|European Case Law Identifier:||ECLI:EP:BA:2007:T004306.20070913|
|Date of decision:||13 September 2007|
|Case number:||T 0043/06|
|IPC class:||G06F 1/00
|Language of proceedings:||EN|
|Download and more information:||
|Title of application:||Image data handling system, print generating system, and memory medium making system|
|Applicant name:||KONICA CORPORATION|
|Relevant legal provisions:||
|Keywords:||Inventive step (no)|
Summary of Facts and Submissions
I. This appeal is against the decision of the examining division to refuse the application inter alia on the grounds that claim 1 of the main request contained subject-matter that extended beyond the content of the application as filed (Article 123(2) EPC), and claim 1 of the auxiliary request did not involve an inventive step (Article 56 EPC) over document US-A-6 133 985 (D1) and the skilled person's common general knowledge. Under a section entitled "Additional Observations", the division also stated that the subject-matter of claim 1 was obvious over common general knowledge of ticket-granting-systems alone, as exemplified by the "Kerberos system".
II. In the statement of grounds of appeal, the appellant requested that the decision be set aside and that a patent be granted on the basis of claims 1 to 9 filed with the grounds of appeal. There was also an auxiliary request for oral proceedings.
III. In the communication accompanying the summons to oral proceedings, the Board summarised the issues to be discussed and tended to agree with the examining division about the inventive step of claim 1. In response, the appellant withdrew the request for oral proceedings and requested a decision on the current state of the application. He stated that if the oral proceedings were to take place that he would not attend.
IV. At the end of the oral proceedings, which took place in the appellant's absence, the Chairman announced the decision.
V. Claim 1 of the only request reads as follows:
"An image data handling system, comprising a customer's terminal (11), connected to a network, to transmit a print order and including a display and a customer's server (13), connected to a network, administrated by the customer to store image data of the customer;
characterized in that said image data handling system further comprises:
a retrieve server (21), connected to said network, to retrieve said image data of said customer stored in said customer's server; and
a retrieve right issuing server (31), connected to
said network, to issue a right to retrieve said image data of said customer stored in said customer's server;
wherein when said customer's terminal transmits retrieve information to said retrieve right issuing server (31), said retrieve right issuing server (31) issues a retrieve right to said retrieve server (21) upon receipt of said retrieve information, when said retrieve server (21) having said retrieve right accesses said customer's server, said customer's server (13) allows said retrieve server (21) to retrieve from said customer's server (13) and to download said image data of said customer from the customer's server (13), and said customer's server (13) rejects a server having not said retrieve right to access said customer's server (13)."
VI. The appellant argued essentially as follows:
Amended claim 1 related to an image data handling system that enabled a customer to print image data stored on a server administered by the customer. It comprised a retrieve server to retrieve the image data stored on the customer's server and a retrieve right issuing server to issue a right to retrieve the image data stored on the customer's server, operating according to the last feature of claim 1.
The claimed system allowed a number of problems to be overcome. When a customer wanted to make a print, the customer was able to keep merely the image data of the print stored on the customer's server and was not required to upload the image data to a server administrated by another party. Further, it was possible to prevent unauthorised parties from retrieving and downloading the customer's image data stored on the customer's server without the customer's permission.
Dl did not disclose a server administered by the customer, a retrieve right issuing server, or a retrieve server.
In the decision to refuse the application, the image server 16 of Dl was identified as equivalent to the customer's server. This was not the case for the customer's server according to amended claim 1 now on file, which was specified to be administered by the customer. In D1, the image server 16 was at the same physical location as the scanning centre 14 (see column 4, lines 50 to 54) and was thus administered and controlled by the scanning centre 14.
When considering questions of image data security and preventing unauthorised retrieval and downloading of image data, the question who administrated or controlled the server on which the image data was stored must be regarded as a technical feature because this feature of control was central to the image data security.
Further, since in Dl the local machine at the scanning centre 14 could download image data from the image server 16 through a local network, Dl taught away from the system structure according to amended claim 1, which used a retrieve server having the retrieve right to access the customer's server.
Accordingly, the image data handling system according to amended claim 1 provided the advantages of preventing unauthorised persons from retrieving or downloading image data stored in the customer's server without the customers permission and maintaining the privacy of the customer, which could not be achieved by the system according to Dl.
Reasons for the Decision
1. The appeal complies with the requirements referred to in Rule 65(1) EPC and is therefore admissible.
2. As explained by the appellant (see point VI, above), the application relates to an image data handling system (Figure 1) that enables a customer to order prints of photos stored on a customer server 13 from a remote photo shop over the internet.
3. It is common ground that D1 (see Figure 1) also discloses a system that enables a customer, e.g. the photographer 8, to order prints of photographs from a fulfilment centre 20. The image data is stored on an image server 16.
4. The appellant considers that D1 does not disclose a retrieve server that retrieves the data from where it is stored. However, D1 discloses at column 9, lines 17 to 28 that the fulfilment centre 20 receives and fulfills orders and that the prints are generated from the stored digital image, i.e. the data stored on the image server. In the Board's view, this can imply nothing other than a computer or server that retrieves the data from the image server and thus a "retrieve server", as concluded by the examining division at point 3.1 of the decision.
5. The appellant also considers that the image server 16 of D1 is not equivalent to the customer's server of claim 1, essentially because it is at the same physical location as the scanning centre 14 and therefore administered by it, whereas the claimed customer's server is "administered by the customer". However, the Board considers that, regardless of its location, the image server in D1 can also be considered to be "administered by the customer" because the photographer can perform a number of operations on the images, such as uploading them, accessing them, verifying their quality and orientation, and performing electronic transactions on them (see column 3, lines 64 to 67, column 4, lines 2 to 6, column 4, lines 30 to 39, and column 7, lines 5 to 54, respectively).
6. The Board also agrees with the examining division that D1 discloses, at column 9, lines 44 to 49, a "retrieve right" in the form of an account and password needed to access an administrative interface C provided at the image server 16 and also accessible inter alia by the fulfilment centre 20 (containing the retrieve server). The capabilities of an account are said to include fulfilling orders, which, as mentioned above, necessarily involves retrieving image data of a customer from the customer server (image server in D1). However, D1 does not explicitly disclose that the password is used to access the image server directly.
7. In other words, it is the Board's understanding that D1 discloses a system in which a central interface (administrative interface C) manages the data exchange between the system units and inter alia receives print orders from the customer (photographer 8) which are transmitted to a receive server (at fulfilment centre 20) so that corresponding image data can be retrieved from a customer's server (image server 16). Since access to the interface is subject to an account and password control, a retrieve right is established for the retrieval of said image data. The Board therefore considers that claim 1 differs from D1 in that:
a) the right (password) is issued by a separate server - the retrieve right issuing server
b) the retrieve right issuing server issues the retrieve right to said retrieve server (at the fulfilment centre) upon receipt of said retrieve information from the customer's terminal
c) the customer's server only allows access to a server having the retrieve right.
8. The examining division formulated the problem solved by difference a) as how to automate the process of issuing the retrieve right, and to separate this task from the other functions. The Board considers that the second part of this problem impermissibly contains elements of the solution of using a separate server. Furthermore, the Board does not consider that the use of a separate server actually results in a system that is any more "automated" than that of D1, but merely an alternative arrangement for managing the retrieve rights. The Board therefore considers that the problem solved by feature a), as well as the operation of the servers according to features b) and c), is to implement an alternative rights management arrangement.
9. The Board agrees essentially with the examining division's view that it is common knowledge to use a separate server to manage access rights. The examining division mentioned the "Kerberos system", but the Board considers that the general principles of such servers are well described for example in Appenzeller G. et al.: "User-Friendly Access Control for Public Network Ports", Infocom '99 Proceedings, IEEE, 1999, pages 699 to 707 - cited in the European Search Report and mentioned as D3 in the Board's communication. D3 explains at section II the process of authentication, authorisation and verification and describes how they may be carried out on the same or different servers, depending on the circumstances, such as the desired level of security, flexibility etc. D1 even provides a hint in this direction at column 9, lines 59 to 61, by stating that the individual capabilities of interface C may also be split between multiple interfaces, which could obviously be running on different servers. The Board therefore considers that it would be an obvious possibility to provide a separate server to handle the retrieve rights of the system of D1.
10. The Board further considers that it would be an obvious implementation of such a server to cause it to issue a right in response to a request from the customer as in difference b), above. This is a direct replacement of the above-mentioned situation in D1 where the customer accesses the interface C to fulfill an order using a password. The issued right would therefore be a right for the print ordering service at the fulfilment centre. However, in D1 the print ordering service also involves accessing a second server, the image server. This server is also connected to the network and, in the Board's view, it is self-evident that the image server would also need to be secured from unauthorised accesses. The Board therefore considers that it is an obvious additional step to allow only access by a server having the retrieve right as in difference c), above.
11. Accordingly, the subject-matter of claim 1 lacks an inventive step (Article 56 EPC).
For these reasons it is decided that:
The appeal is dismissed.