|European Case Law Identifier:||ECLI:EP:BA:2017:T149813.20170427|
|Date of decision:||27 April 2017|
|Case number:||T 1498/13|
|IPC class:||H04L 9/00
|Language of proceedings:||EN|
|Download and more information:||
|Title of application:||A method and apparatus to control the use of applications on handheld devices based on network service|
|Applicant name:||BlackBerry Limited|
|Relevant legal provisions:||
|Keywords:||Inventive step - (yes, after amendment)|
Summary of Facts and Submissions
I. The appeal is against the decision of the examining division to refuse the present European patent application on the grounds of added subject-matter and lack of inventive step with respect to the claims of a main request and an auxiliary request, having regard to the disclosure of
In an obiter dictum (under the heading "Comments"), the decision under appeal further stated that the independent claims likewise lacked inventive step over the disclosure of
and that document
represented an additional relevant prior-art document.
II. With the statement setting out the grounds of appeal, the appellant filed amended sets of claims according to a main request and three auxiliary requests. It requested that the decision of the examining division be set aside and that a patent be granted on the basis of one of those claim requests.
III. In an annex to the summons to oral proceedings pursuant to Article 15(1) RPBA, the board expressed its preliminary opinion on the appeal. In particular, it raised objections under Article 123(2) EPC and expressed reservations about inventive step, mainly having regard to D2 and D3.
IV. With a letter of reply, the appellant submitted amended claims according to a new main request replacing the former claim requests on file.
V. Oral proceedings were held on 27 April 2017, during which the appellant filed, in response to objections raised under Articles 123(2) EPC, 84 and 56 EPC 1973 by the board, a new main request replacing the former claim requests on file. The new main request was admitted into the proceedings and discussed.
The appellant's final request was that the decision under appeal be set aside and that a patent be granted on the basis of the main request (claims 1 to 12) filed at the oral proceedings before the board.
At the end of the oral proceedings, the board's decision was announced.
VI. Claim 1 of the main request (sole claim request) reads as follows:
"A method to control the use of applications which are loaded on a mobile device based on a network to which the mobile device is connected to, the mobile device being a two-way cellular telephone communication device having at least voice and data communication capabilities, the method comprising the steps, at the mobile device, of:
connecting (210) to said network and receiving (212) a network identifier from the network;
using a processor to correlate (214) the received network identifier with application limitations stored on the mobile device, wherein the correlating is performed in a look up table which includes a correlation between a network identifier and allowed applications and/or a correlation between a network identifier and restricted applications, the applications comprising one of a speakerphone and a camera; and
in response to a user trying to start a speakerphone or camera application, using an application launcher to limit (216) application usage based on the results of the correlating step by having the application launcher check whether the speakerphone or camera application is allowed to be run prior to launching the application and thus either block or allow the launching of the speakerphone or camera application."
Further independent claim 7 of the main request is directed to a corresponding apparatus.
Reasons for the Decision
1. MAIN REQUEST
The claims of the present main request were submitted with the aim of overcoming the objections raised by the board under Articles 84, 56 EPC 1973 and 123(2) EPC, and differ from the claims of the auxiliary request refused by the examining division essentially in that independent claims 1 and 7 as amended further specify that (emphasis added by the board)
A) the use of applications which are loaded on the mobile device is based on a network to which the mobile device is connected;
B) the mobile device is a two-way cellular telephone communication device having at least voice and data communication capabilities;
C) the applications comprise one of a speakerphone and a camera;
D) the application launcher is used in response to a user trying to start a speakerphone or camera application;
E) the application launcher checks whether the speakerphone or camera application is allowed to be run prior to launching the application and thus either blocks or allows the launching of the speakerphone or camera application.
Feature A) is supported e.g. by page 6, lines 9-15 and page 8, lines 2-5 of the application as filed, whilst feature B) is based e.g. on page 4, lines 4-5 in conjunction with Figure 1. Features C) to E) find their basis in page 8, lines 1-7 in conjunction with page 9, lines 5-9 of the original application. Hence, the board is satisfied that the above amendments comply with Article 123(2) EPC.
1.1 Article 52(1) EPC: novelty and inventive step
In the board's judgment, the present independent claims of the main request meet the requirements of Articles 54 and 56 EPC 1973, for the following reasons:
1.1.1 The present invention concerns a network-dependent limitation of the usability of software and hardware applications stored on a mobile device. According to the present application, the problem to be solved by the claims is to ensure that, while a user of the mobile device is connected to a certain network, he or she is unable to use any application that may affect the security of that network (cf. page 2, lines 20-24 of the application as originally filed).
1.1.2 The board concurs with the finding of the decision under appeal that document D2 is indeed a suitable starting point for the assessment of novelty and inventive step, since like the present invention it is concerned with enforcing network-dependent security policies on a mobile device and thus preventing certain applications from running (see e.g. abstract and paragraphs , ). D2 discloses the following limiting features of claim 1:
A method to control the use of applications which are loaded on a mobile device ("mobile device 102") based on a network ("wireless network") to which the mobile device is connected (see e.g. Figs. 1 and 2), comprising the steps of:
(a) connecting to said network and receiving a network identifier ("SSID" of "Network Access Point NAP") from the network (see e.g. paragraph , second sentence and paragraph : "... a Service Set Identifier (SSID) may also be used ... as a basis for location detection ... Based upon the SSID, the location detection module 208 determines the name of the NAP being used ...");
(b) using a processor ("policy rule engine 704"; "policy engine 832") to correlate the received network identifier with application limitations stored on the mobile device (see e.g. , last two sentences: "The policy rule engine 704 selects the security policy based on ... the detected location ..." in conjunction with  and ),
(c) wherein the correlating is performed in a look-up table ("look-up table" in "resident memory 220"; "rules 840"; see Figs. 2 and 8) which includes a correlation between a network identifier and allowed/restricted applications (see e.g. , last sentence: "... These ... network parameters are stored in a look-up table ... that associates these parameters with a location" and  in conjunction with : "Check for the existence of network environment settings (includes a list of environments)" and : "Can/Can't use the application");
(d) in response to a user trying to start an application, using an application unit ("layer service provider LSP 814") to limit application usage based on the results of the correlating step by checking whether the application is allowed to be run and to either block or allow the execution of the application (see e.g. , last sentence: "... layered service provider 814 (LSP) captures information about network applications starting and stopping ...";  and , last two sentences: "... the policy engine 832 determines that rules of the current security policy do not support certain applications accessing a network" and : "In the event 1002 that a request is received 1054 for processing data for an application ... the policy engine 832 determines ... whether the current policy allows this application or a specific version of it, to execute ...").
1.1.3 The board takes the phrase "a user trying to start an application" in feature (d) to mean that the user, in order to request a "launch" of a certain application on his/her mobile device (i.e. its loading into the device's working memory), presses the respective icon or button associated with that application on that device, and it agrees with the appellant that D2 fails to directly and unambiguously disclose that
(i) an application launcher checks whether an application is allowed to be run prior to launching the application (rather than first providing the information about the start of an application by LSP 814 and then blocking/allowing the application via packet filtering of packets already transmitted as in D2);
(ii) the application concerned is either a speakerphone or a camera.
Hence, the subject-matter of claim 1 is distinguished from the disclosure of D2 by features C) to E) and is therefore new (Article 54 EPC 1973).
1.1.4 As to the technical effect caused by distinguishing features (i) and (ii), the board holds that they reliably enable a faster blocking of certain applications (such as speakerphone or camera applications) and that the underlying objective technical problem may thus be framed as "how to avoid unnecessary delays if the use of a hardware-centric application on a mobile device is to be blocked".
1.1.5 Setting out from the teaching of document D2 and faced with the above objective problem, the skilled person would notice that D2 is concerned with policy-based control over the use of (software-centric) applications on a mobile device (such as applications relating to file sharing or internet access) which generate network traffic in the form of data packets and rely on packet filtering (see e.g. paragraphs ,  and ). Blocking or permitting those applications is executed exclusively by dropping or forwarding the corresponding data packets, generated upon starting an application, at the respective communication ports of the mobile device (see e.g. paragraph : "... If the port is associated with file sharing, the packets for that port are dropped. If the packets are for internet access, they are allowed ..."). This means that the corresponding applications to be blocked according to the look-up table in D2 can only then be prevented from running after they have started and generated the associated data packets to be forwarded to the respective communication ports of the mobile device (see e.g. paragraph , last sentence: "... layered service provider 814 (LSP) captures information about network applications starting and stopping and what ports the applications will be using. This information is provided to the ... policy engine 832 to provide application awareness").
However, the board can discern no hint in D2 which would lead the skilled person in the field of mobile communications to use an additional software unit which checks and possibly blocks a certain application, let alone a hardware-centric application, before its actual launch. Rather, the board finds that the skilled person would regard the teaching of D2 about the monitoring of the starting/stopping of applications and the ports concerned (see paragraph ) as a promising incentive to seek a different feasible solution to the scenario in which a specific application is to be blocked based on the policy applied. More specifically, in order to indeed avoid unnecessary delays and internal data traffic within the mobile device, the skilled person would in fact ensure that data packets relating to an application already launched but to be blocked are not generated at all in the mobile device, thereby sticking to the overarching concept of packet filtering taught in D2 and leading away from the solution claimed. Hence, in view of the amended claims and the reasons outlined above, the board cannot endorse the finding of the decision under appeal (see reasons 13.2) that blocking the launching of the application concerned rather than blocking the executing of that application was obvious for the skilled person. In other words, the skilled person tasked with the above objective problem only could rather than would have come up with the solution claimed.
1.1.6 Hence, the board is satisfied that the subject-matter of claim 1 involves an inventive step over D2 alone (Article 56 EPC 1973).
1.1.7 Moreover, the board finds that neither of the other relevant documents on file, i.e. D1 and D3, renders the subject-matter of claim 1 obvious, whether taken alone or in combination with D2, for the reasons set out below.
Document D1 is concerned with location-based enforcement (by way of an SSID of a wireless LAN) of configuration policies of mobile devices. However, apart from also addressing hardware-centric applications, it is completely silent as to the matter of controlling (i.e. allowing or prohibiting) the use of applications on a mobile device conditional on a network-dependent look-up table prior to the actual launch of a user-requested application on the device.
Document D3, albeit touching on the issue of using look-up tables ("white lists LCI") for the purpose of allowing or restricting the execution of software applications remotely loaded onto a mobile device, neither addresses the problem of avoiding unnecessary delays and/or data traffic nor provides any pointer to use an application launcher for an a-priori check as to whether or not a user-requested, hardware-centric application should indeed be launched.
Therefore, even if the teachings of D2 and D1 or D3 were combined, the skilled person would not arrive at the claimed solution.
1.1.8 In conclusion, having regard to the cited prior art, the subject-matter of present claim 1 is new and involves an inventive step within the meaning of Article 52(1) EPC in conjunction with Articles 54 and 56 EPC 1973. The above observations also apply to the corresponding independent apparatus claim 7.
1.2 Since all the other requirements of the EPC are also found to be fulfilled, the board decides that a patent is to be granted on the basis of claims 1 to 12 according to the main request submitted at the oral proceedings before the board.
For these reasons it is decided that:
1. The decision under appeal is set aside.
2. The case is remitted to the department of first instance with the order to grant a patent on the basis of the following documents:
- claims 1 to 12 submitted at the oral proceedings as main request;
- description: pages 1, 3-15 as originally filed and pages 2, 2a filed in electronic form on 3 May 2012;
- drawings as originally filed.