is not evident whether this expression is intended to encompass requests from both specified and unspecified applications, or if it is restricted to requests from unspecified applications. Moreover, the wording of the claim does not permit the reader to identify which entity or component of the overall processing environment is responsible for performing the analysis.
3.3 The wording of step (d) of claim 1, viz. "if the request is allowable, allowing the workstation to process it" is not supported by the description which discloses that the operating system kernel, not the "workstation", processes the request, (cf. description, p.8 l.11-14).
3.4 The wording of step (e) of claim 1, viz. "if the request is not allowable, preventing the unspecified application from accessing the requested services" is unclear and is not supported by the description.
The description discloses that an unspecified application may make a request for a service and that this request is either processed or not by the kernel depending on compliance with a predefined security policy. Strictly speaking, applications never "access" a requested service but rather submit a request for a service to be executed by the operating system.
It is therefore unclear what is meant by stating that an unspecified application is prevented "from accessing the requested services" and this wording finds no support in the description. The intention appears to be to specify that the further processing of a service request at kernel level is inhibited. However, the current wording of the claim fails to express this clearly.
3.5 The concluding part of claim 1 states that "said resource may be any local or remote resource, including, but not limited to, memory allocation, files, directories, operations with files and directories, such as copy, delete or compress, or any other operation leading to a permanent change in the workstation or its periphery", (emphasis added). This wording lacks semantic clarity because, in the given context, "operations" cannot be considered "resources".
The term "resource" is understood to encompass any element of a data processing system needed to perform desired tasks and can denote, inter alia, hardware devices or data stored in the system. An "operation" is understood to be an action performed on or with a resource and cannot, in the board's judgement, be considered to constitute a "resource" contrary to what is implied by the wording of the claim.
3.6 Claim 3 is directed towards an agent for protecting a workstation against the hostile use of computer resources by an unspecified application running on said workstation.
The term "agent" is nowhere defined in the application as filed and for this reason it is not evident what limitation it implies. The attempt to define the matter for which protection is sought using such an undefined term renders the category of the claim and, thus the matter for which protection is sought, unclear.
3.7 The wording of features (a) and (b) of claim 3, viz. "means for detecting an unspecified application running on the workstation" and "means for determining the requests for services to be used by said unspecified application" lacks clarity and is not supported by the description. In particular, it is not evident to which feature(s) of the disclosure the claimed "means" correspond. Moreover, these features are essentially specified in terms of desiderata or aims to be achieved and it is not evident from the wording of the claim at what point during the execution of the unspecified application or by what specific "means", the detection of feature (a) and the determination of feature (b) are to be performed.
3.8 In view of the foregoing, the board finds that claims 1 and 3 of the main request fail to comply with the requirements of Article 84 EPC. In consequence thereof, the request is not allowable.
4. Auxiliary requests
4.1 Claim 1 of the first and third auxiliary requests is identical in wording to the corresponding claim of the main request. Hence, the objections against claim 1 of the main request under Article 84 EPC also apply against the first and third auxiliary requests.
4.2 Claims 1 and 3 of the second auxiliary request are identical in wording to the corresponding claims of the main request. Hence, the objections against claims 1 and 3 of the main request under Article 84 EPC also apply against the second auxiliary request.
4.3 In view of the foregoing, the board finds that the appellant's auxiliary requests are not allowable.
5. In the absence of an allowable request, the appeal must be dismissed.
6. Obiter Dictum
6.1 In view of the deficiencies in the appellant's requests identified under 3. and 4. above, it is not necessary for the board to give further consideration to the additional issues identified in the communication accompanying the summons to oral proceedings, in particular the question of compliance with the requirements of Article 83 EPC 1973 and the requirements of Article 52(1) EPC. Nevertheless, for the sake of completeness, the following observations are made as an obiter dictum.
6.2 In the communication accompanying the summons to oral proceedings, the board expressed the opinion that, insofar as the subject-matter of the application had been understood, each of the documents D2 and D3 appeared to be prejudicial to the novelty of the claimed invention. The board further noted that any features which might arguably distinguish the subject-matter of the application from the disclosures of said documents were not considered to involve an inventive step, (cf. communication, point 9.1).
6.3 The appellant did not make any submissions in response to the board's objections based on D2 and D3. Hence, the board sees no reason for revising its preliminary negative opinion concerning compliance with the requirements of Article 52(1) EPC.
6.4 The board therefore concludes that even if the deficiencies identified under 3. and 4. above had been remedied and the issue of compliance with the requirements of Article 83 EPC 1973 had been resolved in the appellant's favour, the appellant could not have expected a positive finding in respect of compliance with the requirements of Article 52(1) EPC given the apparently prejudicial nature of D2 and D3.
For these reasons it is decided that:
The appeal is dismissed.