T 1195/09 (XML executable/NOVELL) 21-04-2015
Representing extensible markup language as an executable having conditional authentication or policy logic
Amendments - added subject-matter (yes)
Inventive step - (no)
I. The appeal lies from the decision of the Examining Division to refuse European patent application No. 07120344.2. The refusal is written as a "decision according to the state of the file", using EPO Form 2061, referring to a communication accompanying the summons to oral proceedings dated 23 October 2008 and to a communication sent per fax on 19 January 2009. The application concerns generating an executable for representing an Extensible Markup Language (XML) document including authentication and policy logic.
II. The following documents were cited in the examination procedure:
D1: Horn, C., "Binary XML Transfer using Direct Compilation Techniques", Experience Report and Position Paper W3C Workshop on Binary Interchange of XML Information Item Sets, Santa Clara, CA, USA, 24 September 2003, Internet extracted: 11 March 2008;
D2: Geuer-Pollmann, C., "XML Pool Encryption", Proceedings of the ACM Workshop on XML Security 2002, Fairfax, VA, USA, 22 November 2002.
III. In the statement of grounds of appeal, the appellant requested that the decision be set aside and that a patent be granted on the basis of the last request filed during the examination proceedings on 17 December 2008, including claims 1 to 21. Oral proceedings were requested before a final decision by the Board.
IV. The appellant was invited to oral proceedings with a summons dated 16 December 2014. In a subsequent communication in advance of the oral proceedings, the Board expressed its preliminary opinion that the subject-matter of the independent claims extended beyond the content of the application as filed and did not involve an inventive step.
V. With a letter dated 13 March 2015, the appellant informed the Board that no one would be attending the oral proceedings on its behalf and requested that the oral proceedings nonetheless proceeded in its absence. The appellant did not reply to the reasoning of the Board.
VI. Oral proceedings were held on 21 April 2015 in the absence of the appellant. At the end of the oral proceedings, the chairman pronounced the Board's decision.
VII. Claim 1 of the appellant's sole request reads as follows:
"A computer-implemented method, comprising:
parsing (110) an extensible markup language (XML) document to acquire components of the document and content associated with each of the components;
generating (120) an executable, which when subsequently executed by a machine reproduces the original XML document's hierarchy of components and content as a data structure that is accessible within memory of that machine;
receiving (210) the executable at a recipients machine;
processing (220) the executable by the machine to produce a loaded version of components and content associated with the document, which is mapped to a data structure for subsequent use by XML-enabled applications to render the XML document within the machine or environment of the recipient;
characterized in that said generating (120) comprises;
acquiring authentication logic for verification of the identity of the recipient, the author or the distributor of the XML executable, the author or distributor of an XML document associated with the XML executable, or the resources that consume or use the XML executable;
acquiring policy logic to conditionally enforce policy restrictions on how, when, and if various components and content of the original XML document are subsequently populated to the data structure for a particular recipient;
embedding (130) within the executable said authentication logic and said policy logic;
and in that said processing (220) the executable comprises;
selectively determining the particular components and content that is to be loaded to the data structure within the machine or environment of the recipient by;
conditionally populating at least some components and associated content to the data structure in response to satisfying policy limitations of the embedded policy logic; and
enforcing identity-based restrictions and access rights to at least some components and associated content in the data structure in response to the embedded authentication logic."
Independent claim 13 defines a computer system comprising corresponding means for performing each of the steps of the process of claim 1.
Independent claim 20 defines "A computer program, which when executing on a computer or computer network, performs the method of any one of claims 1 to 12".
VIII. The decision under appeal refers to two communications. The most recent communication of 19 January 2009 was issued in reaction to the last set of claims submitted on 17 December 2008 and maintained in appeal.
According to the opinion of the Examining Division conveyed in that communication, the subject-matter of independent claims 1, 13 and 20 extended beyond the content of the application as filed and did not involve an inventive step.
In the view of the Examining Division the following features of independent claim 1, and analogous features of independent claims 13 and 20, could not be directly and unambiguously derived from the application as filed: (a) "acquiring authentication logic", (b) verification of the identity of "the author or the distributor of the XML executable", (c) "acquiring policy logic", (d) embedding within the executable "said authentication logic and said policy logic", and (e) enforcing "access rights to at least some components".
In the view of the Examining Division the independent claims broadly defined some features concerning generating the executable and acquiring and embedding the authentication and policy logic in terms of their function. The description did not seem to provide more detailed technical descriptions of the implementation of those features. This was allowed under Article 83 EPC only if said features were known and their implementation considered trivial. In the present case the Examining Division considered those features trivial and their functional definition allowable.
Prior art document D1 disclosed a computer-implemented method comprising the steps of parsing an XML document, generating an executable and processing it, as in the invention. The claimed method differed from that prior art in that it also included the features related to including the authentication and policy logic within the executable and enforcing the respective restrictions and access rights. The wish to control access to components of the encoded XML document was considered to be a user requirement. The technical problem to be solved resided in the implementation of the authentication and policy logic. However, this was considered to be trivial, taking into account the common knowledge of the skilled person. Document D2 described an example of such general knowledge of marking and limiting access to components of XML documents, as well as encrypting parts of XML documents for a client. Thus the concept of a logic for decoding/hiding parts of XML documents for/from a user on a client was known.
The same reasoning applied to corresponding independent claims 13 and 20.
IX. The arguments of the appellant can be summarised as follows:
The features considered to be added features by the Examining Division were disclosed in the application as filed in paragraphs  and  in connection with paragraph  (feature (a)), paragraph  (feature (b)), paragraph  (feature (c)), paragraphs  and  (feature (d)), and paragraph  (feature (e)).
The Examining Division had concluded very early on in the examination procedure that key features of the invention were "considered to be known and trivial". This was based on the reasoning that the features were broadly defined in terms of their function and that, therefore, they either infringed Article 83 EPC or were trivial. However, the Examining Division had not cited any document to demonstrate lack of novelty. This had undoubtedly been a bias in the further examination of the application, which prejudiced the applicant.
Regarding inventive step, the appellant argued that the whole invention rested on embedding authentication logic and policy logic into the executable. The embedding constituted the implementation and was not trivial. Neither of the prior art documents D1 or D2 disclosed embedding authentication and policy logic. Document D1 did not describe dynamic evaluation of conditions either. While document D2 addressed access controls, and "policy logic" for deciding which portions of a document could be made available to a particular user, these controls were external to the executable.
1. The appeal complies with the provisions referred to in Rule 101 EPC and is therefore admissible.
2. The application relates to generating an executable for representing an Extensible Markup Language (XML) document, the executable having authentication and policy logic embedded in it. The executable produces in-memory data structures, for example in the form of a document object model (DOM), to be directly used by an XML rendering application.
By means of the invention, "XML-enabled applications can execute without the assistance of a traditional pre-processing step associated with an XML parser", resulting in "improved processing and memory throughput" (paragraph  of the published application).
The authentication logic enforces identity verification with respect to "the recipient, the author or distributor of the XML executable, the author or distributor of an XML document associated with the XML executable, the resources that consume or use the XML executable" (paragraph ). It can be used for supporting identity-based restrictions and access rights (paragraph ).
The policy logic is described in paragraph  as being "designed to conditionally enforce policy restrictions" to "conditionally restrict how, when, and if various components and content of the original XML document are subsequently populated to the data structure for a particular recipient". The paragraph further states that policies "can be dependent on dynamically determined conditions that exist when a recipient processes the executable", such as a condition identifying that another resource is in use, and "may also be used to restrict, enforce, report, and/or log licensing conditions associated with the XML document".
3. The decision under appeal is a so-called "decision according to the state of the file" based on EPO Form 2061, simply referring to two communications. The most recent communication of 19 January 2009 was issued in reaction to the last set of claims submitted on 17 December 2008. The other communication is the annex to the summons to oral proceedings dealing with a previous set of claims.
3.1 The Board notes that in principle a decision which merely cites previous communications should not refer to a communication presenting objections on previous claims which were no longer on file at the time of the decision, since this renders the argumentation unclear. However, in this particular case, the most recent communication cited the previous one in discussing the dependent claims, explaining the correspondence between the dependent claims of both sets. The argumentation of the Examining Division with respect to the refused set of claims can be understood without much effort.
3.2 In the opinion of the Board, it is clear from the decision that the grounds of refusal were that the independent claims of the request submitted on 17 December 2008, which was the request on file at the time of the decision, infringed Articles 123(2), 52(1) and 56 EPC.
3.3 The decision was issued after oral proceedings, at the end of which the Examining Division announced that it would draft a decision according to the state of the file. The Examining Division may have chosen to proceed in this manner because the appellant had not expressly withdrawn the request for oral proceedings. In principle, the Board does not consider the chosen course of action objectionable. However, the decision does not mention that oral proceedings took place, even though these constitute an essential part of the examination proceedings.
3.4 Regarding the previous points, the Board notes that it would be preferable if a decision according to the state of the file provided essential information about the procedural history of the case and, where appropriate, referred to specific parts of the cited communications.
4. The Board considers that the application as originally filed did not disclose the claimed features "acquiring authentication logic" (feature (a) mentioned in section VIII above) and "acquiring policy logic" (feature (c)). The Board is further of the opinion that the feature "access rights" (feature (e)) as described in the claim covers subject-matter extending beyond the content of the original application.
4.1 The appellant argued that the features "acquiring authentication logic" and "acquiring policy logic" were disclosed in paragraphs  to  and  of the application as filed. Those paragraphs describe acquiring "authentication policy", "authentication limitations", "enhanced XML encoding that identifies specific authentication limitations", and "policy" or "policy limitations", which are then processed to produce the corresponding authentication logic and policy logic.
In its argumentation the appellant interprets those terms as referring to "logic". In the Board's view, however, none of those items can be equated with "authentication logic" or "policy logic", which are described in the original application as the parts of the executable enforcing the respective policies for authentication and access rights (paragraphs ,  and ). The statement that authentication limitations are "associated with the authentication logic" of paragraph  neither means nor implies that authentication limitations are authentication logic.
4.2 Regarding feature (e), "enforcing ... access rights to at least some components", the Board agrees with the Examining Division that "access rights to specific data" is conventionally interpreted as encompassing different rights, for example read, write and execution rights. The feature therefore covers different access rights to components. The Board could not find any basis in the application for such a broad feature.
The only passage of the application referring to "access rights" is found in paragraph  and reads "a variety of desired identity-based restrictions and access rights may be represented within the executable via selectively inserted authentication logic." This passage does not refer to access rights to components.
Paragraph  cited by the appellant as the basis for feature (e) includes the sentence "the recipient has immediate access to the components and content of the original XML document via a data structure loaded in memory". The Board is not convinced that the skilled person would interpret this passage, in the context of the present application, as broadly as feature (e).
The skilled person interprets the invention of the original application as being solely directed to the creation of an executable which produces in-memory data structures to be directly used by an XML rendering application (paragraphs ,  and ). The skilled person assumes that a rendering application simply reads the XML data and displays the resulting document. There is no reference to a more complex type of functionality such as allowing modification of the contents of the document. The application does not describe the technical features for such a functionality either.
4.3 Therefore, the subject-matter of independent claim 1 does not meet the requirements of Article 123(2) EPC.
5. The Examining Division considered that the subject-matter of independent claim 1 was obvious over the prior art disclosed in document D1.
5.1 Document D1 describes "a technique for compiling XML documents into a Virtual Machine code that constructs at execution time an optimised tree representation for the original XML document". It further states that the technique "reduces the amount of data to be transferred, eliminates parsing time on the client side completely, and creates an optimised tree representation". Document D1 also discloses that the executable can be sent to different clients for being processed (abstract). It is also clear from the abstract of document D1 that the tree representation is to be used by XML-enabled applications to render the XML document at the recipient. Document D1 therefore discloses all the features of the preamble of the claim.
5.2 The claimed method differs from the method of document D1 in that it comprises the characterising features of the claim specifying that the generating step comprises acquiring and embedding within the executable authentication logic and policy logic, and that processing the executable comprises selectively determining the particular components and content that are to be loaded to the data structure within the machine or environment of the recipient in accordance with the policies.
5.3 The Board concurs with the Examining Division in finding that some of the distinguishing features are related to non-technical requirements regarding data access policies. Such policies do not contribute to the technical character since they are established by the data owner or data administrator and independently of any technical considerations.
In particular, the features specifying that access to data, or parts thereof, is to be restricted on the basis of "the identity of the recipient, the author or the distributor of the XML executable, the author or distributor of an XML document associated with the XML executable, or the resources that consume or use the XML executable" or that the content to be shown is to be based on specific policies for a particular recipient, are related to non-technical data access policies. Those features may reflect decisions regarding non-technical issues of data confidentiality, data protection for privacy reasons, copyright issues or business models. The application in fact mentions that one of the purposes of the policies is to "enforce ... licensing conditions associated with the XML document" (paragraph ).
In the assessment of inventive activity, these non-technical features relating to data access policies are considered to be given to the skilled person as part of the requirements specification, i.e. they merely constitute the framework of the technical problem that is to be solved.
In the opinion of the Board the distinguishing features therefore solve the problem of implementing those data access policies in the prior art method of document D1.
5.4 Document D2 discloses techniques to implement security and data access features for XML. It describes the standard eXtensible Access Control Markup Language (page 1, left column, section 1) and XML Access Control, in which "a trusted access control processor, a.k.a. policy enforcement engine, decides based on a policy which portions of a document can be given to a particular user" (page 3, left column, section 3). It also explains in that passage: "The processor labels the tree according to the policy (and the users access rights) with 'permit' and 'deny' labels. After the labeling step, the document is pruned, i.e. nodes which are finally labeled 'deny' are removed from the document".
Since different users have different access rights to parts of a document, the method of D2 relies on identity verification or authentication. Document D2 also describes, on page 3, right column to page 4, left column, two approaches that may be used by the access control processor to determine the components and contents to be shown to a user and to create a reduced tree. The determination is made on the basis of the access control restrictions for that particular user. In the second approach, the generated tree does not include the nodes for removed elements to which a particular user is denied access.
Document D2 therefore discloses a method which processes an XML document to produce a corresponding data structure in accordance with security policies, identity-based restrictions and access rights. The method obtains authentication and restriction policies and provides the access control processor, which includes authentication and policy logic. The policies are interpreted by the access control processor to selectively determine particular components and associated content to be loaded to the data structure based on the identity-based restrictions and access rights to some components and associated content.
5.5 In the grounds of appeal the appellant argued that the whole invention rested "on the fact that when a machine code executable is being generated, both policy logic and authentication logic are embedded into the executable, in machine code". This step of embedding was the implementation. It was not disclosed in either documents D1 or D2 and was not trivial. While D2 addressed access controls, and "policy logic" for deciding which portions of a document could be made available to a particular user, these controls were external to the executable, and were in fact embedded in the document tree defining the XML document. This followed from the passage of document D2 on page 3, section 3 (cited in point 5.45.4 above), describing the use of the "permit" and "deny" labels.
The Board does not contest that the policy logic is external in the approach of document D2. However, document D1 already discloses creating executable code to reproduce the XML document, including embedding logic for different functions in the executable. In order to extend the system of document D1 to also support security features including authentication and restriction policies, or any other function, it would be obvious to integrate corresponding logic in the executable.
As explained above, document D2 describes authentication logic for verification of the identity and policy logic for conditionally enforcing policy restrictions. Furthermore, the data access policies to be enforced according to the stated problem, as well as those of document D2, take into account the particular user or other parameters which in many cases are only known at the recipient at run time. In the opinion of the Board the skilled person would therefore consider embedding the policies and corresponding logic of document D2 in the executable of document D1, so that the authentication and access restriction could be done at run time at the recipient.
The Board further notes that although embedding policy and authentication logic into the executable can be seen as an implementation, it is still very broad and expressed at a high conceptual level. The claim is silent about the way the logic implements the policies and does not exclude the use of labels to implement the policy logic. The claim does not define implementation details going beyond what is known or made obvious by the prior art.
5.6 In the grounds of appeal the appellant also stressed that the prior art system of document D1 did not support the dynamic evaluation of conditions, and only dealt with immutable or persistent data structures.
While it is true that document D1 does not disclose the dynamic evaluation of conditions when the executable is running, the necessity for dynamic evaluation would be obvious for the skilled person faced with the problem of implementing authentication and identity-based restrictions at run time in the method of document D1. The Board remarks that the present application does not disclose any implementation details regarding the dynamic evaluation of conditions, except that some logic is integrated in the executable.
5.7 The Board therefore concludes that the subject-matter of independent claim 1 does not involve an inventive step (Article 56 EPC).
6. In the grounds of appeal the appellant argued that the applicant had been prejudiced by the fact that the Examining Division had considered early on in the examining proceedings that key features of the invention were known and trivial.
According to the Examining Division, the features were broadly described and either caused the application to infringe Article 83 EPC or had to be considered known and trivial.
The Board cannot see how this line of argumentation could have prejudiced the appellant. The refusal by the Examining Division was based on the reasoning given in its most recent communication cited in the decision. In its argumentation the Examining Division used document D1 as prior art, cited the relevant passages for the features considered to be known from the prior art, and identified the distinguishing features. It explained, with the help of document D2, why the distinguishing features were not considered to involve an inventive step, and addressed the arguments of the applicant. In the Board's judgement the decision of the Examining Division was sufficiently reasoned. The Board concurs with the opinion of the Examining Division and cannot recognise any bias in the examination of the application. In any event, the mere fact that the Examining Division had a negative preliminary opinion does not imply a bias in the further examination.
7. Since independent claim 1 does not fulfill the requirements of Articles 123(2) and 56 EPC, the appeal has to be dismissed.
For these reasons it is decided that:
The appeal is dismissed.