T 1590/13 (Setting and adjusting access policies/PHILIPS) of 9.3.2016

European Case Law Identifier: ECLI:EP:BA:2016:T159013.20160309
Date of decision: 09 March 2016
Case number: T 1590/13
Application number: 06821334.7
IPC class: G06F 21/00
G06F 21/24
Language of proceedings: EN
Distribution: D
Download and more information:
Decision text in EN (PDF, 350.273K)
Documentation of the appeal procedure can be found in the Register
Bibliographic information is available in: EN
Versions: Unpublished
Title of application: SYSTEM FOR MANAGING ACCESS CONTROL
Applicant name: Koninklijke Philips N.V.
Opponent name: -
Board: 3.5.06
Headnote: -
Relevant legal provisions:
European Patent Convention 1973 Art 56
European Patent Convention R 111(2)
European Patent Convention R 103(1)(a)
Rules of procedure of the Boards of Appeal Art 11
Keywords: Inventive step - both requests (no)
Catchwords:

-

Cited decisions:
-
Citing decisions:
-

Summary of Facts and Submissions

I. The appeal lies against the decision of the examining division, with reasons dispatched on 27 February 2013, to refuse European patent applica­tion No. 06 821 334.7 for lack of inventive step. Starting from a generic con­tent distribution system, which the applicant agreed was known in the art, the examining division found that the invention lacked inventive step because it was the obvi­ous im­ple­men­tation of a non-technical ("administrative") de­ci­sion and, in addition, because the claimed matter was obvious in view of the following document:­

D2: US 6 092 194 A.

II. A notice of appeal was filed on 18 April 2013, the appeal fee being paid on the same day. A statement of grounds of appeal was received on 4 July 2013. The appellant requested that the decision be set aside and that a patent be granted "on the basis of the en­closed claims 1-10, which correspond to the main request of the Decision" (see grounds of appeal, page 1, 2nd pa­ra­graph). Contrary to that statement, however, no claims were enclosed with the grounds of appeal, and the deci­sion concerned claims 1-9 as filed during oral pro­cee­dings before the examining division (see annex to the minutes of the oral proceedings). The board therefore un­der­stands the appellant's request to be that a patent be granted­ based on claims 1-9 as filed during oral pro­cee­dings before the examining division on 28 Janua­ry 2013, the other application docu­ments being pages 1-3 and 3a as filed on 22 June 2012, and pages 4-19 and drawings pages 1-3 as originally filed. The appellant also re­ques­ted the reimbursement of the appeal fee under Rule 103(1)(a) EPC, because the decision was insuffi­cient­­ly reasoned (Rule 111(2) EPC).

III. In an annex to the summons to oral proceedings, the board informed the appellant of its preliminary opinion that the decision under appeal was not insufficiently rea­soned and that the claimed invention lacked inventive step, Article 56 EPC 1973.

IV. In response, with letter dated 9 February 2016, the appellant filed amended claims 1-9 according to an auxiliary request. Furthermore, with letter of 7 March 2016, the appellant informed the board that it would not be represented at the oral proceedings but that it requested a decision on the file as it stands.

Claim 1 according to the main request reads as follows:

"Method for managing access control in a content distribution system, the system comprising

- at least one organization (32) for providing content data and related meta data,

- a rendering device (39) for rendering the content data and related meta data and executing the application, and

- at least one application for manipulating the content data and related meta data, which method comprises the steps of

- setting an access policy for the organization, called access policy of the organization, according to a predefined data access format, the access policy of the organization comprising access parameters for controlling access to resources of the rendering device and to content data and related meta data,

- providing at least one organization application (35) complying with the access policy of the organization,

- providing content data and related meta data complying with the access policy of the respective organization,

- executing the organization application while accessing the resources of the rendering device according to the access policy of the organization,

- setting by the user a user access policy that restricts access to the resources of the rendering device relative to the access policy of the organization, when executing the organization application, and

- adjusting the user access policy for the organization based on additional trust data for the organization for selectively allowing the organization application to access the resources according to the access policy of the organization."

Claim 1 according to the auxiliary request differs from claim 1 of the main request only in its last paragraph, which reads as follows:

"... - adjusting the user access policy by the rendering device (39) for the organization based on additional trust data for the organization received by the rendering device (39) from a remote database entity for selectively allowing the organization application to access the resources according to the access policy of the organization."

Both requests also contain an independent device claim, the wording of which corresponds closely to that of the respective independent method claim 1.

V. Oral proceedings were held as scheduled on 9 March 2016 in the absence of the appellant. At the end of the pro­ceedings, the chairman announced the decision of the board.

Reasons for the Decision

The invention

1. The invention relates to a system in which "organi­za­tions" provide content and corresponding appli­cation software to an end user device which runs the appli­cation to "render" the content. For example, the con­tent data might be video data in a proprietary format, the application might be required to access and display the data, and the device might be a suitable video player (see e.g. page 1, lines 19, to page 2, lines 12; page 3, lines 17-28; page 6, lines 2-14). Other types of content data and associated applications are possible (see, for instance, the refe­rences to "games" and "text reviews" on page 1, lines 21-22).

1.1 It is disclosed that "access policies" are provided in order to control applications when accessing, at the ren­dering device, the proprietary content and the re­sour­ces of the rendering device (page 2, lines 9-12 and 15-18 and page 7, lines 18-21). These access po­li­­cies may be enforced cryptographically at the rendering de­vice (page 3, line 28).

1.2 It is observed that organizations providing software applica­tions may be un­known or not trustworthy (page 3, lines 30-31; and page 12, lines 17-21), for instance because they may have gone out of business (page 4, lines 1-3) or were re­por­ted to "mis­behave" (page 9, lines 27-29). It is also noted that an or­ga­nization might be known and trusted by some users but not by others (page 4, lines 3-5), and that one user might find it acceptable if an or­ga­nization accessed certain resources at the user's ren­dering device, whereas other users might find that in­acceptable (see page 3, lines 31-33).

1.3 The invention therefore proposes to enable indivi­dual end users to define "user access policies" which re­strict which accesses the applications of an orga­niza­tions are allowed to make (see e.g. page 9, lines 10-15, and page 12, lines 16-17). Such an access policy might, e.g., allow one user to disable all content of some or­ga­nization to play, but it may also control the resource access more se­lec­tively (see page 9, line 22, to page 10, line 17). Moreover, the user access policy may de­pend on so-called "trust data for organizations", which may be held in a remote data base and which may con­tain "user feedback for specific organizations" (loc. cit.).

The prior art

2. In the decision, it is assumed that a method according to claim 1 except for the last two steps is "so well-known in the field of secure con­tent distribution that written proof [is not] ne­cessa­ry". The existence of such method and corres­­pon­ding sys­tem is reported to have been acknow­ledged by the appellant (see the de­ci­sion, reasons 1.1 and 1.2) and this assumption is also not challenged in the grounds of appeal (see points 2.1 and 3.1).

3. D2 discloses a system for protecting Internet clients from "sus­­picious downloadables". D2 discloses a "secu­rity database" which includes security policies which may be specific for individual users or ge­ne­ric (de­fault) (col. 4, lines 14-18). A requested download is carried out if the downloadable is deter­mined to conform with the relevant policies as re­trieved from the data­base (loc. cit. and col. 4, lines 62-65; fig. 3, no. 317). The policy management (fig. 2, no. 255; fig. 3; col. 3, lines 62-63) is carried out at a server, i.e. the policies are not evaluated at the requesting client. D2 also discloses a "security policy editor" via which the user can effect modifications to the security policy (col. 7, lines 17-29).

The alleged substantial procedural violation, Article 11 RPBA

4. The appellant has argued that the examining division, in its argument based on D2, failed to explain "why the skilled person would [have] direct[ed] its attention to D2 and subsequently combine[d] the teaching of the clo­sest prior art and D2". This being a crucial point in the problem-solution approach, the decision did thus not contain adequate reasoning as required by Rule 111(2) EPC (see grounds of appeal, page 6, point 4).

4.1 Firstly, the board notes that the decision contains two lines of reasoning to show lack of inventive step, only the second of which refers to D2. In its grounds of appeal, the appellant did not object to the first argu­ment for insuffi­cient reasoning. Hence, as the board noted in the annex to its summons, the insuffi­ciency of reasoning alleged by the appellant did not affect the decision as a whole, and the board had to deal with the first ob­jec­tion independently of whether the second in­ven­tive step objection was actually found to be insuffi­ciently reasoned.

4.2 Secondly, the examining division conceded that D2 and the invention were from slightly different contexts (see the minutes of the oral proceedings before the examining division, page 4, 2nd paragraph), but none­theless con­sidered D2 to establish that the skilled person was aware "that security policies can be amen­ded". Moreover, it concluded that the skilled person would have adopted the solution of D2 "for the same purpose" to solve the problem posed (see the decision, reasons 3.2, 3.4 and 3.6; and the minutes, page 4, 2nd paragraph). The board considered that this reasoning adequately addresses the concerns regarding D2 which the appellant raised during the oral proceedings (see the minutes). The board there­fore disagrees with the appellant that the decision is insufficiently reasoned with regard to the second inven­tive step objection.

4.3 For these reasons, the board decided that it would be inappropriate to remit the case imme­di­ately to the first instance without assessing its me­rits (Article 11 RPBA), and issued summons to oral proceedings instead.

5. In its letter of reply of 9 February 2016, the appellant admitted that it had not addressed the first objection, but argued that the two objections overlapped and were thus "equally flawed", namely because the examining division had overlooked that the "problem of misbe­ha­ving organizations" required technical insight and addressing it was not a mere administrative choice (see that letter, pages 1-2, point 4). These arguments challenge the substantive correctness of the decision under appeal, but are unsuitable to establish that a substan­tial procedural violation occurred before the first in­stance. They could not, therefore, convince the board that the case should have immediately been re­mitted to the examining division under Article 11 RPBA.

Terminology

6. The claims do not define in de­tail the concept of an "access policy" or the nature of the "trust data". Like­wise, they do not spe­ci­fy in detail, let alone in tech­nical terms, how an access policy is repre­sented, pro­cessed and enforced, or how it is "ad­jus­ted" based on "trust data". The skilled person would therefore, in the board's view, take the terms "access policy" and "trust data" to define the relevant data only in terms of mea­ning, i.e. as defining which accesses are meant to be allowed or prohibited and under what conditions, and which "organizations" are meant to be trusted, under what conditions, and to what extent. The board also notes that the term "organi­za­tion" has no specific mea­ning in technical terms and must be interpreted broadly. The claims also do not specify in any de­tail the ren­de­ring devices or the resources in question. The claimed rendering device could be a DVD player or a game con­sole, but also, in principle, any per­sonal computer. The resources in question could be any hardware component of the device, such as its hard disk, its Internet connection or its Webcam, and "restricting access" to these resources might mean blocking any access to the resources or imposing restrictions subject to certain constraints, e.g. time.

Inventive step

7. The appellant agrees with the decision under appeal that the invention according to claim 1 of the main request differs from the generic content distribution system (henceforth, "the known system") in the last six lines of claim 1, i.e.

1) setting by the user a user access policy that re­stricts access to the resources of the rendering device relative to the access policy of the orga­ni­zation, when executing the organization applica­tion, and

2) ad­jus­ting the user access policy for the organi­za­tion based on additional trust data for the orga­nization for selectively allowing the organization application to access the resources according to the access policy of the organization.

8. Claim 1 of the auxiliary request further differs from the known system by the facts that

3) the "adjusting" according to difference 2) is done "by the rendering device" and that

4) the additional trust data for the organization is "received by the rendering device [...] from a remote database entity".

9. The board considers that the inventive merit of the claimed invention turns on difference 1).

9.1 The appellant argues that feature 1) required "insight into the problem of misbehaving organizations and their effect on the [given] system", and that this was "tech­ni­cal insight" (see letter of 9 February 2016, page 1, last 8 lines) because it required an understanding that "mis­be­having" organizations pose a secu­ri­ty risk (see the grounds of appeal, points 3.1 and 3.2).

9.2 The board disagrees with this assumption. Rather, the board considers that any reservations, aversions or mis­trust a user might have against an organization - be this a com­pany, a political party, a governmental insti­tu­tion, or the operator of a certain website - is a non-techni­cal matter.

9.3 The appellant challenges this argument, because it was not aware of "an instance where a complete organization with multiple applications was distrusted before the priority date" and because there was no evidence on file "that users were distrusting each and every application issued by a particular organization" (see letter of 9 Fe­bruary 2016, page 2, paragraph 1).

9.4 The board takes the view that mistrust against an entire "organization" is a well-known phenomenon. For instance, some of the better-known software companies have attrac­ted more reservations from within the user community the larger they have become. Political ideologies are known to focus on parties, countries, governmental organi­za­tions, particular newspapers or entire publishing hou­ses. When parents decide that certain websites are unsuitable for the children below a certain age, this also represents mistrust against an "organization", broadly construed.

9.5 These observations do not, however, require proof, be­cause the board considers reservations, aversions or mistrust against an entire organization to be non-tech­nical anyway.

9.6 The board also considers that, from the reservations against an "organization", the desire naturally arises to block an application from that organization from running or from accessing certain resources of the ren­dering device, generally or only during predefined pe­ri­ods of time.

9.7 Therefore, the board considers that difference 1) add­resses this desire and solves the problem of controlling the resource access of an application based on the users' "trust" vis-à-vis the organization provi­ding that application.

9.8 From this perspective, the board finds it ob­vious to enable users to express their particular wi­shes them­selves - i.e. to "set" their own "user access policy" in this respect - and to modify the rendering device to take into account these additional access policies.

10. As regards difference 2), the board agrees with the decision under appeal (see reasons 2.6) that "ad­jus­ting" an access policy is, in essence, a repetition or refinement of "setting" it.

10.1 The appellant stresses the difference between the two, noting that part 1 was clearly executed by the user, where­as part 2 did not state that the user was ad­jus­ting the user access policy (see letter of 9 Fe­bru­ary 2016, page 2, two last para­graphs). The board accepts this point.

10.2 The appellant further argues that part 2 stated the ad­justment to be made "by the device" (loc. cit.).

11. As regards the main request, the board disputes this ar­gument.

11.1 Claim 1 of the main request covers the situ­­a­tion that a user, having heard or read details about an "organiza­tion", decides to change its attitude towards that or­ga­ni­zation and modify its access policy, i.e. set a diffe­rent one.

11.2 Therefore, the board concludes that claim 1 of the ­­main request lacks inventive step as it is an obvious solu­tion to a problem which can realistically be assumed to have ari­sen in the context of the known sys­tem, Article 56 EPC 1973.

12. As regards the auxiliary request, and in view of diffe­rences 3) and 4), the board accepts that claim 1 spe­ci­fies the adjustment to be made by the rendering de­vice.

12.1 However, even the auxiliary request leaves open how the rendering device is meant to ad­just the user access po­licy "based on additional trust data". Specifically, it is not ex­cluded that the rendering device acts in res­ponse to user input, for instance after having pre­sented the "additional trust data" to the user for se­lec­tion, addition, or confirmation. But even if one were to assume, for the sake of argument, that the "ad­justing" was fully automatic and took place without any user in­tervention, the claimed adjus­ting step would not go be­yond the straightforward auto­mation of a "user access policy" based on unspeci­fied "trust data" and according to certain predefined crite­ria, i.e. a number of non-technical decisions made by or on behalf of the user. The board considers it immaterial in this regard that the "setting" relates to "restrict[ing]", where­as the "adjusting" relates to "selectively allow­ing" access.

12.2 Therefore, part 2 differs from part 1 essentially in that the input based on which the access policy is de­fined ("set" or "adjusted") is not obtained from the user but from a "remote database entity".

12.3 In the board's view, these differences solve the addi­tional problem of providing automatic support for the desired resource access control (see point 9.7 above).

12.4 That such automatic support is provided "by the ren­de­ring device" based on a "remote database entity" is con­sidered obvious for the skilled person.

12.5 Therefore, claim 1 of the auxiliary request ­­also lacks inventive step over the known sys­tem (Article 56 EPC 1973).

Inventive step in view of D2

13. In its letter of 9 February 2016 (page 3, lines 10-12; paragraph 2; paragraph 3, lines 4-6), the appellant argues that the skilled person trying to improve the control of the rendering device would have adopted the "readily available solution" according to D2 and that, D2 provi­ding access control for individual applications but not for all applications "of" an organization, this would not have yielded the invention.

14. In this regard, the board only notes that inventive step of one solution cannot be established by showing that a different solution to the given problem exists and is obvious. Therefore, it is immaterial whether D2 might provide or suggest a different solution to the given problem. Thus, the board does not have to decide whether it agrees with the appellant that the claimed invention is not obvious over a solution based on D2.

Reimbursement of the appeal fee

15. Rule 103(1)(a) EPC states that the appeal fee may only be reimbursed in the event of interlocutory revision or where the board of appeal deems an appeal to be allow­able. Therefore, the request for reimburse­ment of the appeal fee must be refused because the appeal is dismissed.

Order

For these reasons it is decided that:

1. The appeal is dismissed.

2. The request for reimbursement of the appeal fee is refused.

Quick Navigation