T 1225/03 (Secure transaction management / INTERTRUST TECHNOLOGIES) 21-03-2007
Systems and methods for secure transaction management and electronic rights protection
Added subject-matter (no - after amendment)
Amended claims non-unitary with original claims (no)
Remittal for further examination (yes)
I. This appeal is against the decision of the examining division to refuse application No. 97939670.2 on the ground that claim 1 of the main request and of auxiliary requests 1 and 2 infringes Article 123(2) EPC. In addition, the decision considers claim 1 (all requests) to contravene Rule 86(4) EPC.
II. In the statement setting out the grounds of appeal, the appellant requested that the decision under appeal be set aside and the application be allowed to proceed on the basis of the main request or one of the two auxiliary requests. In the event that the Board envisaged issuing a decision unfavourable to the appellant, oral proceedings were requested. The appellant in particular argued that claim 1 of the main request was based on original claim 17.
III. In a communication pursuant to Article 110(2) EPC, the Board expressed its preliminary opinion that claim 1 of the main request infringed Article 123(2) EPC, whereas claim 1 according to the first auxiliary request appeared admissible provided a specific term would be replaced by its original wording. The Board further indicated that it did not see any objection under Rule 86(4) EPC and intended to remit the case to the department of first instance for further examination if the objections raised were overcome.
IV. On 31 January 2007, the appellant filed a set of claims 1 to 9 amending and superseding the claims of the preceding requests. The term "file" has been replaced by "information content". Moreover, the appellant confirmed that it would not regard remittal on the basis of the enclosed claims as an unfavourable decision.
V. Claim 1 of the present request reads:
"1. A secure processing unit comprising a CPU, microprocessor or microcontroller and components designed to perform security-related functions, said components including:
a secure, tamper-resistant barrier (502) operating to render unauthorized interference with or access to the contents or operations of the secure processing unit more difficult;
a clock (528);
an encryption/decryption engine (522)
a random number generator (542),
secure memory (532, 534),
means for the storage of one or more secure objects (300), said secure objects including control information and at least one information content governed by said control information; and
a secure mode interface switch (2658) operatively connected to place the secure processing unit into one of at least two distinct security-related states;
a first of said security-related states being a secure mode; and a second of said security-related states being a non-secure mode."
Article 123(2) EPC - Amendment within the content of the application as filed
1. The Examining Division considered the following feature of claim 1 to infringe Article 123(2) EPC: "means for the storage of one or more secure objects (300), said secure objects including control information and at least one file governed by said control information".
According to the Board's analysis of the application as filed and published (WO-A1-98/09209), the essence of the aforementioned feature is based on the following passages and figures:
- page 94, lines 9 to 10: secure objects are realized in the form of content containers;
- figures 5A and 5B: content containers 300 comprise information content 304 and permission records 808 which are said to be control information of a virtual distribution environment (VDE) (see e.g. page 40, in particular line 6);
- page 201, from line 22 onwards: objects 300 (i.e. content containers) are stored in a secure processing unit (SPU 500);
- the sentence bridging pages 226/227 links the SPU and VDE functionalities.
Hence, the application describes means for storing secure objects 300 (i.e. content containers) which include control information (i.e. permission records) and information content governed by the control information (see Figures 5A and 5B).
2. The examining division further objected to the following feature of the preceding versions of claim 1: "a first of said security-related states being a higher-security state; and a second of said security related states being a lower-security state" (emphasis added).
Claim 1 of the present request brings this feature into line with the wording of original claim 17. The amended feature reads (emphasis added): "a first of said security-related states being a secure mode; and a second of said security related states being a non-secure mode" (see also page 223, line 4 to page 228, line 7 of the original description).
3. The undisclosed specific term "file" (present in claim 1 of the former main request) has now been replaced by its original general basis "information content" (see e.g. page 40, lines 4 to 5 of the description and Figure 5A).
4. Furthermore, claim 1 of the present request defines "a secure mode interface switch (2658) operatively connected to place the secure processing unit into one of at least two distinct security-related states", i.e. a secure mode or a non-secure mode.
That definition of the interface switch is more general than the definition provided by original claim 17 which includes a specific use of the interface switch: "the switch blocking access by a central processing unit to the secure resource except when the switch is operating in the secure mode" (cf. also page 223, lines 6 to 9).
However, Figures 9A and 9B each disclose a switch (2658a/b; 2663) for operating the depicted processing unit in a secure or a non-secure mode (cf. pages 223 to 240). The skilled reader will therefore identify the switching function as the most general aspect of operating a processor selectively in the secure or non-secure state. It is evident that the specific blocking operation mentioned in original claim 17 is only an exemplary use of the switching function because various other security-related uses are disclosed in the description: in the secure mode, a microprocessor (2652) may e.g. control security-relevant aspects of other components (page 224, lines 21 to 24) or may provide encryption/decryption (page 226, lines 21 to page 227, line 7) or may enable interrupts (page 228, lines 9/10); when the system is switched back to the non-secure mode, the contents of registers may be destroyed or copied into secure memory (page 227, lines 9 to 20), etc.
5. Therefore, the Board is satisfied that claim 1 according to the amended request does not extend the teaching of the application and, thus, meets the requirements of Article 123(2) EPC.
Rule 86(4) EPC - Unity between amended and original claims
6. The decision under appeal additionally considers the versions of claim 1 of all preceding requests to contravene Rule 86(4) EPC on the ground that the features added with respect to the original version of the claim, i.e. claim 17 as filed, have not been claimed or implied by any of the original claims subject to search and, thus, are "unsearched".
This objection would also apply to claim 1 of the present request. However, in view of the criteria laid down in Rule 86(4) EPC, the examining division's reasoning for the objection is incomplete because it fails to discuss whether the amended versions of claim 1 are non-unitary with respect to the original independent claim 17 (for which an international search has been carried out). The Board does not see any such non-unity since the amended versions of claim 1 converge to the embodiment according to Figure 9A or 9B which is the subject of original claim 17 (see T 708/00, OJ EPO 2004, 160, point 17 of the reasons, and T 274/03, not reported in OJ EPO, point 6 of the reasons).
7. Since the examining division's admissibility objections have been overcome, further substantive examination will be necessary on the basis of the present request.
For these reasons it is decided that:
1. The decision under appeal is set aside.
2. The case is remitted to the department of first instance for further examination on the basis of the amended claims 1 to 9 filed on 31 January 2007.