T 1102/06 23-07-2009
Téléchargement et informations complémentaires:
Secure offline interactive gambling
Summary of Facts and Submissions
I. This is an appeal against the refusal of application 02 796 949 for lack of an inventive step, Article 56 EPC, (main and second to fourth auxiliary request) and for added subject-matter, Article 123(2) EPC, (first auxiliary request).
II. The appellant requested at the oral proceedings before the board that the decision under appeal be set aside and that a patent be granted in the following version:
Claims: 1 to 15 filed during the oral proceedings under the title of Auxiliary request 2A',
Description: Pages 4, 6, 7, 15, 17, 18, 20, 23 and 27 as filed during the oral proceedings;
page 8 as filed with letter dated 21 December 2005;
pages 1-3, 5, 14, 16, 19, 21, 22, 24-26, 28-31 as originally filed (pages 9-13 deleted),
Drawings: Figures 1 to 3 as originally filed.
III. Independent claims 1 and 11 read as follows:
"1. A secure offline interactive gambling system (10) configured to provide an offline interactive gambling application in which a user interactively provides a sequence of user selections in response to gambling input, the system comprising:
a subscriber unit (30); and
a secure processor (140) operatively associated with the subscriber unit (30) and comprising:
a random gambling input generator (230) operative to randomly or pseudo-randomly generate gambling input to the offline interactive gambling application during execution of the offline interactive gambling application;
characterised in that:
the subscriber unit (30) is operative to:
insecurely store an offline interactive gambling application including all rules governing execution of the offline interactive gambling application; and
through interaction with a user, to execute the offline interactive gambling application including determining at least one result of the offline interactive gambling application based on the gambling input generated by the random gambling input generator (230) and at least some user selections made in response to the gambling input during execution of the offline interactive gambling application;
the secure processor (140) further comprises a secure memory (200) operatively associated with the random gambling input generator (230) and operative to securely store information related to the execution of the offline interactive gambling application, said information comprising information from which the at least one result of the offline interactive gambling application can be derived, wherein said information related to the execution of the offline interactive gambling application comprises: a log of the gambling input generated by the random gambling input generator during execution of the offline interactive gambling application; and a log of the at least some user selections made in response to said gambling input during execution of the offline interactive gambling application; and by
a communication interface (70) operatively associated with the subscriber unit (30) and the secure processor (140) and operative to securely transmit said information related to the execution of the offline interactive gambling application; and in that:
the system further comprises a central gambling facility for verifying said at least one result of the offline interactive gambling application, wherein the central gambling facility is in operative communication with the subscriber unit (30), the central gambling facility comprising:
a central gambling facility communication interface (100) operative to receive from the secure processor (140) associated with the subscriber unit (30) of the gambling system (10) said information; and
a processing unit (110) operatively associated with the central gambling facility communication interface (100) and operative to check said information and to derive from said information at least one result of the offline interactive gambling application by performing at least one of the following with said gambling input and said user selections:
a repeated execution of a portion of the offline interactive gambling application; a repeated execution of the entire offline interactive gambling application; and execution of a corresponding verification application that provides results substantially identical to results obtained by execution of the offline interactive gambling application."
"11. A secure offline interactive gambling method for providing an offline interactive gambling application in which a user interactively provides a sequence of user selections in response to gambling input, the method comprising:
insecurely storing an offline interactive gambling application including all rules governing execution of the offline interactive gambling application;
executing the offline interactive gambling application through interaction with a user;
randomly or pseudo-randomly generating gambling input to the offline interactive gambling application during execution of the offline interactive gambling application;
determining at least one result of the offline interactive gambling application based on the gambling input and at least some user selections made in response to the gambling input during execution of the offline interactive gambling application;
securely storing information related to the execution of the offline interactive gambling application, said information comprising information from which the at least one result of the offline interactive gambling application can be derived, wherein said securely storing said information comprises securely storing: a log of the at least some user selections made in response to said gambling input during execution of the offline interactive gambling application; and a log of the gambling input generated during execution of the offline interactive gambling application; and
securely transmitting said information related to the execution of the offline interactive gambling application to a central gambling facility in operative communication with the subscriber unit (30); and
at a processing unit (110) operatively associated with the central gambling facility checking said information and verifying said at least one result of the offline interactive gambling application at the central gambling facility by performing at least one of the following with said gambling input and user selections made in response to said gambling input:
a repeated execution of a portion of the offline interactive gambling application; a repeated execution of the entire offline interactive gambling application; and execution of a corresponding verification application that provides results substantially identical to results obtained by execution of the offline interactive gambling application".
Reasons for the Decision
1.The appeal is admissible.
2. Amendments
Claim 1 is based on claims 37, 38, 40, 42 and 48 to 50 as originally filed, as well as on the description as originally filed (page 23, lines 17 to 21 ("sequence of user selections in response to gambling input") and page 26, lines 3 to 5 ("when the [..] application determines that the game is over, it informs the user [...] the result of the game")).
Analogously, independent claim 11 is based on claims 52, 53, 55, 57 and 61 to 63 as originally filed, as well as on the description as originally filed as indicated above.
The dependent claims 2 to 10 and 12 to 15 correspond to originally filed claims 39, 43 to 47, 20 to 22 and 54, 58 to 60, respectively.
The amendments thus comply with Article 123(2) EPC.
3. Novelty
3.1 Document D1 (WO 99 39 312 A)
3.1.1 Document D1 discloses a system and method for playing a lotto game.
As disclosed in D1, "In a lotto game, players are given the opportunity to choose one or more player numbers. When the winning number or numbers is determined, players receive a prize based on a comparison between the winning number or numbers and the player number of numbers previously chosen by the player. It is understood to be a fundamental rule of lotto games and similar games that the player number or numbers must be picked by the player before the winning number or numbers is announced" (page 1, lines 16 to 22). According to D1 "There is significant potential for fraud in lotto games and similar games. For example, if a player could succeed in picking the player number after the winning number had already been announced, the player could fraudulently obtain a prize" (page 1, lines 23 to 26).
Document D1 prevents this type of fraud in that the player number is transformed by a transformation function, such as a one-way function or hash function, into a transformed number. The transformed number is ultimately compared with a winning number to determine a winner. Preferably, the transformation function is chosen so that it will be very difficult to invert; that is, given only the transformation function and the transformed number, it will be difficult to find the player number. Furthermore, in the case of a significantly large prize, a player is required to present the player number, the transformation function, and the transformed number in order to collect the prize. Thus, since a fraudulent player will not be able to compute the player number, he will not be able to fraudulently claim to have won (page 5, lines 9 to 19).
The system generally comprises a display (such as a television set), an input device (such as a television remote control), a communications interface (such as an integrated receiver-decoder typically used for subscriber television) and a security device (such as a smart card interacting with the integrated receiver-decoder) (figures 2A, 2b and corresponding description).
A player number is provided to the system and transformed in the smart card (security device) by a one-way function such as a hash function (page 14, line 30 to page 15, line 25). The player number, the hash function and the transformed player number are typically all stored on the card.
A winning number, chosen by any appropriate means such as random generation, is received, typically via a broadcast transmission. The winning number is compared to the transformed player number. If the winning number matches the transformed player number or, according to the rules of whatever game is being played, partially matches the transformed player number, the player wins (page 16, lines 23 to 28).
In the case of large prizes, the player's win is verified at a game control site. Verification comprises verifying that the transformation function which the player has is the transformation function which the player is authorized to have; verifying that the player number, when input to the transformation function, yields the transformed player number; and verifying, typically by physical evidence, that the card has not been tampered with (page 17, lines 11 to 17).
Regarding the player number, according to D1, the player is allowed to choose his own player number. Alternatively, any of a wide variety of methods may be used for choosing a player number. For example, any of the following methods may be used: a player number may be randomly generated by any appropriate component of the system of Figs. 2A and 2B; a player's favourite number may be stored and automatically provided by any appropriate component of the system of Figs. 2A and 2B; and a list of player numbers, including favourite numbers, numbers previously played, or other numbers may be stored and either one number may be automatically provided by any appropriate component of the system of Figs. 2A and 2B or a list of numbers may be provided to the player for making a choice. Furthermore, according to D1 it is appreciated that a player may play more than one number, typically at an increased cost (page 14, lines 16 to 29).
3.1.2 Having regard to independent claims 1 and 11, however, document D1 does not disclose providing an interactive gambling application in which a user interactively provides a sequence of user selections in response to gambling input generated by a random gambling input generator. Moreover, there is no disclosure in D1 of storing information comprising a log of the gambling input generated by the random gambling input generator during execution of the offline interactive gambling application and a log of the at least some user selections made in response to said gambling input during execution of the offline interactive gambling application.
In document D1, in case the player number is randomly generated, there is no disclosure, and indeed there would be no reason in the context of the lotto game of D1, for the user interactively providing a sequence of user selections in response to randomly generated gambling input and for securely storing a log of at least some of these user selections.
3.1.3 Having regard specifically to claim 1, document D1 discloses a system comprising a subscriber unit (integrated receiver-decoder), a secure processor (smart card) and a random gambling input generator (for randomly generating a player number).
However, not disclosed in document D1 is that the secure processor (smart card) comprises the random gambling input generator as per claim 1. For the purposes of the lotto game of D1 there would indeed be no need for the generator of the player number to be secure.
Moreover, D1 does not disclose that the subscriber unit is operative to insecurely store an offline interactive gambling application including all rules governing execution of the offline interactive gambling application.
Furthermore, the central gambling facility (game control site) of D1 is in operative communication with the secure processor (smart card) during verification and not with the subscriber unit (integrated receiver-decoder) as defined in claim 1.
3.1.4 Accordingly, the subject-matter of both claims 1 and 11 is new over document D1 (Articles 54(1) and (2) EPC 1973).
3.2 Document D3 (US 6 234 898 B)
Document D3, cited in the application as originally filed (page 1, lines 15 to 18), discloses a system and method providing an offline interactive gambling application in which a user interactively provides a sequence of user selections in response to gambling input generated by a random gambling input generator.
An example of such a gambling application is a poker game (D3, column 3, line 41 to column 4, line 34), like in the application (original description page 5, lines 8 to 13). A "deck of cards" is created by the software with the aid of a random number generator. The user can now decide which "cards" in the hand to retain or discard in order to attempt to improve the displayed hand (column 3, line 66 to column 4, line 8).
The system of D3 comprises a secure processing and memory apparatus in the form of a smart card, together with non-secure input and display means connectable to the smart card. The memory of the smart card stores software controlling the operation of the game and also data relating to gains or losses of the player. Input signals generated by the player are processed within the secure processor and all operations which can influence the outcome of the game are carried out within the secure processor so that the system is not susceptible to tampering, even when used in a non-secure environment (abstract; column 3, lines 26 to 40).
According to D3, "although there is communication between the secure processor of the smart card and external input and display means, this communication concerns only output signals from the secure processor which generates a display, and permissible control signals generated by the keypad or other input means which is operated by the user of the system. There is no bus or other communications link which is accessible to a would-be hacker or criminal which could be accessed to tamper or interfere with the operation of the system" (column 5, lines 43 to 53).
Thus, in document D3, there is no central gambling facility, no transmitting of information to such a facility and no verification of the result.
Accordingly, the subject-matter of both claims 1 and 11 is also new over document D3 (Articles 54(1) and (2) EPC 1973).
3.3 Document D2 (US 5 850 447 A)
Document D2 relates to a secure system for remote participation in interactive games where televiewers are asked, during a broadcast, to give answers to questions broadcast from a station. If the right answer is given a winning may be assigned (column 1, lines 8 to 15 and 60 to 61).
During such games, a maximum answering time has to be set in order to prevent the televiewer from making his answer after the solution to the game has been given from the station or after he has looked up the answer in an encyclopedia or any other reference data base (column 1, lines 16 to 21).
To this end D2 provides a secured system of remote participation in interactive games with verification of the chronology of events which relies on the counting, by a secured microprocessor (for example a microcircuit card), of consecutive periods of time of which the first one is initialized by a cryptographically secured message sent by the transmitter and the last one is ended by a connection of the games machine to the central computer of the transmitter for the forwarding thereto of the answer (column 1, lines 8 to 10 and column 3, lines 33 to 45).
Having regard to independent claims 1 and 11, document D2 is not concerned with an interactive gambling application in which a user interactively provides a sequence of user selections in response to gambling input generated by a random gambling input generator.
Accordingly, the subject-matter of both claims 1 and 11 is new over document D2 as well (Articles 54(1) and (2) EPC 1973).
Inventive step
4.1 The closest prior art is considered to be document D3 which, as discussed above (point 3.2), discloses a secure offline gambling system and method providing an interactive gambling application in which a user interactively provides a sequence of user selections in response to gambling input generated by a random gambling input generator, and thus relates to the same type of gambling game application as the patent application under consideration.
Document D3, however, relies on the security of the system being achieved by carrying out all operations which can influence the outcome of the game within the secure processor of the smart card so that the system is not susceptible to tampering, even when used in a non-secure environment. There is no central gambling facility, no transmitting of information to such a facility and no verification of the result of the gambling application at such a central facility.
Having regard to claims 1 and 11, by verifying the result of the gambling application at the central gambling facility, the gambling application can be stored insecurely, thus allowing dispensing with more expensive secure memory for storing the application (description page 17, lines 1 to 14) and, as argued by the appellant applicant, making it easier and inexpensive to distribute and update the gambling application.
None of the cited prior art documents address this problem or suggest the solution as claimed.
The gambling application as claimed relies on randomly generated gambling input from the user application (eg the "cards" provided in a poker game etc.). This input, however, should be tamper resistant, as any manipulation to this input could fraudulently affect the outcome of the game. In contrast, the lotto game of document D1 relies on the winning number being drawn centrally in a secure manner and thus places less stringent security requirements on the user application. As a consequence, D1 relies on the gambling application at the user to be sufficiently secure, at least for the smaller prizes. Accordingly, document D1 does not suggest the claimed solution.
4.2 Conversely, if either one of documents D1 or D2 were to be taken as the closest prior art, like in the decision under appeal, the basic difference between the subject-matter of claims 1 and 11 over D1 or D2 would be the provision of an interactive gambling application in which a user interactively provides a sequence of user selections in response to gambling input generated by a random gambling input generator and the storing of information comprising a log of the gambling input generated by the random gambling input generator during execution of the offline interactive gambling application and a log of the at least some user selections made in response to said gambling input during execution of the offline interactive gambling application.
As discussed above, these features are essentially occasioned by the different type of gambling game being provided and the ensuing different security issues.
It is true, that since rules for playing games are part of the subject-matter excluded under Article 52(2) EPC and thus considered "non-technical", they cannot support the presence of inventive step (see decisions T 641/00 (OJ EPO 2003, 352) and T 1543/06). In the context of the problem-solution approach used for assessing inventive step this implies that they appear in the objective problem-to-be-solved as a constraint to be met.
The above claimed differences however do not relate to the rules of the game per se, which anyway are well-known (eg a poker game), but relate to the technical implementation of the rules of the game.
There is noting in D1 or D2 which would suggest the claimed implementation. The only available prior art implementation of an interactive game requiring a sequence of user selections in response to gambling input generated by a random gambling input generator is provided in D3, which however relies on a self-contained secure application at the user and thus differs fundamentally from the claimed solution.
4.3 Accordingly, the subject-matter of both independent claim 1 and 11, having regard to the cited prior art, is not obvious to a person skilled in the art and, therefore, involves an inventive step in the sense of Article 56 EPC 1973.
4.4 The remaining claims are dependent on either claim 1 or 11 and consequently their subject-matter involves an inventive step as well.
ORDER
For these reasons it is decided that:
1. The decision under appeal is set aside.
2. The case is remitted to the department of first instance with the order to grant a patent in the following version:
Description: pages 1-3, 5, 14, 16, 19, 21, 22, 24-26, 28-31 as originally filed,
page 8 filed with letter dated 21 December 2005,
pages 4, 6, 7, 15, 17, 18, 20, 23 and 27 as filed during the oral proceedings,
Claims: 1 to 15 as filed during the oral proceedings under the title of Auxiliary request 2A',
Drawings: Figures 1 to 3 as originally filed.