T 0472/04 (OS recovery/HP) of 7.2.2007

European Case Law Identifier: ECLI:EP:BA:2007:T047204.20070207
Date of decision: 07 February 2007
Case number: T 0472/04
Application number: 00308840.8
IPC class: G06F 11/14
Language of proceedings: EN
Distribution: C
Download and more information:
Decision text in EN (PDF, 49 KB)
Documentation of the appeal procedure can be found in the Register
Bibliographic information is available in: EN
Versions: Unpublished
Title of application: Performing operating system recovery from external back-up media in a headless computer entity
Applicant name: Hewlett-Packard Company
Opponent name: -
Board: 3.5.01
Headnote: -
Relevant legal provisions:
European Patent Convention 1973 Art 56
Keywords: Inventive step - no
Catchwords:

-

Cited decisions:
-
Citing decisions:
-

Summary of Facts and Submissions

I. European patent application 00 308 840.8 (publication number EP 1 195 679 A1) filed on 6 October 2000 concerned methods of performing a recovery operation of an operating system for a computer entity and storing a back-up operating system of a computer entity to a back-up media.

II. The European search report drawn up in respect of the application listed, inter alia, the following two documents:

D1: GB-A-2 346 719 published in August 2000

D2: EP-A-0 898 225 published in 1999

III. In a written decision issued by the examining division on 17 November 2003, the application was refused on the ground that the claimed invention did not meet the requirement of inventive step in the light of documents D1 and D2. According to the reasons given for the decision, the method of claim 1 was distinguished from the closest prior art, document D1, by the step of copying the operating system to a back-up area partition not used for direct running of an operating system, and the step of copying user data settings to a user settings archive partition area.

The objective problem solved by these features was seen in improved robustness against system failure. According to the decision, the claimed invention was rendered obvious by document D2 disclosing two separate physical sectors of a computer entity, the one for storing a so-called basic program, considered to be an operating system, and the other sector for storing a new updated version of the basic program.

IV. The appellant (applicant) lodged an appeal against the refusal decision of the examining division on 23 January 2004 by filing the notice of appeal and paying the appeal fee on the same day. On 17 March 2004, the appellant filed the written statement setting out the grounds of appeal, including three sets of new claims titled main, 1st auxiliary, and 2nd auxiliary. Claims 1 of these requests read as follows:

Main request

"1. A method of performing a recovery operation of an operating system for a computer entity (200), said computer entity comprising:

at least one data processor (202), and

at least one data storage device (204), wherein said data storage device is configured into a plurality of partition areas (400, 402),

said method comprising the steps of:

copying a back-up operating system from a back-up source, and resetting said computer entity,

said method characterised by:

the step of copying a back-up operating system comprising copying a back-up operating system from a back-up source onto an operating system back-up area partition (413) which is not used for direct running of an operating system by said computer entity, and said method further including a step of:

copying a user settings data from said back-up source to a user settings archive partition area (411) of said data storage device,

wherein said resetting of said computer entity comprises the steps of:

forcing said computer entity to boot from an emergency operating system stored on an emergency operating system partition area of said data storage

device;

overwriting a content of said primary operating system partition with said back-up operating system stored in said operating system back-up area partition; and

restoring client and application configuration settings from said user settings archive partition area."

1st auxiliary request

"1. A method of performing a recovery operation of an operating system for a headless computer entity (200), said computer entity comprising:

at least one data processor (202);

at least one data storage device (204), wherein said data storage device is configured into a plurality of partition areas (400, 402) and

one or more communication ports (207) for communicating with a remote computer entity over a network,

said method comprising the steps of:

copying a back-up operating system from a back-up source, and resetting said computer entity,

said method characterised by:

the step of copying a back-up operating system comprising copying a back-up operating system from a back-up source onto an operating system

back-up area partition (413) which is not used for direct running of an operating system by said computer entity, and said method further including steps of:

accessing the headless computer entity over the network via an administration Interface (501);

under the control of the administration interface, copying a back-up operating system from a back-up source onto an operation system back-up area

partition (413) which is not used for direct running of an operating system by said computer entity, and

under the control of the administration interface, copying a user settings data from said back-up source to a user settings archive partition area (411) of said data storage device,

wherein said resetting of said computer entity comprises the steps of:

forcing said computer entity to boot from an emergency operating system stored on an emergency operating system partition area of said data storage

device;

overwriting a content of said primary operating system partition with said back-up operating system stored in said operating system back-up area partition; and

restoring client and application configuration settings from said user settings archive partition area."

2nd auxiliary request

"1. A method of performing a recovery operation of an operating system for a computer entity (200), said computer entity comprising:

at least one data processor (202), and

at least one data storage device (204), wherein said data storage device is configured into a plurality of partition areas (400, 402),

said method comprising the steps of:

copying a back-up operating system from a back-up source, and resetting said computer entity, said method characterised by:

the step of copying a back-up operating system comprising copying a back-up operating system from a back-up source onto an operating system back-up area partition (413) which is not used for direct running of an operating system by said computer entity, and said method further including steps of:

copying a content of an operating system back up area partition into a reserved space partition area (412) of said data storage device;

copying a user settings data from said back-up source to a user settings archive partition area (411) of said data storage device; and

if an error occurs in said recovery operation, restoring a primary operating system to a primary operating system partition area of said data storage device reserved for use by said primary operating system, from a copy of said primary operating system temporarily stored in the reserved space partition of said data storage device."

V. The Board sent a communication together with the summons to oral proceedings, indicating its preliminary opinion on the allowability of the appeal. In preparation of the oral proceedings, the appellant filed a new set of claims by letter dated 30 January 2007, claim 1 of which reads as follows:

"1. A method of performing a recovery operation of a user-configurable operating system for a computer entity (200), said computer entity comprising:

at least one data processor (202), and

at least one data storage device (204), wherein said data storage device is configured into a plurality of partition areas, including a primary operating system partition (403) and an operating system back-up area partition (413) which is not used for direct running of an operating system by said computer entity;

said method comprising the steps of:

copying a pristine copy of the operating system from a back-up source onto the operating system back-up area partition (413);

copying user settings describing how a user has set up the operating system from said back-up source to a user settings archive partition area (411) of said data storage device;

resetting said computer entity so that the computer entity is forced to boot from an emergency operating system;

overwriting a content of said primary operating system partition with the pristine copy of the operating system, and

restoring user settings of the computer entity from said user settings archive partition area."

VI. Oral proceedings before the Board took place on 7 February 2007. The matter was discussed with the representatives present on behalf of the appellant. At the end of the oral proceedings, the decision on the appeal was given.

VII. At the oral proceedings, the appellant submitted the following requests: the decision under appeal be set aside and a patent be granted on the basis of the claims 1 to 15 filed on 30 January 2007 (main request), or on the basis of claims 1 to 15 of the main or first auxiliary requests or of claims 1 to 10 of the second auxiliary request all filed on 17 March 2004 (now first to third auxiliary requests).

VIII. The written and oral submissions provided by the appellant to the Board in support of the appeal requests may be summarised as follows:

(a) Regarding claim 1 of the main request, the claimed method was distinguished from the prior art of document D1 by at least three steps:

The pristine copy of the operating system was copied from an (external) back-up source onto an operating system back-up area partition not used for direct running the operating system.

The user settings describing how the user had set up the operating system were copied from said back-up source to a user settings archive partition area of the data storage device of the computer entity.

A content of the primary operating system partition was overwritten with the pristine copy of the operating system.

(b) Document D1 did not teach to copy the pristine copy of the operating system and the user settings into the protected, but separated partitions, namely the operating system back-up area partition and the user settings archive partition area, respectively.

(c) The prior art was not able to recover the operating system if it was seriously corrupted and too late to perform the back-up operations. Compared with this, the present invention allowed to download a pristine copy of the operating system and to reinstall the user settings even if the primary operating system was corrupted and had to be recovered. The user could then continue using the computer, starting from the state immediately before the system "crashed", instead of having to return to the "as supplied" state as with the prior art of document D1.

(d) Furthermore, there was no emergency operating system from which the computer system could be forced to boot and to overwrite the operating system with the back-up operating system. Dl rather required a specialised image restore program to be loaded.

(e) In document Dl, the copying of the whole software image took place only once, before the computer system was sent out to the customer. In contrast, the copying steps of the present application took place when the computer system was used by the end user.

The steps of copying and restoring the user settings should strictly be distinguished from storing the factory and default settings during the factory installation, but also from the step of producing backup copies of other types of data and files.

Although document D1 referred to the back-up of data and files which were not factory installed, it was clear that this was not part of the restoration process itself. The user rather had to exit the restoration utility program to use DOS commands to this end.

(f) The user settings (such as security, time zone, or language settings) were normally not stored in discrete, easily identifiable files, but were rather hidden and not easily accessible to the end user. Restoring the user settings manually, if at all possible, was a non-trivial task and could involve extensive trial and error and/or reference to technical manuals, which was tedious and time-consuming.

A general back-up of files and data would normally not lead to the back-up of the user settings. In the prior art, the user would just return to the "as supplied" state, where all user settings made after the factory installation were lost.

(g) In the light of document D1, therefore, the objective problem solved by the invention could be seen in providing a robust recovery system allowing the restoration of user settings to the working configuration immediately prior to an operating system failure.

(h) Document D2 disclosed a method where a basic program was used to execute application programs and to download updates of the programs. This "basic program" was not a complex, configurable operating system but rather a boot routine or a similar simple program.

The system of document D2 was not configurable by the user so that there was no motivation to contemplate copying user settings data into any kind of archive partition area.

To safeguard against an incorrect download, two preset separate memory areas of a single memory unit were used in document D2, the first one to store the basic program and the other to store a back-up copy. Compared to this, the present invention provided a back-up copy of the operating system as well as of the user settings either from the internal hard disk or from an external back-up source.

(i) Regarding the first auxiliary request, the appellant stated that this request did not differ from the main request, except for some formal amendments regarding the wording of the claim. The arguments submitted in support of the main request held, one-to-one, for the first auxiliary request.

(j) The second auxiliary request claimed the application of the recovery and back-up method of the invention to headless computer entities. Such an application was not possible with the prior art. Document D1 aimed at a normal computer product, which required a visual display unit and a user interface. The restoration utility program had to be deliberately activated by the user which was not possible with a headless computer entity.

In the prior art disclosed by document D2, the user had no control over non-standard or low level operations of the microprocessor. The restoration process in document D2 was entirely automatic. There was no motivation to add an administration interface in connection with any restoration or recovery process.

(k) The third auxiliary request dealt with a situation where the recovery process failed. To avoid corruption of the operating system stored in the back-up partition, the primary operating system was restored from a copy of the primary operating system temporarily stored in the reserved partition of the data storage device.

Document D1 did not address the problem of restoring user settings after recovery of the primary operating system. Neither did it disclose copying a content of an operating system back-up area partition into a reserved space partition area which could be used for storing said primary operating system if an error by occurred during the recovery operation.

According to document D2, a single back-up copy of the basic program should be stored, whereas according to the present invention the operating system contained in the back-up area was copied into a reserved space partition. This improves the safeguard and protection against system failure if compared to document D2.

Reasons for the Decision

1. The appeal, although admissible, is not allowable since the appeal requests submitted seek the grant of a patent for subject matter which does not meet the requirement of inventive step as set out in Articles 52(1) and 56 EPC. Lack of inventive step results from the methods defined by the respective claims 1 of these requests, which the Board judges obvious in the light of prior art documents D1 and D2.

2. Document D1 relates to the restoration of a hard drive of a computer system and may thus serve as an appropriate starting point in the prior art for assessing inventive step. It was already cited by the examining division as the closest prior art document, a view which was not challenged by the appellant, neither in the first instance nor before the board (see paragraph no. VIII (a) above).

2.1 Document D1 discloses, in the terminology of the present claims, a computer entity (computer system 10, figure 1) having the capability of performing a back-up and recovery operation (restoring a hard disk drive 16, see the abstract and claim 1, for example). The computer entity is user-configurable since it allows the user to install data files (files/data which were not factory installed, see document D1, page 26, line 17) and may undergo reformatting and repartitioning (see page 12, lines 1 ff.).

Moreover, it relates to the configuration of a built-to-order computer system, which may include a complex bundle of an operating system and application software, hardware and software drivers, etc. (see page 5, second paragraph), all installed as ordered by a customer or as needed to support hardware ordered by the customer, and customised according to user preferences (see document D1, page 3, lines 18 ff. and lines 24 f.). The prior art computer entity is hence, also in this sense, user-configurable.

2.2 Furthermore, it comprises, as shown in figure 1, a data processor (CPU 12), an (internal) storage device (hard disk drive 16) and an (external) storage device, which is used as a back-up source (other storage devices: CD-ROM drive 18 for storing a custom/restoration image, an STM CD-ROM, see document D1, page 9, lines 5 ff., and page 10, lines 24 to 26).

2.3 The "restore image" or "software restoration image" for restoring the hard disk drive to the factory download condition is created by downloading and storing a pristine copy of the software, including the operating system, on a restoration image CD-ROM and/or on a protected area of the hard disk, at the factory or computer manufacturer prior to shipment to the customer (see, for example, document D1, page 8, first paragraph and page 14, lines 21 ff.).

2.4 Document D1 explicitly discloses the configuration of the hard disk into multiple partitions, whereby the operating system resides in the lower address portion (see page 1, lines 6 to 16 and page 13, line 25 to page 14, line 10). The division of the data storage device into multiple separate partitions is thus considered to be an optional feature of the prior art system, contrary to the arguments advanced by the appellant (see paragraph no. VIII (b) above).

This configuration includes a primary operating system partition (the lowest address partition, for example the C-drive), and an operating system back-up area partition (the highest address partition or partitions, for example the E- and D- drives, or the "furthest available partition", the "TOP" of the hard disk drive, see document D1, page 13, lines 25 ff. and page 14, lines 24 ff.). The high address partition (or partitions) used for storing the pristine copy of the software is, in the address space of the hard disk, far above the lowest address partition and thus not used by the computer entity for direct running the operating system.

2.5 In order to allow complete recovery of the system, the software restoration image must include a backup copy of the whole bundled software package that the customer purchased for the given "built-to-order" computer system (see for example document D1, page 28, lines 21 to 24). Such a complex software bundle can be restored successfully only if the user specific settings made at the factory are backed up together with the operating system, application programs, drivers etc. on the restore CD-ROM and/or in the back-up area partition of the hard disk and recovered during the restoration. The arguments advanced by the appellant to the contrary are unpersuasive and not accepted by the Board (see paragraph no. VIII(f) above).

2.6 Since user specific settings are backed up together with the software restoration image, the prior art must provide an area to store them, on the customised CD-ROM and/or in the high address partition of the hard disk, which may be termed an "archive partition area". It is noted that the present claims do not define this term so that it encompasses a broader scope of meaning than submitted by the appellant in support of the invention (see paragraph no. VIII(b) above). The area may indeed reside fully within the operating system back-up area partition as indicated in the present application (for example, as a "sub-partition", see the published application, paragraph no. 23 - column 6, line 52 to column 7, line 19).

2.7 Although document D1 is silent about what happens when the user settings are changed once the system has been installed, it explicitly discloses the backup, restoration, and reinstallation of files and data which were not factory installed at the manufacturing stage (see document D1, page 26, second paragraph, and page 27 lines 16 f.).

There are always some user settings which must be created or changed if new files and data are installed; the data of the Windows Registry, for example, used with a Microsoft Windows operating system, to which document D1 explicitly refers (see page 2, last paragraph, or page 27, line 8). This circumstance implies that the actual user settings must always be backed up and stored in an appropriate back-up area if the system is to be able to recover, after a system failure, to a fully operational state. It follows that the backup and the reinstallation of new files and data as disclosed in document D1 (loc.cit.) must include the backup and restoration of at least some of the actual user settings. Otherwise the reinstallation of such files and data would fail.

2.8 In document D1, either the customised restore CD-ROM or the high address partition(s) of the hard disk may be used as a back-up source for recovering the system under the control of the restoration utility program (see document D1, page 27, last paragraph).

According to the second option, the restoration process runs through the following steps:

- Loading and running the emergency operating system, i.e. the restoration utility programme, which guides the customer through the restore process one step at a time (see document D1, figure 5, step 82).

- Prompting the customer to back up any files and data installed after the initial purchase or which cannot be routinely reloaded (see page 24, lines 19 ff., and page 26, second paragraph).

- Copying the protected restoration software image, i.e. the pristine copy of the operating system, from its high address location on the hard disk to the lower most segment of the hard disk, thereby restoring the software image to the "like new" factory download condition (see page 27, lines 18 ff., page 28, lines 3 to 19).

- Rebooting the system so that the computer entity functions as if it were undergoing a power-up for the first time after purchase (see page 28, lines 21 ff.).

2.9 The Board does not share the view held by the appellant that the prior art system did not use an emergency operating system (see paragraph no. VIII(b) above). The restoration utility program in the prior art of document D1 fully controls the recovery process, except for initiating the booting of the computer system and the backup and reinstallation of the files and data which are not factory installed. The restoration process may be started by any bootable disk which gives access to the restoration utility program and which is used to start up the computer system (see for example document D1, page 23, lines 16 to 27). These are the basic functions which an "emergency operating system" in terms of the present claims has to provide.

3. From the above analysis of document D1, it follows that claims 1 of the present requests define essentially three groups of features which distinguish the claimed methods from the prior art.

3.1 The methods of claims 1 of the main and first auxiliary requests are distinguished from the prior art of document D1 as follows:

(a) A pristine copy of the operating system and a user settings data are copied from the external back-up source onto the operating system back-up area partition and to a user settings archive partition area, respectively, of the data storage device.

3.2 Since the computer entity of document D1 already includes a network interface card NIC (see page 9, lines 7 and 8), only the following features are left in addition to the above feature group A which distinguish the method of claim 1 of the second auxiliary request from the prior art of document D1:

(b) The computer system on which a recovery operation is performed is a headless computer entity, and the copies of the back-up operating system and the user settings data are downloaded from a remote computer entity via a network under the control of an administration interface.

3.3 Finally, claim 1 of the third auxiliary request defines, in addition to the above feature group A, the following features distinguishing it from prior art document D1:

(c) Copying a content of an operating system back-up area partition into a reserved space partition area of the data storage device, and if in an error occurs in the recovery operation, restoring a primary operating system to a primary operating system by partition area of said data storage device reserved for use by the primary operating system, from a copy of the primary operating system temporarily stored in the reserved space partition of said data storage device.

4. These three groups of features provide independent technical contributions to the prior art of document D1:

4.1 Compared to the prior art of document D1, the features of group A above define an additional intermediate copying step, in which the copies of the operating system and the user settings are first downloaded from the (external) back-up source to the back-up area and partition, respectively, onto the hard disk before the system is restored, using these downloaded backup copies stored on the hard disk for restoring the primary system.

The appellant contended (see paragraph VIII(c) above) that these steps increased the security and stability of the recovery process. The Board disagrees with this assertion for the following reasons: document D1 discloses the backup of data in a separate protected partition of the hard disk and/or on the customised CD-ROM. The additional steps of copying back-up copies onto the hard disk require - if compared with the prior art of document D1 - an additional data transfer, which principally increases the risk that the data involved in the transfer are becoming corrupted.

According to document D1, the pristine copy of the operating system is copied, at the factory, to the high address partition of the hard disk and/or to the customised restore CD-ROM, whereby both storage devices may be used either alternately or in succession. If the corruption of data, or the other disadvantages mentioned in document D1, are of no concern, it is a trifling alternative to repeat, during the use of the computer system, what has been done at the factory, namely to download a pristine copy of the software image (e.g. from a customised restore CD-ROM) to the high address partition of the hard disk - which is clearly possible at any time after the installation - and to restore the system from this high address partition if any serious system failure occurs. There is nothing gained by such an additional copying step since the high address partition is protected and normally uncorrupted; such a step does not provide any inventive technical contribution over the prior art.

4.2 The features added by the second auxiliary request (group B of features, see above) define a "headless computer entity". According to the present application (see for example, column 1, lines 16 ff.), this is a computer entity without user interfaces, allowing only limited access to the computer entity for maintenance. The scope of the term "headless", however, should not be understood too narrowly since figure 1 of the present application shows, as headless, a computer entity which comprises a small display screen 103 as well as a data entry means 104.

Furthermore, it is undisputed and also acknowledged in the application (see paragraph no. 2) that such type of device is generally known in the prior art.

In fact, document D2 discloses a device of the headless type, since the information-processing apparatus disclosed therein lacks any interface for direct user interaction, but instead comprises an administration interface (system monitoring circuit 7 and peripheral apparatus in 11, see document D2, figure 1 and description, paragraphs 20 ff.) for accessing the device over the network connection for updating or maintaining the system.

Document D1 does not expressly refer to the headless type of computers. But there's nothing in the prior art which hinders the skilled person to consider such an application of the teaching of document D1. On the contrary, the prior art of document D1 lends itself to the application with headless computer systems since only an internal hard disk and a minimum of user interaction are required. Hence, a skilled person would consider it obvious to use the administration interface and network disclosed in document D2, for downloading the pristine copy of the operating system and the copy of the user settings onto the internal data storage device of the headless computer entity. For these reasons, the technical contribution provided by the second auxiliary request (see group B above) is not inventive either.

4.3 Claim 1 of the third auxiliary request (see group C above) defines a solution to a different technical problem, namely how to preserve downloaded data if the download fails. This problem has already been addressed in the prior art (see document D2, page 2, paragraph no. 6). The essential solution proposed by document D2 is the partitioning of the physical memory into two sections ("two storing units"), one used as an active section and the other as a protected reserve section. In the case of an error, the uncorrupted version of the operating system -- the old version of the "basic program" loaded into the RAM (see figures 6 and 7) -- is copied from the reserve section to the RAM (see document D2, paragraph no. 46 f.).

The application of this concept to the data transfer in the back-up and recovery process of document D1 is obvious to a skilled person considering to improve the safeguard of the system against failed downloads.

4.4 In summary, the methods of the respective claims 1 of the present requests result in different technical contributions to the prior art, which however are all not inventive. Moreover, these individual contributions are, in the judgement of the Board, independent from each other, regarding the technical problem solved and the technical meaning of the features which are essential to the respective solution. The combination of feature groups A and B according to the second auxiliary request and the combination of feature groups A and C according to the third auxiliary request do thus not add anything to the prior art beyond these individual contributions. Hence, the claimed methods as a whole lack inventive step so that none of the appeal requests for grant of a patent can be allowed.

ORDER

For these reasons it is decided that:

The appeal is dismissed.

Quick Navigation