14-15 November 2018
|European Case Law Identifier:||ECLI:EP:BA:2013:T217408.20130318|
|Date of decision:||18 March 2013|
|Case number:||T 2174/08|
|IPC class:||G06F 1/00|
|Language of proceedings:||EN|
|Download and more information:||
|Title of application:||Mobile wireless device with protected file system|
|Applicant name:||Nokia Corporation|
|Relevant legal provisions:||
|Keywords:||Decision re appeals - remittal (yes)|
Summary of Facts and Submissions
I. This is an appeal against the decision, dispatched on 10 June 2008, by the examining division to refuse European parent application No. 03 727 704.3 on the basis that the subject-matter of claim 1 according to the main and first and second auxiliary requests did not involve an inventive step, Article 56 EPC 1973. The appealed decision also dealt with further auxiliary requests which are not relevant to the present decision.
II. A notice of appeal was received on 6 August 2008 against the decision in its entirety, the appeal fee being paid on the same date.
III. With a statement of grounds of appeal, received on 20 October 2008, the appellant submitted amended claims according to a main and first to sixth auxiliary requests.
IV. With a letter received on 8 June 2011 the appellant submitted amended claims according to first to sixth auxiliary requests. The appellant maintained the previous main request and requested that the board exercise its discretion to admit the replacement auxiliary requests into the procedure. If the board were to admit the replacement requests, then the appellant would withdraw the first to sixth auxiliary requests filed on 20 October 2008.
V. The board issued a communication, dispatched on 2 November 2012, stipulating that any reply was to be filed within a period of four months. The board stated that it was inclined to admit the replacement auxiliary requests received on 8 June 2011. Claims 1 and 8 according to the main request appeared however to contain added subject-matter, Article 123(2) EPC, and were also unclear, Article 84 EPC 1973. The claims according to the replacement first auxiliary request were prima facie clear, Article 84 EPC 1973. Moreover the amendments to the claims seemed to satisfy Article 123(2) EPC and to overcome the reasons given in the appealed decision regarding lack of inventive step, Article 56 EPC 1973. The replacement first and subsequent auxiliary requests effectively raised issues which had not been discussed in the decision or indeed in first instance proceedings. Thus, if the appellant were to withdraw the main request, the board was inclined to remit the case to the first instance for further prosecution, Article 111(1) EPC 1973, on the basis of the first auxiliary request.
VI. In a letter received on 14 February 2013, before expiry of the four-month time limit, the appellant withdrew the main request.
VII. The application documents now on file are as follows, there being no figures:
Pages 1, 2 and 4 to 16, as published in WO 03/100582 A2,
Page 3, received on 20 December 2007.
Claims (all received on 8 June 2011):
First auxiliary request: 1 to 15.
Second auxiliary request: 1 to 15.
Third auxiliary request: 1 to 15.
Fourth auxiliary request: 1 to 15.
Fifth auxiliary request: 1 to 15.
Sixth auxiliary request: 1 to 15.
VIII. The independent claims according to the first auxiliary request read as follows:
"1. A mobile wireless device programmed with a file system which is partitioned into multiple root directories, the multiple root directories comprising a private root directory, and the private root directory comprising a sub-tree directory with a respective "process_secure_id", wherein a secure identifier is associated with a process to be run on the device, and the device is configured to grant access to the sub-tree directory for the process if the secure identifier of the process is assigned to the "process_secure_id" of the sub-tree directory."
"8. An operating system for a mobile wireless device, the operating system comprising a file installation mechanism that maintains the integrity of an existing file system by controlling where files are installed, the file system being partitioned into multiple root directories, the multiple root directories comprising a private root directory, and the private root directory comprising a sub-tree directory with a respective "process_secure_id", wherein a secure identifier is associated with a process to be run on the operating system, and the operating system is configured to grant access to the sub-tree directory for the process if the secure identifier of the process is assigned to the "process_secure_id" of the sub-tree directory."
Reasons for the Decision
1. The admissibility of the appeal
In view of the facts set out at points I to III above, the appeal satisfies the admissibility criteria under the EPC and is consequently admissible.
2. The replacement auxiliary requests received on 8 June 2011
2.1 The question of the admittance of these requests, submitted after the statement of grounds of appeal had been filed, turns on whether the board allows the corresponding amendments to the appellant's case, Article 13 RPBA. According to Article 13(1) RPBA, any amendment to a party's case after it has filed its grounds of appeal or reply may be admitted and considered at the board's discretion. The discretion shall be exercised in view of inter alia the complexity of the new subject-matter submitted, the current state of the proceedings and the need for procedural economy. Under Article 13(3) RPBA, amendments sought to be made after oral proceedings have been arranged shall not be admitted if they raise issues which the board cannot reasonably be expected to deal with without adjournment of the oral proceedings.
2.2 In the letter received on 8 June 2011 the appellant argued inter alia that the replacement auxiliary requests should be admitted into procedure because oral proceedings had not been scheduled and the proceedings were ex parte.
2.3 The request to replace the first to sixth auxiliary requests was made at an early stage, since the board had not yet had the possibility to start considering the case. The subject-matter submitted is also a serious attempt to overcome the outstanding objections without introducing overly complex issues. Therefore the board decides to allow the request to replace the first to sixth auxiliary requests.
3. The context of the invention
3.1 The invention concerns protecting the file system of a mobile wireless device to prevent unauthorized access to user data and to system services, for instance by malicious code. The claims are directed to achieving this using data partitioning, meaning that each "process", i.e. a running memory image of a stored program, can only access defined areas of the file system. The file system is partitioned into a plurality of root directories, these being the highest directories in the hierarchy of the file system.
3.2 File access is controlled by the "trusted computing base" (TCB) which is assumed to be non-subvertable and therefore has full access to the device file system. The TCB verifies whether a non-TCB process has the necessary privileges to access a particular part of the file system. Consequently non-TCB processes are prevented from "seeing" any files that they should not have access to.
3.3 One type of root directory is the "/private/<process_secure_id>" root directory. This can only be accessed by processes having "Root" or "AllFiles" privileges or by a process having a secure identifier (SID) assigned to process_secure_id, the SID of a process being stored in the related executable program. Hence the latter process can only access a private directory if its SID matches the name of the private directory.
4. The amendments to the application according to the first auxiliary request
4.1 Editorial amendments aside, independent claims 1 and 8 are based on claims 1 and 8 as originally filed, restricted, in each case, by adding the following features taken from the description:
a. The multiple root directories comprise a private root directory comprising a sub-tree directory with a respective "process_secure_id"; see page 4, lines 1 to 15, as originally filed.
b. A secure identifier is associated with a process to be run on the device; see page 4, lines 15 to 17.
c. The device is configured to grant access to the sub-tree directory for the process if the secure identifier of the process is assigned to the "process_secure_id" of the sub-tree directory; see page 4, lines 13 to 15.
4.2 The dependent claims are the same as those originally filed.
4.3 The board finds that the amendments to the application satisfy Article 123(2) EPC regarding added subject-matter. The board also finds that the claims are clear, Article 84 EPC 1973.
5.1 As the added features "a" to "c" in the independent claims according to the first auxiliary request were not discussed in the appealed decision, it follows that the amendments overcome the reasons given in the appealed decision regarding lack of inventive step, Article 56 EPC 1973.
5.2 The added features "a" to "c" were moreover not discussed in first instance proceedings at all. The board consequently exercises its discretion under Article 111(1) EPC 1973 to remit the case to the first instance for further prosecution.
For these reasons it is decided that:
1. The decision under appeal is set aside.
2. The case is remitted to the first instance for further prosecution based on the first auxiliary request.