T 2237/11 () of 10.3.2016

European Case Law Identifier: ECLI:EP:BA:2016:T223711.20160310
Date of decision: 10 March 2016
Case number: T 2237/11
Application number: 00982665.2
IPC class: G07B 17/00
Language of proceedings: EN
Distribution: D
Download and more information:
Decision text in EN (PDF, 310.858K)
Documentation of the appeal procedure can be found in the Register
Bibliographic information is available in: EN
Versions: Unpublished
Title of application: Method and Apparatus for On-Line Value-Bearing Item System
Applicant name: Stamps.Com
Opponent name: -
Board: 3.5.02
Headnote: -
Relevant legal provisions:
European Patent Convention Art 56
European Patent Convention Art 84
Keywords: Claims - clarity - main request, auxilairy request 1 (no)
Inventive step - auxiliary request 2 (no)
Catchwords:

-

Cited decisions:
-
Citing decisions:
-

Summary of Facts and Submissions

I. This is an appeal of the applicant against the decision of the examining division to refuse European patent application No. 00 982 665.2. The reasons given for the refusal were that the subject-matter of the main request and auxiliary request 3 then on file did not involve an inventive step (Article 56 EPC) and that auxiliary requests 1 and 2 contravened Article 123(2) EPC.

II. The following document of the prior art cited during the procedure before the examining division is relevant for this decision:

D2: WO 98/57302 A1.

III. Oral proceedings before the board took place on 10 March 2016. The appellant requested that the decision under appeal be set aside and that a patent be granted on the basis of claims 1 to 19 of a main request, or if that is not possible, on the basis of claims 1 to 19 of a first auxiliary request, or on the basis of claims 1 to 19 of a second auxiliary request, all filed with letter dated 29 January 2016.

IV. Claim 1 according to the appellant's main request reads as follows:

"A scalable on-line system for printing value bearing items comprising:

a client system for interfacing with a plurality of users; and

a scalable server system remote from the plurality of users and capable of communicating with the client system over a communication network comprising:

a database remote from the users including information about the users;

a stateless cryptographic module for authenticating the plurality of users; and

a plurality of security device transaction data records stored in the database for ensuring authenticity of the plurality of users, wherein each security device transaction data record can be processed in the server system in a stateless manner, wherein

each security device transaction data record is related to a user, wherein when the cryptographic module is loaded with the security device transaction record that cryptographic module becomes the user's postal security device (PSD), and wherein the security device transaction data record includes all data needed to restore the user's PSD to its last known state when the security device transaction data record is next loaded into the stateless cryptographic module, and wherein

the database stores a first set of one or more last database transactions and the cryptographic module stores a second set of the one or more last database transactions for comparing with the first set of the one or more last database transactions to verify each database transaction."

Claim 1 according to the appellant's auxiliary request 1 differs from that of the main request by the addition at the end of the claim of "; and wherein the cryptographic module is implemented as a hardware card", together with the consequent deletion of the word "and" earlier in the claim.

Claim 1 according to the appellant's auxiliary request 2 reads as follows:

"A scalable on-line system for printing value bearing items comprising:

a client system for interfacing with a plurality of users; and

a scalable server system remote from the plurality of users and capable of communicating with the client system over a communication network comprising:

a database remote from the users including information about the users;

a cryptographic module for authenticating the plurality of users; and

a plurality of security device transaction data records stored in the database for ensuring authenticity of the plurality of users, wherein each security device transaction data record can be processed in the server system in a stateless manner, wherein

each security device transaction data record is related to a user, wherein when a user requests a postal security device service, the cryptographic module is loaded with the security device transaction data record and thereby becomes the user's postal security device (PSD), and wherein the security device transaction data record includes all data needed to restore the user's PSD to its last known state when the security device transaction data record is next loaded into the cryptographic module, wherein

the database stores a first set of one or more last transactions between the database and the cryptographic module and the cryptographic module stores a second set of the one or more last transactions between the database and the cryptographic module for comparing with the first set of one or more last transactions to verify each transaction between the database and the cryptographic module; and wherein

the cryptographic module is implemented as a hardware card."

V. The appellant essentially argued as follows:

The meaning of "stateless cryptographic module" was clear from page 4, line 24 (of the published application), and the term was moreover expressly defined at page 5, lines 11-13. Although "stateless" conventionally referred to a protocol or transaction, it was thus apparent that the meaning of this definition was that the cryptographic module was capable of carrying out the stateless transactions defined in the following two paragraphs of the claim.

The meaning of the last paragraph of claim 1 of the main request was clear, since the skilled person would have understood it as defining the steps disclosed in the description from page 22, line 29 to page 23, line 21. Supporting evidence was provided by page 21, lines 9 to 21, and in current claim 6, which defined the consequence if the two transactions do not "compare". The skilled person would not have considered any other interpretation, because that would have made no technical sense.

The above two points applied also to auxiliary request 1.

Regarding claim 1 of auxiliary request 2, as far as inventive step with respect to D2 was concerned, the significant technical difference was that identified in the decision under appeal, namely that the functions of the meter box 44 and the authentication box 40 were deliberately kept separate, requiring separate steel boxes and separate keys, whereas in the claimed invention these functions were combined in the cryptographic module. The technical problem addressed by this difference was to simplify the system. This difference went against the explicit teaching of D2, for instance at page 10, lines 11 to 14 and in claim 2, in which the first two defined "means" corresponded to the authentication box and meter box. The passages at page 11, lines 16 to 18 and in the paragraph spanning pages 12 and 13 also did not suggest modifying the system in the manner claimed, because they related to different parts of the system. D2 therefore provided no motivation to the skilled person to carry out this modification, in particular since he would have understood from D2 that it was essential from the point of view of security to keep the functions of the authentication box and the meter box separate, with different keys.

Reasons for the Decision

1. The appeal is admissible.

2. Main request - Clarity (Article 84 EPC)

The term "stateless cryptographic module" as used in claim 1 of the main request is unclear, so that the claim does not meet the requirements of Article 84 EPC. This objection arises primarily because the adjective "stateless" is conventionally used in the technical field of computing systems to refer to a protocol or transaction, i.e. to a process, not to a device, as is the case here. The appellant has argued that it is nonetheless clear in context, because the overall purpose is disclosed at page 4, line 24 of the application, and in particular because at page 5, lines 11 to 13 there is an explicit definition of what is meant by "stateless" in this context, i.e. that it means that the cryptographic module is capable of carrying out the required stateless processes, which are in turn defined in the claim in the two paragraphs following the definition of the stateless cryptographic module. The board does not find this argument convincing, because the definitions in those two paragraphs of the claim are already sufficient to specify that capability. Thus it is not clear whether the word "stateless" qualifying "cryptographic module" is merely superfluous, or whether it is intended to indicate some further property of the module.

The terminology of the final paragraph of the claim is so broad that no clear meaning can be derived from it. This objection arises in particular from the expression "database transaction", which does not indicate which other part or parts of the system are involved in the transaction. It is also not clear what the relationship is between the "first set of one or more" of those transactions and the "second set" of them. What might then be achieved by comparing them is thus also not clear. The appellant has argued that the skilled person would have understood that these must be as described in the passage from page 22, line 29 to page 23, line 21, since only then would the comparison enable the defined verification to be carried out. The board does not find this argument convincing, because the claim also does not define the nature of the comparison or what is verified as a result. Thus, for instance, the term "comparison" does not necessarily imply the checking for identity between the sets of transactions, but covers many other less precise comparisons. It is thus also not clear what is meant by "to verify each database transaction". The list of data items in the application at page 21, lines 9 to 21 is of no relevance in this respect because it relates to verification of data at the client, not in the database. Similarly claim 6 cannot render claim 1 clear, since it merely indicates one possible consequence of a failed comparison, without providing any more details about the transactions or the comparison (it defines merely that "the cryptographic module prevents further database transactions if the second set of the one or more last transaction stored in the cryptographic module does not compare with the first set of the one or more last transaction stored in the database"). Thus also this paragraph of claim 1 is unclear, thus not meeting the requirements of Article 84 EPC.

3. Auxiliary request 1 - Clarity (Article 84 EPC)

The above applies mutatis mutandis to this request, since the only amendment in claim 1 of this request with respect to that of the main request is the addition of the final feature relating to the hardware card, which amendment has no influence on the objections in sections 2.1 and 2.2 above. Thus also this request does not meet the requirement for clarity of Article 84 EPC.

4. Auxiliary request 2 - Inventive step (Article 56 EPC)

4.1 The board notes initially that this request includes amendments which address the objection under point 2.1 above and at least partially address that under point 2.2, such that claim 1 is at least sufficiently clear to enable a meaningful assessment of inventive step.

4.2 Concerning the disclosure in D2 with respect to the technical features of the system as defined in claim 1 of this request, the board understands that the appellant accepts the position as indicated in section 2.1 of the decision under appeal, and the board sees no reason to deviate from that conclusion. Thus there appear to be two differences between the system of claim 1 and that of D2.

4.3 The first distinguishing feature is that in D2 the functions of the meter box 44 and the authentication box 40 are deliberately kept separate, requiring separate steel boxes and separate keys, whereas in the claimed invention these functions are combined in the cryptographic module.

4.3.1 The appellant argued, and the board accepts, that this difference can be seen as addressing the technical problem of how to simplify the system. However, the board also considers that the claimed solution would have been obvious to the skilled person, because D2 already describes in page 11, lines 12 to 18 and page 12, line 27 to page 13, line 7 that although separation of the functions, and the associated use of different keys, is beneficial (implicitly from the point of view of security), it is nonetheless possible to use the same keys. The board considers that it would be obvious to the skilled person that this consideration applied not only to the specific circumstances described in those passages but also to the meter box and the authentication box, such that it would be obvious to combine them, thus arriving at a cryptographic module according to the present claim.

4.3.2 The appellant argued that this would not have been obvious to the skilled person because such a modification was directly contrary to the teaching of D2, not only in the two passages cited above, but also in page 10, lines 11 to 14 and claim 2. The board agrees that D2 does indeed teach that the separation of the functions of the authentication box and the meter box is important from the point of view of security. However, the system according to the present claim is understood to simply accept the resultant loss of security, and therefore the board sees this modification with respect to D2 as representing nothing more than a simple trade-off between security and complexity, with D2 preferring a higher security at the cost of higher complexity, whereas the claimed system accepts reduced security as the price for simplicity. In the view of the board such a trade-off would be obvious to the skilled person.

4.4 The other distinguishing feature is the final one of the claim, i.e. that the cryptographic module is implemented as a hardware card. In the decision under appeal, this feature was addressed in section 6 in the context of the then third auxiliary request. The examining division concluded that the addition of this feature would have been obvious to the skilled person. Since the board considers the reasoning in that decision to be convincing, and since the appellant has not presented any further arguments in this respect during the appeal procedure, it follows that this feature cannot contribute to the presence of an inventive step in the claimed subject-matter.

4.5 The board therefore concludes that the subject-matter of claim 1 of the appellant's auxiliary request 2 does not involve an inventive step according to Article 56 EPC.

5. Thus, for the above reasons, none of the appellant's requests is allowable, so that the appeal has to be dismissed.

Order

For these reasons it is decided that:

The appeal is dismissed.

Quick Navigation