European Case Law Identifier: | ECLI:EP:BA:2007:T033705.20071025 | ||||||||
---|---|---|---|---|---|---|---|---|---|
Date of decision: | 25 October 2007 | ||||||||
Case number: | T 0337/05 | ||||||||
Application number: | 98935494.9 | ||||||||
IPC class: | G06F 17/60 | ||||||||
Language of proceedings: | EN | ||||||||
Distribution: | D | ||||||||
Download and more information: |
|
||||||||
Title of application: | System and method for the secure discovery, exploitation and publication of information | ||||||||
Applicant name: | Coueignoux, Philippe J. M. | ||||||||
Opponent name: | - | ||||||||
Board: | 3.5.01 | ||||||||
Headnote: | - | ||||||||
Relevant legal provisions: |
|
||||||||
Keywords: | Inventive step (no) | ||||||||
Catchwords: |
- |
||||||||
Cited decisions: |
|
||||||||
Citing decisions: |
|
Summary of Facts and Submissions
I. This appeal is against the decision of the examining division to refuse European patent application No. 98935494.9.
II. According to the decision appealed, the prior art document
D1: WO-A-97/22074
rendered the invention obvious (Article 56 EPC).
III. In the statement of grounds of appeal, the appellant requested that a patent be granted based on a new set of claims. He also requested that the appeal fee be reimbursed due to the examining division having ignored or misunderstood an important point made by him concerning the prior art, something which amounted to a substantial procedural violation.
IV. In a communication, the Board stated that the subject-matter of claim 1 appeared to be obvious having regard to conventional programming techniques. It also pointed out that the fact that the examining division had assessed the prior art in a different way than the applicant normally did not constitute a procedural violation.
V. By letter dated 24 September 2007, the appellant submitted a new main request and five auxiliary requests.
VI. Oral proceedings were held on 25 October 2007. The appellant withdrew auxiliary request 1 and requested that the decision under appeal be set aside and a patent be granted on the basis of the set of claims according to the main request or one of the auxiliary requests 2 to 5, all filed on 24 September 2007, and that the appeal fee be reimbursed.
VII. Claim 1 of the main request reads:
"A method in which an agent (14, 1´, 6, 9, 8) interacts with a remote data processing system (4) using information provided by a user (7) having user data processing apparatus (5), the agent communicating with the remote data processing system over a network and communicating with the user by means of the user data processing apparatus, in which the user indicates whether the information provided by the user may be disclosed to the remote data processing system, and the agent interacts with the remote data processing system without disclosing to the remote data processing system any information which the user has indicated may not be disclosed to the remote data processing system; characterised in that:
the agent (14, 1´, 6, 9, 8) is resident on the user data processing apparatus and includes a discovery and exploitation rule engine (14) which runs only on the user data processing apparatus (5) and operates with (i) a store of dialog classes (1´) and (ii) a store of facts (6, 8, 9), both the store of dialog classes and the store of facts being sited on the user data processing apparatus (5);
the remote data processing system requests information about the user by transmitting dialog classes to the agent, and the transmitted dialog classes are stored in the store of dialog classes (1´);
the discovery and exploitation rule engine (14) uses the dialog classes stored in the store of dialog classes (1´) to interface with the user (7) through the user data processing apparatus (5) and initiates prompts to the user, including prompts asking the user to disclose a plurality of facts and to provide information enabling the rule engine to determine for each fact disclosed whether that particular fact is a public fact which the user authorises for disclosure to the remote data processing system, or whether that particular fact is a private fact which is not to be disclosed to the remote data processing system (4); the discovery and exploitation rule engine (14) stores in the store of facts (6, 8) the facts disclosed by the user together with data associated with each fact indicating whether that fact is a private fact or a public fact;
the discovery and exploitation rule engine (14) processes both the private facts and the public facts so as to determine transmissible information about the user that can be transmitted to the remote data processing system; and
the transmissible information is transmitted to the remote data processing system by a module (16);
wherein the transmissible information does not include any private facts, and the private facts cannot be accessed for transmission to the remote data processing system by a system element other than the discovery and exploitation rule engine (14)".
Claim 1 of auxiliary request 2 differs from the main request by the addition of the following features:
"... and wherein the discovery and exploitation rule engine (14) processes both the private facts and the public facts so as to determine an additional prompt which is provided to the user (7) asking the user to disclose a fact and to provide information enabling the discovery and exploitation rule engine to determine whether the fact is a public fact which the user authorises for disclosure to the remote data processing system, or a private fact which is not to be disclosed to the remote data processing system (4); and the discovery and exploitation rule engine (14) processes both the private and the public facts so as to present information to the user (7)".
Claim 1 of auxiliary request 3 differs from auxiliary request 2 by the addition of the following features:
"... and wherein the store of facts (9) further comprises facts which have been transmitted from the remote data processing system (4) and which are processed by the rule engine (14) using the dialog classes".
Claim 1 of auxiliary request 4 differs from auxiliary request 3 by the addition of the following features:
"... and wherein a further rule engine (16) runs on the user data processing apparatus (5), accesses the stored public facts but not the stored private facts, transmits the public facts to the remote data processing system (4) and receives the facts which have been transmitted from the remote data processing system (4)".
Claim 1 of auxiliary request 5 reads:
"A method for controlling the disclosure of information from a user (7) to a remote data processing system (4), in which the user is prompted by user data processing apparatus (15) to disclose facts relating to the user, those facts are stored, and means (14) associated with the user data processing apparatus and in communication with the remote data processing system (4), in accordance with user preferences, publishes those facts to the remote data processing system or keeps those facts confidential and exploits those facts without disclosing them to the remote data processing system, characterised in that the said means (14) associated with the user data processing apparatus comprises a discovery and exploitation rule engine (14) operating with a knowledge base of dialog classes (1´) which have been transmitted by the remote data processing system (4) and facts (6, 8, 9), both the rule engine and the knowledge base being sited on the user data processing apparatus (15), the rule engine (14) interfacing with the user (7) through the user data processing apparatus (15) and initiating prompts to the user, including prompts asking the user to disclose facts and to provide information enabling the rule engine to determine whether a disclosed fact is a public fact (8) which the user authorises for publication to the remote data processing system, or a private fact (6) which is not to be published to the remote data processing system (4), the rule engine stores in the knowledge base the facts disclosed by the user together with information indicating whether they are private or public facts, the rule engine transmits to the remote data processing system (4) only the public facts, and the rule engine processes both the private (6) and the public (8) facts so as to exploit the facts and thus determine additional prompts which are provided to the user or present information to the user, wherein the private facts (6) cannot be accessed for transmission to the remote data processing system by a system element other than the rule engine (14)".
VIII. At the end of the oral proceedings the Board announced its decision.
Reasons for the Decision
1. The invention
As stated in the abstract of the patent application, the present invention concerns a method of discovering and exploiting information such as private (confidential) facts from a user (eg a consumer), while securing the information from unauthorized publication. A remote data processing system (typically representing a vendor) transmits a request for publication of information about a user to an agent (a computer program) resident on the user data processing apparatus. The agent initiates prompts requesting the user to disclose facts relating to the information desired by the vendor and to provide information relating to authorization for publication of the disclosed facts to the vendor. The agent includes a rule engine using dialog classes for communicating with the vendor and the user. It determines whether the information provided by the user relating to authorization permits publication of the facts. If so, it publishes the facts to the vendor.
2. The closest prior art
2.1 There are two different pieces of prior art which could theoretically be taken as point of departure. The first is a conventional general system, consisting of a remote data processing system, a user data processing apparatus and a connecting network (such as the Internet). The other is the "method for trading customer attention for advertisement" described in D1.
According to this document, a remote system provides a questionnaire which a user fills in to create a profile. On the basis of this profile the remote system generates an agent which searches out and screens new advertisements available from other remote systems that match the user's interests. The user's current interest profile can be kept confidential from those other remote systems or, if the user agrees, can be released to advertisers so as to increase the chances of finding relevant advertisements (cf the appellant's letter dated 24 September 2007, point 5 of the "Summary of arguments on inventive step"). According to one embodiment, the agent can "travel" from the user's computer to other computers (D1, p.17, paragraph 3).
2.2 It is clear that the invention functions in a different way than D1. In D1, the user is prompted to reply to questions, an interest profile is established, and the entire profile is made available to advertisers. According to the invention, each individual fact may be indicated as private or public, and vendors can always address a user directly if they want him to make a particular private fact public. But in the Board's view there are no technical reasons for preferring one way to the other. In devising a system suitable for performing a discovery method, the technically skilled person must start out from the commercial framework provided to him since, by definition, it is not within his competence to change it. And it is part of the business idea underlying the present invention that a user might agree to publish certain facts but keep other facts private, as will be considered in more detail below (see point 3.1).
2.3 Because the non-technical differences between the invention and D1 risk blurring any technical distinctions, the Board prefers not to start out from this document but from the hardware to which claim 1 refers. This hardware consists of a remote data processing system, a user data processing apparatus and a connecting network. These components are clearly conventional (and incidentally disclosed in D1, see fig. 1)).
The main request
3. Inventive step
3.1 Starting out from such a conventional hardware configuration, it can be seen that the claimed subject-matter is distinguished from it by a mixture of features relating to business and programming aspects. The Board considers it useful first to determine the commercial framework of the invention.
It is mentioned in the description of the present application (p.1) that consumer research has focused on discovering user information such as demographic, personal or identifying information and using this information to provide the user with products or services tailored to his geographic area, age, gender, nationality or preferences. Such information could be obtained through different ways, such as phone or computer.
Imagining now that such an interview is conducted orally, a consumer would be asked about his preferences by an interviewer acting for a vendor. If he chooses to answer a certain question, the reply is made "public". If he chooses not to answer, he may still be prepared to provide the required information on the understanding that it is not passed on to the vendor but only serves to aid the interviewer to formulate further questions. Such information could be termed "private". The classification of answers into public and private facts is performed mentally.
3.2 Hence, the technical problem can be seen as automating such an interviewing technique using a conventional computer network.
3.3 Some properties of the desired system follow immediately from its purpose. A remote data processing system would formulate questions to which the user would reply by means of his own data processing apparatus. The user would prefer the computer to manage the interviews as independently as possible. This means that all facts - public as well as private - disclosed in previous interviews must be stored in a secure way and that the computer should be permitted to transmit public facts, but not private facts, to a vendor. The system must be such that, at least the first time a request for certain information is made, it permits the user personally to indicate whether the information is private or public.
This implies a system having the following functions:
- the user data processing apparatus interacts with the remote data processing system over a network,
- the remote data processing system requests information about the user,
- facts should be stored on the user data processing apparatus,
- the user is prompted to disclose a plurality of facts and to provide information whether a particular fact is a public fact which the user authorises for disclosure to the remote data processing system or whether that particular fact is a private fact which is not to be disclosed to the remote data processing system,
- information is transmitted to the remote data processing system by a module so that the transmissible information does not include any private facts.
3.4 Apart from such a straight-forward functional implementation of the business concept, claim 1 defines a number of programming features for achieving the desired functions. To the benefit of the appellant, all of these features will be assumed to have technical character. The features essentially concern the "agent", meaning the "discovery and exploitation" rule engine, the dialog classes and the store of facts. The description explains that "dialog classes 1 can be programs that control the interaction between the sender 4 and the user 7, particularly executable programs that seek to obtain from the user 7, information that is of interest to sender 4" (p.7, l.15-17) and that the discovery and exploitation engine "is implemented as a rule engine operating with a knowledge base" (paragraph bridging p.9 and 10). The appellant concedes that software which interacts with a user and comprises dialog classes and facts was known as such at the date of priority (1997) (cf the letter dated 19 March 2007, p.12). It should therefore be examined whether, in the light of the problem to be solved, their use involved an inventive step.
3.5 First, it was clear to the technically skilled person - a programmer - that a computer program was necessary to display questions and collect answers automatically. This program should control the interaction between vendor and user, which is the very definition of "dialog classes" in the present application (cf the preceding paragraph). Also, it must be capable of interpreting the user's replies and deciding whether it may transmit them, which means it must contain certain rules. These rules could arbitrarily be termed a "discovery and exploitation engine".
3.6 The program must further be able to deal with private facts. Private facts are facts which the user does not wish to make public, for example his annual income, but which he is nevertheless prepared to disclose in order to permit the content of further questions to be determined (cf p.9, l.1-10). Private facts are similar to data which customers are willing to give in confidence during an interview (cf paragraph 3.1 above).
A central question at the oral proceedings before the Board was whether the confidential nature of these data would have made it obvious to let the program reside "only on the user data processing apparatus", as set out in claim 1.
The appellant has denied that it would have, arguing that a direct analogy with a telephone interview would have led the skilled person to install such a program on the remote data processing system since an interviewing person is at a remote location. Moreover, the analogy with an interview was false since a consumer would not give any confidential information at all to a human interviewer, whom he could not trust. He would however trust a computer program.
The Board agrees with the appellant that such a program perhaps could reside on the remote data processing system. But since software agents were well known at the date of priority, it was obvious to locate an agent on the user's computer. It was after all the user's screen on which the questions were to be displayed. Clearly such a program should not be permitted to transmit private data to a vendor since otherwise there would be no privacy. Nor is there any reason for letting it "travel" to other computers (as the agent according to an embodiment in D1 does) since this could only be detrimental to security. For these reason the Board finds that the skilled person had reason to make the program run only on the user's data processing apparatus.
The argument that a consumer would tend to trust a program but not a human being cannot be accepted. Also computer programs have a human aspect, namely the person who created them. Faith in a program is faith in its programmer. Just as a user does not know what a human interviewer does with the information received, he cannot know that the program installed on his computer prevents the transmission of private data to the remote data processing system. He can only hope it does. Therefore, the analogy with a human interviewer is not inadmissible for the reason suggested.
3.7 The appellant has further argued that there is no prior art establishing that at any time before the priority date of the present application anybody had realized that there was an alternative to the existing possibilities of either keeping private information private so that it could not be exploited, or transmitting it to a service that would undertake to exploit it in a confidential manner.
Above (at point 3.1), it was assumed that an interview might be conducted in a way which offered such an alternative, viz by disclosing private information only to an interviewer acting for a vendor, but there is indeed no corresponding evidence on file. However, purely non-technical art need not be proved. Even in the (unlikely) case that the idea to elicit confidential information from a consumer in order to formulate further questions is new and original, it is merely a sales technique. Having no technical aspects, it could not contribute to an inventive step. Only its implementation in a computer network might require technical considerations.
3.8 Implementing the above business-induced functions by employing conventional programming solutions, the skilled person was thus led to consider a method comprising the following features:
- the program (which could be termed an agent) is resident on the user data processing apparatus and includes a discovery and exploitation rule engine which runs only on the user data processing apparatus and operates with a store of dialog classes and a store of facts,
- both the store of dialog classes and the store of facts are sited on the user data processing apparatus,
- the discovery and exploitation rule engine stores in the store of facts all facts disclosed by the user together with data associated with each fact indicating whether that fact is a private fact or a public fact.
3.9 It follows that all features of claim 1 were obvious for a person having ordinary programming skills already from a consideration of the effects to be obtained.
3.10 Thus, the subject-matter of claim 1 does not involve an inventive step (Article 56 EPC).
The auxiliary requests
4. Auxiliary request 1 having been withdrawn, claim 1 of auxiliary request 2 will be considered below.
4.1 According to this request, claim 1 additionally contains the features that:
- the discovery and exploitation rule engine processes both the private facts and the public facts so as to determine an additional prompt which is provided to the user asking the user to disclose a fact and to provide information enabling the discovery and exploitation rule engine to determine whether the fact is a public fact which the user authorises for disclosure to the remote data processing system, or a private fact which is not to be disclosed to the remote data processing system, and
- the discovery and exploitation rule engine processes both the private and the public facts so as to present information to the user.
4.2 The appellant has explained that the most important feature of the addition is the determination of an additional prompt since this is the reason for processing private facts. This effect has however already been taken into account in connection with the main request (see points 3.1 and 3.7 above).
5. In accordance with auxiliary request 3, claim 1 is further limited by the feature that:
- the store of facts further comprises facts which have been transmitted from the remote data processing system and which are processed by the rule engine using the dialog classes.
5.1 It is however self-evident that a vendor cannot formulate questions without adding some information of its own, eg relating to the products it sells. If the agent is to use such information, it must be stored.
6. In accordance with auxiliary request 4, claim 1 additionally sets out that:
- a further rule engine runs on the user data processing apparatus, accesses the stored public facts but not the stored private facts, transmits the public facts to the remote data processing system and receives the facts which have been transmitted from the remote data processing system.
6.1 The task of this additional program running on the user data processing apparatus is thus to collect data and report its findings to the remote system. This is a task that agents (eg applets, p.10, l.25,26) conventionally perform (cf p.2, l.18-20).
7. Auxiliary request 5, finally, is directed to a main claim in an alternative formulation (cf point VIII above). Its content is essentially equivalent to that of auxiliary request 2, as acknowledged by the appellant. It therefore gives rise to the same objections.
8. It follows that none of the auxiliary requests can be granted for lack of inventive step (Article 56 EPC). The appeal must therefore be dismissed.
Request for reimbursement of the appeal fee
9. The appeal not being allowable, the request for reimbursement must be refused already for this reason.
ORDER
For these reasons it is decided that:
1. The appeal is dismissed.
2. The request for reimbursement of the appeal fee is refused.