T 1981/11 (User-attributed rights/PHILIPS) 04-05-2015
PROCESSING RIGHTS IN DRM SYSTEMS
Novelty - (yes)
Inventive step - after amendment (yes)
Remittal to the department of first instance for an additional search (no)
I. The appeal lies against the decision of the examining division, dispatched on 21 April 2011, to refuse European patent application No. 05735197.5. The decision refers to documents
D1: EP 1 509 024 A2 and
D2: van den Heuvel, S et al., "Secure Content Management in Authorised Domains", Proc. International Broadcasting Convention, pp. 467-474, 2002,
and concludes that the then independent claims lacked an inventive step over D2, Article 56 EPC. D1 was not relied on in the reasons for the decision.
II. Notice of appeal was filed on 20 June 2011 and the appeal fee was paid on the same day. A statement of grounds of appeal was received on 9 August 2011. The appellant requested that the decision be set aside and that a patent be granted based on amended sets of claims according to a main request filed with the grounds of appeal, or according to a first or second auxiliary request as defined in the grounds of appeal by reference to those of the main request.
III. Along with a summons to oral proceedings, the board informed the appellant of its preliminary opinion according to which the main request and the second auxiliary request lacked clarity, Article 84 EPC 1973, and novelty over D1 under Article 54(3) EPC. The board also raised inventive step objections to the first auxiliary request vis-à-vis D2, Article 56 EPC 1973, and questioned whether the search performed on the originally filed claims was complete for the pending amended claims.
IV. In response to the summons, with letter of 7 April 2015, the appellant filed a new first auxiliary request and indicated that the pending first and second auxiliary requests were to move to second and third position. An amended page 15 of the description was also filed.
V. Oral proceedings were held on 4 May 2015, during which the appellant withdrew its main request and first and third auxiliary requests and filed the claims of its second auxiliary request written out in full as its sole remaining request. It requested that the patent be granted based on this set of claims 1-20 in combination with the following documents:
1-6, 6a as received on 3 February 2011,
7-14, 16, 17 as originally filed,
15 as received on 7 April 2015,
1/1 and 2/2 as originally filed.
VI. Independent claims 1 and 11 read as follows:
"1. A method of processing DRM (Digital Rights Management) rights in a Digital Rights Management (DRM) system, wherein DRM rights for controlling access to content have been created, comprising the step of receiving the DRM rights in the DRM system, characterized in that the method further comprises the step of allowing a user of the DRM system to introduce user attributed rights in the form of further restrictions on the received DRM rights in the DRM system, wherein
- the user attributed rights constitutes a second set of rights and the received DRM rights constitutes a first set of rights, wherein the two sets of rights are linked together by encrypting a right in the first set with a key that is stored in a right in the second set of rights.
11. A Digital Rights Management (DRM) system, arranged to receive DRM rights for controlling access to content, characterized by comprising means for allowing a user of the DRM system to introduce user attributed rights in the form of further restrictions on received DRM rights in the DRM system, wherein
- the user attributed rights constitutes a second set of rights and the received DRM rights constitutes a first set of rights, wherein the two sets of rights are linked together by encrypting a right in the first set with a key that is stored in a right in the second set of rights."
VII. At the end of the oral proceedings, the chairman announced the decision of the board.
1. The application relates to a digital rights management (DRM) system. In this context, the application considers the need of the end user to modify the DRM rights received with a piece of digital content. For example parents may wish to limit the access of their minor children to digital content either entirely or to certain times of day (see p. 3, lines 20-25 and 29-34).
1.1 The invention is meant to provide end users of a given DRM system with the "influence" to add what are called "user attributed rights" to the so-called "received rights" or "delivery rights".
1.2 The application describes the two sets of rights as being "linked together" so that they are also enforced together (see p. 5, last para.). It is explained that it should be impossible simply to remove the user-attributed rights to fool the system. A number of alternative ways are disclosed to prevent this (see p. 15, line 11 - p. 16, line 2). In particular, it is disclosed that the received rights may be "encrypted with a key that is stored in the user attributed rights" (p. 15, line 32 - p. 16, line 2).
Article 123(2) EPC
2. Independent claims 1 and 11 are based on original claim 7 in combination with page 15, lines 32-33. Although this passage follows a paragraph on page 15 discussing a "coupling" between the two sets of rights, it would have been clear to the skilled reader that the term "coupling" was meant to be synonymous to the alternative term "link" used on page 5, lines 21-25 (and also on page 15, line 33). As the dependent claims correspond to originally filed dependent claims, the board is satisfied that the present claims meet the requirements of Article 123(2) EPC.
Article 84 EPC 1973
3. In the annex to its summons to oral proceedings, the board raised a clarity objection to the feature of "embedding [...] as a whole" one set of rights in another one. As this feature is not contained in the present sole request, this objection has become moot. The board has no other clarity concerns.
The prior art
4. D1 discloses a DRM system in which the digital rights associated with a piece of digital content may be modified when the content is transmitted between users and devices across a network. In this manner, the rights obtained by one user may be shared with other users. As an example, D1 explains how a "use count" may be shared between two users (see fig. 2). If a user A forwards some of his rights to another user B (say 5 of 10 use rights), a new rights object is created for and transmitted to B and the limitation on the original rights (defining A's remaining 5 use rights) is added to A's rights object (see fig. 4B, "Modified RO for user A"). Both rights objects are protected by "A's signature".
5. D2 discloses background information on (one variety of) so-called "authorised domains" (ADs) and their management. As defined in D2 (p. 3, section "Functional Specification"), an AD "is an environment of (networked) devices, media, rights and users", which definition is expressly drafted "not to make any implementation assumptions". D2 discloses that an AD should provide central "registration and de-registration" of devices (see p. 2, "device management"), and allow "customers ... [to] add rights (and content)" to an AD and to "pass them along to others" (p. 3, "rights management"). Elsewhere, D2 discloses that the "adding [of] right[s] to a domain" is meant to be synonymous with the "[i]mport[ing] of rights" to an AD (see p. 3, line 4 from the bottom; p. 6, last line). When content is transferred between ADs, some of the rights (such as a "play" right) may be transferred along with it, but other rights (such as a right to "copy" the content) relating to "inter-domain actions" may have to be changed (see p. 7, last two paras. of the section "AD rights management").
Novelty and inventive step vis-à-vis D1
6. The priority date claimed for the present application, 17 May 2004, falls between the priority date claimed for D1, 21 August 2003, and the publication date of D1, 23 February 2005. D1 thus does not form part of the prior art under Article 54(2) EPC 1973 in view of Article 89 EPC 1973 but constitutes prior art under Article 54(3) EPC.
6.1 D1 does not disclose that the received DRM rights are encrypted with a key that is stored in the user-attributed rights. The subject matter of claims 1 and 11 is therefore new over D1 at least by virtue of this feature, Article 54(1) EPC 1973.
6.2 According to Article 56 EPC 1973, prior art within the meaning of Article 54(3) EPC is not to be considered in deciding whether there has been an inventive step. Therefore, D1 is immaterial for the assessment of inventive step.
Novelty and inventive step vis-à-vis D2
7. The appellant took issue with the statement in the appealed decision according to which the feature introducing further restrictions on the received DRM rights related to an activity of doing business which was excluded from patentability and argued that it was wrong for two reasons (see grounds of appeal, p. 3, 6th and 7th paras. and appealed decision, reasons 1.3.1). With reference to G 3/08 (OJ EPO 2010, 10) it argued that even "businesslike" features could not be simply discarded from the claims for the assessment of inventive step but had to be taken into account to determine "for what task the person skilled in the art would be set" (p. 3, 8th para.). With reference to T 1658/06 (not published) it argued that in particular features of DRM systems had to be assessed on their technical merit in view of their "technical ramifications" (9th and 10th para.).
7.1 The board generally agrees with both these statements and therefore does not consider it necessary to discuss the cited decisions in more detail.
7.2 The board notes however that the decision under appeal did not "discard" the pertinent feature in the sense of ignoring it in the inventive step assessment - as the appellant appears to suggest - but took it into account in the formulation of the technical problem to be solved by the invention (reasons 1.3.2).
7.3 Moreover, even the appellant formulates the problem solved by the invention in such a way that it contains the requirement of "introduc[ing a] further restriction on a received DRM right" (see e.g. the grounds of appeal, p. 6, 3rd para. from the bottom). This appears to suggest that the appellant accepts the desire to introduce restrictions to be part of the problem rather than the solution and, in this respect, agrees with the decision under appeal (loc. cit.).
8. The board agrees with the appellant's interpretation of D2 as regards the possibility for consumers to modify rights (see D2, p. 3, 3rd and penult. paras. and p. 7, last two paras. of section "AD rights management"). D2 discloses the "import" of new rights into an AD in order to allow further uses of digital content but does not disclose the introduction of restrictions on existing rights so as to limit such use. D2 also discloses that the user may trigger the modification of rights associated with digital content, in particular when such content is transferred between ADs (p. 7, last two paras. of the section "AD rights management"). However, the rights are modified under the control of the central AD rights management rather than the user so that the transferred user rights do not qualify as user-attributed rights as claimed.
9. In the board's view, therefore, the claimed invention differs from D2 in that it
i) allows the user to restrict a given right by "user attributed rights", and
ii) encrypts the given rights with a key embedded in the user rights.
The technical problem solved by these distinguishing features can be formulated as how to enable the user to provide enforceable rights restrictions in the system according to D2.
10. As regards difference i), the board agrees with the examining division that the concept of allowing users to provide restrictions on given rights is a legal or administrative (i.e. "businesslike") matter and does not, as such, solve a technical problem. Apart from that, the board considers that the situations described in the application - for instance that parents might wish to limit their childrens' rights to use content available on a jointly used computer system - would naturally arise.
10.1 The appellant argues that the rights used in known DRM systems are signed by the rights owner and thus cannot be modified by the user. Whenever users required different sets of rights, they would have to have the rights owner issue and sign them anew. From the perspective of a DRM system such as that according to D2, therefore, the very idea of enabling the user to modify the received DRM rights established an inventive step.
10.2 This was all the more so since, as the appellant argued, known access control mechanisms already provided obvious ways for users to implement rights restrictions, for instance "traditional parenting" (i.e. telling your child and hoping for the best) or login restrictions on a joint computer (see appellant's letter of 7 April 2015, p. 5, 5th para.). Availability of alternative solutions to the given problem taught away from the idea of enabling users to formulate their own rights in the framework of a given, conventional DRM system.
10.3 The board concedes that there were alternative ways of restricting "received DRM rights" at a local computer. However, the board also considers that users would notice the disadvantages of having to use access control means separate from and in addition to a given DRM system, be this the mere inconvenience of having to use separate programs for similar purposes, the unreliability of some methods (e.g. of traditional parenting) or the insufficient granularity of others (e.g. of a login restriction where only access to some content is to be controlled).
10.4 The board concedes that traditional DRM systems may have relied on the premise that only the rights owner may issue and modify DRM rights. This notwithstanding, the board considers that users would notice it to be inconvenient that modifications of the DRM rights always required the cooperation of the rights owner. In the board's view this is the case in particular because the rights owner should not have any objections if legally acquired rights were limited by the end user.
10.5 The board therefore regards as obvious the desire to enable users to formulate their own rights restrictions within the framework of a given DRM system and without involvement of a third party.
11. This argument however leaves open the question as to how to integrate the user-attributed rights in a given DRM system in an enforceable manner, i.e. in such a way that the security of the DRM system is not compromised. Difference ii) relates to this issue.
11.1 The independent claims do not specify how the key with which the received DRM rights are encrypted is generated or obtained, and they therefore allow no conclusion as to whether this key is unique or whether it is available only from the user-attributed rights in which it is stored. The claims also do not exclude the possibility that the key is stored in the user-attributed rights in plain form, even if it may have been common in the art of DRM to encrypt the key with the receiver's public key (see the appellant's letter of 7 April 2015, p. 5, last two paras.). Nor does the description contain further details on any of these issues.
11.2 However, the board agrees that even if the user key is stored in the user-attributed rights in plain format, some minimal form of security is achieved. The skilled reader would understand that any terminal device using the content - say, a DVD player - would only operate properly on well-formed rights. To work with user-attributed rights as claimed, that device would have to locate the key in the user-attributed rights, decrypt the received rights, and then interpret the rights as usual.
11.3 As the appellant points out (letter of 7 April 2015, p. 6, 1st para.), this would not work if a fraudster simply removed the user-attributed rights. As the description put it, access to the content required access to the user-attributed rights as well as to the received rights (see p. 16, lines 1-2).
11.4 Even though this achieves a very low level of protection which can be circumvented with little effort, it is more than none and may well work for the majority of users who have little technical knowledge and no fraudulent intentions.
12. Since D2 does not even disclose the addition of user-attributed rights to received rights, let alone their "linking", a fortiori it does not disclose or suggest the protection mechanism according to difference feature ii). Since, moreover, the board has no reason to consider this feature to be obvious from the common general knowledge in the art, it concludes that the subject matter of claims 1 and 11 is not obvious over D1 and therefore shows an inventive step within the meaning of Article 56 EPC 1973.
Possible remittal, Article 111(1) EPC 1973, in view of the scope of the search
13. For the present application an international search was carried out which produced no documents other than D1 and D2, D1 being prior art under Article 54(3) EPC and 54(4) EPC 1973 and D2 being classified as an "A" document lacking particular relevance for novelty or inventive step for all the original claims.
13.1 While this search must be assumed to have been complete for the claims as originally filed, it is necessary to determine whether this assumption still applies to the present amended claims. Should doubts remain in this respect, the board would have to remit the case to the first instance in order for it to consider whether an additional search would have to be carried out.
13.2 Pursuant to Article 15(3) PCT, the international search must be assumed to have been made on the basis of the claims, with due regard to the description and drawings (if any). According to Article 157(1) EPC 1973, the international search report takes the place of the European search report. It is noted that Article 92 EPC 1973 defines the scope of the European search in essentially the same words as Article 15(3) PCT.
13.3 Original claim 7 specified that the user-attributed rights and the received DRM rights constitute two sets of rights that are "linked" together. No further details of "linking" were originally claimed. However, alternative ways to achieve such "linking" were disclosed in the application as originally filed (see p. 15, line 13 - p. 16, line 29; p. 5, lines 21-25).
13.4 Hence, in accordance with Article 15(3) PCT, the search must be assumed to have covered the concept of linking two sets of rights, interpreted in view of the alternative embodiments on pages 15 and 16 of the description. It must therefore have been clear to the search examiner that any document relevant for novelty or inventive step of any of these alternative embodiments would ipso facto have been relevant for original claim 7.
13.5 From the fact that the search did not reveal any document of particular relevance for the broad original claim 7 it must therefore be concluded that the search was extended to the above-mentioned, narrower embodiments and that it did not reveal any documents of particular relevance for any of these embodiments either.
13.6 Therefore, the board concludes that the search performed for the present application must be considered to have also covered the present independent claims 1 and 11.
13.7 A remittal for further prosecution is therefore not justified.
For these reasons it is decided that:
1. The decision under appeal is set aside.
2. The case is remitted to the examining division with the order to grant a European patent with the following documents:
1-20 as received on 4 May 2015;
1-6, 6a as received on 3 February 2011,
7-14, 16, 17 as originally filed,
15 as received on 7 April 2015,
1/1 and 2/2 as originally filed.