T 1015/09 (Enhancing data security/SMART MEDIA) of 6.2.2013

European Case Law Identifier: ECLI:EP:BA:2013:T101509.20130206
Date of decision: 06 February 2013
Case number: T 1015/09
Application number: 01306775.6
IPC class: G06F 1/00
Language of proceedings: EN
Distribution: D
Download and more information:
Decision text in EN (PDF, 124.026K)
Documentation of the appeal procedure can be found in the Register
Bibliographic information is available in: EN
Versions: Unpublished
Title of application: Apparatus, system and method for enhancing data security
Applicant name: Smart Media Limited
Opponent name: -
Board: 3.5.06
Headnote: -
Relevant legal provisions:
European Patent Convention Art 84
Keywords: Clarity (no) - all requests
Catchwords:

-

Cited decisions:
-
Citing decisions:
-

Summary of Facts and Submissions

I. The appeal lies against the decision of the examining division to refuse the European patent application no. 01306775.6 for lack of clarity, Article 84 EPC 1973, and lack of an inventive step, Article 56 EPC 1973.

II. A notice of appeal was filed on 20 February 2009, the appeal fee being paid on the same day. A statement of grounds of appeal was filed on 21 April 2009. The appellant requested that the decision be set aside and that a patent be granted on the basis of the following application documents, all filed with the grounds of appeal on 21 April 2009:

claims, numbers

1-60 according to the main or 1st auxiliary request,

1-59 according to the 2nd auxiliary request, or

1-54 according to the 3rd auxiliary request

description pages

1-3, 5-34 common to all four requests, and 4 in a different version for each request

drawing sheets

1/13-13/13

III. With a summons to oral proceedings the board communicated its preliminary opinion that all requests lacked clarity, Article 84 EPC 1973, and that the 2nd and 3rd auxiliary requests went beyond the application as originally filed, Article 123(2) EPC. The board also raised an objection of lack of inventive step, Article 56 EPC 1973.

IV. The appellant did not file any amendments or arguments in response to the summons. Instead, the appellant informed the board on 16 January 2013 that it would not be represented at the oral proceedings. The board there fore cancelled the oral proceedings and informed the appellant accordingly.

V. Claim 1 according to the main request reads as follows:

"A data processing system (54), comprising:

a first processing resource in the form of a web server (10) coupleable to an open communications network (2); and

a second processing resource in the form of a back end server (48) coupleable to said first processing resource;

said first processing resource and said second processing resource configured to establish a communications relationship between them through a non-network connected communications channel (50), whereby said second processing resource is restricted to implementation of instructions communicated from said first processing resource which only request performance of operations predetermined as allowable operations, thereby inhibiting compromise of said second processing resource."

Claim 1 of the 1st auxiliary request is identical with claim 1 of the main request except that it specifies a "non-network connecting communications channel (50)" where the latter specifies a "non-network connected communications channel (50)".

Claim 1 of the 2nd auxiliary request reads as follows:

"A data processing system (54), comprising:

a first processing resource in the form of a web server (10) coupleable to an open communications network (72); and

a second processing resource in the form of a back end server (48) coupleable to said first processing resource;

said first processing resource and said second processing resource connected via a private dedicated communications channel (50) to establish an exchange of messages, wherein

messages from said first processing resource to said second processing resource are instructions and

the second processing resource is configured to only process allowable predetermined instructions which only request performance of operations predetermined as allowable operations, thereby inhibiting compromise of said second processing resource if the first processing resource is compromised."

Claim 1 according to the 3rd auxiliary request reads as follows:

"A data processing system (54), comprising:

a first processing resource in the form of a web server (10) coupleable to an open communications network (2); and

a second processing resource in the form of a back end server (48) coupleable to said first processing resource;

said first processing resource and said second processing resource configured to establish a communications relationship between them through a dedicated link (50), whereby said second processing resource is restricted to implementation of instructions communicated from said first processing resource which conform to a predefined set of instructions which request the performance of predetermined allowable operations, thereby inhibiting compromise of said second processing resource."

Each of the requests also comprises an independent method claim corresponding largely to the respective data processing system claim 1, two sets of data processing apparatus claims relating primarily to "first" or "second processing resource", i.e. the web server or the back end server, respectively according to claim 1, two computer program claims and a carrier medium claim.

Reasons for the Decision

1. By indicating its intention not to attend oral pro cee dings, the appellant expressed, in the board's judg e ment, its wish to rely only on its written submissions and not to use the opportunity to make further oral comments, Article 15 (3) RPBA, bearing in mind that accor ding to Article 12 (1) RPBA the communication sent by the board is part of the case.

2. The reasons of this decision are based on the board's preliminary opinion as expressed in the summons.

The invention

3. The application relates to an e-commerce environment accessible through an open network such as the Internet and is concerned with the problem of improving the security of sensitive information (such as credit card numbers) in this context (see application as originally filed, 1st par.).

3.1 The architecture of the proposed solution as depicted in figure 3 (see also description, p. 15, line 4 ff.) makes services available to users via an indirection: A web server 10 offers services over the open network 2, the services themselves are controlled by a backend server 48. The two servers are jointly referred to as data processing system 54 which, via the backend server, is connected to a merchant's computer system 56.

3.2 The web server and the backend server - claimed as "first" and "second processing resources", respectively - are connected via a communication channel 50. The independent claims of the different requests refer to this channel in different terms, namely as "non-network connected", or "non-network connecting communications channel" (main and 1st auxiliary requests), as a "private dedicated communications channel" (2nd auxiliary request) or as a "dedicated link" (3rd auxiliary request).

3.3 The claimed invention further specifies the backend server to be "restricted to implementation of instructions communicated from" the web server, the web server to "only request performance of operations predetermined as allowable operations", and formulates the intended effect of "inhibiting compromise of" the backend server.

Clarity, Article 84 EPC 1973

4. As regards the main request, the decision under appeal (see p. 3, three last pars.) is exclusively based on the reason that referring to the "communication channel (50)" as "non-network connected" is a contradiction to the claimed fact that it is connected, if indirectly, to the network via the web server and thus unclear, Article 84 EPC 1973. The decision also mentions that the description does not define the meaning of a "non-network connected channel" properly.

4.1 The invention as a whole is meant to make the merchant's services (see fig. 3, no. 56 and 60) available to customers over the Internet. In an immediate sense hence the merchant's computer must indeed be considered to be "network-connected", inter alia via channel 50 which, by the same token, must also be considered to be network-connected. The board notes that two computers on the Internet are typically not directly coupled but connected only via other computers. Hence, the fact that channel 50 is connected to the network only via the first processing resource 10 does not make the channel "non-network connected".

4.2 The appellant argued (grounds of appeal, p. 2, last par.) that the channel's "visibility" is limited to the directly connected computers (see fig. 3, nos. 10 and 48) but did not define "visibility" in technical terms. As the board understands this argument, it says that the packets (or other information units) travelling through the network (2) do not "pass through" the web server (10). This interpretation was presented to the appellant who did not challenge it. In the board's judgment, however, the description does not disclose or imply this interpretation. For instance, the description discloses that the "first processing resource acts as a form of filter to ensure that only allowable instructions are transmitted to the second processing resource" (p. 5, lines 24-26) but does not exclude the possibility that the allowable instructions which are eventually transmitted to the second processing resource are simply passed through.

4.3 The board therefore agrees with the examining division that the independent claims of the main request are unclear due to the term "non-network connected", Article 84 EPC 1973. The alternative term "non-network connecting" as used in the 1st auxiliary request is unclear for the same reason.

4.4 Claim 1 according to the 2nd and 3rd auxiliary requests specifies the connection as a "private dedicated communications channel" or a "dedicated link", respectively. In the board's judgement, these terms also do not have a clear technical meaning, Article 84 EPC 1973. Moreover, referring to the channel as "private" or "dedicated" does not, in the board's judgment, necessarily relate to whether the channel is "non-network connected" or "connecting". For example, an exclusive link between the web server and a sole backend server could reasonably be called "private" or "dedicated", even if the link itself was realised as, say, an Ethernet connection which the skilled person would, ipso facto, consider to be network-connected.

5. Claim 1 according to the main, 1st and 3rd auxiliary requests specifies that "the second processing resource is restricted to implementation of instructions ... from the first processing resource which only request performance of operations predetermined as allowable operations". Claim 1 of the 2nd auxiliary request specifies, in slightly different words, that the "second processing resource is configured to only process allowable instruction which only request performance of operations predetermined as allowable operations".

5.1 Both formulation are unclear, Article 84 EPC 1973, because they leave open what "allowable" should mean, for instance as opposed to merely: available.

5.2 Claim 1 of all requests also fails to specify or imply the means, if any, which would be instrumental in restricting or configuring the second processing resource as specified.

For illustration, the board notes that the claim language reads inter alia on the following scenarios: The web server might be adapted to the backend server in that it simply does not, by design, request operations which are not available in the backend server. To the same effect, the backend server might be adapted to the web server in that it offers the operations which happen to be in demand by the web server. In both cases the two servers are only trivially adapted to the given requirement that only "allowable" operations should be requested, without any special means for enforcing it. The board also notes that "instructions" which the first processing resource is set-up to communicate to the second processing resource may ipso facto - i.e. by definition in view of the design of the first processing resource - be considered to constitute "predetermined allowable operations".

Claim 1 of all requests is therefore unclear, Article 84 EPC 1973, for this reason, too.

6. The independent claims of the main, 1st and 3rd auxiliary requests specify that the restriction to request only allowable operations "inhibit[s] compromise of [the] second processing resource", those of the 2nd auxiliary request add that compromise is inhibited "if the first processing resource is compromised". The claims do not specify what kind of "compromise" this phrase is meant to refer to or how requesting only allowable operations helps inhibiting it, and the board therefore considers this feature to be unclear, Article 84 EPC 1973.

ORDER

For these reasons it is decided that:

The appeal is dismissed.

Quick Navigation