European Case Law Identifier: | ECLI:EP:BA:2011:T193707.20110908 | ||||||||
---|---|---|---|---|---|---|---|---|---|
Date of decision: | 08 September 2011 | ||||||||
Case number: | T 1937/07 | ||||||||
Application number: | 04015615.0 | ||||||||
IPC class: | G06F 1/00 | ||||||||
Language of proceedings: | EN | ||||||||
Distribution: | D | ||||||||
Download and more information: |
|
||||||||
Title of application: | Gaming machine having targeted run-time software authentification | ||||||||
Applicant name: | WMS GAMING, INC. WMS GAMING, INC. 800 S. Northpoint Boulevard Waukegan, Illinois 60085 (US) |
||||||||
Opponent name: | - | ||||||||
Board: | 3.5.06 | ||||||||
Headnote: | - | ||||||||
Relevant legal provisions: |
|
||||||||
Keywords: | Added subject-matter - no Clarity - yes Novelty - yes Inventive step - yes |
||||||||
Catchwords: |
- |
||||||||
Cited decisions: |
|
||||||||
Citing decisions: |
|
Summary of Facts and Submissions
I. The appeal is against the decision by the examining division dispatched on 4 June 2007 to refuse European patent application 04015615.0 on the basis that the subject-matter of claims 1 and 10 of a main request and claims 1 and 11 of an auxiliary request, all filed during oral proceedings on 8 May 2007 is not inventive, Article 56 EPC 1973, in view of the following documents:
D2: US 6 106 396 A
D3: "fsck - check and repair a Linux file system", 25 February 2002, Linux man page, http://www.die.net/doc/linux/man/man8/fsck.8.html, retrieved on 15 May 2006
II. A notice of appeal was received on 31 July 2007, the appeal fee having been paid on the previous day. A statement of the grounds of the appeal was received on 09 October 2007.
III. The appellant requested that the decision be set aside. The two requests upon which the appealed decision had been based were replaced by a single new request. The appellant further requested oral proceedings as an auxiliary measure.
IV. The board issued a summons to oral proceedings. In an annex to the summons, the board set out its preliminary opinion on the appeal, viz. that claims 1 and 9 contained added subject-matter and were not supported by the description.
V. On 31 May 2011, the appellant filed amended claims. In the light of those amendments, oral proceedings were cancelled, given that the board intended to allow the new claims and oral proceedings had only been requested on an auxiliary basis.
VI. The board understands the appellant's substantive request to be as follows: that the decision under appeal be set aside and that a patent be granted on the basis of the following documents:
Claims, Numbers
1-10 filed with telefax on 31 May 2011
Description, Pages
1, 3-18 as originally filed
2, 19 filed with telefax on 14 March 2006
Drawings, Sheets
1/3-3/3 as originally filed
According to the submission of 31 May 2011, new description pages 2 and 2a were being filed. However, these new pages were not, in fact, annexed to the submission.
VII. The independent claims read as follows:
Claim 1
"A method of authenticating selected data from a first memory device and data from a second memory device within a gaming machine while said gaming machine is operating, said data from said first memory device inc1uding executable code, graphic data, a first digital signature for the executable code and a second digital signature for the graphic data, said method of authenticating comprising:
reading a next predetermined amount of data from said first memory device;
determining if the predetermined amount of data is executable code or graphic data;
if said next predetermined amount of data is executable code, then authenticating said executable code using the first digital signature for the executable code;
characterized by said data from said first memory device and said data from said second memory device being authenticated substantially in parallel for allowing greater frequency of authentication of the selected data; and
if said next predetermined amount of data is graphic data, and a predetermined number of events have occurred, then authenticating said graphic data using said second digital signature and reading a next predetermined amount of data; and if said next predetermined amount of data is graphic data and said predetermined number of events have not occurred, then reading a next predetermined amount of data;
wherein the above steps are repeated substantially continuously while said gaming machine is operating"
Claim 9
"A gaming machine (10) for allowing greater frequency of authentication of selected data comprising:
a first memory device and second memory device, said first memory device storing data including executable code, graphic data, a first digital signature for the executable code and a second digital signature for the graphic data;
a CPU (32) coupled to said first and second memory devices, said CPU adapted to determine the authenticity of data in said first and second memory devices, said CPU reading predetermined amounts of said data stored in said first memory device and determining whether said predetermined amount of said data is executable code or graphic data; and
wherein, if said predetermined amount of data is executable code, then said CPU authenticates said executable code using the first digital signature for the executable code; and
characterized in that the CPU is arranged to determine the authenticity of data in said first and second memory devices in a substantially parallel fashion;
and in that the CPU is arranged, if said predetermined amount of data is graphic data, and a predetermined number of events have occurred, to authenticate said graphic data using said second digital signature and to read a next predetermined amount of data; and if said next predetermined amount of data is graphic data and said predetermined number of events have not occurred, to read a next predetermined amount of data"
Reasons for the decision
1. Reference is made to the transitional provisions in Article 1 of the Decision of the Administrative Council of 28 June 2001 on the transitional provisions under Article 7 of the Act revising the European Patent Convention of 29 November 2000, for the amended and new provisions of the EPC, from which it may be derived which Articles of the EPC 1973 are still applicable to the present application and which Articles of the EPC 2000 shall apply.
2. The admissibility of the appeal
In view of the facts set out at points I and II above, the appeal is admissible, since it complies with the EPC formal admissibility requirements.
3. Added subject-matter, Article 123(2) EPC
3.1 Claim 1 is based on originally filed claims 1, 2 and 6, with the following additional features, which are listed together with their basis in the original application documents:
- There are two memory devices, the data from the first memory device including executable code, graphic data, a first digital signature for the executable code and a second digital signature for the graphic data This is disclosed on page 3, lines 9-21 and page 8, lines 11-21 of the original description.
- Said data from said first memory device and said data from said second memory device are authenticated substantially in parallel for allowing greater frequency of authentication of the selected data This is disclosed on page 3, lines 19-21 of the original description. The "greater frequency of authentication" is an automatic consequence of the preceding feature; it is not a limiting feature in itself.
- It is determined whether the predetermined amount of data is executable code or graphic data This is disclosed on page 17, lines 9-11 of the original description
- The graphic data is only authenticated after a number of events have occurred This is disclosed on page 17, lines 1-6 of the original description.
It follows that all the features of claim 1 are disclosed in the original application documents.
3.2 The independent apparatus claim 9 contains features which correspond to the features of the independent method claim 1. As a consequence, the features of claim 9 are also disclosed in the original application documents.
3.3 The board, therefore, concludes that the subject-matter of the independent claims does not extend beyond the content of the application as filed (Article 123(2) EPC).
4. Clarity, Article 84 EPC 1973
In the summons to oral proceedings, the board had expressed its preliminary opinion that claims 1 and 9 contained added subject-matter and were not supported by the description, because of the feature that "a predetermined condition has [to be] met" for graphics data to be authenticated.
This feature has now been replaced by the more specific feature that "a predetermined number of events" needs to have occurred for graphics data to be authenticated. It finds support in one particular embodiment on page 17, lines 1-6 of the description.
It still needs to be determined, however, given the substantial limitations that have been introduced in the independent claims, whether all the embodiments that are contained in the description still fall within the scope of the claims.
The board also notes that "said predetermined amount of time" in claim 8 lacks an antecedent. It appears that this claim should be dependent on claim 7, not claim 1.
5. Closest prior art
The board considers that D2 represents the closest prior art document. It discloses a method of authenticating data in a gaming machine while the gaming machine is operating, to make certain that the data remains unchanged. The data that is authenticated could be the game rules, graphics, sound or some subset of any of these (see D2, column 11, lines 4-21).
6. Novelty, Article 54 EPC 1973
6.1 Claim 1
(a) As was already acknowledged in the appealed decision, D2 does not disclose parallel authentication of data from a first and a second memory device.
(b) In the appealed decision (15.1(b)), it is argued that D2 implicitly discloses a determination whether an amount of data is graphic or not, because in D2 the authenticating metric is calculated only for the executable part and this could only be done if the system is distinguishing between these two types of data. The statement is presumably based either on D2, column 11, lines 4-23, which describes in general terms how the preferred embodiments described in D2 could be modified, or on D2, column 3, line 65 - column 4, line 26, where a distinction is made between program information and fixed data. However, in the board's view, a different treatment of two types of data does not automatically mean that there have been preceding steps of reading the data and determining its type. It is apparent from both of the above cited passages in D2 that the different kinds of data are stored separately and only a specified kind of data will be authenticated. This means that a separate step of determining the type of data is not necessary, let alone implicitly disclosed, in D2.
(c) It follows a fortiori from (b) that D2 also does not disclose the feature "if said next predetermined amount of data is graphic data, and a predetermined condition has been met, then authenticating said graphic data and reading a next predetermined amount of data; and if said next predetermined amount of data is graphic data and said predetermined condition has not been met, then reading a next predetermined amount of data".
The other documents cited in the search report also do not disclose the above features (b) or (c), as a consequence of which the board considers that the subject-matter of claim 1 is novel.
6.2 Claim 9
The independent apparatus claim 9 contains features which correspond to the features of the independent method claim 1. As a consequence, the subject-matter of claim 9 is also novel.
6.3 The board concludes that the subject-matter of the independent claims 1 and 9 and, consequently, also the dependent claims 2-8 and 10 satisfies the requirements of Article 54 EPC 1973.
7. Inventive step, Article 56 EPC 1973
7.1 Claim 1
The essential difference between the subject-matter of claim 1 and the disclosure of D2 lies in the features "determining if the predetermined amount of data is executable code or graphic data" and "if said next predetermined amount of data is graphic data, and a predetermined number of events have occurred, then authenticating said graphic data using said second digital signature and reading a next predetermined amount of data; and if said next predetermined amount of data is graphic data and said predetermined number of events have not occurred, then reading a next predetermined amount of data". The technical effect of these features is that the graphic data (which is less critical than the executable code) is authenticated less frequently than the executable code. This solves the objective problem of making more time available for the authentication of the most critical part, i.e. the executable code. None of the documents cited in the search report discloses these features or renders them obvious.
In the appealed decision, it is argued (15.5) that the definition of different elements in a system with different verification priorities is a well known measure in security, for example in a car, where there are different checking periods and priorities for the different elements. The board, however, considers that it is not appropriate to compare the checking of the different elements of a car with the authentication of data in a gaming machine. The problem being dealt with is quite different, in that the checking of a cars components is part of the maintenance program for the car, the different components being subject to wear because of their daily use, whereas the data in a gaming machine do not "wear out" in the normal sense of the word. Checking different data at different frequencies based on different rates of wear would, therefore, make no sense and, even if, for the sake of argument, it were assumed that a person skilled in the field of gaming machines were aware of different checking intervals in automotive maintenance, he or she would not apply that teaching in the context of a gaming machine.
The decision further argues that D2 identifies different events and software elements that might need different checking priorities. However, although D2 does mention different authentication intervals, i.e. "prior to commencement of game play, at periodic intervals or upon demand" (column 2, lines 39-42) or in response to a detectable event related to game play (column 10, lines 18-21), and D2 also mentions the possibility of not authenticating the entire data set (column 11, lines 4-24), it does not mention or imply the need for different elements to have different checking priorities.
The decision also argues that the use of different verification priorities does not solve a technical problem, as the definition of the authentication policy and priorities could be defined at a managerial level depending on the legal restrictions and user needs and without considering any technical requirement. Whereas the board agrees that this might have been part of a valid chain of arguments if claim 1 had simply made a reference to "different verification priorities" or "different verification intervals", it does not apply to the present formulation of claim 1. Indeed, in the claim it is specifically the graphic data which is authenticated less frequently than the executable code. This is directly related to the less critical nature of the graphic data, which is an objective technical fact in the context of a gaming machine.
It must, therefore, be concluded that the subject-matter of claim 1 is inventive, in the light of the documents cited in the search report.
7.2 Claim 9
The independent apparatus claim 9 contains features which correspond to the features of the independent method claim 1. As a consequence, the subject-matter of claim 9 is also inventive, in the light of the documents cited in the search report.
7.3 The board concludes that the subject-matter of the independent claims 1 and 9 and, consequently, also the dependent claims 2-8 and 10 satisfies the requirements of Article 56 EPC 1973, in the light of the documents cited in the search report.
8. Other issues
The appellant apparently intended to file new description pages 2 and 2a with the submission of 31 May 2011. However, no such pages were, in fact, annexed to the submission. This means, in particular, that document D2 is currently not acknowledged as closest prior art document in the description (Rule 42(1)(b) EPC - Rule 27(1)(b) EPC 1973). Insofar, appropriate steps will have to be taken in the following examination proceedings (see point 9 below).
9. Conclusion
The claims satisfy the requirements of Article 123(2) EPC and Articles 54 and 56 EPC 1973, in the light of the documents cited in the search report. However, the request is not in a state on the basis of which grant of a patent could be ordered without further examination (see point 4, last two paragraphs and point 8). The board, therefore, uses its discretion and remits the case for further prosecution (Article 111(1) and (2) EPC 1973).
ORDER
For these reasons, it is decided that:
1. The decision under appeal is set aside.
2. The case is remitted to the department of first instance for further prosecution.