T 1981/11 (User-attributed rights/PHILIPS) 04-05-2015

The invention

1. The application relates to a digital rights management (DRM) system. In this context, the application con­si­ders the need of the end user to modify the DRM rights received with a piece of digital content. For example pa­rents may wish to limit the access of their minor chil­dren to digital content either entire­ly or to certain times of day (see p. 3, lines 20-25 and 29-34).

1.1 The invention is meant to provide end users of a given DRM system with the "influence" to add what are called "user attribu­ted rights" to the so-called "received rights" or "de­li­very rights".

1.2 The application describes the two sets of rights as being "linked together" so that they are also enforced to­ge­ther (see p. 5, last para.). It is explained that it should be impossible simply to remove the user-attributed rights to fool the system. A number of alter­na­tive ways are disclosed to prevent this (see p. 15, line 11 - p. 16, line 2). In particular, it is disclosed that the received rights may be "encrypted with a key that is stored in the user attributed rights" (p. 15, line 32 - p. 16, line 2).

Article 123(2) EPC

2. Independent claims 1 and 11 are based on original claim 7 in combination with page 15, lines 32-33. Although this passage follows a paragraph on page 15 discussing a "coupling" between the two sets of rights, it would have been clear to the skilled reader that the term "coupling" was meant to be synonymous to the alter­native term "link" used on page 5, lines 21-25 (and also on page 15, line 33). As the dependent claims correspond to origi­nally filed dependent claims, the board is satis­fied that the present claims meet the require­ments of Article 123(2) EPC.

Article 84 EPC 1973

3. In the annex to its summons to oral proceedings, the board raised a clarity objection to the feature of "embedding [...] as a whole" one set of rights in another one. As this feature is not contained in the present sole re­quest, this objection has become moot. The board has no other clarity concerns.

The prior art

4. D1 discloses a DRM system in which the digital rights associated with a piece of digital content may be modi­fied when the content is transmitted between users and devices across a network. In this manner, the rights obtained by one user may be shared with other users. As an example, D1 explains how a "use count" may be shared between two users (see fig. 2). If a user A for­wards some of his rights to another user B (say 5 of 10 use rights), a new rights object is created for and trans­mitted to B and the limitation on the original rights (defining A's remaining 5 use rights) is added to A's rights object (see fig. 4B, "Modified RO for user A"). Both rights objects are protected by "A's signature".

5. D2 discloses background information on (one variety of) so-called "au­tho­rised domains" (ADs) and their manage­ment. As defined in D2 (p. 3, section "Functional Speci­fication"), an AD "is an environ­ment of (net­worked) de­vices, media, rights and users", which defini­tion is ex­pressly drafted "not to make any implementa­tion assump­tions". D2 discloses that an AD should pro­vide central "registration and de-registra­tion" of de­vices (see p. 2, "device management"), and allow "cus­to­mers ... [to] add rights (and content)" to an AD and to "pass them along to others" (p. 3, "rights management"). Elsewhere, D2 dis­closes that the "adding [of] right[s] to a domain" is meant to be synonymous with the "[i]mport[ing] of rights" to an AD (see p. 3, line 4 from the bottom; p. 6, last line). When content is transferred between ADs, some of the rights (such as a "play" right) may be trans­ferred along with it, but other rights (such as a right to "copy" the content) re­la­ting to "inter-domain actions" may have to be changed (see p. 7, last two paras. of the section "AD rights management").

Novelty and inventive step vis-à-vis D1

6. The priority date claimed for the present application, 17 May 2004, falls between the priority date claimed for D1, 21 August 2003, and the publication date of D1, 23 Fe­b­ru­a­ry 2005. D1 thus does not form part of the pri­or art under Article 54(2) EPC 1973 in view of Ar­ticle 89 EPC 1973 but con­stitutes prior art under Article 54(3) EPC.

6.1 D1 does not disclose that the received DRM rights are encrypted with a key that is stored in the user-attributed rights. The subject matter of claims 1 and 11 is therefore new over D1 at least by virtue of this fea­ture, Article 54(1) EPC 1973.

6.2 According to Article 56 EPC 1973, prior art within the meaning of Article 54(3) EPC is not to be conside­red in deciding whether there has been an inventive step. There­­fore, D1 is immaterial for the assessment of in­ven­tive step.

Novelty and inventive step vis-à-vis D2

7. The appellant took issue with the statement in the appealed de­cision according to which the feature intro­ducing fur­ther restrictions on the received DRM rights related to an activity of doing business which was ex­cluded from pa­ten­tability and argued that it was wrong for two reasons (see grounds of appeal, p. 3, 6th and 7th paras. and appealed decision, reasons 1.3.1). With reference to G 3/08 (OJ EPO 2010, 10) it argued that even "businesslike" features could not be simply dis­car­ded from the claims for the assessment of inventive step but had to be taken into account to determine "for what task the person skilled in the art would be set" (p. 3, 8th para.). With reference to T 1658/06 (not published) it argued that in particular features of DRM systems had to be assessed on their technical merit in view of their "technical ramifica­tions" (9th and 10th para.).

7.1 The board generally agrees with both these statements and therefore does not consider it necessary to discuss the cited decisions in more detail.

7.2 The board notes however that the decision under appeal did not "discard" the pertinent fea­ture in the sense of ignoring it in the inventive step assessment - as the appellant appears to suggest - but took it into account in the formulation of the technical prob­lem to be solved by the invention (reasons 1.3.2).

7.3 Moreover, even the appellant formulates the problem solved by the invention in such a way that it con­tains the requirement of "introduc[ing a] further re­stric­tion on a received DRM right" (see e.g. the grounds of appeal, p. 6, 3rd para. from the bottom). This appears to suggest that the appellant accepts the desire to intro­duce restrictions to be part of the problem rather than the solution and, in this respect, agrees with the decision under appeal (loc. cit.).

8. The board agrees with the appellant's inter­pre­tation of D2 as regards the possibility for consumers to modify rights (see D2, p. 3, 3rd and penult. paras. and p. 7, last two paras. of section "AD rights management"). D2 discloses the "import" of new rights into an AD in order to allow further uses of digital content but does not disclose the introduction of restrictions on existing rights so as to limit such use. D2 also discloses that the user may trigger the modification of rights associa­ted with digital content, in particular when such con­tent is transferred between ADs (p. 7, last two paras. of the section "AD rights management"). However, the rights are modified under the control of the cen­tral AD rights management rather than the user so that the trans­ferred user rights do not qualify as user-attributed rights as claimed.

9. In the board's view, therefore, the claimed invention differs from D2 in that it

i) allows the user to restrict a given right by "user attributed rights", and

ii) encrypts the given rights with a key embedded in the user rights.

The technical problem solved by these distinguishing fea­­tures can be formulated as how to enable the user to pro­vide enforceable rights restrictions in the system according to D2.

10. As regards difference i), the board agrees with the exa­­mining division that the concept of allowing users to pro­vide re­strictions on given rights is a legal or adminis­tra­tive (i.e. "bu­si­ness­like") matter and does not, as such, solve a technical problem. Apart from that, the board considers that the situa­tions described in the applica­tion - for instance that parents might wish to limit their childrens' rights to use content avai­lable on a jointly used computer system - would na­tu­rally arise.

10.1 The appellant argues that the rights used in known DRM systems are signed by the rights owner and thus cannot be modified by the user. Whenever users required diffe­rent sets of rights, they would have to have the rights owner issue and sign them anew. From the perspective of a DRM system such as that according to D2, therefore, the very idea of enabling the user to modify the received DRM rights established an inventive step.

10.2 This was all the more so since, as the appellant argued, known access control mechanisms already provided ­obvious ways for users to implement rights restrictions, for in­stance "traditional paren­ting" (i.e. telling your child and hoping for the best) or login restrictions on a joint computer (see appellant's letter of 7 April 2015, p. 5, 5th para.). Availability of alternative solu­tions to the given problem taught away from the idea of enabling users to formulate their own rights in the frame­work of a given, conventional DRM system.

10.3 The board concedes that there were alternative ways of restricting "received DRM rights" at a local computer. However, the board also considers that users would notice the disadvantages of having to use access control means separate from and in addition to a given DRM sys­tem, be this the mere inconvenience of having to use se­parate programs for similar purposes, the unrelia­bi­lity of some methods (e.g. of traditional parenting) or the insufficient granularity of others (e.g. of a login re­striction where only access to some content is to be con­trolled).

10.4 The board concedes that traditional DRM systems may have relied on the premise that only the rights owner may issue and modify DRM rights. This notwith­standing, the board considers that users would notice it to be incon­ve­nient that modifications of the DRM rights always required the cooperation of the rights owner. In the board's view this is the case in particular because the rights owner should not have any objections if legally acquired rights were limited by the end user.

10.5 The board therefore regards as obvious the desire to enable users to formulate their own rights restric­tions within the framework of a given DRM system and without involvement of a third party.

11. This argument however leaves open the question as to how to integrate the user-attributed rights in a given DRM system in an enforceable manner, i.e. in such a way that the security of the DRM system is not compromised. Difference ii) relates to this issue.

11.1 The independent claims do not specify how the key with which the received DRM rights are en­crypted is gene­rated or obtained, and they therefore allow no conclusion as to whether this key is unique or whether it is available only from the user-attributed rights in which it is stored. The claims also do not exclude the possibility that the key is stored in the user-attributed rights in plain form, even if it may have been common in the art of DRM to encrypt the key with the receiver's public key (see the appellant's letter of 7 April 2015, p. 5, last two paras.). Nor does the description contain further details on any of these issues.

11.2 However, the board agrees that even if the user key is stored in the user-attributed rights in plain format, some minimal form of security is achieved. The skilled reader would understand that any terminal device using the content - say, a DVD player - would only operate properly on well-formed rights. To work with user-attri­buted rights as claimed, that device would have to lo­cate the key in the user-attributed rights, decrypt the received rights, and then interpret the rights as usual.

11.3 As the appellant points out (letter of 7 April 2015, p. 6, 1st para.), this would not work if a fraudster simply removed the user-attributed rights. As the description put it, access to the content required access to the user-attributed rights as well as to the received rights (see p. 16, lines 1-2).

11.4 Even though this achieves a very low level of pro­tection which can be circumvented with little effort, it is more than none and may well work for the majority of users who have little technical knowledge and no fraudulent intentions.

12. Since D2 does not even disclose the addition of user-attributed rights to received rights, let alone their "linking", a fortiori it does not disclose or suggest the protection mechanism according to difference feature ii). Since, moreover, the board has no reason to consi­der this feature to be obvious from the common general knowledge in the art, it concludes that the subject matter of claims 1 and 11 is not obvious over D1 and therefore shows an inventive step within the meaning of Article 56 EPC 1973.

Possible remittal, Article 111(1) EPC 1973, in view of the scope of the search

13. For the present application an international search was carried out which produced no documents other than D1 and D2, D1 being prior art under Article 54(3) EPC and 54(4) EPC 1973 and D2 being classified as an "A" docu­ment lacking particu­lar relevance for novelty or inven­tive step for all the ori­ginal claims.

13.1 While this search must be assumed to have been complete for the claims as origi­nally filed, it is necessary to determi­ne whether this assumption still applies to the present amen­­­ded claims. Should doubts remain in this res­pect, the board would have to remit the case to the first instance in order for it to con­sider whether an additional search would have to be carried out.

13.2 Pursuant to Article 15(3) PCT, the international search must be assumed to have been made ­on the basis of the claims, with due regard to the description and drawings (if any). According to Article 157(1) EPC 1973, the in­ternational search re­port takes the place of the Euro­pean search report. It is noted that Article 92 EPC 1973 defines the scope of the European search in essen­tially the same words as Article 15(3) PCT.

13.3 Original claim 7 specified that the user-attributed rights and the received DRM rights constitute two sets of rights that are "linked" together. No further de­tails of "linking" were originally claimed. However, alter­na­tive ways to achieve such "linking" were dis­closed in the application as originally filed (see p. 15, line 13 - p. 16, line 29; p. 5, lines 21-25).

13.4 Hence, in accordance with Article 15(3) PCT, the search must be assumed to have covered the concept of linking two sets of rights, interpreted in view of the alterna­tive em­bo­diments on pages 15 and 16 of the description. It must therefore have been clear to the search examiner that any document relevant for novelty or inventive step of any of these alter­na­tive embodiments would ipso facto have been relevant for original claim 7.

13.5 From the fact that the search did not reveal any docu­ment of particular relevance for the broad original claim 7 it must therefore be concluded that the search was extended to the above-mentioned, narrower embodi­ments and that it did not reveal any documents of parti­cular relevance for any of these embodiments either.

13.6 Therefore, the board concludes that the search per­formed for the present application must be considered to have also covered the present independent claims 1 and 11.

13.7 A remittal for further prosecution is therefore not justified.